Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| AWS_REGION | No | Default AWS region | us-east-1 |
| AWS_PROFILE | No | AWS profile name | default |
| MCP_SERVER_HOST | No | Host to bind to (default: 0.0.0.0) | 0.0.0.0 |
| MCP_SERVER_MODE | No | Enable HTTP server mode (default: stdio) | stdio |
| MCP_SERVER_PORT | No | Port to listen on (default: 8000) | 8000 |
| PYTHONUNBUFFERED | No | Enable unbuffered output | 1 |
| AWS_ACCESS_KEY_ID | No | AWS access key (not recommended, use profiles or IAM roles instead) | |
| MCP_TOOL_CATEGORIES | No | Enable specific categories (default: all). Options: cleanup, cost, capacity, security, performance, upgrade, network, storage, containers, messaging, database, monitoring, application, governance | all |
| AWS_SECRET_ACCESS_KEY | No | AWS secret key (not recommended, use profiles or IAM roles instead) |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| find_unused_lambda_functions | Find Lambda functions with no invocations in the specified period. Args:
region_name: AWS region name
period: Lookback period in days (default: 90)
max_results: Maximum results to return (default: 100)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with unused Lambda functions |
| find_unused_elastic_ips | Find unattached Elastic IPs. Args:
region_name: AWS region name
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with unused Elastic IPs |
| find_unused_amis | Find AMIs not used by any EC2 instances, ASGs, or Spot Fleet Requests. Args:
region_name: AWS region name
period: Minimum age in days for AMI to be considered unused (default: 90)
max_results: Maximum results to return (default: 100)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with unused AMIs |
| find_unused_load_balancers | Find load balancers with no traffic in the specified period. Args:
region_name: AWS region name
period: Lookback period in days (default: 90)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with unused load balancers |
| find_unused_target_groups | Find target groups with no registered targets or no traffic. This function identifies target groups that are:
1. Not attached to any load balancer, OR
2. Have no registered targets, OR
3. Have registered targets but no traffic in the specified period
Args:
region_name: AWS region name
period: Lookback period in days for traffic check (default: 7)
max_results: Maximum results to return (default: 100)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with unused target groups |
| find_unused_log_groups | Find CloudWatch Log Groups with no recent log events. Args:
region_name: AWS region name
period: Lookback period in days (default: 90)
max_results: Maximum results to return (default: 50)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with unused log groups |
| find_unused_snapshots | Find EBS snapshots not associated with any AMI or volume. Args:
region_name: AWS region name
period: Minimum age in days for snapshot to be considered unused (default: 90)
max_results: Maximum results to return (default: 100)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with unused snapshots |
| find_unused_security_groups | Find security groups not attached to any resources. Args:
region_name: AWS region name
max_results: Maximum results to return (default: 100)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with unused security groups |
| find_unused_volumes | Find EBS volumes that are not attached to any instance. Args:
region_name: AWS region name
max_results: Maximum results to return (default: 100)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with unused EBS volumes |
| find_underutilized_ec2_instances | Find EC2 instances with low CPU and memory utilization (≤20%). Args:
region_name: AWS region name
period: Lookback period in days (default: 30)
max_results: Maximum results to return (default: 100)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with underutilized EC2 instances |
| find_overutilized_ec2_instances | Find EC2 instances with high CPU or memory utilization (≥80%). Args:
region_name: AWS region name
period: Lookback period in days (default: 30)
max_results: Maximum results to return (default: 100)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with overutilized EC2 instances |
| find_underutilized_rds_instances | Find RDS instances with low CPU utilization (≤20%). Args:
region_name: AWS region name
period: Lookback period in days (default: 30)
max_results: Maximum results to return (default: 100)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with underutilized RDS instances |
| find_overutilized_rds_instances | Find RDS instances with high CPU utilization (≥80%). Args:
region_name: AWS region name
period: Lookback period in days (default: 30)
max_results: Maximum results to return (default: 100)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with overutilized RDS instances |
| get_all_cost_optimization_recommendations | Get all cost optimization recommendations from AWS Cost Optimization Hub. Returns recommendations for all resource types (19 types total).
