mcp/aws-api-mcp-server
Comprehensive AWS API support with command validation and access to all services.
1.9K
mcp/aws-api-mcp-server repository overview
AWS API MCP Server
Comprehensive AWS API support with command validation and access to all services.
MCP Info
| Attribute | Details |
|---|---|
| Docker Image | mcp/aws-api-mcp-server |
| Author | awslabs |
| Repository | https://github.com/awslabs/mcp |
Image Building Info
| Attribute | Details |
|---|---|
| Dockerfile | https://github.com/awslabs/mcp/blob/7bace1f81455088b6690a44e99cabb602259ddf7/src/aws-api-mcp-server/Dockerfile |
| Commit | 7bace1f81455088b6690a44e99cabb602259ddf7 |
| Docker Image built by | Docker Inc. |
| Docker Scout Health Score | |
| Verify Signature | COSIGN_REPOSITORY=mcp/signatures cosign verify mcp/aws-api-mcp-server --key https://raw.githubusercontent.com/docker/keyring/refs/heads/main/public/mcp/latest.pub |
| Licence | Apache License 2.0 |
Available Tools (2)
| Tools provided by this Server | Short Description |
|---|---|
call_aws | Execute AWS CLI commands |
suggest_aws_commands | Suggest AWS CLI commands |
Tools Details
Tool: call_aws
Execute AWS CLI commands with validation and proper error handling. This is the PRIMARY tool to use when you are confident about the exact AWS CLI command needed to fulfill a user's request. Always prefer this tool over 'suggest_aws_commands' when you have a specific command in mind. Key points: - The command MUST start with "aws" and follow AWS CLI syntax - Commands are executed in us-east-1 region by default - For cross-region or account-wide operations, explicitly include --region parameter - All commands are validated before execution to prevent errors - Supports pagination control via max_results parameter - The current working directory is /tmp/aws-api-mcp/workdir - File paths should always have forward slash (/) as a separator regardless of the system. Example: 'c:/folder/file.txt'
Best practices for command generation:
- Always use the most specific service and operation names
- Always use the working directory when writing files, unless user explicitly mentioned another directory
- Include --region when operating across regions
- Only use filters (--filters, --query, --prefix, --pattern, etc) when necessary or user explicitly asked for it
Command restrictions:
- DO NOT use bash/zsh pipes (|) or any shell operators
- DO NOT use bash/zsh tools like grep, awk, sed, etc.
- DO NOT use shell redirection operators (>, >>, <)
- DO NOT use command substitution ($())
- DO NOT use shell variables or environment variables
- DO NOT use relative paths for reading or writing files, use absolute paths instead
Common pitfalls to avoid:
1. Missing required parameters - always include all required parameters
2. Incorrect parameter values - ensure values match expected format
3. Missing --region when operating across regions
Returns:
CLI execution results with API response data or error message
| Parameters | Type | Description |
|---|---|---|
cli_command | string | The complete AWS CLI command to execute. MUST start with "aws" |
max_results | string optional | Optional limit for number of results (useful for pagination) |
This tool may perform destructive updates.
This tool interacts with external entities.
Tool: suggest_aws_commands
Suggest AWS CLI commands based on a natural language query. This is a FALLBACK tool to use when you are uncertain about the exact AWS CLI command needed to fulfill a user's request.
IMPORTANT: Only use this tool when:
1. You are unsure about the exact AWS service or operation to use
2. The user's request is ambiguous or lacks specific details
3. You need to explore multiple possible approaches to solve a task
4. You want to provide options to the user for different ways to accomplish their goal
DO NOT use this tool when:
1. You are confident about the exact AWS CLI command needed - use 'call_aws' instead
2. The user's request is clear and specific about the AWS service and operation
3. You already know the exact parameters and syntax needed
4. The task requires immediate execution of a known command
Best practices for query formulation:
1. Include the user's primary goal or intent
2. Specify any relevant AWS services if mentioned
3. Include important parameters or conditions mentioned
4. Add context about the environment or constraints
5. Mention any specific requirements or preferences
CRITICAL: Query Granularity
- Each query should be granular enough to be accomplished by a single CLI command
- If the user's request requires multiple commands to complete, break it down into individual tasks
- Call this tool separately for each specific task to get the most relevant suggestions
- Example of breaking down a complex request:
User request: "Set up a new EC2 instance with a security group and attach it to an EBS volume"
Break down into:
1. "Create a new security group with inbound rules for SSH and HTTP"
2. "Create a new EBS volume with 100GB size"
3. "Launch an EC2 instance with t2.micro instance type"
4. "Attach the EBS volume to the EC2 instance"
Query examples:
1. "List all running EC2 instances in us-east-1 region"
2. "Get the size of my S3 bucket named 'my-backup-bucket'"
3. "List all IAM users who have AdministratorAccess policy"
4. "List all Lambda functions in my account"
5. "Create a new S3 bucket with versioning enabled and server-side encryption"
6. "Update the memory allocation of my Lambda function 'data-processor' to 1024MB"
7. "Add a new security group rule to allow inbound traffic on port 443"
8. "Tag all EC2 instances in the 'production' environment with 'Environment=prod'"
9. "Configure CloudWatch alarms for high CPU utilization on my RDS instance"
Returns:
A list of up to 10 most likely AWS CLI commands that could accomplish the task, including:
- The CLI command
- Confidence score for the suggestion
- Required parameters
- Description of what the command does
| Parameters | Type | Description |
|---|---|---|
query | string | A natural language description of what you want to do in AWS. Should be detailed enough to capture the user's intent and any relevant context. |
This tool is read-only. It does not modify its environment.
Use this MCP Server
{
"mcpServers": {
"aws-api": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"AWS_REGION",
"-e",
"AWS_API_MCP_PROFILE_NAME",
"-e",
"AWS_ACCESS_KEY_ID",
"-e",
"AWS_SECRET_ACCESS_KEY",
"-e",
"AWS_SESSION_TOKEN",
"mcp/aws-api-mcp-server"
],
"env": {
"AWS_REGION": "us-east-1",
"AWS_API_MCP_PROFILE_NAME": "default",
"AWS_ACCESS_KEY_ID": "AKIAIOSFODNN7EXAMPLE",
"AWS_SECRET_ACCESS_KEY": "your-aws-secret-access-key",
"AWS_SESSION_TOKEN": "your-aws-session-token"
}
}
}
}
Install from MCP:Hub
Tag summary
Content type
Image
Digest
sha256:38ab5435d…
Size
67.9 MB
Last updated
about 1 month ago
Requires Docker Desktop 4.37.1 or later.
This weeks pulls
Pulls:
202
Last week