AWS API MCP Server

Bridge that lets AI assistants manage AWS infrastructure by executing validated AWS CLI commands across every AWS service.

Developer Tools by AWS Labs AWS IAM credentials (access keys, profiles, or IAM roles); optional OAuth for HTTP mode active

GitHub Docs

Overview

The AWS API MCP Server is an official AWS Labs project that enables AI assistants to interact with AWS services through AWS CLI commands. It acts as a bridge between an MCP client (Claude Desktop, Cursor, VS Code, etc.) and the full AWS API surface, with command validation, security guardrails, and support for AWS services and parameters released after the model's knowledge cutoff.

The server exposes three tools: call_aws for executing validated CLI commands, suggest_aws_commands for translating natural language into CLI suggestions, and an experimental get_execution_plan for multi-step task guidance via agent scripts. It supports read-only mode, mutation consent prompts, custom security policies, and a default working-directory sandbox for file operations.

Because it is maintained by AWS Labs and shipped as part of the official awslabs/mcp monorepo (alongside many other AWS MCP servers), it offers broader and more current AWS coverage than community-built alternatives. It is intended for single-user, local use via stdio; an HTTP transport mode is available but adds significant attack surface.

Tools

Tool	Description
`call_aws`	Executes an AWS CLI command with validation and structured error handling. Subject to read-only mode and mutation-consent guardrails when enabled.
`suggest_aws_commands`	Recommends AWS CLI commands based on a natural language description of the desired task, including coverage of recently released services and parameters.
`get_execution_plan`	Experimental. Returns step-by-step guidance for complex multi-step AWS tasks using agent scripts. Requires EXPERIMENTAL_AGENT_SCRIPTS=true.

Setup Guide

Prerequisites

AWS account with configured credentials (env vars, AWS profile, or IAM role)
Python 3.10 or newer
Optional: uv package manager for faster install

Install with uv (recommended, Linux/macOS)

Add to your MCP client config (e.g. Claude Desktop claude_desktop_config.json):

{
  "mcpServers": {
    "awslabs.aws-api-mcp-server": {
      "command": "uvx",
      "args": ["awslabs.aws-api-mcp-server@latest"],
      "env": {"AWS_REGION": "us-east-1"},
      "disabled": false,
      "autoApprove": []
    }
  }
}

Install with pip

pip install awslabs.aws-api-mcp-server

{
  "mcpServers": {
    "awslabs.aws-api-mcp-server": {
      "command": "python",
      "args": ["-m", "awslabs.aws_api_mcp_server.server"],
      "env": {"AWS_REGION": "us-east-1"},
      "disabled": false,
      "autoApprove": []
    }
  }
}

Install with Docker

{
  "mcpServers": {
    "awslabs.aws-api-mcp-server": {
      "command": "docker",
      "args": [
        "run", "--rm", "--interactive",
        "--env", "AWS_REGION=us-east-1",
        "--volume", "/full/path/to/.aws:/app/.aws",
        "public.ecr.aws/awslabs-mcp/awslabs/aws-api-mcp-server:latest"
      ]
    }
  }
}

Key environment variables

AWS_REGION (default us-east-1): default region for CLI commands
AWS_API_MCP_PROFILE_NAME: AWS named profile to use
READ_OPERATIONS_ONLY (default false): block all mutating commands
REQUIRE_MUTATION_CONSENT (default false): require explicit consent for writes
AWS_API_MCP_WORKING_DIR: server working directory (sandbox for file ops)
AWS_API_MCP_ALLOW_UNRESTRICTED_LOCAL_FILE_ACCESS: workdir | unrestricted | no-access
EXPERIMENTAL_AGENT_SCRIPTS: enable get_execution_plan tool
AWS_API_MCP_TRANSPORT: stdio (default) or streamable-http

Authentication uses the standard boto3 credential chain (env vars, ~/.aws/credentials, IAM role). For HTTP mode, set AUTH_TYPE=no-auth or AUTH_TYPE=oauth with AUTH_ISSUER and AUTH_JWKS_URI.

Use Cases

Inspect AWS account inventory (EC2 instances, S3 buckets, Lambda functions, RDS clusters) on demand from a chat interface
Diagnose production issues by tailing CloudWatch logs, checking ECS task states, and describing failed resources via natural language
Provision and modify infrastructure (create IAM roles, launch EC2 instances, update Lambda config) with mutation-consent guardrails
Translate plain-English requests like "show me unencrypted S3 buckets" into the correct AWS CLI command without manual lookup
Run read-only audits and compliance checks safely by setting READ_OPERATIONS_ONLY=true

Example Prompts

"List all EC2 instances in us-west-2 that have been running for more than 30 days"
"Show me the last 50 error log events from the /aws/lambda/my-function CloudWatch log group"
"Suggest the AWS CLI command to enable versioning on the S3 bucket my-app-uploads"
"Find any IAM users without MFA enabled in this account"
"Create a new SQS queue named order-events with a 5 minute visibility timeout"

Pros

Official AWS Labs project, kept current with new AWS services and parameters
Universal coverage: any AWS CLI command works, not just a hand-picked subset
Built-in safety controls: read-only mode, mutation consent, custom security policies, working-directory sandbox
Multiple install paths (uvx, pip, Docker) and supports both stdio and streamable-HTTP transports

Limitations

Requires Python 3.10+ and local AWS credentials; not a managed remote server
Explicitly not designed for multi-tenant or shared deployments, server runs with the launching user's permissions and no sandbox
Pattern matching and wildcards are not supported in security policies, exact command names must be specified
get_execution_plan is experimental and subject to change

Alternatives

AWS CDK MCP Server (also from awslabs/mcp) for infrastructure-as-code workflows
AWS CloudFormation MCP Server (awslabs/mcp) for template-based provisioning
Community AWS MCP implementations on GitHub, though coverage and maintenance vary