awslabs · balak4 · Apr 10, 2026
@@ -28,6 +28,18 @@
       },
       "category": "Full Stack"
     },
+    {
+      "name": "bedrock",
+      "source": {
+        "source": "local",
+        "path": "./plugins/bedrock"
+      },
+      "policy": {
+        "installation": "AVAILABLE",
+        "authentication": "ON_INSTALL"
+      },
+      "category": "AI"
+    },
     {
       "name": "aws-serverless",
       "source": {

@@ -48,6 +48,24 @@
       "tags": ["aws", "amplify", "fullstack"],
       "version": "1.0.0"
     },
+    {
+      "category": "ai",
+      "description": "Guided Amazon Bedrock setup: IAM configuration, model access, prompt caching, observability, and cost analysis.",
+      "keywords": [
+        "aws",
+        "bedrock",
+        "prompt-caching",
+        "setup",
+        "generative-ai",
+        "foundation-models",
+        "observability",
+        "cost-analysis"
+      ],
+      "name": "bedrock",
+      "source": "./plugins/bedrock",
+      "tags": ["aws", "bedrock", "generative-ai", "prompt-caching"],
+      "version": "0.4.1"
+    },
     {
       "category": "development",
       "description": "Design, build, deploy, test, and debug serverless applications with AWS Serverless services.",

@@ -32,6 +32,7 @@ To maximize the benefits of plugin-assisted development while maintaining securi
 | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- |
 | **amazon-location-service** | Add maps, geocoding, routing, places search, and geospatial features to applications with Amazon Location Service                                                                                       | Available                             |
 | **aws-amplify**             | Build full-stack apps with AWS Amplify Gen 2 using guided workflows for auth, data, storage, and functions                                                                                              | Available                             |
+| **bedrock**                 | Guided Amazon Bedrock setup: IAM configuration, model access, prompt caching, observability, and cost analysis                                                                                          | Available                             |
 | **aws-serverless**          | Build serverless applications with Lambda, API Gateway, EventBridge, Step Functions, and durable functions                                                                                              | Available                             |
 | **databases-on-aws**        | Database guidance for the AWS database portfolio — schema design, queries, migrations, and multi-tenant patterns                                                                                        | Some Services Available (Aurora DSQL) |
 | **deploy-on-aws**           | Deploy applications to AWS with architecture recommendations, cost estimates, and IaC deployment                                                                                                        | Available                             |
@@ -62,6 +63,12 @@ or
 
 or
 
+```bash
+/plugin install bedrock@agent-plugins-for-aws
+```
+
+or
+
 ```bash
 /plugin install aws-serverless@agent-plugins-for-aws
 ```
@@ -227,6 +234,35 @@ Design, build, deploy, test, and debug serverless applications with AWS Lambda,
 | --------------------------- | --------------------------------------------- | --------------------------------------------- |
 | **SAM template validation** | After edits to `template.yaml`/`template.yml` | Runs `sam validate` and reports errors inline |
 
+## bedrock
+
+Guided Amazon Bedrock setup — IAM configuration, model access, prompt caching, observability, quota optimization, and cost analysis.
+
+### Agent Skill Triggers
+
+| Agent Skill | Triggers                                                                                                                   |
+| ----------- | -------------------------------------------------------------------------------------------------------------------------- |
+| **bedrock** | "set up bedrock", "bedrock onboarding", "prompt caching", "bedrock IAM", "bedrock costs", "bedrock quota", "bedrock usage" |
+
+### Commands
+
+| Command                          | Description                                                    |
+| -------------------------------- | -------------------------------------------------------------- |
+| `/bedrock`                       | Unified entry point — routes to the right capability           |
+| `/bedrock-setup`                 | Interactive onboarding: IAM, model access, caching, validation |
+| `/bedrock-cache`                 | Set up and validate prompt caching                             |
+| `/bedrock-cache-debug`           | Diagnose prompt caching issues                                 |
+| `/bedrock-quota`                 | Check quota health and detect max_tokens waste                 |
+| `/bedrock-usage`                 | Analyze token consumption from CloudWatch                      |
+| `/bedrock-costs`                 | Analyze actual Bedrock spend from AWS Cost Explorer            |
+| `/bedrock-validate-model-access` | Validate IAM permissions and model access                      |
+
+### MCP Servers
+
+| Server                | Purpose                        |
+| --------------------- | ------------------------------ |
+| **aws-documentation** | AWS documentation and guidance |
+
 ## databases-on-aws
 
