https://github.com/alexei-led/aws-mcp-server
A lightweight service that enables AI assistants to execute AWS CLI commands (in safe containerized environment) through the Model Context Protocol (MCP). Bridges Claude, Cursor, and other MCP-aware AI tools with AWS CLI for enhanced cloud infrastructure management.
https://github.com/alexei-led/aws-mcp-server
ai-assistant aws aws-automation claude cloud-infrastructure devops docker mcp mcp-server modelcontextprotocol
Last synced: about 2 months ago
JSON representation
A lightweight service that enables AI assistants to execute AWS CLI commands (in safe containerized environment) through the Model Context Protocol (MCP). Bridges Claude, Cursor, and other MCP-aware AI tools with AWS CLI for enhanced cloud infrastructure management.
- Host: GitHub
- URL: https://github.com/alexei-led/aws-mcp-server
- Owner: alexei-led
- License: mit
- Created: 2025-03-19T13:42:40.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2026-02-22T18:04:24.000Z (2 months ago)
- Last Synced: 2026-02-22T23:05:21.936Z (2 months ago)
- Topics: ai-assistant, aws, aws-automation, claude, cloud-infrastructure, devops, docker, mcp, mcp-server, modelcontextprotocol
- Language: Python
- Homepage:
- Size: 5.58 MB
- Stars: 176
- Watchers: 3
- Forks: 30
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-mcp - alexei-led/aws-mcp-server
- awesome-mcp-servers - aws-mcp-server - A lightweight MCP server that allows AI assistants to execute AWS CLI commands, use Unix pipes, and apply prompt templates for AWS tasks in a secure, multi-architecture Docker environment. ([Read more](/details/aws-mcp-server.md)) `aws` `cloud` `mcp` `docker` (Cloud & DevOps MCP Servers)
- awesome-mcp-servers - alexei-led/aws-mcp-server - A lightweight but powerful server that enables AI assistants to execute AWS CLI commands, use Unix pipes, and apply prompt templates for common AWS tasks in a safe Docker environment with multi-architecture support (Legend / ☁️ <a name="cloud-platforms"></a>Cloud Platforms)
- awesome-mcp-servers - **aws-mcp-server** - A lightweight service that enables AI assistants to execute AWS CLI commands (in safe containerized environment) through the Model Context Protocol (MCP). Bridges Claude, Cursor, and other MCP-aware AI tools with AWS CLI for enhanced cloud infrastructure management. `python` `ai-assistant` `aws` `aws-automation` `claude` `pip install git+https://github.com/alexei-led/aws-mcp-server` (⚙️ DevOps)
- best-of-mcp-servers - GitHub
- awesome-mcp-servers - alexei-led/aws-mcp-server - AIアシスタントがAWS CLIコマンドを実行し、Unixパイプを使用し、マルチアーキテクチャサポート付きの安全なDocker環境で一般的なAWSタスクのプロンプトテンプレートを適用できるようにする軽量で強力なサーバー (サーバー実装 / ☁️ <a name="cloud-platforms"></a>クラウドプラットフォーム)
- awesome-mcp-zh - alexei-led/aws-mcp-server
- awesome-devops-mcp-servers - alexei-led/aws-mcp-server - A lightweight but powerful server that enables AI assistants to execute AWS CLI commands, use Unix pipes, and apply prompt templates for common AWS tasks in a safe Docker environment with multi-architecture support. (Cloud Infrastructure / ☁️ Cloud Providers)
- awesome-mcp - alexei-led/aws-mcp-server - A lightweight but powerful server that enables AI assistants to execute AWS CLI commands, use Unix pipes, and apply prompt templates for common AWS tasks in a safe Docker environment with multi-architecture support (MCP Servers / ☁️ Cloud Platforms)
