How to add AWS MCP Server to Claude Desktop
Give Claude access to all 200+ AWS services through the AWS CLI. Paste the config into ~/Library/Application Support/Claude/claude_desktop_config.json and restart Claude Desktop.
Last updated June 14, 2026 ยท 182โ ยท stdio ยท apikey
Claude Desktop config for AWS MCP Server
uvx aws-mcp{
"mcpServers": {
"aws-mcp-server": {
"command": "uvx",
"args": [
"aws-mcp"
]
}
}
}Requires `uv` (the Python package runner). Install it from https://docs.astral.sh/uv/ if `uvx` is not found.
Setup steps
- 1Open Claude Desktop โ Settings โ Developer โ Edit Config (this opens ~/Library/Application Support/Claude/claude_desktop_config.json).
- 2Paste the AWS MCP Server config below under the top-level "mcpServers" key.
- 3Fill in any placeholder secrets (API keys, paths) in the snippet.
- 4Save the file, then fully quit and reopen Claude Desktop.
- 5Open a chat and confirm AWS MCP Server's tools appear under the ๐ tools menu.
Before you start
- AWS CLI installed
- AWS credentials configured (env vars, ~/.aws/credentials, ~/.aws/config, or IAM role)
- uv installed (for uvx), or Docker
What AWS MCP Server can do in Claude Desktop
aws_cli_helpGet documentation for any AWS command.
aws_cli_pipelineExecute AWS CLI commands with optional pipes (jq, grep, etc.).
Security
Your IAM policy is your security boundary โ the server executes whatever AWS commands Claude requests, and IAM controls what actually succeeds. Use a least-privilege IAM role, never use root credentials, and consider running via Docker for additional host isolation. A sandbox mode (AWS_MCP_SANDBOX) is available.
AWS MCP Server + Claude Desktop FAQ
Where is the Claude Desktop config file?
Claude Desktop reads MCP servers from ~/Library/Application Support/Claude/claude_desktop_config.json. Paste the AWS MCP Server config there under the "mcpServers" key and restart the client.
Is AWS MCP Server safe to use with Claude Desktop?
Your IAM policy is your security boundary โ the server executes whatever AWS commands Claude requests, and IAM controls what actually succeeds. Use a least-privilege IAM role, never use root credentials, and consider running via Docker for additional host isolation. A sandbox mode (AWS_MCP_SANDBOX) is available.
How does it control what AWS actions Claude can take?
Your IAM policy is the security boundary. The server executes whatever AWS commands Claude requests, but IAM controls what actually succeeds. Use a least-privilege role and never use root credentials.
Which transports are supported?
stdio (default), streamable-http for web-based MCP clients, and a deprecated sse transport. Set the transport via the AWS_MCP_TRANSPORT environment variable.
How are AWS credentials provided?
Via the standard AWS credential chain: environment variables, ~/.aws/credentials, ~/.aws/config (profiles and region), or an IAM role when running on EC2, ECS, or Lambda. Set AWS_PROFILE to use a specific profile.