Args:
region_name: AWS region to filter recommendations (optional)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
List of dictionaries with cost optimization recommendations by resource type |
| get_cost_optimization_ec2 | Get EC2 instance cost optimization recommendations. Args:
region_name: AWS region to filter recommendations (optional)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with EC2 cost optimization recommendations |
| get_cost_optimization_lambda | Get Lambda function cost optimization recommendations. Args:
region_name: AWS region to filter recommendations (optional)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with Lambda cost optimization recommendations |
| get_cost_optimization_rds | Get RDS instance cost optimization recommendations. Args:
region_name: AWS region to filter recommendations (optional)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with RDS cost optimization recommendations |
| get_cost_optimization_ebs | Get EBS volume cost optimization recommendations. Args:
region_name: AWS region to filter recommendations (optional)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with EBS cost optimization recommendations |
| find_target_groups_with_high_error_rate | Find target groups with high error rates (5XX errors). Args:
region_name: AWS region name
period: Lookback period in days (default: 7)
error_threshold: Error rate threshold percentage (default: 5.0)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with target groups having high error rates |
| find_target_groups_with_high_response_time | Find target groups with high response times. Args:
region_name: AWS region name
period: Lookback period in days (default: 7)
response_time_threshold: Response time threshold in seconds (default: 1.0)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with target groups having high response times |
| get_cost_by_region | Get cost breakdown by AWS region for the specified period. Args:
start_date: Start date in YYYY-MM-DD format (default: first day of last month)
end_date: End date in YYYY-MM-DD format (default: first day of current month)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with cost breakdown by region |
| get_cost_by_service | Get cost breakdown by AWS service for the specified period. Args:
start_date: Start date in YYYY-MM-DD format (default: first day of last month)
end_date: End date in YYYY-MM-DD format (default: first day of current month)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with cost breakdown by service |
| get_cost_by_region_and_service | Get cost breakdown by AWS region and service for the specified period. Args:
start_date: Start date in YYYY-MM-DD format (default: first day of last month)
end_date: End date in YYYY-MM-DD format (default: first day of current month)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with cost breakdown by region and service |
| get_daily_cost_trend | Get daily cost trend for the specified number of days. Args:
days: Number of days to look back (default: 30)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with daily cost trend and statistics |
| find_asgs_with_old_amis | Find Auto Scaling Groups using AMIs older than the specified period. Args:
region_name: AWS region name
period: Minimum age in days for AMI to be considered old (default: 90)
max_results: Maximum results to return (default: 100)
profile_name: AWS profile name (optional)
role_arn: IAM role ARN to assume (optional)
access_key: AWS access key ID (optional)
secret_access_key: AWS secret access key (optional)
session_token: AWS session token for temporary credentials (optional)
Returns:
Dictionary with ASGs using old AMIs |
| find_unused_nat_gateways | Find NAT Gateways with no traffic in the specified period. |
| find_unused_vpc_endpoints | Find VPC Endpoints with no connections in the specified period. |
| find_unused_internet_gateways | Find Internet Gateways not attached or attached to VPCs with no resources. |
| find_unused_cloudfront_distributions | Find CloudFront distributions with no requests in the specified period. |
| find_unused_route53_hosted_zones | Find Route53 hosted zones with no query activity. |
| find_unused_s3_buckets | Find S3 buckets with no activity in the specified period. |
| get_s3_storage_class_recommendations | Get S3 storage class optimization recommendations. |
| find_old_ecs_task_definitions | Find old ECS task definitions not used by any service. |
