How to add AWS MCP Server to Windsurf
Give Claude access to all 200+ AWS services through the AWS CLI. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 14, 2026 · 182★ · stdio · apikey
Windsurf config for AWS MCP Server
uvx aws-mcp{
"mcpServers": {
"aws-mcp-server": {
"command": "uvx",
"args": [
"aws-mcp"
]
}
}
}Requires `uv` (the Python package runner). Install it from https://docs.astral.sh/uv/ if `uvx` is not found.
Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the AWS MCP Server config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5AWS MCP Server's tools become available to Cascade.
Before you start
- AWS CLI installed
- AWS credentials configured (env vars, ~/.aws/credentials, ~/.aws/config, or IAM role)
- uv installed (for uvx), or Docker
What AWS MCP Server can do in Windsurf
aws_cli_helpGet documentation for any AWS command.
aws_cli_pipelineExecute AWS CLI commands with optional pipes (jq, grep, etc.).
Security
Your IAM policy is your security boundary — the server executes whatever AWS commands Claude requests, and IAM controls what actually succeeds. Use a least-privilege IAM role, never use root credentials, and consider running via Docker for additional host isolation. A sandbox mode (AWS_MCP_SANDBOX) is available.
AWS MCP Server + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the AWS MCP Server config there under the "mcpServers" key and restart the client.
Is AWS MCP Server safe to use with Windsurf?
Your IAM policy is your security boundary — the server executes whatever AWS commands Claude requests, and IAM controls what actually succeeds. Use a least-privilege IAM role, never use root credentials, and consider running via Docker for additional host isolation. A sandbox mode (AWS_MCP_SANDBOX) is available.
How does it control what AWS actions Claude can take?
Your IAM policy is the security boundary. The server executes whatever AWS commands Claude requests, but IAM controls what actually succeeds. Use a least-privilege role and never use root credentials.
Which transports are supported?
stdio (default), streamable-http for web-based MCP clients, and a deprecated sse transport. Set the transport via the AWS_MCP_TRANSPORT environment variable.
How are AWS credentials provided?
Via the standard AWS credential chain: environment variables, ~/.aws/credentials, ~/.aws/config (profiles and region), or an IAM role when running on EC2, ECS, or Lambda. Set AWS_PROFILE to use a specific profile.