 Database guidance for the AWS database portfolio. Design schemas, execute queries, handle migrations, build applications, and choose the right database for your workload. Currently includes Aurora DSQL — a serverless, PostgreSQL-compatible distributed SQL database.

@@ -0,0 +1,20 @@
+{
+  "author": {
+    "name": "Amazon Web Services"
+  },
+  "description": "Guided Amazon Bedrock setup: IAM configuration, model access, prompt caching, observability, and cost analysis.",
+  "homepage": "https://github.com/awslabs/agent-plugins",
+  "keywords": [
+    "aws",
+    "bedrock",
+    "prompt-caching",
+    "onboarding",
+    "setup",
+    "generative-ai",
+    "foundation-models"
+  ],
+  "license": "Apache-2.0",
+  "name": "bedrock",
+  "repository": "https://github.com/awslabs/agent-plugins",
+  "version": "0.4.1"
+}
@@ -0,0 +1,44 @@
+{
+  "name": "bedrock",
+  "version": "0.4.1",
+  "description": "Guided Amazon Bedrock setup: IAM configuration, model access, prompt caching, observability, and cost analysis.",
+  "author": {
+    "name": "Amazon Web Services",
+    "email": "aws-agent-plugins@amazon.com",
+    "url": "https://github.com/awslabs/agent-plugins"
+  },
+  "homepage": "https://github.com/awslabs/agent-plugins",
+  "repository": "https://github.com/awslabs/agent-plugins",
+  "license": "Apache-2.0",
+  "keywords": [
+    "aws",
+    "bedrock",
+    "prompt-caching",
+    "onboarding",
+    "setup",
+    "generative-ai",
+    "foundation-models"
+  ],
+  "skills": "./skills/",
+  "mcpServers": "./.mcp.json",
+  "interface": {
+    "displayName": "Amazon Bedrock",
+    "shortDescription": "Set up Bedrock with IAM, model access, prompt caching, and cost analysis.",
+    "longDescription": "Guided Amazon Bedrock setup \u2014 IAM configuration, model access, prompt caching, observability, quota optimization, and cost analysis.",
+    "defaultPrompt": [
+      "Set up Amazon Bedrock for my AWS account.",
+      "How much have I spent on Bedrock this month?",
+      "Am I getting throttled on any Bedrock models?"
+    ],
+    "developerName": "Amazon Web Services",
+    "category": "AI",
+    "capabilities": [
+      "Read",
+      "Write"
+    ],
+    "websiteURL": "https://github.com/awslabs/agent-plugins",
+    "privacyPolicyURL": "https://aws.amazon.com/privacy/",
+    "termsOfServiceURL": "https://aws.amazon.com/service-terms/",
+    "brandColor": "#FF9900"
+  }
+}
@@ -0,0 +1,14 @@
+{
+  "mcpServers": {
+    "aws-documentation": {
+      "command": "uvx",
+      "args": [
+        "awslabs.aws-documentation-mcp-server@latest"
+      ],
+      "env": {
+        "FASTMCP_LOG_LEVEL": "ERROR"
+      },
+      "timeout": 120000
+    }
+  }
+}
@@ -0,0 +1,41 @@
+# Bedrock Plugin
+
+## Project Overview
+
+Claude Code plugin (`awslabs/agent-plugins` format) for Amazon Bedrock onboarding.
+Guides developers through IAM setup, model access, prompt caching, observability, and cost analysis.
+
+## Plugin Format
+
+- `.claude-plugin/plugin.json` — plugin metadata
+- `skills/` — SKILL.md files with YAML frontmatter (name, description, argument-hint)
+- `commands/` — slash command definitions with YAML frontmatter (name, description)
+- `scripts/` — executable scripts referenced via `${CLAUDE_PLUGIN_ROOT}/scripts/`
+- `.mcp.json` — MCP server configuration
+
+## Key Conventions
+
