MechCloud Logo
MechCloud
Sign Up / Sign In
by MechCloud Team

How to Use MechCloud AI Agent to Manage Your AWS Resources

awsai-agentec2lightsailtutorial

Managing AWS infrastructure typically means juggling CLI tools, SDKs, or IaC frameworks like Terraform or CloudFormation. MechCloud takes a different approach - you manage your AWS resources using plain English commands through the AWS AI Agent, directly from your browser.

No CLI installations. No state files. No stored credentials.

Why MechCloud AWS AI Agent?

Traditional IaC tools come with overhead - provider upgrades, state management, drift detection, and credential management. MechCloud eliminates all of that:

  • No credentials stored - MechCloud integrates with AWS via OIDC federation. Your AWS API credentials are never stored on MechCloud servers. You configure MechCloud as an identity provider in your AWS account, and temporary credentials are obtained on-the-fly via STS.
  • No state files - Unlike Terraform or Pulumi, there are no state files to manage, lock, or sync.
  • No local tooling - Everything runs in the cloud. No installations, no version upgrades, no provider compatibility issues.
  • Plain English commands - Describe what you want in natural language and the agent executes it.

Getting Started

Before using the AWS Agent, you need to:

  1. Configure MechCloud IdP as an identity provider in your AWS account
  2. Add your AWS account to MechCloud

Follow the steps in the Configure MechCloud IdP into AWS Account section of the docs.

Supported AWS Services

The AWS Agent currently supports EC2 and Lightsail operations, with the ability to chain multiple operations in a single prompt.

EC2 Operations

VPC Management

list all the vpcs

list all the vpcs which are not default

create a vpc with '10.101.0.0/16' cidr

delete a vpc with '<vpc_id>' id

Subnet Management

list all the subnets

list all the subnets which are not default

list all the subnets under '<vpc_id>' vpc

create a subnet with '10.101.1.0/24' cidr under '<vpc_id>' id

delete a subnet with '<subnet_id>' id

Security Groups

create a security group with following details -
name - securitygroup-ssh-https
description - Allow access on ssh and https ports
-----
  add following ingress rules -
  22|tcp|192.168.1.1
  443|tcp|192.168.2.0/24

Instance Types

list all the instance types which are free tier eligible

EC2 VM Provisioning and Lifecycle

Provision an ec2 vm with following details -
subnet id - <subnet id>
ami id - <ami id>
instance type - t2.micro
min count - 1
max count - 1
Start ec2 vms with following ids -
<vm1 id>
<vm2 id>

Stop ec2 vms with following ids -
<vm1 id>
<vm2 id>

Lightsail Operations

The agent also supports a wide range of Lightsail operations.

Key Pair Management

list all the lightsail key pairs

import a lightsail key pair with following details -
name - test1
key - <public_key_content>

show details of 'key1' lightsail key pair

delete 'key1' lightsail key pair

Blueprints and Bundles

list all the lightsail blueprints

list all the lightsail bundles

Lightsail VM Lifecycle

create lightsail vms with following details -
name(s) - instance1, instance2
zone - eu-west-1a
blueprint - ubuntu_24_04
bundle - nano_3_0
ssh key - key1

list all the lightsail VMs

fetch details of 'instance1' lightsail vm

start 'instance1' lightsail vm

stop 'instance1' lightsail vm

reboot 'instance1' lightsail vm

delete 'instance1' lightsail vm

Firewall Rules

replace firewall rules of 'instance1' lightsail vm with following -
22|tcp|@CURRENT_IP
443|tcp|@CURRENT_IP

The @CURRENT_IP placeholder automatically resolves to your current public IP address.

Static IPs

list lightsail static ips

allocate a lightsail static ip

fetch details of 'static1' lightsail static ip

attach 'static1' lightsail static ip to 'instance1' vm

detach 'static1' lightsail static ip

release 'static1' lightsail static ip

Multi-Operation Prompts

One of the most powerful features is the ability to chain multiple operations in a single prompt. Use ----- as a separator between operations, and indent with two spaces to establish parent-child relationships.

Create a VPC with a Subnet

create a vpc with '10.101.0.0/16' cidr
  create a subnet with '10.101.1.0/24' cidr

The two-space indent on the second line tells the agent to create the subnet inside the VPC created by the first line.

Provision a Lightsail Docker Host

import a lightsail key pair with following details -
name - key1
key - <public_key_content>
-----
create a lightsail vm with following details -
name(s) - instance1
zone - eu-west-1a
blueprint - ubuntu_24_04
bundle - nano_3_0
ssh key - key1
user data - "curl -fsSL https://raw.githubusercontent.com/mechcloud/sample-scripts/refs/heads/main/install-docker.sh | bash"
-----
replace firewall rules of 'instance1' lightsail vm with following -
22|tcp|@CURRENT_IP
443|tcp|@CURRENT_IP

This single prompt imports an SSH key, creates a Lightsail VM with Docker pre-installed via user data, and configures firewall rules - all in one go.

Reboot Multiple VMs

reboot following lightsail VMs -
instance1
instance2

What’s Next

The AWS Agent is actively being expanded with support for more AWS services. Check the AWS Agent docs for the latest supported operations.

To get started, sign up for free and connect your AWS account. Join our Discord community for updates and support.