- toolsdk-mcp-registry - ❌ aws-cli
- awesome-ai-tools - alexei-led/aws-mcp-server - Lightweight server enabling AI assistants to execute AWS CLI commands in Docker environment (MCP Servers / ☁️ Cloud Platforms & Infrastructure)
- awesome-devops-mcp - alexei-led/aws-mcp-server - Secure AWS CLI command execution with pipes and templates for common AWS tasks in a Docker environment (☁️ Cloud Platforms)
- awesome-mcp-servers - AWS MCP Bridge - A lightweight service that enables AI assistants to execute AWS CLI commands (in safe containerized environment) through the Model Context Protocol (MCP). Bridges Claude, Cursor, and other MCP-aware AI tools with AWS CLI for enhanced cloud infrastructure management. (Table of Contents / System Automation)
- awesome-mcp-servers - alexei-led/aws-mcp-server - AIアシスタントがAWS CLIコマンドを実行し、Unixパイプを使用し、マルチアーキテクチャサポート付きの安全なDocker環境で一般的なAWSタスクのプロンプトテンプレートを適用できるようにする軽量で強力なサーバー (サーバー実装 / ☁️ <a name="cloud-platforms"></a>クラウドプラットフォーム)
- awesome-mcp-security - alexei-led/aws-mcp-server - A lightweight but powerful server that enables AI assistants to execute AWS CLI commands, use Unix pipes, and apply prompt templates for common AWS tasks in a safe Docker environment with multi-architecture support. (Cloud Infrastructure / ☁️ Cloud Providers)
- awesome-mcp-list - alexei-led/aws-mcp-server - led/aws-mcp-server?style=social)](https://github.com/alexei-led/aws-mcp-server): Enables secure execution of AWS CLI commands and prompt templates within Docker. (Uncategorized / Uncategorized)
- awesome-openclaw-skills - AWS MCP Server - | (MCP Servers & Protocol)
README
# AWS MCP Server
[](https://github.com/alexei-led/aws-mcp-server/actions/workflows/ci.yml)
[](https://pypi.org/project/aws-mcp/)
[](https://codecov.io/gh/alexei-led/aws-mcp-server)
[](https://github.com/alexei-led/aws-mcp-server)
[](https://github.com/alexei-led/aws-mcp-server/pkgs/container/aws-mcp-server)
Give Claude access to all 200+ AWS services through the AWS CLI.
## Demo
[Demo](https://private-user-images.githubusercontent.com/1898375/424996801-b51ddc8e-5df5-40c4-8509-84c1a7800d62.mp4?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NDI0NzY5OTUsIm5iZiI6MTc0MjQ3NjY5NSwicGF0aCI6Ii8xODk4Mzc1LzQyNDk5NjgwMS1iNTFkZGM4ZS01ZGY1LTQwYzQtODUwOS04NGMxYTc4MDBkNjIubXA0P1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI1MDMyMCUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNTAzMjBUMTMxODE1WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NjgwNTM4MDVjN2U4YjQzN2Y2N2Y5MGVkMThiZTgxYWEyNzBhZTlhMTRjZDY3ZDJmMzJkNmViM2U4M2U4MTEzNSZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QifQ.tIb7uSkDpSaspIluzCliHS8ATmlzkvEnF3CiClD-UGQ)
## What It Does
This MCP server lets Claude run AWS CLI commands on your behalf. Instead of wrapping each AWS API individually, it wraps the CLI itself—giving Claude complete AWS access through just two tools:
| Tool | Purpose |
| ------------------ | ----------------------------------------------------------------- |
| `aws_cli_help` | Get documentation for any AWS command |
| `aws_cli_pipeline` | Execute AWS CLI commands with optional pipes (`jq`, `grep`, etc.) |
Claude learns commands on-demand using `--help`, then executes them. Your IAM policy controls what it can actually do.