+- Scripts use `${CLAUDE_PLUGIN_ROOT}` for portable paths — never hardcode absolute paths
+- Default model: Claude Sonnet 4.6 (`us.anthropic.claude-sonnet-4-6`)
+- Default region: `us-east-1`
+- AWS profile: always ask the developer to confirm — never auto-select
+- Reference docs in `skills/bedrock/references/` are loaded on-demand by topic
+- Shell scripts must be POSIX-compatible and executable (`chmod +x`)
+- Python scripts require Python 3.10+ and boto3 only — no other dependencies
+
+## Testing Changes
+
+1. Run `scripts/validate-bedrock-access.sh us.anthropic.claude-sonnet-4-6 us-east-1 PROFILE` — all 4 checks must pass
+2. Run `python3 scripts/validate-prompt-caching.py --model-id us.anthropic.claude-sonnet-4-6 --region us-east-1 --profile PROFILE` — cache write + read confirmed
+3. Run `python3 scripts/check-quota-health.py --model-id us.anthropic.claude-sonnet-4-6 --region us-east-1 --profile PROFILE` — quota analysis completes without error
+4. Run `python3 scripts/debug-prompt-cache.py --model-id us.anthropic.claude-sonnet-4-6 --region us-east-1 --profile PROFILE` — all 6 diagnostic tests pass
+5. Run `python3 scripts/analyze-bedrock-usage.py --model-id us.anthropic.claude-sonnet-4-6 --period 1 --profile PROFILE` — usage report generates
+6. Run `python3 scripts/analyze-bedrock-costs.py --period 1 --profile PROFILE` — cost report generates (may show $0 if no traffic)
+7. Each validation run costs ~$0.01-0.05 in Bedrock API calls; cache debug costs ~$0.02-0.08
+
+## What Not to Do
+
+- Don't add dependencies beyond boto3 and AWS CLI
+- Don't hardcode AWS credentials or account IDs in scripts
+- Don't write custom IAM policies in examples — recommend `AmazonBedrockLimitedAccess` managed policy
+- Don't run AWS commands without first confirming the profile with the developer
@@ -0,0 +1,53 @@
+---
+name: bedrock-cache-debug
+description: "Diagnose prompt caching issues: model support, thresholds, TTL, and cost analysis"
+---
+
+# Bedrock Cache Debugger
+
+Run 6 automated diagnostic tests to identify exactly why prompt caching is not working or is underperforming.
+
+## Required Permissions
+
+```json
+{
+  "Effect": "Allow",
+  "Action": ["bedrock:Converse"],
+  "Resource": "arn:aws:bedrock:<REGION>::foundation-model/<MODEL_ID>"
+}
+```
+
+## Step 1: Run Cache Diagnostics
+
+Ask the user which model they're using (default: Claude Sonnet 4.6).
+
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/scripts/debug-prompt-cache.py --model-id <MODEL_ID> --region <REGION>
+```
+
+The 6 tests:
+
+1. **Model Support** — Does the model support caching? (silently ignored if not)
+2. **Token Threshold** — Is content above the minimum? (silently ignored if below)
+3. **Cache Write/Read** — Does the cache write-then-read cycle work?
+4. **Prefix Sensitivity** — Demonstrates that even small content changes break the cache
+5. **TTL Behavior** — Confirms cache persists within the TTL window
+6. **Break-Even** — How many requests per TTL window before caching saves money?
+
+## Step 2: Diagnose Failures
+
+If any test fails, load the reference doc for targeted guidance:
+
+Load `${CLAUDE_PLUGIN_ROOT}/skills/bedrock/references/prompt-caching.md` and focus on:
+
+- "Why Isn't My Cache Working?" for the specific failure mode
+- "Preventing Cache Fragmentation" if prefix sensitivity is the issue
+- "Break-Even Analysis" if the cost math doesn't work for their use case
+
+## Step 3: Recommend Strategy
+
+Based on the results, advise on:
+
+- Simplified vs explicit caching for their model
+- 5-minute vs 1-hour TTL for their request pattern
+- Whether caching is cost-effective at their request volume
@@ -0,0 +1,73 @@
+---
+name: bedrock-cache
+description: "Set up and validate prompt caching (simplified or explicit)"
+---
+
+# Bedrock Prompt Caching Setup
+
+Help the developer configure and validate prompt caching on Bedrock.
+
+## Step 1: Choose Caching Strategy
+
+Ask the developer:
+
+**Simplified caching** (recommended for Claude models):
+
+- Single `cachePoint` marker in the system or message blocks
+- Bedrock automatically checks ~20 preceding blocks for cache hits
+- Easiest to implement, fewer lines of code
+- Claude models only
+
+**Explicit caching** (for all supported models):
+
+- Place `cachePoint` markers at specific positions
+- Granular control over what gets cached
+- Supports mixed TTL (1h + 5min) for different content sections
+- Works with Claude, Nova, and other supported models
+
+## Required Permissions
+
+```json
+{
+  "Effect": "Allow",
+  "Action": ["bedrock:Converse", "bedrock:ConverseStream"],
+  "Resource": "arn:aws:bedrock:<REGION>::foundation-model/<MODEL_ID>"
+}
+```
+
+## Step 2: Fetch Latest Implementation Guidance
+
+**Before giving any implementation advice**, fetch the latest prompt caching guidance from the aws-samples repo. This is the authoritative source and takes priority over any other knowledge:
+
+1. Use the context7 MCP tool to resolve and query `amazon-bedrock-samples` for prompt caching documentation:
+   - `mcp__plugin_context7_context7__resolve-library-id` with query `amazon-bedrock-samples prompt caching`
+   - Then `mcp__plugin_context7_context7__query-docs` for the resolved library, topic `prompt caching`
+2. If context7 doesn't return results, use WebFetch to read the README at: https://raw.githubusercontent.com/aws-samples/amazon-bedrock-samples/main/introduction-to-bedrock/prompt-caching/README.md
+3. For specific code samples, fetch directly from the repo:
+   - `converse_api/` — Model-agnostic examples using Converse API with `cachePoint` syntax (recommended starting point)
+   - `invoke_model_api/` — Model-specific examples using InvokeModel API (Anthropic `cache_control` format)
+   - Mixed TTL notebooks for advanced configurations
+
+Only after reviewing the upstream samples, read `${CLAUDE_PLUGIN_ROOT}/skills/bedrock/references/prompt-caching.md` for additional conceptual guidance.
+
+Help the developer adapt the samples to their specific model, region, and use case.
+
+## Step 3: TTL Configuration
+
+If using Claude Sonnet 4.6, Opus 4.6, Sonnet 4.5, Opus 4.5, or Haiku 4.5, offer the 1-hour TTL option for rarely-changing content. For older Claude models that support caching, only the default 5-minute TTL is available.
+
+Remind: when mixing TTLs, longer durations must come before shorter ones.
+
+## Step 4: Validate
+
+Run:
+
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/scripts/validate-prompt-caching.py --model-id <MODEL_ID> --region <REGION>
+```
+
+Confirm cache write on first request and cache read on second.
+
+## Step 5: Verify Metrics (Optional)
+
+Offer to run `/bedrock-usage` to confirm cache metrics are appearing in CloudWatch after the first cached requests.