Skip to main content
Glama
arunsanna

AWS Sage

by arunsanna
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

AWS Sage

Version License Python Tests

A production-grade Model Context Protocol (MCP) server for AWS. Connect AI assistants to your AWS infrastructure and manage it through natural conversation.

šŸš€ Works with any MCP-compatible client - just install and configure.

Compatible Clients

Client

Status

Notes

Claude Desktop

āœ… Full Support

Recommended

Claude Code

āœ… Full Support

CLI & IDE

Cursor

āœ… Full Support

MCP enabled

Cline

āœ… Full Support

VS Code extension

Windsurf

āœ… Full Support

MCP enabled

Zed

āœ… Full Support

MCP enabled

VS Code + Copilot

ā³ Planned

Via MCP extension

Why AWS Sage?

AWS Labs offers 15 separate MCP servers for different services. AWS Sage takes a different approach:

Feature

AWS Labs MCP

AWS Sage

Architecture

15 separate servers

1 unified server

Tools

~45 tools across servers

30 intelligent tools

Cross-Service Queries

No

Yes - discover resources across all services

Dependency Mapping

No

Yes - "what depends on this resource?"

Impact Analysis

No

Yes - "what breaks if I delete this?"

Incident Investigation

No

Yes - automated troubleshooting workflows

Cost Analysis

Separate server

Built-in - idle resources, rightsizing, projections

LocalStack Support

No

Yes - seamless local development

Multi-Account

No

Yes - cross-account via AssumeRole

Docker Support

Separate

Built-in with docker-compose

Safety System

Basic

3-tier with 70+ blocked operations

Natural Language

Limited

Full NLP with intent classification

Features

Core Capabilities

  • Natural Language Queries: "Show me EC2 instances tagged production"

  • Multi-Profile Support: Switch between AWS profiles with SSO support

  • Auto-Pagination: Never miss resources due to pagination limits

  • Smart Formatting: Tabular output for lists, detailed JSON for single resources

Safety System

Three safety modes protect your infrastructure:

Mode

Description

Operations Allowed

READ_ONLY

Default - exploration only

list, describe, get

STANDARD

Normal operations

read + write (with confirmation)

UNRESTRICTED

Full access

all except denylist

Always Blocked (70+ operations):

  • cloudtrail.delete_trail / stop_logging

  • iam.delete_account_password_policy

  • organizations.leave_organization

  • guardduty.delete_detector

  • kms.schedule_key_deletion

  • And 65+ more critical operations

Unique Differentiators

Cross-Service Resource Discovery

Find resources across your entire AWS account:

"Find all resources tagged Environment=production" "Discover resources with Name containing api"

Dependency Mapping

Understand resource relationships:

"What resources does my Lambda function depend on?" "Map dependencies for my ECS service"

Impact Analysis

Know what breaks before you delete:

"What will break if I delete this security group?" "Show impact of removing this IAM role"

Incident Investigation

Automated troubleshooting workflows:

"Investigate why my Lambda is failing" "Debug high latency on my ALB" "Analyze this security alert"

Cost Analysis

Find savings and optimize spending:

"Find idle resources in my account" "Get rightsizing recommendations for EC2" "Project costs for 3 t3.large instances"

LocalStack Integration

Develop locally without touching production:

"Switch to LocalStack environment" "Compare S3 buckets between localstack and production"

Multi-Account Support

Work across AWS accounts:

"Assume role in account 123456789012" "Switch to production account"

Quick Start

# 1. Clone and install git clone https://github.com/arunsanna/aws-sage cd aws-sage pip install . # 2. Add to Claude Desktop config (see Configuration below) # 3. Restart Claude Desktop # 4. Start chatting: "List my S3 buckets"

That's it! Claude Desktop automatically runs AWS Sage when needed.

Installation

Prerequisites

  • Python 3.11+

  • AWS credentials configured (~/.aws/credentials or ~/.aws/config)

  • Any MCP-compatible client (see Compatible Clients above)

Option 1: From Source

git clone https://github.com/arunsanna/aws-sage cd aws-sage pip install .

Option 2: Direct from GitHub

pip install git+https://github.com/arunsanna/aws-sage.git

Client Configuration

First, find your Python path:

which python # or: which python3

Claude Desktop

Config file location:

OS

Path

macOS

~/Library/Application Support/Claude/claude_desktop_config.json

Windows

%APPDATA%\Claude\claude_desktop_config.json

Linux

~/.config/Claude/claude_desktop_config.json

{ "mcpServers": { "aws-sage": { "command": "/path/to/python3", "args": ["-m", "aws_sage.server"], "env": { "AWS_PROFILE": "default" } } } }

Claude Code

Option 1: CLI command

claude mcp add aws-sage -s user -- python -m aws_sage.server

Option 2: Project config (.mcp.json in project root)

{ "mcpServers": { "aws-sage": { "command": "python", "args": ["-m", "aws_sage.server"], "env": { "AWS_PROFILE": "default" } } } }

Option 3: Global config (~/.claude.json)

{ "mcpServers": { "aws-sage": { "command": "python", "args": ["-m", "aws_sage.server"], "env": { "AWS_PROFILE": "default" } } } }

Cursor

Config file: ~/.cursor/mcp.json (global) or .cursor/mcp.json (project)

{ "mcpServers": { "aws-sage": { "command": "python", "args": ["-m", "aws_sage.server"], "env": { "AWS_PROFILE": "default" } } } }

Cline (VS Code Extension)

Config file: Access via Cline settings ā†’ "Configure MCP Servers" ā†’ cline_mcp_settings.json

{ "mcpServers": { "aws-sage": { "command": "python", "args": ["-m", "aws_sage.server"], "env": { "AWS_PROFILE": "default" }, "disabled": false } } }

Windsurf

Config file:

OS

Path

macOS

~/.codeium/windsurf/mcp_config.json

Windows

%USERPROFILE%\.codeium\windsurf\mcp_config.json

{ "mcpServers": { "aws-sage": { "command": "python", "args": ["-m", "aws_sage.server"], "env": { "AWS_PROFILE": "default" } } } }

Zed

Config file: Zed Settings (settings.json)

{ "context_servers": { "aws-sage": { "command": "python", "args": ["-m", "aws_sage.server"], "env": { "AWS_PROFILE": "default" } } } }

VS Code (Native MCP)

Config file: .vscode/mcp.json (project)

{ "servers": { "aws-sage": { "command": "python", "args": ["-m", "aws_sage.server"], "env": { "AWS_PROFILE": "default" } } } }

Docker Installation (All Clients)

For enhanced security with container isolation:

git clone https://github.com/arunsanna/aws-sage cd aws-sage docker compose build aws-sage

Docker config (use in any client above):

macOS/Linux:

{ "command": "docker", "args": [ "run", "-i", "--rm", "-v", "${HOME}/.aws:/home/appuser/.aws:ro", "-e", "AWS_PROFILE=default", "aws-sage:latest" ] }

Windows:

{ "command": "docker", "args": [ "run", "-i", "--rm", "-v", "%USERPROFILE%\\.aws:/home/appuser/.aws:ro", "-e", "AWS_PROFILE=default", "aws-sage:latest" ] }

Tools Reference (30 Tools)

Credential Management

Tool

Description

list_profiles

List available AWS profiles

select_profile

Select and authenticate with a profile

get_account_info

Show current account ID, region, identity

Safety Controls

Tool

Description

set_safety_mode

Switch between READ_ONLY, STANDARD, UNRESTRICTED

Query Operations (Read-Only)

Tool

Description

aws_query

Natural language AWS queries

validate_operation

Check if an operation is valid without executing

Execute Operations (Require Confirmation)

Tool

Description

aws_execute

Execute validated AWS operations

Context & Memory

Tool

Description

get_context

View conversation context and recent resources

set_alias

Create shortcuts for resources (e.g., "prod-db")

list_aliases

View all defined aliases

Cross-Service Intelligence

Tool

Description

discover_resources

Find resources by tags across all services

map_dependencies

Show what a resource depends on

impact_analysis

Predict what breaks if you modify/delete something

investigate_incident

Automated incident investigation workflows

AWS Knowledge (Composition)

