AWS MCP Server

AWS MCP Server

A read-only Model Context Protocol server that exposes over 60 AWS tools across services like EC2, S3, and IAM for AI agent interaction. It features multi-region support, resource caching, and audit logging to provide secure, AI-ready access to AWS infrastructure data.

Category
Visit Server

README

โ˜๏ธ AWS MCP Server

Read-only Model Context Protocol server for AWS resources โ€” multi-region, caching, audit, and AI-ready.

๐Ÿ“‹ Overview

This MCP server exposes 60+ read-only tools across AWS services: identity, EC2, S3, IAM, Cost Explorer, CloudWatch, GuardDuty, CloudTrail, ELB, WAF, Route53, ECS, EKS, RDS, Lambda, and more.

Flow Description
๐Ÿ”Œ MCP client connects to this server
๐Ÿ› ๏ธ Server invokes AWS APIs (read-only)
๐Ÿ“ค Returns resources, metrics, cost data to the AI agent

๐Ÿ› ๏ธ Tech Stack

Layer Technology Purpose
โ˜๏ธ MCP Server TypeScript, AWS SDK v3 Protocol handler, tool dispatch
๐Ÿ“ฆ Runtime Node.js (v18+) Execution
๐Ÿ” Auth AWS credentials (keys, profiles, SSO) AWS API calls

๐Ÿ—ฃ๏ธ Languages

Language Used In
TypeScript MCP server, tools, CLI, libs
JSON Config (mcp-config.json), MCP schema

๐Ÿ“ Project Structure

โ”œโ”€โ”€ src/
โ”‚   โ”œโ”€โ”€ index.ts          # MCP server entry, tool dispatch, resources, prompts
โ”‚   โ”œโ”€โ”€ load-env.ts       # Loads .env before other modules
โ”‚   โ”œโ”€โ”€ clients.ts        # Shared AWS clients (one per service)
โ”‚   โ”œโ”€โ”€ cli.ts            # Local CLI for testing tools
โ”‚   โ”œโ”€โ”€ integration.test.ts
โ”‚   โ””โ”€โ”€ lib/              # config, cache, retry, audit, rate-limit, webhook, etc.
โ”œโ”€โ”€ docs/                 # TOOLS.md, IAM_PERMISSIONS.md, CONFIG.md, TROUBLESHOOTING.md
โ”œโ”€โ”€ mcp-config.json.example   # Optional: webhook, rate limit, defaults (copy to mcp-config.json)
โ”œโ”€โ”€ Dockerfile            # Container image for running the server
โ””โ”€โ”€ .env                  # AWS credentials (copy from .env.example)

โšก Capabilities

Feature Description
Multi-region region parameter on EC2, VPCs, RDS, Lambda tools
Pagination max_results on list_iam_users, list_s3_buckets, list_ecs_clusters, list_dynamodb_tables, list_cloudformation_stacks
MCP resources Browse aws://region/service/id (identity, EC2, S3, cost, RDS, Lambda, GuardDuty)
MCP prompts AI guidance for cost, security, and resource-list queries
Caching Optional in-memory cache (TTL via MCP_AWS_CACHE_TTL)
Retry Exponential backoff for throttled AWS calls
Audit log Log tool invocations when MCP_AWS_AUDIT_LOG=true
Dry-run Mock data when MCP_AWS_DRY_RUN=true (no AWS calls)
LocalStack Set AWS_ENDPOINT_URL=http://localhost:4566
Health check aws_health_check tool to verify credentials
IAM policy get_iam_policy_for_tools generates least-privilege policy
CLI npm run cli -- get_aws_caller_identity for local testing
Config file mcp-config.json for webhook, rate limit, defaults
estimate_cost Rough cost estimate for EC2, Lambda, RDS, S3
scan_secrets_risks Find Secrets Manager secrets needing attention
Tag filter tag_filter on list_ec2_instances, list_rds_instances
SSO / cross-account See docs/SSO_AND_CROSS_ACCOUNT.md

๐Ÿ“– Documentation: TOOLS.md ยท IAM_PERMISSIONS.md ยท CONFIG.md ยท TROUBLESHOOTING.md

๐Ÿš€ Quick Start

# 1. Configure environment
cp .env.example .env   # Add AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION

# 2. Install and build
npm install
npm run build

# 3. Test locally (dry-run, no AWS calls)
MCP_AWS_DRY_RUN=true npm run cli -- get_aws_caller_identity

MCP Client Configuration

{
  "mcpServers": {
    "aws-mcp": {
      "command": "node",
      "args": ["/absolute/path/to/dist/index.js"],
      "env": {
        "AWS_ACCESS_KEY_ID": "YOUR_ACCESS_KEY",
        "AWS_SECRET_ACCESS_KEY": "YOUR_SECRET_KEY",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

๐Ÿ“ฆ Sharing with Your Team

Option A: Git

  1. Push to a private repo.
  2. Team clones, runs npm install && npm run build.
  3. Point MCP client at dist/index.js (absolute path).

Option B: Package (.tgz)

npm pack   # Creates mcp-server-aws-1.0.0.tgz
npm install -g mcp-server-aws-1.0.0.tgz

Then configure MCP client with "command": "mcp-server-aws".

Option C: Docker

docker build -t mcp-server-aws .
docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_REGION mcp-server-aws

๐Ÿ”ง Development

npm run dev        # Watch mode
npm run typecheck  # TypeScript check (no emit)
npm run cli -- <tool> [--arg key=value]   # Test tools locally
npm run lint       # ESLint
npm run format     # Prettier
npm test           # Unit + integration tests (28 tests)

Release: Push a tag (e.g. v1.0.1) to trigger a GitHub release with built artifacts.

๐Ÿ‘ค Author

Sergio Sediq

  • ๐Ÿ”— GitHub
  • ๐Ÿ’ผ LinkedIn
  • โœ‰๏ธ sediqsergio@gmail.com

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured