playbooks

home / mcp / aws mcp server

AWS MCP Server

Provides read-only access to AWS resources via MCP with endpoints for caller identity, S3 buckets, EC2 instances, and IAM users.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "bhavesh8890-mcp-server": {
      "command": "mcp-server-aws",
      "args": [],
      "env": {
        "AWS_REGION": "us-east-1",
        "AWS_ACCESS_KEY_ID": "YOUR_ACCESS_KEY",
        "AWS_SECRET_ACCESS_KEY": "YOUR_SECRET_KEY"
      }
    }
  }
}

The AWS MCP Server provides read-only access to AWS resources through a Model Context Protocol (MCP) interface. It exposes endpoints to verify credentials, list S3 buckets, enumerate EC2 instances, and enumerate IAM users, making it easy to integrate AWS data into your MCP tooling in a secure, read-only manner.

How to use

You connect to this MCP server from your MCP client by configuring a local or remote MCP endpoint that runs as a stdio-based or HTTP-based server. The server exposes a small set of read-only operations for inspecting AWS resources. Use it when you need a lightweight, reproducible way to query AWS state from your MCP-powered tooling without managing credentials in your application code.

Two common ways to run the server are through a local stdio process or via a packaged executable. In the stdio setup, you launch the server with a node runtime and point your client to the built entry file. In the packaged setup, you can run a prebuilt MCP binary that serves the same endpoints.

How to install

Prerequisites you need to prepare before running the server:

  • Node.js v16 or higher
  • AWS credentials with read-only permissions (Access Key ID and Secret Access Key)

Step by step, set up the server locally from a cloned repository or a provided package. The following commands assume you are in the project root.

npm install
npx tsc
npx tsx watch src/index.ts

Configuration examples

You can configure your MCP client to connect to the AWS MCP Server in one of two ways. The configurations shown below illustrate common, explicit setups you would place in your MCP client config.

{
  "mcpServers": {
    "aws_mcp": {
      "command": "node",
      "args": ["/path/to/cloned/repo/dist/index.js"],
      "env": {
        "AWS_ACCESS_KEY_ID": "YOUR_ACCESS_KEY",
        "AWS_SECRET_ACCESS_KEY": "YOUR_SECRET_KEY",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

Alternative distribution option

If you prefer using a single-file package, you can package the server for distribution and run it directly after installation. The example shows how to reference the packaged executable in your client configuration.

{
  "mcpServers": {
    "aws_mcp": {
      "command": "mcp-server-aws",
      "args": [],
      "env": {
        "AWS_ACCESS_KEY_ID": "YOUR_ACCESS_KEY",
        "AWS_SECRET_ACCESS_KEY": "YOUR_SECRET_KEY",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

Running locally for development

If you have cloned the repository and built the server locally, you can start it with a node runtime and point to the built entry file. The following example demonstrates how you would run it and then reference it from your MCP client.

node /path/to/dist/index.js

Available tools

get_aws_caller_identity

Verify the current AWS credentials by returning the caller identity details.

list_s3_buckets

List all S3 buckets accessible with the provided credentials.

list_ec2_instances

List EC2 instances in the configured region or a specified region.

list_iam_users

List IAM users in the configured AWS account.