Cost Explorer MCP Server

add_cost_explorer_permissions.sh•3.75 kB

#!/bin/bash # Add Cost Explorer permissions to AgentCore Runtime execution role # This script adds the necessary IAM permissions for the Cost Explorer MCP Server set -e # Configuration EXECUTION_ROLE_ARN="arn:aws:iam::632930644527:role/AmazonBedrockAgentCoreSDKRuntime-us-west-2-cd46aaa99e" ROLE_NAME="AmazonBedrockAgentCoreSDKRuntime-us-west-2-cd46aaa99e" POLICY_NAME="CostExplorerMCPServerPolicy" REGION="us-west-2" echo "🔧 Adding Cost Explorer permissions to AgentCore Runtime execution role..." echo "Role: $ROLE_NAME" echo "Region: $REGION" # Create the Cost Explorer policy document cat > cost_explorer_policy.json << 'EOF' { "Version": "2012-10-17", "Statement": [ { "Sid": "CostExplorerMCPServerPermissions", "Effect": "Allow", "Action": [ "ce:GetCostAndUsage", "ce:GetDimensionValues", "ce:GetReservationCoverage", "ce:GetReservationPurchaseRecommendation", "ce:GetReservationUtilization", "ce:GetUsageReport", "ce:ListCostCategoryDefinitions", "ce:GetRightsizingRecommendation", "ce:GetSavingsPlansUtilization", "ce:GetSavingsPlansCoverage", "ce:GetUsageForecast", "ce:GetCostForecast", "ce:DescribeCostCategoryDefinition", "ce:GetCostCategories", "ce:GetTagValues" ], "Resource": "*" }, { "Sid": "CloudWatchLogsPermissions", "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogGroups", "logs:DescribeLogStreams" ], "Resource": "arn:aws:logs:*:*:*" } ] } EOF echo "📋 Created Cost Explorer policy document" # Check if the policy already exists if aws iam get-role-policy --role-name "$ROLE_NAME" --policy-name "$POLICY_NAME" --region "$REGION" >/dev/null 2>&1; then echo "⚠️ Policy $POLICY_NAME already exists. Updating..." aws iam put-role-policy \ --role-name "$ROLE_NAME" \ --policy-name "$POLICY_NAME" \ --policy-document file://cost_explorer_policy.json \ --region "$REGION" echo "✅ Updated existing policy $POLICY_NAME" else echo "➕ Adding new policy $POLICY_NAME..." aws iam put-role-policy \ --role-name "$ROLE_NAME" \ --policy-name "$POLICY_NAME" \ --policy-document file://cost_explorer_policy.json \ --region "$REGION" echo "✅ Added new policy $POLICY_NAME" fi # Verify the policy was added echo "🔍 Verifying policy attachment..." aws iam get-role-policy \ --role-name "$ROLE_NAME" \ --policy-name "$POLICY_NAME" \ --region "$REGION" \ --query 'PolicyDocument' \ --output json echo "" echo "🎉 SUCCESS! Cost Explorer permissions added to AgentCore Runtime execution role" echo "" echo "📊 The following permissions were granted:" echo " • Cost Explorer API access (ce:*)" echo " • CloudWatch Logs access for monitoring" echo "" echo "🧪 Next steps:" echo " 1. Test the MCP server: BEARER_TOKEN=\$BEARER_TOKEN python test_final.py" echo " 2. Run natural language scenarios: BEARER_TOKEN=\$BEARER_TOKEN python test_natural_language_demo.py" echo " 3. The AgentCore Runtime should now have access to Cost Explorer APIs" echo "" echo "⚠️ Note: Cost Explorer API calls cost \$0.01 each - use filters to minimize charges" # Clean up temporary file rm -f cost_explorer_policy.json echo "🔧 Permissions update complete!"

Loading blob content...

Latest Blog Posts

How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash
What is Streamable HTTP in MCP?
By punkpeye on January 2, 2026.
Streamable HTTP
What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/milan9527/CostExplorerMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

add_cost_explorer_permissions.sh•3.75 kB