You're viewing a demo portfolio

Join the waitlist
PRSM

awsinspect

Active

Tool of InsideOut (Riley)

declared in v2.0.0

INSPECTION: Inspect AWS infrastructure for a deployed project ⚠️ **PREREQUISITE**: This tool requires a prior deployment ATTEMPT (successful or failed). Check convostatus for hasDeployAttempt=true before calling. Works even after failed deploys to inspect orphaned resources. Inspect deployed AWS resources after a deployment attempt. Use this tool when the user asks about the status or details of their deployed infrastructure. It fetches temporary read-only credentials securely and queries the AWS API directly. RESPONSE TIERS (default is summary for token efficiency): - Summary (default): Key fields only (~500 tokens). Set detail=false, raw=false or omit both. - Detail: Full metadata for a specific resource. Set detail=true + resource filter. - Raw: Complete unprocessed API response. Set raw=true. REQUIRES: session_id from convoopen response (format: sess_v2_...). Supported services: account, acm, alb, apigateway, apprunner, backup, bedrock, cloudfront, cloudwatchlogs, cognito, cost-explorer, dynamodb, ebs, ec2, ecs, eks, elasticache, kms, lambda, msk, opensearch, rds, route53, s3, sagemaker, secretsmanager, sqs, vpc, waf For a specific service's actions, call with action="list-actions". METRICS: Use list-metrics to discover available metrics for a service (no credentials needed). Then use get-metrics to retrieve data (auto-discovers resources). Most services return CloudWatch time-series. KMS returns key health (rotation, state). SecretsManager returns secret health (rotation, last accessed/rotated). Optional filters JSON: {"hours":6,"period":300}. BILLING: Use service=cost-explorer to inspect AWS costs. Actions: get-cost-summary (last 30 days by service, filters: {"days":7,"granularity":"DAILY"}), get-cost-forecast (projected spend through end of month), get-cost-by-tag (costs grouped by tag, filters: {"tag_key":"Environment","days":30}). Requires ce:GetCostAndUsage and ce:GetCostForecast IAM permissions. EXAMPLES: - awsinspect(session_id=..., service="ec2", action="describe-instances") - awsinspect(session_id=..., service="cost-explorer", action="get-cost-summary") - awsinspect(session_id=..., service="ec2", action="get-metrics", filters="{\"hours\":6}") - awsinspect(session_id=..., service="rds", action="describe-db-instances", detail=true)

Parameters schema

{
  "type": "object",
  "required": [
    "session_id",
    "service",
    "action",
    "filters",
    "detail",
    "raw"
  ],
  "properties": {
    "raw": {
      "type": "boolean",
      "description": "When true, returns the unprocessed AWS API response. Escape hatch for fields the summarized response doesn't surface."
    },
    "action": {
      "type": "string",
      "description": "Operation on the service. Examples: 'describe-instances' (ec2), 'list-buckets' (s3), 'list-keys' (kms), 'get-cost-summary' (cost-explorer), 'list-actions' (discovery), 'list-metrics' / 'get-metrics' (CloudWatch)."
    },
    "detail": {
      "type": "boolean",
      "description": "When true, returns full metadata for a single resource (requires a resource ID in filters). When false (default), returns a summary."
    },
    "filters": {
      "type": "string",
      "description": "Optional JSON-encoded filter object passed through to the underlying AWS API. Examples: '{\"hours\":6}' for metric windows, '{\"days\":7,\"granularity\":\"DAILY\"}' for cost queries."
    },
    "service": {
      "enum": [
        "account",
        "acm",
        "alb",
        "apigateway",
        "apprunner",
        "backup",
        "bedrock",
        "cloudfront",
        "cloudwatchlogs",
        "cognito",
        "cost-explorer",
        "dynamodb",
        "ebs",
        "ec2",
        "ecs",
        "eks",
        "elasticache",
        "kms",
        "lambda",
        "msk",
        "opensearch",
        "rds",
        "route53",
        "s3",
        "sagemaker",
        "secretsmanager",
        "sqs",
        "vpc",
        "waf"
      ],
      "type": "string",
      "description": "AWS service to query. Examples: 'ec2', 'rds', 'vpc', 's3', 'lambda', 'eks', 'ecs', 'cost-explorer'. Use action='list-actions' to discover the supported actions for a service."
    },
    "session_id": {
      "type": "string",
      "pattern": "^sess_v2_[0-9A-Za-z]+\\?token=[0-9a-f]+$",
      "description": "Session ID from convoopen — pass back EXACTLY as returned, including the ?token=... suffix (format: sess_v2_*?token=*). The suffix is part of the session credential; never strip it when summarizing. The session must have an AWS deploy attempt before inspect probes will succeed."
    }
  },
  "additionalProperties": false
}

What this tool wraps· 1 endpoint

min confidence0.700.50

Parent server

InsideOut (Riley)

https://github.com/luthersystems/insideout-agent-skills

2/7 registries
View full server →