How to add AWS S3 Tables MCP Server to Windsurf
Official AWS Labs MCP server to manage and query S3 Tables (table buckets, namespaces, tables). Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 15, 2026 · 9.2k★ · stdio · apikey · official
Windsurf config for AWS S3 Tables MCP Server
uvx awslabs.s3-tables-mcp-server@latest{
"mcpServers": {
"aws-s3-tables-mcp-server": {
"command": "uvx",
"args": [
"awslabs.s3-tables-mcp-server@latest"
],
"env": {
"AWS_REGION": "us-east-1",
"AWS_PROFILE": "<your-aws-profile>"
}
}
}
}Requires `uv` (the Python package runner). Install it from https://docs.astral.sh/uv/ if `uvx` is not found.
Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the AWS S3 Tables MCP Server config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5AWS S3 Tables MCP Server's tools become available to Cascade.
Before you start
- Python 3.10+ and the uv package manager (the server runs via uvx)
- An AWS account with S3 Tables enabled in your region
- AWS credentials configured locally (via `aws configure`, an AWS_PROFILE, or environment variables) with IAM permissions for S3 Tables actions (s3tables:*) and, for SQL queries, the relevant analytics/Lake Formation access
- Docker is supported as an alternative to uvx for containerized deployment
What AWS S3 Tables MCP Server can do in Windsurf
list_table_bucketsList the S3 table buckets in your account/region.
create_table_bucketCreate a new S3 table bucket (write).
list_namespacesList namespaces within a table bucket.
create_namespaceCreate a namespace inside a table bucket (write).
list_tablesList tables within a namespace.
create_tableCreate a new Iceberg table (write).
rename_tableRename an existing table (write).
get_table_metadataRetrieve a table's metadata and schema.
Security
It uses your local AWS credentials/profile, so it inherits whatever IAM permissions that profile holds; use a least-privilege profile. Write actions require the explicit --allow-write flag, which can create or modify AWS resources and incur cost.
AWS S3 Tables MCP Server + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the AWS S3 Tables MCP Server config there under the "mcpServers" key and restart the client.
Is AWS S3 Tables MCP Server safe to use with Windsurf?
It uses your local AWS credentials/profile, so it inherits whatever IAM permissions that profile holds; use a least-privilege profile. Write actions require the explicit --allow-write flag, which can create or modify AWS resources and incur cost.
How does authentication work?
It uses your standard AWS credential chain — an AWS_PROFILE, environment variables, or `aws configure` output. There is no separate API key; permissions come from the IAM identity those credentials resolve to.
Is it safe to run against production data?
Yes by default. The server starts in read-only mode and only exposes write tools (create bucket/namespace/table, CSV import, data append) when you explicitly pass `--allow-write`.
What does the SQL query tool support?
`run_sql_query` executes read-only queries over your S3 Tables (Iceberg) data. It is intended for analytics and exploration, not for mutating table contents.