How to add AWS API MCP Server to Claude Desktop
Official AWS Labs server that lets agents call any AWS API via the AWS CLI surface. Paste the config into ~/Library/Application Support/Claude/claude_desktop_config.json and restart Claude Desktop.
Last updated June 15, 2026 ยท 9.3kโ ยท stdio ยท apikey ยท official
Claude Desktop config for AWS API MCP Server
uvx awslabs.aws-api-mcp-server@latest{
"mcpServers": {
"aws-api-mcp-server": {
"command": "uvx",
"args": [
"awslabs.aws-api-mcp-server@latest"
],
"env": {
"AWS_REGION": "us-east-1",
"AWS_PROFILE": "<your-aws-profile>"
}
}
}
}Requires `uv` (the Python package runner). Install it from https://docs.astral.sh/uv/ if `uvx` is not found.
Setup steps
- 1Open Claude Desktop โ Settings โ Developer โ Edit Config (this opens ~/Library/Application Support/Claude/claude_desktop_config.json).
- 2Paste the AWS API MCP Server config below under the top-level "mcpServers" key.
- 3Fill in any placeholder secrets (API keys, paths) in the snippet.
- 4Save the file, then fully quit and reopen Claude Desktop.
- 5Open a chat and confirm AWS API MCP Server's tools appear under the ๐ tools menu.
Before you start
- Python 3.10 or newer (the uv/uvx toolchain is recommended for running it)
- The AWS CLI behavior is provided by the package itself; no separate CLI install is strictly required, but a working AWS account is
- AWS credentials configured via an AWS profile (set AWS_API_MCP_PROFILE_NAME) or standard AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY / AWS_SESSION_TOKEN environment variables; the IAM principal's permissions determine what the agent can do
- Optionally Docker, if you run the published ECR image instead of uvx/pip
What AWS API MCP Server can do in Claude Desktop
call_awsExecute a validated AWS CLI command and return the result.
suggest_aws_commandsSuggest appropriate AWS CLI commands from a natural-language description.
get_execution_planExperimental: produce step-by-step agent-script guidance for complex multi-step AWS tasks (requires EXPERIMENTAL_AGENT_SCRIPTS=true).
Security
Executes real AWS API calls with your local credentials, so it can create, modify, or delete billable infrastructure; scope the IAM profile tightly and prefer read-only roles when exploring. Set AWS_REGION explicitly to avoid acting in an unintended region.
AWS API MCP Server + Claude Desktop FAQ
Where is the Claude Desktop config file?
Claude Desktop reads MCP servers from ~/Library/Application Support/Claude/claude_desktop_config.json. Paste the AWS API MCP Server config there under the "mcpServers" key and restart the client.
Is AWS API MCP Server safe to use with Claude Desktop?
Executes real AWS API calls with your local credentials, so it can create, modify, or delete billable infrastructure; scope the IAM profile tightly and prefer read-only roles when exploring. Set AWS_REGION explicitly to avoid acting in an unintended region.
How do I authenticate it?
Provide AWS credentials the same way the AWS CLI does โ either a named profile via AWS_API_MCP_PROFILE_NAME, or AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY (plus AWS_SESSION_TOKEN for temporary creds). If none are set explicitly it falls back to the standard boto3 credential chain.
Can I prevent it from changing my infrastructure?
Yes. Set READ_OPERATIONS_ONLY=true to restrict it to read-only calls, and/or use REQUIRE_MUTATION_CONSENT to gate write operations. The strongest control, though, is scoping the IAM permissions of the credentials you give it.
Which AWS services does it support?
Effectively all of them. Because it drives the AWS CLI surface rather than hardcoding services, coverage matches whatever your AWS CLI/botocore version supports.