mcp: description: | AWS Networking Diagnostics Toolkit providing read-only access to AWS network configuration and status information. This toolkit helps troubleshoot connectivity issues, security group configurations, VPC setups, routing problems, and other AWS network-related concerns through a secure, constrained interface to the AWS CLI. NOTE FOR LLM: Authentication with AWS CLI is required to use these tools. If commands fail with authentication errors, use the "aws_list_profiles" tool if available, and suggest to use one of those profiles. If this tool is not available, please suggest to add the tools in the "aws-ro.yaml" configuration, that provide: 1. aws_list_profiles - To list and manage AWS profiles 2. Use a specific profile with the 'profile' parameter on any command run: shell: bash tools: - name: "aws_vpc_list" description: "List all VPCs in the AWS account" params: region: type: string description: "AWS region (e.g., us-east-1, eu-west-1)" required: true profile: type: string description: "AWS profile to use (optional, uses default if not specified)" output_format: type: string description: "Output format (json, text, table)" constraints: - "region.matches('^[a-z]{2}-[a-z]+-[0-9]{1}$')" # Valid AWS region format - "profile == '' || profile.matches('^[a-zA-Z0-9_-]+$')" # Valid profile name format - "output_format == '' || ['json', 'text', 'table'].exists(f, f == output_format)" # Valid output formats run: timeout: "60s" env: - AWS_PROFILE - AWS_DEFAULT_PROFILE - AWS_SHARED_CREDENTIALS_FILE - HOME - AWS_CONFIG_FILE command: | FORMAT_PARAM="{{ if .output_format }}--output {{ .output_format }}{{ else }}--output table{{ end }}" PROFILE_PARAM="{{ if .profile }}--profile {{ .profile }}{{ end }}" # Fix environment variable names and handling if [ -z "$AWS_SHARED_CREDENTIALS_FILE" ]; then export AWS_SHARED_CREDENTIALS_FILE="$HOME/.aws/credentials" fi if [ -z "$AWS_CONFIG_FILE" ]; then export AWS_CONFIG_FILE="$HOME/.aws/config" fi echo "Using AWS_SHARED_CREDENTIALS_FILE: $AWS_SHARED_CREDENTIALS_FILE" echo "Using AWS_CONFIG_FILE: $AWS_CONFIG_FILE" # Attempt to run the command and capture the output and exit status OUTPUT=$(aws $PROFILE_PARAM ec2 describe-vpcs --region {{ .region }} $FORMAT_PARAM 2>&1) EXIT_CODE=$? # Check if authentication failed if [[ $EXIT_CODE -ne 0 && ($OUTPUT == *"Unable to locate credentials"* || $OUTPUT == *"AuthFailure"* || $OUTPUT == *"ExpiredToken"* || $OUTPUT == *"AccessDenied"*) ]]; then echo "AWS authentication error detected. You need valid AWS credentials to use this tool." echo "" echo "Try using the aws_auth_check tool from aws-ro.yaml to diagnose authentication issues:" echo "aws_auth_check region={{ .region }}{{ if .profile }} profile={{ .profile }}{{ end }}" echo "" echo "Error details: $OUTPUT" exit 1 else # If no authentication error, just output the result echo "$OUTPUT" fi output: prefix: "VPCs in region {{ .region }}:" - name: "aws_subnet_list" description: "List all subnets in a VPC" params: region: type: string description: "AWS region (e.g., us-east-1, eu-west-1)" required: true profile: type: string description: "AWS profile to use (optional, uses default if not specified)" vpc_id: type: string description: "VPC ID (e.g., vpc-12345678)" output_format: type: string description: "Output format (json, text, table)" constraints: - "region.matches('^[a-z]{2}-[a-z]+-[0-9]{1}$')" # Valid AWS region format - "profile == '' || profile.matches('^[a-zA-Z0-9_-]+$')" # Valid profile name format - "vpc_id == '' || vpc_id.matches('^vpc-[a-f0-9]{8,}$')" # Valid VPC ID format - "output_format == '' || ['json', 'text', 'table'].exists(f, f == output_format)" # Valid output formats run: timeout: "60s" env: - AWS_PROFILE - AWS_DEFAULT_PROFILE - AWS_SHARED_CREDENTIALS_FILE - HOME - AWS_CONFIG_FILE command: | FORMAT_PARAM="{{ if .output_format }}--output {{ .output_format }}{{ else }}--output table{{ end }}" PROFILE_PARAM="{{ if .profile }}--profile {{ .profile }}{{ end }}" FILTER="{{ if .vpc_id }}--filters Name=vpc-id,Values={{ .vpc_id }}{{ end }}" # Fix environment variable names and handling if [ -z "$AWS_SHARED_CREDENTIALS_FILE" ]; then export AWS_SHARED_CREDENTIALS_FILE="$HOME/.aws/credentials" fi if [ -z "$AWS_CONFIG_FILE" ]; then export AWS_CONFIG_FILE="$HOME/.aws/config" fi echo "Using AWS_SHARED_CREDENTIALS_FILE: $AWS_SHARED_CREDENTIALS_FILE" echo "Using AWS_CONFIG_FILE: $AWS_CONFIG_FILE" aws $PROFILE_PARAM ec2 describe-subnets --region {{ .region }} $FILTER $FORMAT_PARAM output: prefix: "Subnets{{ if .vpc_id }} in VPC {{ .vpc_id }}{{ end }} (region {{ .region }}):" - name: "aws_security_group_list" description: "List all security groups, optionally filtered by VPC" params: region: type: string description: "AWS region (e.g., us-east-1, eu-west-1)" required: true profile: type: string description: "AWS profile to use (optional, uses default if not specified)" vpc_id: type: string description: "VPC ID (e.g., vpc-12345678)" output_format: type: string description: "Output format (json, text, table)" constraints: - "region.matches('^[a-z]{2}-[a-z]+-[0-9]{1}$')" # Valid AWS region format - "profile == '' || profile.matches('^[a-zA-Z0-9_-]+$')" # Valid profile name format - "vpc_id == '' || vpc_id.matches('^vpc-[a-f0-9]{8,}$')" # Valid VPC ID format - "output_format == '' || ['json', 'text', 'table'].exists(f, f == output_format)" # Valid output formats run: timeout: "60s" env: - AWS_PROFILE - AWS_DEFAULT_PROFILE - AWS_SHARED_CREDENTIALS_FILE - HOME - AWS_CONFIG_FILE command: | FORMAT_PARAM="{{ if .output_format }}--output {{ .output_format }}{{ else }}--output table{{ end }}" PROFILE_PARAM="{{ if .profile }}--profile {{ .profile }}{{ end }}" FILTER="{{ if .vpc_id }}--filters Name=vpc-id,Values={{ .vpc_id }}{{ end }}" # Fix environment variable names and handling if [ -z "$AWS_SHARED_CREDENTIALS_FILE" ]; then export AWS_SHARED_CREDENTIALS_FILE="$HOME/.aws/credentials" fi if [ -z "$AWS_CONFIG_FILE" ]; then export AWS_CONFIG_FILE="$HOME/.aws/config" fi echo "Using AWS_SHARED_CREDENTIALS_FILE: $AWS_SHARED_CREDENTIALS_FILE" echo "Using AWS_CONFIG_FILE: $AWS_CONFIG_FILE" aws $PROFILE_PARAM ec2 describe-security-groups --region {{ .region }} $FILTER $FORMAT_PARAM output: prefix: "Security groups{{ if .vpc_id }} in VPC {{ .vpc_id }}{{ end }} (region {{ .region }}):" - name: "aws_security_group_detail" description: "Get detailed information about a specific security group" params: region: type: string description: "AWS region (e.g., us-east-1, eu-west-1)" required: true profile: type: string description: "AWS profile to