Tool

Description

search_docs

Search AWS documentation

get_aws_knowledge

Query built-in AWS knowledge base

get_best_practices

Get service-specific best practices

get_service_limits

Show default service quotas

Cost Analysis

Tool

Description

find_idle_resources

Find unused EC2/RDS/EBS/EIP resources

get_rightsizing_recommendations

Get EC2 right-sizing suggestions

get_cost_breakdown

Spending analysis by service/tag

project_costs

Estimate costs before deployment

Environment Management

Tool

Description

list_environments

List configured environments (production/localstack)

switch_environment

Switch between LocalStack and production

get_environment_info

Current environment details

check_localstack

Verify LocalStack connectivity

compare_environments

Diff resources between environments

Multi-Account Management

Tool

Description

assume_role

Assume role in another account via STS

list_accounts

Show configured accounts

switch_account

Change active account context

Usage Examples

Basic Queries

"List all S3 buckets" "Show EC2 instances in us-west-2" "Describe Lambda function payment-processor" "Get IAM users with console access"

Cost Analysis

"Find idle resources in us-east-1" "Get rightsizing recommendations for EC2" "Show cost breakdown by service for last 30 days" "Project costs for 2 t3.large and 100GB gp3 EBS"

LocalStack Development

"Switch to localstack" "Create an S3 bucket in localstack" "Compare DynamoDB tables between localstack and production" "Check localstack connectivity"

Multi-Account Operations

"Assume role arn:aws:iam::123456789012:role/AdminRole" "List all configured accounts" "Switch to production account"

Cross-Service Discovery

"Find all resources tagged with Environment=production" "Discover resources owned by team-platform" "Show all resources in the payment-service stack"

Dependency Analysis

"What does my api-gateway Lambda depend on?" "Map all dependencies for the checkout-service ECS task" "Show resources connected to vpc-abc123"

Impact Analysis

"What breaks if I delete sg-abc123?" "Impact of terminating this RDS instance" "What depends on this KMS key?"

Incident Investigation

"Investigate Lambda failures for order-processor" "Debug high latency: ALB arn:aws:elasticloadbalancing:..." "Analyze security alert for instance i-abc123"

Architecture

aws-sage/ ā”œā”€ā”€ Dockerfile # Container support ā”œā”€ā”€ docker-compose.yml # LocalStack + MCP server ā”‚ ā”œā”€ā”€ src/aws_sage/ ā”‚ ā”œā”€ā”€ server.py # FastMCP server (30 tools) ā”‚ ā”œā”€ā”€ config.py # Configuration & safety modes ā”‚ ā”‚ ā”‚ ā”œā”€ā”€ core/ ā”‚ ā”‚ ā”œā”€ā”€ session.py # AWS session management ā”‚ ā”‚ ā”œā”€ā”€ context.py # Conversation memory ā”‚ ā”‚ ā”œā”€ā”€ environment.py # Environment configuration ā”‚ ā”‚ ā”œā”€ā”€ environment_manager.py # LocalStack/production switching ā”‚ ā”‚ ā”œā”€ā”€ multi_account.py # Cross-account management ā”‚ ā”‚ ā””ā”€ā”€ exceptions.py # Custom exceptions ā”‚ ā”‚ ā”‚ ā”œā”€ā”€ safety/ ā”‚ ā”‚ ā”œā”€ā”€ classifier.py # Operation classification ā”‚ ā”‚ ā”œā”€ā”€ validator.py # Pre-execution validation ā”‚ ā”‚ ā””ā”€ā”€ denylist.py # Blocked operations (70+) ā”‚ ā”‚ ā”‚ ā”œā”€ā”€ parser/ ā”‚ ā”‚ ā”œā”€ā”€ intent.py # NLP intent classification ā”‚ ā”‚ ā””ā”€ā”€ service_models.py # Botocore integration ā”‚ ā”‚ ā”‚ ā”œā”€ā”€ execution/ ā”‚ ā”‚ ā”œā”€ā”€ engine.py # Execution orchestrator ā”‚ ā”‚ ā””ā”€ā”€ pagination.py # Auto-pagination ā”‚ ā”‚ ā”‚ ā”œā”€ā”€ composition/ ā”‚ ā”‚ ā”œā”€ā”€ docs_proxy.py # AWS documentation ā”‚ ā”‚ ā””ā”€ā”€ knowledge_proxy.py # AWS knowledge base + live query ā”‚ ā”‚ ā”‚ ā””ā”€ā”€ differentiators/ ā”‚ ā”œā”€ā”€ discovery.py # Cross-service discovery ā”‚ ā”œā”€ā”€ dependencies.py # Dependency mapping ā”‚ ā”œā”€ā”€ workflows.py # Incident investigation ā”‚ ā”œā”€ā”€ cost.py # Cost analysis ā”‚ ā””ā”€ā”€ compare.py # Environment comparison ā”‚ ā””ā”€ā”€ tests/ ā”œā”€ā”€ unit/ # Unit tests (145 tests) ā””ā”€ā”€ integration/ # Integration tests

Development (For Contributors)

Setup

git clone https://github.com/arunsanna/aws-sage cd aws-sage pip install -e ".[dev]"

Run Tests

pytest # All tests pytest --cov=aws_sage # With coverage pytest tests/unit/test_cost.py # Specific module

Local Testing with LocalStack

Test against LocalStack without touching real AWS:

# Start LocalStack docker compose up -d localstack # In Claude Desktop, say: # "Switch to localstack environment" # "Create test bucket my-test-bucket"

Debug Server Directly

For development/debugging (not needed for normal use):

fastmcp dev src/aws_sage/server.py # Interactive mode python -m aws_sage.server # Direct run

Environment Variables

Variable

Description

Default

AWS_PROFILE

AWS profile to use

default

AWS_DEFAULT_REGION

Default AWS region

us-east-1

AWS_SAGE_SAFETY_MODE

Safety mode (read_only/standard/unrestricted)

read_only

AWS_SAGE_LOCALSTACK_ENABLED

Enable LocalStack by default

false

AWS_SAGE_LOCALSTACK_HOST

LocalStack host

localhost

AWS_SAGE_LOCALSTACK_PORT

LocalStack port

4566

Troubleshooting

View Logs

# Claude Desktop logs tail -f ~/Library/Logs/Claude/mcp-server-aws-sage.log tail -f ~/Library/Logs/Claude/mcp.log

Common Issues

"Profile not found"

  • Ensure AWS credentials are configured in ~/.aws/credentials or ~/.aws/config

  • For SSO profiles, run aws sso login --profile <name> first

"Operation blocked"

  • Check current safety mode with get_account_info

  • Use set_safety_mode to change if needed

  • Some operations are always blocked (see denylist)

"Validation failed"

  • The parser validates operations against botocore models

  • Check spelling of service/operation names

  • Use validate_operation to test before executing

"LocalStack not reachable"

  • Ensure LocalStack is running: docker compose up -d localstack

  • Check endpoint: curl http://localhost:4566/_localstack/health

  • Use check_localstack tool to diagnose

Roadmap

v1.0.0 (Current)

  • 30 intelligent tools across 10 categories

  • Cross-service discovery, dependency mapping, impact analysis

  • Cost optimization analyzer

  • LocalStack integration

  • Multi-account support

  • Docker containerization

  • 3-tier safety system with 70+ blocked operations

Future

  • CloudFormation drift detection

  • Custom workflow definitions

  • Terraform state integration

  • Compliance scanning (CIS benchmarks)

References

Contributing

See CONTRIBUTING.md for guidelines.

License

MIT License - see LICENSE for details.

Contact

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

Resources

New MCP Servers

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/arunsanna/aws-sage'

If you have feedback or need assistance with the MCP directory API, please join our Discord server