S3 Bucket Public-Access Audit
The agent checks every S3 bucket policy and ACL daily. If a bucket becomes public — or if an existing policy changes — it fires an immediate WhatsApp alert with the diff.
Conversation example
Listing 37 S3 buckets and checking PublicAccessBlock, bucket policies, and ACLs...
S3 Audit — April 12, 14:00 UTC Buckets scanned: 37 Safe: 36 Exposed: 1 ← new Risk: lunogen-uploads-staging - Public READ just enabled at 13:42 UTC - Changed by: daniel-p@lunogen.com via Console - Current objects: 14,280 files (2.4 GB) - Policy diff attached This might be intentional (staging CDN), but the bucket contains user-uploaded content. Paging @daniel-p on WhatsApp to confirm. If it's a mistake, say 'revert bucket' and I'll reapply the previous policy.
More AWS use cases
EC2 Instance State Change Alerts
Any EC2 instance that starts, stops, or terminates unexpectedly fires an EventBridge event. The agent reads it, adds context (who, why, tags), and posts to your #infra WhatsApp group.
Daily AWS Cost Tracker and Forecast
Every morning, the agent hits Cost Explorer for yesterday's spend by service, compares to the budget, forecasts end-of-month, and drops it on WhatsApp before the coffee is cold.
Lambda Function Error Notifications
CloudWatch Alarms on Lambda error metrics route through the agent. It groups related errors, pulls the latest stack trace from CloudWatch Logs, and pings on-call with the suspected cause.
CloudWatch Alarm Routing to On-Call
CloudWatch alarms hit an SNS topic subscribed to LunoGen. The agent checks the current on-call rotation, adds runbook links, and DMs the right engineer on WhatsApp — not just the #alerts channel.
IAM Policy and Suspicious API Call Alerts
CloudTrail streams IAM changes and sensitive API calls (root login, access key creation, policy attach) to the agent, which flags anything suspicious and pings the security channel on WhatsApp.
Deploy this in minutes
Create a LunoGen agent, connect AWS, and start running this workflow from WhatsApp today.