AWS CLI guard hooks and read-only skills for Claude Code
npx claudepluginhub ebellefontaine/aws-guard-hookBlocks AWS CLI write/mutation operations so all infrastructure changes go through IaC. Only read-only commands (get-, list-, describe-, etc.) are permitted.
Production-ready workflow orchestration with 79 focused plugins, 184 specialized agents, and 150 skills - optimized for granular installation and minimal token usage
Claude Code marketplace entries for the plugin-safe Antigravity Awesome Skills library and its compatible editorial bundles.
Curated collection of 129 specialized Claude Code subagents organized into 10 focused categories
A Claude Code PreToolUse hook that blocks AWS CLI write/mutation operations.
Only read-only commands are permitted. All infrastructure changes must go
through Infrastructure as Code (IaC).
When Claude Code runs inside an AWS environment, it can inadvertently execute
destructive CLI commands (aws ec2 terminate-instances, aws s3 rm, etc.).
This hook intercepts every Bash tool call before it runs and rejects any AWS
command that is not provably read-only, giving Claude the policy reason so it
can pivot to editing IaC instead.
The hook implements an allowlist strategy:
aws invocation → allow.aws invocation is extracted from:
&&, ||, ;, |)cat data.json | aws s3api put-object ...)$(aws ...), `aws ...`)AWS_PROFILE=prod aws ...)bash <<EOF\naws ...\nEOF)-c inline strings (bash -c 'aws ...')aws sqs send-message ... <<EOF)aws.--region, --profile).aws sts * commands,
aws configure get/list, aws s3 ls, aws s3 presign,
aws s3 cp <s3://src> <local-dest> (downloads only), aws logs tail.get-, list-, describe-, query, search-, check-,
validate-, scan, batch-get-, generate-presigned-, estimate-,
preview-, export-, filter-, lookup-, calculate-, resolve-,
summarize-.There is no override. The block is absolute.
IaC deploy commands (terraform apply, cdk deploy, pulumi up, etc.) are
not intercepted — they are intentional operations in an IaC workflow.
The script has a uv-compatible PEP 723 shebang, so uv run hooks/aws_guard.py
works with no virtualenv setup.
This repo ships as a Claude Code plugin. Install it via the plugin system:
# Add a marketplace pointing at this repo (one-time setup)
/plugin marketplace add ebellefontaine/aws-guard-hook
# Install the plugin — hook is registered automatically
/plugin install aws-guard
The plugin manifest is at .claude-plugin/plugin.json and the hook
definition is at hooks/hooks.json.
Run the included install script. It copies the hook to ~/.claude/hooks/
and merges the configuration into ~/.claude/settings.json:
./install.sh
The hook then applies to every Claude Code project you open, not just this
repo. To uninstall, remove the corresponding entry from
~/.claude/settings.json.
The .claude/settings.json in this repository already registers the hook.
Clone the repo and open it with Claude Code:
git clone <repo-url> my-project
cd my-project
claude # hook is active immediately
Copy hooks/aws_guard.py into your project's hooks/ directory.
Add the hook to your project's .claude/settings.json:
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "uv run hooks/aws_guard.py"
}
]
}
]
}
}
Use python3 hooks/aws_guard.py if uv is not available.
/aws-readonly)This repo also ships a Claude Code skill that gives Claude proactive guidance — before it ever tries a write command — rather than relying solely on the hook to block it after the fact.
Invoking /aws-readonly loads a system-level prompt that instructs Claude to: