Cloud Commander is a powerful, secure and user-friendly discord bot that lets users manage their AWS resources directly from a discord channel. It is built with Python, Boto3 and Discord.py.
- Secure IAM Role-based Access via AWS STS
- Region-per-user support (
/set-region,/switch-region) - EC2 management: list, start, stop, and metrics
- EBS & RDS: volume/status checks, metrics, DB start/stop
- S3 & Lambda: list buckets/functions, usage stats
- CloudFormation support: list & describe stacks
- CloudWatch metrics
- Network insights: VPCs, Subnets, NACLs, Route Tables and much more
Aws_Cloudcommander/
├── main.py
├── app/
│ ├── utils.py # Helper functions (roles, error formatting etc)
│ ├── decorators.py # Custom decorators
│ ├── aws_clients.py # AWS session helpers
│ └── __init__.py
├── commands/ # All bot command registrations & events
│ ├── onboarding.py # Event handlers
│ ├── ec2_commands.py
│ ├── rds_commands.py
│ ├── s3_commands.py
│ ├── lambda_commands.py
│ ├── cf_commands.py
│ ├── ebs_commands.py
│ ├── network_commands.py
│ ├── billing_commands.py
│ ├── region_commands.py
│ ├── role_commands.py
│ ├── alerts.py
│ └── misc_commands.py
├── roles.json # Stores aws users roles and regions info
├── requirements.txt # Dependencies
├── Dockerfile
├── .dockerignore
├── .gitignore
├── LICENSE
├── ReadMe.md
└── .github/
└── workflows/
└── ci-docker.yml
- Make sure you have Python 3.10+
- It is recommended to make a virtual environment and work inside that.
python -m venv venv
source venv\Scripts\activate
pip install -r requirements.txt- AWS CLI installed and configured in your machine.
Create a .env file inside the project directory and add:
BOT_TOKEN=your_discord_bot_token- Create an IAM role
- Select entity type
AWS Account - Name it something like
Awscommander_bot_handle - Attach necessary permissions for the services you want to control (It can be done later also).
- Edit Trust Policy and use this
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<your_account_id>:user/<your_iam_user_name>"
},
"Action": "sts:AssumeRole"
}
]
}
- Attach this role to an IAM user (new or exsisting)
- Create an inline policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::<your_account_id>:role/Awscommander_bot_handle"
}
]
}
- Now the IAM user running the bot has permission to call
sts:AssumeRoleon the role we created.
Run:
python main.py- Go to the
#cloud-commanderchannel - Run
/setup-role <your_iam_role_arn> - Run
/set-region <your_aws_region>(default: us-east-1) - Run
/commandsto explore all supported commands
- When a user runs a bot command the bot reads the stored IAM role arn from roles.json.
- It uses AWS STS assume_role() to get temporary credentials.
- These credentials are used by boto3 to perform AWS actions on behalf of the user.
- When a user runs a command, the bot looks up their IAM Role and AWS region.
docker pull pulak0007/aws-commander:latest
- Docker Desktop
- AWS CLI installed and configured
- A Discord Bot Token
- Go to: https://discord.com/developers/applications
- Click "New Application"
- Go to the "Bot" section and click "Add Bot"
- Click "Reset Token" → "Copy" your bot token
Set-Content .env "BOT_TOKEN=your-bot-token"
Configure AWS CLI (If not configured previously)
aws configure --profile desired_profile_name
- Fill with your AWS credentials.
- PowerShell:
docker run -it `
--name container_name `
-v "$env:USERPROFILE\.aws:/root/.aws" `
--env-file .env `
-e AWS_PROFILE = your_aws_profile_name `
pulak0007/aws-commander
- CMD:
docker run -it ^
--name cloudcommander-bot ^
-v %USERPROFILE%\.aws:/root/.aws ^
--env-file .env ^
-e AWS_PROFILE= your_aws_profile_name ^
pulak0007/aws-commander
- Invite the bot into the server