use (optional, uses default if not specified)" group_id: type: string description: "Security group ID (e.g., sg-12345678)" required: true output_format: type: string description: "Output format (json, text, table)" constraints: - "region.matches('^[a-z]{2}-[a-z]+-[0-9]{1}$')" # Valid AWS region format - "profile == '' || profile.matches('^[a-zA-Z0-9_-]+$')" # Valid profile name format - "group_id.matches('^sg-[a-f0-9]{8,}$')" # Valid security group ID format - "output_format == '' || ['json', 'text', 'table'].exists(f, f == output_format)" # Valid output formats run: timeout: "60s" env: - AWS_PROFILE - AWS_DEFAULT_PROFILE - AWS_SHARED_CREDENTIALS_FILE - HOME - AWS_CONFIG_FILE command: | FORMAT_PARAM="{{ if .output_format }}--output {{ .output_format }}{{ else }}--output table{{ end }}" PROFILE_PARAM="{{ if .profile }}--profile {{ .profile }}{{ end }}" # Fix environment variable names and handling if [ -z "$AWS_SHARED_CREDENTIALS_FILE" ]; then export AWS_SHARED_CREDENTIALS_FILE="$HOME/.aws/credentials" fi if [ -z "$AWS_CONFIG_FILE" ]; then export AWS_CONFIG_FILE="$HOME/.aws/config" fi echo "Using AWS_SHARED_CREDENTIALS_FILE: $AWS_SHARED_CREDENTIALS_FILE" echo "Using AWS_CONFIG_FILE: $AWS_CONFIG_FILE" aws $PROFILE_PARAM ec2 describe-security-groups --region {{ .region }} --group-ids {{ .group_id }} $FORMAT_PARAM output: prefix: "Security group {{ .group_id }} details (region {{ .region }}):" - name: "aws_nacl_list" description: "List network ACLs, optionally filtered by VPC" params: region: type: string description: "AWS region (e.g., us-east-1, eu-west-1)" required: true profile: type: string description: "AWS profile to use (optional, uses default if not specified)" vpc_id: type: string description: "VPC ID (e.g., vpc-12345678)" output_format: type: string description: "Output format (json, text, table)" constraints: - "region.matches('^[a-z]{2}-[a-z]+-[0-9]{1}$')" # Valid AWS region format - "profile == '' || profile.matches('^[a-zA-Z0-9_-]+$')" # Valid profile name format - "vpc_id == '' || vpc_id.matches('^vpc-[a-f0-9]{8,}$')" # Valid VPC ID format - "output_format == '' || ['json', 'text', 'table'].exists(f, f == output_format)" # Valid output formats run: timeout: "60s" env: - AWS_PROFILE - AWS_DEFAULT_PROFILE - AWS_SHARED_CREDENTIALS_FILE - HOME - AWS_CONFIG_FILE command: | FORMAT_PARAM="{{ if .output_format }}--output {{ .output_format }}{{ else }}--output table{{ end }}" PROFILE_PARAM="{{ if .profile }}--profile {{ .profile }}{{ end }}" FILTER="{{ if .vpc_id }}--filters Name=vpc-id,Values={{ .vpc_id }}{{ end }}" # Fix environment variable names and handling if [ -z "$AWS_SHARED_CREDENTIALS_FILE" ]; then export AWS_SHARED_CREDENTIALS_FILE="$HOME/.aws/credentials" fi if [ -z "$AWS_CONFIG_FILE" ]; then export AWS_CONFIG_FILE="$HOME/.aws/config" fi echo "Using AWS_SHARED_CREDENTIALS_FILE: $AWS_SHARED_CREDENTIALS_FILE" echo "Using AWS_CONFIG_FILE: $AWS_CONFIG_FILE" aws $PROFILE_PARAM ec2 describe-network-acls --region {{ .region }} $FILTER $FORMAT_PARAM output: prefix: "Network ACLs{{ if .vpc_id }} in VPC {{ .vpc_id }}{{ end }} (region {{ .region }}):" - name: "aws_route_table_list" description: "List route tables, optionally filtered by VPC" params: region: type: string description: "AWS region (e.g., us-east-1, eu-west-1)" required: true profile: type: string description: "AWS profile to use (optional, uses default if not specified)" vpc_id: type: string description: "VPC ID (e.g., vpc-12345678)" output_format: type: string description: "Output format (json, text, table)" constraints: - "region.matches('^[a-z]{2}-[a-z]+-[0-9]{1}$')" # Valid AWS region format - "profile == '' || profile.matches('^[a-zA-Z0-9_-]+$')" # Valid profile name format - "vpc_id == '' || vpc_id.matches('^vpc-[a-f0-9]{8,}$')" # Valid VPC ID format - "output_format == '' || ['json', 'text', 'table'].exists(f, f == output_format)" # Valid output formats run: timeout: "60s" env: - AWS_PROFILE - AWS_DEFAULT_PROFILE - AWS_SHARED_CREDENTIALS_FILE - HOME - AWS_CONFIG_FILE command: | FORMAT_PARAM="{{ if .output_format }}--output {{ .output_format }}{{ else }}--output table{{ end }}" PROFILE_PARAM="{{ if .profile }}--profile {{ .profile }}{{ end }}" FILTER="{{ if .vpc_id }}--filters Name=vpc-id,Values={{ .vpc_id }}{{ end }}" # Fix environment variable names and handling if [ -z "$AWS_SHARED_CREDENTIALS_FILE" ]; then export AWS_SHARED_CREDENTIALS_FILE="$HOME/.aws/credentials" fi if [ -z "$AWS_CONFIG_FILE" ]; then export AWS_CONFIG_FILE="$HOME/.aws/config" fi echo "Using AWS_SHARED_CREDENTIALS_FILE: $AWS_SHARED_CREDENTIALS_FILE" echo "Using AWS_CONFIG_FILE: $AWS_CONFIG_FILE" aws $PROFILE_PARAM ec2 describe-route-tables --region {{ .region }} $FILTER $FORMAT_PARAM output: prefix: "Route tables{{ if .vpc_id }} in VPC {{ .vpc_id }}{{ end }} (region {{ .region }}):" - name: "aws_eni_list" description: "List network interfaces, optionally filtered by VPC or subnet" params: region: type: string description: "AWS region (e.g., us-east-1, eu-west-1)" required: true profile: type: string description: "AWS profile to use (optional, uses default if not specified)" vpc_id: type: string description: "VPC ID (e.g., vpc-12345678)" subnet_id: type: string description: "Subnet ID (e.g., subnet-12345678)" output_format: type: string description: "Output format (json, text, table)" constraints: - "region.matches('^[a-z]{2}-[a-z]+-[0-9]{1}$')" # Valid AWS region format - "profile == '' || profile.matches('^[a-zA-Z0-9_-]+$')" # Valid profile name format - "vpc_id == '' || vpc_id.matches('^vpc-[a-f0-9]{8,}$')" # Valid VPC ID format - "subnet_id == '' || subnet_id.matches('^subnet-[a-f0-9]{8,}$')" # Valid subnet ID format - "output_format == '' || ['json', 'text', 'table'].exists(f, f == output_format)" # Valid output formats run: timeout: "60s" env: - AWS_PROFILE - AWS_DEFAULT_PROFILE - AWS_SHARED_CREDENTIALS_FILE - HOME - AWS_CONFIG_FILE command: | FORMAT_PARAM="{{ if .output_format }}--output {{ .output_format }}{{ else }}--output table{{ end }}" PROFILE_PARAM="{{ if .profile }}--profile {{ .profile }}{{ end }}" # Build filters dynamically FILTERS="" {{ if .vpc_id }}FILTERS="$FILTERS Name=vpc-id,Values={{ .vpc_id }}"{{ end }} {{ if .subnet_id }}FILTERS="$FILTERS Name=subnet-id,Values={{ .subnet_id }}"{{ end }} FILTER_PARAM="{{ if or .vpc_id .subnet_id }}--filters $FILTERS{{ end }}" # Fix environment variable names and handling if [ -z "$AWS_SHARED_CREDENTIALS_FILE" ]; then export AWS_SHARED_CREDENTIALS_FILE="$HOME/.aws/credentials" fi if [ -z "$AWS_CONFIG_FILE" ]; then export AWS_CONFIG_FILE="$HOME/.aws/config" fi