automateyournetwork/aws-network-ops
workspace/skills/aws-network-ops/SKILL.md
AWS cloud networking — VPC, Transit Gateway, Cloud WAN, VPN, Network Firewall, ENI, flow logs. Use when auditing AWS VPCs, troubleshooting connectivity between EC2 instances, checking Transit Gateway routes, or investigating VPN tunnel status.
$ install --global
skillsauthnpx skillsauth add automateyournetwork/netclaw aws-network-opsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:29 AM4.7s1 file scanned
SKILL.md
- name:
- aws-network-ops
- description:
- AWS cloud networking — VPC, Transit Gateway, Cloud WAN, VPN, Network Firewall, ENI, flow logs. Use when auditing AWS VPCs, troubleshooting connectivity between EC2 instances, checking Transit Gateway routes, or investigating VPN tunnel status.
- version:
- 1.0.0
- license:
- Apache-2.0
- tags:
- [aws, vpc, transit-gateway, cloud-wan, vpn, network-firewall, flow-logs]
- - mcp:
- aws-network-mcp
AWS Network Operations
MCP Server
- Command:
uvx awslabs.aws-network-mcp-server@latest(stdio transport) - Requires:
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_REGION(orAWS_PROFILE) - Read-only: All operations are Describe/Get/List — no create/modify/delete
Available Tools (27)
General (3)
| Tool | What It Does |
|------|-------------|
| get_path_trace_methodology | Guidance for tracing network paths across AWS resources |
| find_ip_address | Find which VPC/subnet/ENI an IP address belongs to |
| get_eni_details | Get Elastic Network Interface details — security groups, subnet, routes |
VPC (3)
| Tool | What It Does |
|------|-------------|
| list_vpcs | List all VPCs in the account/region |
| get_vpc_network_details | Full VPC details — subnets, route tables, IGW, NAT GW, endpoints, NACLs |
| get_vpc_flow_logs | Query VPC flow logs for traffic analysis |
Transit Gateway (7)
| Tool | What It Does |
|------|-------------|
| list_transit_gateways | List all Transit Gateways |
| get_tgw_details | Transit Gateway details — attachments, route tables, associations |
| get_tgw_routes | Get routes from a specific TGW route table |
| get_all_tgw_routes | Get routes from all TGW route tables |
| get_tgw_flow_logs | Query Transit Gateway flow logs |
| list_tgw_peerings | List TGW peering connections |
| detect_tgw_inspection | Detect if traffic inspection is configured on a TGW |
Cloud WAN (10)
| Tool | What It Does |
|------|-------------|
| list_core_networks | List all Cloud WAN core networks |
| get_cloudwan_details | Core network details — segments, policies, attachments |
| get_cloudwan_routes | Get routes from a Cloud WAN segment |
| get_all_cloudwan_routes | Get routes from all Cloud WAN segments |
| get_cloudwan_attachment_details | Details for a specific Cloud WAN attachment |
| detect_cloudwan_inspection | Detect inspection configuration on Cloud WAN |
| list_cloudwan_peerings | List Cloud WAN peering connections |
| get_cloudwan_peering_details | Details for a specific Cloud WAN peering |
| get_cloudwan_logs | Query Cloud WAN logs |
| simulate_cloud_wan_route_change | Simulate a route change and predict impact |
VPN (1)
| Tool | What It Does |
|------|-------------|
| list_vpn_connections | List all site-to-site VPN connections with tunnel status |
Network Firewall (3)
| Tool | What It Does |
|------|-------------|
| list_network_firewalls | List all AWS Network Firewalls |
| get_firewall_rules | Get firewall rule groups and policies |
| get_network_firewall_flow_logs | Query Network Firewall flow logs |
Workflow: VPC Network Audit
When a user asks "show me our AWS network" or "audit the VPCs":
- List VPCs:
list_vpcsto see all VPCs in the region - For each VPC:
get_vpc_network_details— subnets, route tables, gateways, NACLs - Check TGW:
list_transit_gatewaysto see cross-VPC connectivity - Check VPN:
list_vpn_connectionsfor hybrid connectivity - Check firewalls:
list_network_firewallsfor security posture - Report: Formatted summary of the cloud network architecture
Workflow: Troubleshoot Connectivity
When a user asks "why can't EC2 instance X reach Y?":
- Find the IPs:
find_ip_addressfor both source and destination - Get ENI details:
get_eni_detailsto check security groups, subnet, routes - Check route tables:
get_vpc_network_detailsto see routing - Check flow logs:
get_vpc_flow_logsto see if traffic is being dropped - Check firewalls:
get_firewall_rulesif traffic crosses a Network Firewall - Check TGW:
get_tgw_routesif traffic crosses Transit Gateway - Report: Root cause analysis with fix recommendation
Workflow: Transit Gateway Health
When checking multi-VPC connectivity:
- List TGWs:
list_transit_gateways - Get details:
get_tgw_detailsfor attachments and route tables - Check routes:
get_all_tgw_routesfor route table completeness - Check peerings:
list_tgw_peeringsfor cross-region/cross-account - Check inspection:
detect_tgw_inspectionfor security posture - Flow logs:
get_tgw_flow_logsfor traffic analysis
Workflow: VPN Tunnel Monitoring
When checking hybrid connectivity:
- List VPNs:
list_vpn_connections - Check tunnel status: Up/Down for each tunnel (redundancy check)
- Check routes: TGW or VGW routes for the VPN prefixes
- Flow logs: VPC flow logs for traffic across VPN
- Report: VPN health summary with any down tunnels flagged
Important Rules
- Read-only — this MCP cannot create, modify, or delete any AWS resources
- Region-specific — results are scoped to the configured AWS_REGION
- IAM permissions required — EC2 Describe, Network Manager, Network Firewall Describe, CloudWatch Logs
- Record in GAIT — log all AWS network investigations for audit trail
Environment Variables
AWS_ACCESS_KEY_ID— AWS access keyAWS_SECRET_ACCESS_KEY— AWS secret keyAWS_REGION— AWS region (e.g., us-east-1)- Or
AWS_PROFILE— Named AWS CLI profile
Related Skills
automateyournetwork/humanrail-escalation
testing
VerifiedTrustedCommunity
Human-in-the-loop escalation via HumanRail — route low-confidence agent decisions, pre-destructive operation approvals, and ambiguous incident tickets to real human engineers. Human answers are verified and returned as structured output. Workers are paid via Lightning Network. Use when the agent is uncertain, when a destructive change needs explicit human sign-off beyond a ServiceNow CR, or when an ambiguous ticket requires human triage before automated handling.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-node-operations
testing
VerifiedTrustedCommunity
Manage EVE-NG node lifecycle. Use when listing nodes, checking runtime state, creating or deleting nodes, starting or stopping nodes or whole labs, verifying node details, or wiping node NVRAM back to factory defaults.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-lab-management
development
VerifiedTrustedCommunity
Manage EVE-NG labs and platform inventory. Use when listing labs, checking lab metadata, creating or deleting labs, importing or exporting lab archives, checking EVE-NG health or auth, or verifying available node images before build work.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-console-ops
tools
VerifiedTrustedCommunity
Execute live CLI commands on running EVE-NG nodes over telnet console. Use when running show commands, making live config changes, verifying protocol state, testing connectivity, checking console readiness, or interacting with IOS, Junos, VPCS, EOS, or NX-OS nodes.
491SKILL.mdUpdated May 12, 2026