[FEATURE] Add ability to disable specific tools (e.g., use_aws) when building agents #337
Description
Problem Statement
The use_aws tool in Strands-agent-tools poses a high security risk as it can invoke AWS APIs. We have observability to monitor the tool usage in production, but we also need to prevent it from being used in development environments. The confirmation prompts for mutative operations are not enough for organizations with strict security policies. Currently, there is no way to selectively disable this tool while maintaining access to other tools offered by Strands-agent-tools.
Proposed Solution
No response
Use Case
- Development teams building agents with Strands-agent-tools need to prevent accidental or unauthorized AWS API invocations in non-production environments
- Organizations with strict security policies require the ability to allowlist/denylist specific tools based on their risk profile
- Developers want to use the majority of Strands-agent-tools capabilities while explicitly blocking high-risk tools like use_aws
Alternatives Solutions
- Fork the repository and remove the use_aws tool manually (which is not maintainable)
- Use IAM policies to restrict AWS API access (which blocks the agility of development)
Additional Context
No response