echo "Using AWS_SHARED_CREDENTIALS_FILE: $AWS_SHARED_CREDENTIALS_FILE" echo "Using AWS_CONFIG_FILE: $AWS_CONFIG_FILE" aws $PROFILE_PARAM ec2 describe-network-interfaces --region {{ .region }} $FILTER_PARAM $FORMAT_PARAM output: prefix: "Network interfaces{{ if .vpc_id }} in VPC {{ .vpc_id }}{{ end }}{{ if .subnet_id }} in subnet {{ .subnet_id }}{{ end }} (region {{ .region }}):" - name: "aws_lb_list" description: "List load balancers (ELB, ALB, NLB) in the specified region" params: region: type: string description: "AWS region (e.g., us-east-1, eu-west-1)" required: true profile: type: string description: "AWS profile to use (optional, uses default if not specified)" output_format: type: string description: "Output format (json, text, table)" constraints: - "region.matches('^[a-z]{2}-[a-z]+-[0-9]{1}$')" # Valid AWS region format - "profile == '' || profile.matches('^[a-zA-Z0-9_-]+$')" # Valid profile name format - "output_format == '' || ['json', 'text', 'table'].exists(f, f == output_format)" # Valid output formats run: timeout: "60s" env: - AWS_PROFILE - AWS_DEFAULT_PROFILE - AWS_SHARED_CREDENTIALS_FILE - HOME - AWS_CONFIG_FILE command: | FORMAT_PARAM="{{ if .output_format }}--output {{ .output_format }}{{ else }}--output table{{ end }}" PROFILE_PARAM="{{ if .profile }}--profile {{ .profile }}{{ end }}" # Fix environment variable names and handling if [ -z "$AWS_SHARED_CREDENTIALS_FILE" ]; then export AWS_SHARED_CREDENTIALS_FILE="$HOME/.aws/credentials" fi if [ -z "$AWS_CONFIG_FILE" ]; then export AWS_CONFIG_FILE="$HOME/.aws/config" fi echo "Using AWS_SHARED_CREDENTIALS_FILE: $AWS_SHARED_CREDENTIALS_FILE" echo "Using AWS_CONFIG_FILE: $AWS_CONFIG_FILE" echo "Application and Network Load Balancers:" aws $PROFILE_PARAM elbv2 describe-load-balancers --region {{ .region }} $FORMAT_PARAM echo -e "\nClassic Load Balancers:" aws $PROFILE_PARAM elb describe-load-balancers --region {{ .region }} $FORMAT_PARAM output: prefix: "Load balancers in region {{ .region }}:" - name: "aws_vpn_list" description: "List VPN connections in the specified region" params: region: type: string description: "AWS region (e.g., us-east-1, eu-west-1)" required: true profile: type: string description: "AWS profile to use (optional, uses default if not specified)" output_format: type: string description: "Output format (json, text, table)" constraints: - "region.matches('^[a-z]{2}-[a-z]+-[0-9]{1}$')" # Valid AWS region format - "profile == '' || profile.matches('^[a-zA-Z0-9_-]+$')" # Valid profile name format - "output_format == '' || ['json', 'text', 'table'].exists(f, f == output_format)" # Valid output formats run: timeout: "60s" env: - AWS_PROFILE - AWS_DEFAULT_PROFILE - AWS_SHARED_CREDENTIALS_FILE - HOME - AWS_CONFIG_FILE command: | FORMAT_PARAM="{{ if .output_format }}--output {{ .output_format }}{{ else }}--output table{{ end }}" PROFILE_PARAM="{{ if .profile }}--profile {{ .profile }}{{ end }}" # Fix environment variable names and handling if [ -z "$AWS_SHARED_CREDENTIALS_FILE" ]; then export AWS_SHARED_CREDENTIALS_FILE="$HOME/.aws/credentials" fi if [ -z "$AWS_CONFIG_FILE" ]; then export AWS_CONFIG_FILE="$HOME/.aws/config" fi echo "Using AWS_SHARED_CREDENTIALS_FILE: $AWS_SHARED_CREDENTIALS_FILE" echo "Using AWS_CONFIG_FILE: $AWS_CONFIG_FILE" aws $PROFILE_PARAM ec2 describe-vpn-connections --region {{ .region }} $FORMAT_PARAM output: prefix: "VPN connections in region {{ .region }}:" - name: "aws_tgw_list" description: "List transit gateways in the specified region" params: region: type: string description: "AWS region (e.g., us-east-1, eu-west-1)" required: true profile: type: string description: "AWS profile to use (optional, uses default if not specified)" output_format: type: string description: "Output format (json, text, table)" constraints: - "region.matches('^[a-z]{2}-[a-z]+-[0-9]{1}$')" # Valid AWS region format - "profile == '' || profile.matches('^[a-zA-Z0-9_-]+$')" # Valid profile name format - "output_format == '' || ['json', 'text', 'table'].exists(f, f == output_format)" # Valid output formats run: timeout: "60s" env: - AWS_PROFILE - AWS_DEFAULT_PROFILE - AWS_SHARED_CREDENTIALS_FILE - HOME - AWS_CONFIG_FILE command: | FORMAT_PARAM="{{ if .output_format }}--output {{ .output_format }}{{ else }}--output table{{ end }}" PROFILE_PARAM="{{ if .profile }}--profile {{ .profile }}{{ end }}" # Fix environment variable names and handling if [ -z "$AWS_SHARED_CREDENTIALS_FILE" ]; then export AWS_SHARED_CREDENTIALS_FILE="$HOME/.aws/credentials" fi if [ -z "$AWS_CONFIG_FILE" ]; then export AWS_CONFIG_FILE="$HOME/.aws/config" fi echo "Using AWS_SHARED_CREDENTIALS_FILE: $AWS_SHARED_CREDENTIALS_FILE" echo "Using AWS_CONFIG_FILE: $AWS_CONFIG_FILE" aws $PROFILE_PARAM ec2 describe-transit-gateways --region {{ .region }} $FORMAT_PARAM output: prefix: "Transit gateways in region {{ .region }}:" - name: "aws_flow_logs" description: "List VPC flow logs in the specified region" params: region: type: string description: "AWS region (e.g., us-east-1, eu-west-1)" required: true profile: type: string description: "AWS profile to use (optional, uses default if not specified)" vpc_id: type: string description: "VPC ID (e.g., vpc-12345678)" output_format: type: string description: "Output format (json, text, table)" constraints: - "region.matches('^[a-z]{2}-[a-z]+-[0-9]{1}$')" # Valid AWS region format - "profile == '' || profile.matches('^[a-zA-Z0-9_-]+$')" # Valid profile name format - "vpc_id == '' || vpc_id.matches('^vpc-[a-f0-9]{8,}$')" # Valid VPC ID format - "output_format == '' || ['json', 'text', 'table'].exists(f, f == output_format)" # Valid output formats run: timeout: "60s" env: - AWS_PROFILE - AWS_DEFAULT_PROFILE - AWS_SHARED_CREDENTIALS_FILE - HOME - AWS_CONFIG_FILE command: | FORMAT_PARAM="{{ if .output_format }}--output {{ .output_format }}{{ else }}--output table{{ end }}" PROFILE_PARAM="{{ if .profile }}--profile {{ .profile }}{{ end }}" FILTER="{{ if .vpc_id }}--filter Name=resource-id,Values={{ .vpc_id }}{{ end }}" # Fix environment variable names and handling if [ -z "$AWS_SHARED_CREDENTIALS_FILE" ]; then export AWS_SHARED_CREDENTIALS_FILE="$HOME/.aws/credentials" fi if [ -z "$AWS_CONFIG_FILE" ]; then export AWS_CONFIG_FILE="$HOME/.aws/config" fi echo "Using AWS_SHARED_CREDENTIALS_FILE: $AWS_SHARED_CREDENTIALS_FILE" echo "Using AWS_CONFIG_FILE: $AWS_CONFIG_FILE" aws $PROFILE_PARAM ec2 describe-flow-logs --region {{ .region }} $FILTER $FORMAT_PARAM output: prefix: "VPC flow logs{{ if .vpc_id }} for VPC {{ .vpc_id }}{{ end }} in region {{ .region }}:" - name: "aws_vpc_peering" description: "List VPC peering connections in the specified region" params: region: type: string description: "AWS region (e.g., us-east-1, eu-west-1)" required: true profile: type: string description: "AWS profile to use (optional, uses default if not specified)" vpc_id: type: string description: "VPC ID to filter by (e.g., vpc-12345678)" output_format: type: string description: "Output format (json, text, table)" constraints: - "region.matches('^[a-z]{2}-[a-z]+-[0-9]{1}$')" # Valid AWS region format - "profile == '' || profile.matches('^[a-zA-Z0-9_-]+$')" # Valid profile name format - "vpc_id == '' || vpc_id.matches('^vpc-[a-f0-9]{8,}$')" # Valid VPC ID format - "output_format == '' || ['json', 'text', 'table'].exists(f, f == output_format)" # Valid output formats run: timeout: "60s" env: - AWS_PROFILE - AWS_DEFAULT_PROFILE - AWS_SHARED_CREDENTIALS_FILE - HOME - AWS_CONFIG_FILE command: | FORMAT_PARAM="{{ if .output_format }}--output {{ .output_format }}{{ else }}--output table{{ end }}" PROFILE_PARAM="{{ if .profile }}--profile {{ .profile }}{{ end }}" FILTER_PARAM="{{ if .vpc_id }}--filters Name=requester-vpc-info.vpc-id,Values={{ .vpc_id }} Name=accepter-vpc-info.vpc-id,Values={{ .vpc_id }}{{ end }}" # Fix environment variable names and handling if [ -z "$AWS_SHARED_CREDENTIALS_FILE" ]; then export AWS_SHARED_CREDENTIALS_FILE="$HOME/.aws/credentials" fi if [ -z "$AWS_CONFIG_FILE" ]; then export AWS_CONFIG_FILE="$HOME/.aws/config" fi echo "Using AWS_SHARED_CREDENTIALS_FILE: $AWS_SHARED_CREDENTIALS_FILE" echo "Using AWS_CONFIG_FILE: $AWS_CONFIG_FILE" aws $PROFILE_PARAM ec2 describe-vpc-peering-connections --region {{ .region }} $FILTER_PARAM $FORMAT_PARAM output: prefix: "VPC peering connections{{ if .vpc_id }} involving VPC {{ .vpc_id }}{{ end }} in region {{ .region }}:" - name: "aws_availability_zones" description: "List availability zones in the specified region" params: region: type: string description: "AWS region (e.g., us-east-1, eu-west-1)" required: true profile: type: string description: "AWS profile to use (optional, uses default if not specified)" output_format: type: string description: "Output format (json, text, table)" constraints: - "region.matches('^[a-z]{2}-[a-z]+-[0-9]{1}$')" # Valid AWS region format - "profile == '' || profile.matches('^[a-zA-Z0-9_-]+$')" # Valid profile name format - "output_format == '' || ['json', 'text', 'table'].exists(f, f == output_format)" # Valid output formats run: timeout: "60s" env: - AWS_PROFILE - AWS_DEFAULT_PROFILE - AWS_SHARED_CREDENTIALS_FILE - HOME - AWS_CONFIG_FILE command: | FORMAT_PARAM="{{ if .output_format }}--output {{ .output_format }}{{ else }}--output table{{ end }}" PROFILE_PARAM="{{ if .profile }}--profile {{ .profile }}{{ end }}" # Fix environment variable names and handling if [ -z "$AWS_SHARED_CREDENTIALS_FILE" ]; then export AWS_SHARED_CREDENTIALS_FILE="$HOME/.aws/credentials" fi if [ -z "$AWS_CONFIG_FILE" ]; then export AWS_CONFIG_FILE="$HOME/.aws/config" fi echo "Using AWS_SHARED_CREDENTIALS_FILE: $AWS_SHARED_CREDENTIALS_FILE" echo "Using AWS_CONFIG_FILE: $AWS_CONFIG_FILE" aws $PROFILE_PARAM ec2 describe-availability-zones --region {{ .region }} $FORMAT_PARAM output: prefix: "Availability zones in region {{ .region }}:"