A Claude bridge into your AWS estate
seatfrog-mcp gives Claude a safe, read-only line into our AWS infrastructure - DynamoDB, CloudWatch, RDS, Step Functions, X-Ray and more - with domain knowledge for every Seatfrog service baked in. No dashboards, no runbook archaeology, no aws sso login dance.
The problem
Before you can debug anything you need to know which service is at fault, where its data lives, and how to query it - knowledge scattered across runbooks, dashboards and people's heads. seatfrog-mcp collapses that.
How it works
Generic tools give Claude the reach; the domain skills give it the map. Together they turn a vague symptom into a targeted investigation.
Describe what's wrong in plain English. No need to know the service, the schema, or the query language.
→The domain skills map your question to the right Seatfrog service and tell Claude exactly where the data lives.
→42 generic tools read DynamoDB, CloudWatch, RDS, Step Functions, X-Ray and more - on whichever environment you're pointed at.
→Findings from multiple services stitched into one timeline, anchored to real timestamps from the data itself.
Two tiers, one investigation
Generic tools would let Claude query AWS. The 35 domain skills teach it which Seatfrog service to look at and where the data lives - table names, log groups, queues, error patterns and investigation workflows for each one.
The plugin checks your token before every call and refreshes it itself - just tell it which environment. One token is good for hours; the check is cached so it never spams the disk.
DynamoDBQuery or scan any table, GSI/LSI awareCloudWatchSearch logs, run Insights, read alarm historyRDSRead-only SQL over Twingate, reader replicasStep FunctionsExecutions and full execution historyX-RayTraces, service graph, latency statsSQS · SNS · EBQueues, DLQs, topics and event routingWhy it's worth it
41 of 42 tools only ever read. The single write path is prod-gated and reachable only through a trained procedure.
Your SSO token is checked before every call and refreshed automatically. No manual login, ever - just name the environment.
35 skills carry the table names, log groups, queue names and error patterns for 25+ Seatfrog services and pipelines.
Production, uat, data-prod, data-uat and more. Switch with a word; each tool only ever sees the active profile.
Lambda env vars matching SECRET/KEY/TOKEN are redacted, and oversized output truncated. Nothing sensitive leaks into a transcript.
A self-contained macOS binary or npm package, with a Node launcher that isolates it from your project's .NET version. Non-engineers included.
Read-only by construction, auth you don't manage, secrets that stay redacted. Safe to point at production.
41 of 42 tools only read. RDS runs against reader replicas in a MySQL READ ONLY session, validated to SELECT / SHOW / DESCRIBE / EXPLAIN - defence in depth.
The sole write - booking-sync replay - is prod/uat only, triggers real payments, and is reachable only through the trained booking-sync-replay runbook.
Secret-looking Lambda env vars are redacted, large payloads truncated, and every tool only ever sees the AWS profile you've selected.
What it can reach
Each name is a domain skill - its own map of tables, logs, queues and error patterns. Claude loads the right one for the question in front of it.
Where it is today
Straight with you on status - the whole thing is real and running against production. What grows is the domain coverage, guided by what people actually ask.
Generic AWS access across DynamoDB, CloudWatch, RDS, Lambda, Step Functions, SQS, SNS, EventBridge, S3, API Gateway and X-Ray - with domain skills layered on top.
Token checked before every call and refreshed automatically across 7 logical environments. No manual aws sso login.
GitHub marketplace for engineers, and npm with self-contained macOS binaries for everyone else - zero .NET SDK friction.
Tool name, args, duration, error status and response size land in an analytics table - no PII, purely operational - so coverage sharpens where it's used most.
New services and pipelines get their own skill - table names, log groups, error patterns - so the map keeps pace with the estate.
One of a family of internal Claude plugins. Scout, the human-in-the-loop support agent, runs on this plugin and on zendesk-mcp.