AWS API MCP Server
OfficialOfficial AWS Labs server that lets agents call any AWS API via the AWS CLI surface.
Add to your client
Copy the config for your MCP client and paste it into its config file.
uvx awslabs.aws-api-mcp-server@latestPaste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"aws-api-mcp-server": {
"command": "uvx",
"args": [
"awslabs.aws-api-mcp-server@latest"
],
"env": {
"AWS_REGION": "us-east-1",
"AWS_PROFILE": "<your-aws-profile>"
}
}
}
}Requires `uv` (the Python package runner). Install it from https://docs.astral.sh/uv/ if `uvx` is not found.
Before you start
- Python 3.10 or newer (the uv/uvx toolchain is recommended for running it)
- The AWS CLI behavior is provided by the package itself; no separate CLI install is strictly required, but a working AWS account is
- AWS credentials configured via an AWS profile (set AWS_API_MCP_PROFILE_NAME) or standard AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY / AWS_SESSION_TOKEN environment variables; the IAM principal's permissions determine what the agent can do
- Optionally Docker, if you run the published ECR image instead of uvx/pip
About AWS API MCP Server
The AWS API MCP Server is an official AWS Labs server that gives AI agents programmatic access to the entire AWS CLI surface. Instead of wrapping a handful of services, it lets the model issue any aws ... command, validates it before execution, and returns the result — so coverage automatically tracks whatever the installed AWS CLI/botocore supports.
It is designed for both read-only exploration ("what EC2 instances are running in us-west-2?") and infrastructure changes ("create an S3 bucket"), with the actual blast radius governed by the IAM permissions of the credentials you provide. A suggest_aws_commands tool helps the model translate natural-language intent into the correct CLI invocation when it is unsure.
Security is delegated to AWS IAM plus a few guardrails: a READ_OPERATIONS_ONLY mode, optional mutation-consent prompts, and a working-directory sandbox for file access. Note that the server is single-tenant and runs with your local file-system permissions — it is not meant to be exposed as a shared multi-user service.
Tools & capabilities (3)
call_awsExecute a validated AWS CLI command and return the result.
suggest_aws_commandsSuggest appropriate AWS CLI commands from a natural-language description.
get_execution_planExperimental: produce step-by-step agent-script guidance for complex multi-step AWS tasks (requires EXPERIMENTAL_AGENT_SCRIPTS=true).
When to use it
- Use it when you want an agent to query AWS state across many services without writing a custom tool for each one
- Use it when provisioning or modifying infrastructure (S3 buckets, EC2, IAM, etc.) through natural language
- Use it when you need broad AWS coverage that automatically tracks new services and CLI features
- Use it when you want a read-only auditing/troubleshooting assistant (set READ_OPERATIONS_ONLY=true)
- Use it when you want IAM, not the tool, to be the source of truth for what the agent is allowed to touch
Quick setup
- 1Ensure Python 3.10+ and uv are installed
- 2Configure AWS credentials (an AWS profile or access-key environment variables) with the IAM permissions you want the agent to have
- 3Add the server to your MCP client config, running it with `uvx awslabs.aws-api-mcp-server@latest` (or pip install / the ECR Docker image)
- 4Set environment variables such as AWS_API_MCP_PROFILE_NAME and AWS_REGION; optionally enable READ_OPERATIONS_ONLY for safety
- 5Restart the MCP client and confirm the call_aws tool appears
- 6Verify by asking the agent to run a harmless read command, e.g. list S3 buckets or describe regions
Security notes
Executes real AWS API calls with your local credentials, so it can create, modify, or delete billable infrastructure; scope the IAM profile tightly and prefer read-only roles when exploring. Set AWS_REGION explicitly to avoid acting in an unintended region.
AWS API MCP Server FAQ
How do I authenticate it?
Provide AWS credentials the same way the AWS CLI does — either a named profile via AWS_API_MCP_PROFILE_NAME, or AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY (plus AWS_SESSION_TOKEN for temporary creds). If none are set explicitly it falls back to the standard boto3 credential chain.
Can I prevent it from changing my infrastructure?
Yes. Set READ_OPERATIONS_ONLY=true to restrict it to read-only calls, and/or use REQUIRE_MUTATION_CONSENT to gate write operations. The strongest control, though, is scoping the IAM permissions of the credentials you give it.
Which AWS services does it support?
Effectively all of them. Because it drives the AWS CLI surface rather than hardcoding services, coverage matches whatever your AWS CLI/botocore version supports.
Is it safe to expose to multiple users?
No. The server is single-tenant, runs with your local file-system permissions, and is not sandboxed for multi-user use. Run one instance per user.
How do I install it without uv?
It is published to PyPI as `awslabs.aws-api-mcp-server` (pip install) and as a Docker image on Amazon ECR Public, in addition to the recommended `uvx awslabs.aws-api-mcp-server@latest`.
Alternatives to AWS API MCP Server
GitHub's official server for repos, issues, PRs, and Actions — local Docker or hosted remote.
Grafana's official server for dashboards, Prometheus/Loki queries, alerts, and incidents.
HashiCorp's official server for Terraform Registry providers, modules, and IaC workflows.
Compare AWS API MCP Server with: