Calling AlertD from Claude
Once the plugin is installed and connected, AlertD adds a single tool to Claude Code — aws_discovery — that lets Claude query and analyze your AWS infrastructure. You don’t call the tool directly; you ask Claude in plain language and it invokes AlertD when your question is about AWS.
How it works
When you ask Claude something about your cloud, it recognizes the intent and routes the question to AlertD’s aws_discovery tool. AlertD’s discovery engine translates your request into a precise query, runs it against your connected AWS account, analyzes the results, and streams the analysis back into your Claude Code session.
aws_discovery can:
- Inventory resources across EC2, EKS, RDS, S3, IAM, VPC, Lambda, and more
- Assess security posture of your infrastructure
- Map blast radius for a resource or change
- Investigate cross-service relationships between resources
Asking questions
Just describe what you want in natural language. For example:
What's in my AWS account?
List all EC2 instances in us-west-2.
Which S3 buckets are publicly accessible?
Show me the RDS databases and what can reach them.
What's the blast radius if I delete security group sg-0abc123?
Map the IAM roles that can assume into production.Claude will call AlertD, show its progress as it works, and then present the analysis. AlertD returns verbose output by design — expect the full detail of the results, not just a summary.
Keep your queries natural. AlertD’s discovery engine is better than Claude at turning intent into a precise query, so phrase questions the way you’d say them out loud. Avoid over-specifying technical detail like CIDR ranges, exact field names, or port numbers unless they’re genuinely part of your question — extra precision tends to hurt, not help.
The session link
Every AlertD response includes a session URL. Claude surfaces it as a clickable link at the end of the answer — open it to view the full, interactive results (the underlying query, the data table, and the analysis) in the AlertD web app. The link looks like:
https://alertd.mycompany.com/<session>#<chat>Use it whenever you want to drill into the raw results beyond what Claude shows inline.
Continuing a conversation
Follow-up questions in the same Claude Code conversation build on what came before, so you can refine naturally:
You: List all EC2 instances in us-west-2.
Claude: …(results)…
You: Of those, which ones are publicly exposed?
Claude: …(narrows to the public ones)…Tips
- Be explicit when you want AlertD. If Claude answers from general knowledge instead of querying your account, nudge it — e.g. “Use AlertD to check my actual AWS account.”
- One question at a time usually yields the cleanest analysis; ask follow-ups to go deeper.
- Not connected? If Claude says the tool isn’t available, run
/mcpto confirm alertd is connected and authenticated. See Installation → Authenticate and verify.