MCP Hub
Back to servers

AWS MCP Server

A read-only Model Context Protocol server that exposes over 60 AWS tools across services like EC2, S3, and IAM for AI agent interaction. It features multi-region support, resource caching, and audit logging to provide secure, AI-ready access to AWS infrastructure data.

glama
AI & MLAPIs & ServicesData & AnalyticsDevelopment ToolsFile Systems
Updated
Feb 22, 2026
View Source
Claim this server

☁️ AWS MCP Server

Read-only Model Context Protocol server for AWS resources — multi-region, caching, audit, and AI-ready.

📋 Overview

This MCP server exposes 60+ read-only tools across AWS services: identity, EC2, S3, IAM, Cost Explorer, CloudWatch, GuardDuty, CloudTrail, ELB, WAF, Route53, ECS, EKS, RDS, Lambda, and more.

FlowDescription
🔌MCP client connects to this server
🛠️Server invokes AWS APIs (read-only)
📤Returns resources, metrics, cost data to the AI agent

🛠️ Tech Stack

LayerTechnologyPurpose
☁️ MCP ServerTypeScript, AWS SDK v3Protocol handler, tool dispatch
📦 RuntimeNode.js (v18+)Execution
🔐 AuthAWS credentials (keys, profiles, SSO)AWS API calls

🗣️ Languages

LanguageUsed In
TypeScriptMCP server, tools, CLI, libs
JSONConfig (mcp-config.json), MCP schema

📁 Project Structure

├── src/
│   ├── index.ts          # MCP server entry, tool dispatch, resources, prompts
│   ├── load-env.ts       # Loads .env before other modules
│   ├── clients.ts        # Shared AWS clients (one per service)
│   ├── cli.ts            # Local CLI for testing tools
│   ├── integration.test.ts
│   └── lib/              # config, cache, retry, audit, rate-limit, webhook, etc.
├── docs/                 # TOOLS.md, IAM_PERMISSIONS.md, CONFIG.md, TROUBLESHOOTING.md
├── mcp-config.json.example   # Optional: webhook, rate limit, defaults (copy to mcp-config.json)
├── Dockerfile            # Container image for running the server
└── .env                  # AWS credentials (copy from .env.example)

⚡ Capabilities

FeatureDescription
Multi-regionregion parameter on EC2, VPCs, RDS, Lambda tools
Paginationmax_results on list_iam_users, list_s3_buckets, list_ecs_clusters, list_dynamodb_tables, list_cloudformation_stacks
MCP resourcesBrowse aws://region/service/id (identity, EC2, S3, cost, RDS, Lambda, GuardDuty)
MCP promptsAI guidance for cost, security, and resource-list queries
CachingOptional in-memory cache (TTL via MCP_AWS_CACHE_TTL)
RetryExponential backoff for throttled AWS calls
Audit logLog tool invocations when MCP_AWS_AUDIT_LOG=true
Dry-runMock data when MCP_AWS_DRY_RUN=true (no AWS calls)
LocalStackSet AWS_ENDPOINT_URL=http://localhost:4566
Health checkaws_health_check tool to verify credentials
IAM policyget_iam_policy_for_tools generates least-privilege policy
CLInpm run cli -- get_aws_caller_identity for local testing
Config filemcp-config.json for webhook, rate limit, defaults
estimate_costRough cost estimate for EC2, Lambda, RDS, S3
scan_secrets_risksFind Secrets Manager secrets needing attention
Tag filtertag_filter on list_ec2_instances, list_rds_instances
SSO / cross-accountSee docs/SSO_AND_CROSS_ACCOUNT.md

📖 Documentation: TOOLS.md · IAM_PERMISSIONS.md · CONFIG.md · TROUBLESHOOTING.md

🚀 Quick Start

# 1. Configure environment
cp .env.example .env   # Add AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION

# 2. Install and build
npm install
npm run build

# 3. Test locally (dry-run, no AWS calls)
MCP_AWS_DRY_RUN=true npm run cli -- get_aws_caller_identity

MCP Client Configuration

{
  "mcpServers": {
    "aws-mcp": {
      "command": "node",
      "args": ["/absolute/path/to/dist/index.js"],
      "env": {
        "AWS_ACCESS_KEY_ID": "YOUR_ACCESS_KEY",
        "AWS_SECRET_ACCESS_KEY": "YOUR_SECRET_KEY",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

📦 Sharing with Your Team

Option A: Git

  1. Push to a private repo.
  2. Team clones, runs npm install && npm run build.
  3. Point MCP client at dist/index.js (absolute path).

Option B: Package (.tgz)

npm pack   # Creates mcp-server-aws-1.0.0.tgz
npm install -g mcp-server-aws-1.0.0.tgz

Then configure MCP client with "command": "mcp-server-aws".

Option C: Docker

docker build -t mcp-server-aws .
docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_REGION mcp-server-aws

🔧 Development

npm run dev        # Watch mode
npm run typecheck  # TypeScript check (no emit)
npm run cli -- <tool> [--arg key=value]   # Test tools locally
npm run lint       # ESLint
npm run format     # Prettier
npm test           # Unit + integration tests (28 tests)

Release: Push a tag (e.g. v1.0.1) to trigger a GitHub release with built artifacts.

👤 Author

Sergio Sediq

Reviews

No reviews yet

Sign in to write a review