```mermaid
flowchart LR
Claude[Claude] -->|MCP| Server[AWS MCP Server]
Server --> CLI[AWS CLI]
CLI --> AWS[AWS Cloud]
IAM[Your IAM Policy] -.->|controls| AWS
```
## What's New
- **Streamable HTTP transport** — New `streamable-http` transport for web-based MCP clients, replacing the deprecated `sse` transport ([#33](https://github.com/alexei-led/aws-mcp-server/issues/33))
- **Input validation error handling** — Validation errors now return proper MCP tool errors (`isError: true`) instead of regular results ([#34](https://github.com/alexei-led/aws-mcp-server/issues/34))
- **Server description** — Server advertises its purpose to MCP clients via the `instructions` field ([#35](https://github.com/alexei-led/aws-mcp-server/issues/35))
- **Server icons** — Server provides icon metadata for MCP client display ([#36](https://github.com/alexei-led/aws-mcp-server/issues/36))
- **Graceful shutdown** — Server disconnects cleanly when the MCP client disconnects ([#16](https://github.com/alexei-led/aws-mcp-server/issues/16))
## Quick Start
### Prerequisites
- [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) installed
- AWS credentials configured (see [AWS Credentials](#aws-credentials))
- [uv](https://docs.astral.sh/uv/getting-started/installation/) installed (for `uvx`)
### Claude Code
Add to your MCP settings (Cmd+Shift+P → "Claude: Open MCP Config"):
```json
{
"mcpServers": {
"aws": {
"command": "uvx",
"args": ["aws-mcp"]
}
}
}
```
### Claude Desktop
Add to your Claude Desktop config file:
**macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json`
**Windows**: `%APPDATA%\Claude\claude_desktop_config.json`
```json
{
"mcpServers": {
"aws": {
"command": "uvx",
"args": ["aws-mcp"]
}
}
}
```
### Docker (More Secure)
Docker provides stronger isolation by running commands in a container:
```json
{
"mcpServers": {
"aws": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-v",
"~/.aws:/home/appuser/.aws:ro",
"ghcr.io/alexei-led/aws-mcp-server:latest"
]
}
}
}
```
> **Note**: Replace `~/.aws` with the full path on Windows (e.g., `C:\Users\YOU\.aws`).
### Docker with Streamable HTTP Transport
For web-based MCP clients, use the `streamable-http` transport:
```bash
docker run --rm -p 8000:8000 \
-e AWS_MCP_TRANSPORT=streamable-http \
-v ~/.aws:/home/appuser/.aws:ro \
ghcr.io/alexei-led/aws-mcp-server:latest
```
The server will be available at `http://localhost:8000/mcp`.
> **Note**: The `sse` transport is deprecated. Use `streamable-http` instead.
## AWS Credentials
The server uses the standard AWS credential chain. Your credentials are discovered automatically from:
1. **Environment variables**: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`
2. **Credentials file**: `~/.aws/credentials`
3. **Config file**: `~/.aws/config` (for profiles and region)
4. **IAM role**: When running on EC2, ECS, or Lambda
To use a specific profile:
```json
{
"mcpServers": {
"aws": {
"command": "uvx",
"args": ["aws-mcp"],
"env": {
"AWS_PROFILE": "my-profile"
}
}
}
}
```
## Configuration
### AWS Settings
| Environment Variable | Description | Default |
| ----------------------------- | ---------------------------------------------- | -------------------- |
| `AWS_PROFILE` | AWS profile to use | `default` |
| `AWS_REGION` | AWS region (also accepts `AWS_DEFAULT_REGION`) | `us-east-1` |
| `AWS_CONFIG_FILE` | Custom path to AWS config file | `~/.aws/config` |
| `AWS_SHARED_CREDENTIALS_FILE` | Custom path to credentials file | `~/.aws/credentials` |
### Server Settings
| Environment Variable | Description | Default |
| ----------------------------- | ------------------------------------------------ | -------- |
| `AWS_MCP_TIMEOUT` | Command execution timeout in seconds | `300` |
| `AWS_MCP_MAX_OUTPUT` | Maximum output size in characters | `100000` |
| `AWS_MCP_TRANSPORT` | Transport protocol (`stdio`, `sse`, or `streamable-http`) | `stdio` |
| `AWS_MCP_SANDBOX` | Sandbox mode (`auto`, `disabled`, `required`) | `auto` |
| `AWS_MCP_SANDBOX_CREDENTIALS` | Credential passing (`env`, `aws_config`, `both`) | `both` |
## Security
**Your IAM policy is your security boundary.** This server executes whatever AWS commands Claude requests—IAM controls what actually succeeds.
Best practices:
- Use a **least-privilege IAM role** (only permissions Claude needs)
- **Never use root credentials**
- Consider **Docker** for additional host isolation
For detailed security architecture, see [Security Documentation](docs/SECURITY.md).
## Documentation
- [Usage Guide](docs/USAGE.md) — Tools, resources, and prompt templates
- [Security Architecture](docs/SECURITY.md) — IAM + Sandbox + Docker model
- [Development Guide](docs/DEVELOPMENT.md) — Contributing and testing
## License
MIT License — see [LICENSE](LICENSE) for details.