| find_unused_ecr_images | Find unused ECR images older than specified days. |
| find_unused_launch_templates | Find EC2 launch templates not used by any Auto Scaling Group or instance. |
| find_unused_ecs_clusters_and_services | Find ECS clusters and services with no activity in the specified period. Identifies:
- Clusters with no active services, tasks, or scheduled tasks
- Services with zero running tasks and no recent CloudWatch activity |
| find_unused_sqs_queues | Find SQS queues with no messages sent or received. |
| find_unused_sns_topics | Find SNS topics with no subscriptions or no messages published. |
| find_unused_eventbridge_rules | Find EventBridge rules with no invocations. |
| find_unused_dynamodb_tables | Find DynamoDB tables with no read/write activity. |
| find_underutilized_dynamodb_tables | Find DynamoDB tables with low capacity utilization. |
| find_unused_cloudwatch_alarms | Find CloudWatch alarms in INSUFFICIENT_DATA state for extended period. |
| find_orphaned_cloudwatch_dashboards | Find CloudWatch dashboards with widgets referencing deleted resources. |
| find_orphaned_cloudwatch_alarms | Find CloudWatch alarms not associated with any active AWS resources. This validates alarms against actual resources across multiple services:
EC2, RDS, ECS, Lambda, SQS, Target Groups, and Load Balancers. |
| find_overutilized_dynamodb_tables | Find DynamoDB tables with high capacity utilization (>80%). |
| find_underutilized_elasticache_clusters | Find ElastiCache clusters with low CPU utilization (<20%). |
| find_overutilized_elasticache_clusters | Find ElastiCache clusters with high CPU or memory utilization (>80%). |
| find_underutilized_ecs_services | Find ECS services with low CPU and memory utilization (<20%). |
| find_underutilized_lambda_functions | Find Lambda functions with low invocation rates or high error rates. |
| get_savings_plans_recommendations | Get Savings Plans recommendations from AWS Cost Explorer. |
| get_reserved_instance_recommendations | Get Reserved Instance purchase recommendations from AWS Cost Explorer. |
| analyze_reserved_instance_utilization | Analyze Reserved Instance utilization and coverage. |
| get_ebs_volume_type_recommendations | Get recommendations for optimizing EBS volume types based on usage patterns. |
| get_snapshot_lifecycle_recommendations | Get recommendations for snapshot lifecycle management and cleanup. |
| analyze_data_transfer_costs | Analyze data transfer costs using AWS Cost Explorer. |
| get_nat_gateway_optimization_recommendations | Get recommendations for optimizing NAT Gateway costs. |
| find_outdated_rds_engine_versions | Find RDS instances not running the latest engine version. |
| find_outdated_elasticache_engine_versions | Find ElastiCache clusters not running the latest engine version. |
| find_outdated_lambda_runtimes | Find Lambda functions with deprecated or outdated runtimes. |
| find_ec2_instances_with_old_generations | Find EC2 instances using previous generation instance types. |
| find_ebs_volumes_with_old_types | Find EBS volumes using previous generation volume types. |
| find_outdated_ecs_platform_versions | Find ECS services not using the latest platform version. |
| find_outdated_eks_cluster_versions | Find EKS clusters not running the latest Kubernetes version. |
| analyze_lambda_cold_starts | Analyze Lambda functions for cold start issues. |
| analyze_api_gateway_performance | Analyze API Gateway performance metrics. |
| analyze_dynamodb_throttling | Analyze DynamoDB tables for throttling issues. |
| analyze_rds_performance_insights | Analyze RDS Performance Insights data. |
| analyze_cloudfront_cache_hit_ratio | Analyze CloudFront cache hit ratios. |
| find_unencrypted_ebs_volumes | Find EBS volumes without encryption enabled. |
| find_unencrypted_s3_buckets | Find S3 buckets without default encryption enabled. |
| find_unencrypted_rds_instances | Find RDS instances without encryption enabled. |
| find_public_s3_buckets | Find S3 buckets with public access enabled. |
| find_overly_permissive_security_groups | Find security groups with overly permissive rules (0.0.0.0/0 or ::/0). |
| find_untagged_resources | Find AWS resources missing required tags. |
| analyze_tag_compliance | Analyze tag compliance across AWS resources. |
| generate_cost_allocation_report | Generate cost allocation report based on resource tags. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |