AWS MCP Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| WRITE | No | Allow mutating operations. Corresponds to the --write CLI flag. | false |
| LOG_DIR | No | Directory for JSONL log files. Corresponds to the --log-dir CLI flag. | logs |
| READONLY | No | Force readonly mode explicitly. Corresponds to the --readonly CLI flag. | true |
| LOG_LEVEL | No | Log verbosity: DEBUG, INFO, WARNING, ERROR. Corresponds to the --log-level CLI flag. | INFO |
| OTEL_EXPORTER_OTLP_ENDPOINT | No | The endpoint for exporting OpenTelemetry traces (e.g., http://localhost:4317). Tracing is only enabled when this is set. | |
| AWS_MCP_SENSITIVE_ACCESS_TOKEN | No | An out-of-band token required for accessing sensitive data (Secrets Manager and decrypted SSM parameters), even when the server is in write mode. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| aws_acm_list_certificatesC | List ACM certificates in the account/region, optionally filtered by status. |
| aws_acm_describe_certificateC | Describe an ACM certificate in detail. |
| aws_apigateway_get_rest_apisC | List API Gateway REST APIs (v1). |
| aws_apigateway_get_resourcesB | List resources (paths) for a REST API, including configured methods. |
| aws_apigateway_get_stagesC | List deployment stages for a REST API. |
| aws_apigatewayv2_get_apisC | List API Gateway v2 APIs (HTTP and WebSocket). |
| aws_apigatewayv2_get_routesB | List routes for an HTTP/WebSocket API (v2). |
| aws_apigatewayv2_get_stagesC | List stages for an HTTP/WebSocket API (v2). |
| aws_athena_list_work_groupsC | List Athena workgroups. |
| aws_athena_list_databasesC | List databases in an Athena data catalog. |
| aws_athena_list_table_metadataC | List tables in an Athena database. |
| aws_athena_start_query_executionA | Start an Athena SQL query execution. Blocked in --readonly mode. Returns a query execution ID to check results with get_query_results. |
| aws_athena_get_query_executionB | Get status and details of an Athena query execution. |
| aws_athena_get_query_resultsB | Get results of a completed Athena query execution. |
| aws_autoscaling_describe_auto_scaling_groupsA | List Auto Scaling Groups with their current capacity, health, and instance details. |
| aws_autoscaling_describe_scaling_policiesC | List scaling policies for Auto Scaling Groups. |
| aws_autoscaling_describe_scaling_activitiesA | Get recent scaling activities for an Auto Scaling Group (scale-out/in events, failures). |
| aws_autoscaling_describe_launch_configurationsC | List launch configurations used by Auto Scaling Groups. |
| aws_backup_list_backup_plansC | List AWS Backup plans. |
| aws_backup_list_backup_jobsB | List AWS Backup jobs with their status and resource details. |
| aws_backup_list_backup_vaultsC | List AWS Backup vaults. |
| aws_backup_list_recovery_points_by_backup_vaultC | List recovery points (backups) stored in a backup vault. |
| aws_cfn_list_stacksC | List CloudFormation stacks with optional status filter. |
| aws_cfn_describe_stacksB | Get detailed info for one or all CloudFormation stacks (parameters, outputs, tags). |
| aws_cfn_list_stack_resourcesC | List all resources in a CloudFormation stack. |
| aws_cfn_get_templateC | Get the CloudFormation template body for a stack. |
| aws_cfn_describe_stack_eventsA | Get recent events for a CloudFormation stack (useful for debugging deployments). |
| aws_cloudfront_list_distributionsB | List CloudFront distributions with domain names, origins, and status. |
| aws_cloudfront_get_distributionC | Get full configuration details for a CloudFront distribution. |
| aws_cloudfront_list_invalidationsB | List recent cache invalidation requests for a CloudFront distribution. |
| aws_cloudfront_create_invalidationB | Create a cache invalidation for a CloudFront distribution. Blocked in --readonly mode. |
| aws_cloudtrail_describe_trailsC | Describe CloudTrail trails in the account. |
| aws_cloudtrail_get_trail_statusC | Get logging status for a CloudTrail trail. |
| aws_cloudtrail_lookup_eventsA | Look up recent CloudTrail management events. Filter by event name, resource type, user name, etc. Returns the last 90 days by default. |
| aws_logs_describe_log_groupsB | List CloudWatch Log groups with optional prefix filter. |
| aws_logs_get_log_eventsC | Retrieve log events from a specific CloudWatch log stream. Provide both log_group_name and log_stream_name. |
| aws_logs_filter_log_eventsB | Search CloudWatch log events using a filter pattern across one or more log streams. Useful for searching logs by keyword or pattern. |
| aws_cloudwatch_describe_alarmsB | List CloudWatch alarms with their state and threshold configuration. |
| aws_cloudwatch_list_metricsB | List available CloudWatch metrics for a namespace or resource. |
| aws_cloudwatch_get_metric_dataA | Retrieve time-series metric data for one or more CloudWatch metrics. Supports multiple metrics and math expressions in a single call. |
| aws_cloudwatch_get_metric_statisticsB | Get statistics (Average, Sum, Min, Max) for a single CloudWatch metric over a time period. |
| aws_codebuild_list_projectsB | List CodeBuild project names. |
| aws_codebuild_batch_get_projectsB | Get full configuration details for one or more CodeBuild projects. |
| aws_codebuild_list_builds_for_projectC | List recent build IDs for a CodeBuild project. |
| aws_codebuild_batch_get_buildsB | Get full details (status, logs, duration, phases) for CodeBuild builds. |
| aws_codedeploy_list_applicationsC | List CodeDeploy application names. |
| aws_codedeploy_list_deployment_groupsC | List deployment groups for a CodeDeploy application. |
| aws_codedeploy_list_deploymentsC | List CodeDeploy deployments, optionally filtered by application and status. |
| aws_codedeploy_get_deploymentB | Get full details of a CodeDeploy deployment (status, duration, error info). |
| aws_codepipeline_list_pipelinesD | List CodePipeline pipelines. |
| aws_codepipeline_get_pipelineA | Get the full structure and stage configuration of a CodePipeline. |
| aws_codepipeline_get_pipeline_stateB | Get the current execution state of each stage in a CodePipeline. |
| aws_codepipeline_list_pipeline_executionsB | List recent executions of a CodePipeline with their status. |
| aws_cognito_list_user_poolsC | List Cognito user pools in the account/region. |
| aws_cognito_describe_user_poolC | Get detailed configuration for a Cognito user pool. |
| aws_cognito_list_usersC | List users in a Cognito user pool with optional filter. |
| aws_cognito_list_groupsC | List groups in a Cognito user pool. |
| aws_ce_get_cost_and_usageB | Get cost and usage data for a time period. Group by service, account, region, tag, etc. TimePeriod format: {'Start': 'YYYY-MM-DD', 'End': 'YYYY-MM-DD'}. |
| aws_ce_get_cost_forecastC | Get a cost forecast for a future time period. |
| aws_docdb_describe_db_clustersC | Describe DocumentDB clusters. |
| aws_docdb_describe_db_instancesC | Describe DocumentDB instances. |
| aws_dynamodb_list_tablesC | List DynamoDB tables in the account/region. |
| aws_dynamodb_describe_tableB | Get schema, throughput, indexes, and status for a DynamoDB table. |
| aws_dynamodb_queryA | Query a DynamoDB table using a key condition expression. Items are returned deserialized as plain JSON objects. |
| aws_dynamodb_scanA | Scan a DynamoDB table (reads every item). Use sparingly on large tables. Prefer query when you know the partition key. |
| aws_ec2_describe_instancesA | Describe EC2 instances. Filter by instance IDs, state, tags, or custom filters. Returns instance details including ID, type, state, IPs, and tags. |
| aws_ec2_describe_security_groupsB | Describe EC2 security groups. Filter by group IDs, names, or VPC. |
| aws_ec2_manage_instancesA | Start, stop, or reboot EC2 instances. In --readonly mode, this executes with DryRun=True to validate permissions without making changes. |
| aws_ecr_describe_repositoriesC | List and describe ECR repositories. |
| aws_ecr_list_imagesB | List images in an ECR repository with tag status and digest. |
| aws_ecr_describe_imagesA | Get detailed metadata for ECR images: size, push date, scan status, and vulnerability counts. |
| aws_ecr_get_lifecycle_policyC | Get the lifecycle policy for an ECR repository. |
| aws_ecs_list_clustersC | List ECS clusters in the account/region. |
| aws_ecs_describe_clustersC | Get detailed information about one or more ECS clusters. |
| aws_ecs_list_servicesC | List ECS services in a cluster. |
| aws_ecs_describe_servicesB | Get detailed information about ECS services including deployments and events. |
| aws_ecs_list_tasksC | List ECS tasks in a cluster with optional service or status filter. |
| aws_ecs_describe_tasksC | Get detailed information about ECS tasks. |
| aws_efs_describe_file_systemsA | List EFS file systems with their size, throughput mode, and lifecycle state. |
| aws_efs_describe_mount_targetsA | List EFS mount targets for a file system or VPC subnet. |
| aws_efs_describe_access_pointsA | List EFS access points (application-specific entry points with path and permissions). |
| aws_eks_list_clustersC | List EKS clusters in the account/region. |
| aws_eks_describe_clusterB | Get detailed EKS cluster info: version, endpoint, VPC config, logging, status, and platform version. |
| aws_eks_list_nodegroupsC | List managed node groups for an EKS cluster. |
| aws_eks_describe_nodegroupC | Get details for an EKS managed node group. |
| aws_eks_list_fargate_profilesC | List Fargate profiles for an EKS cluster. |
| aws_elasticache_describe_cache_clustersA | Describe ElastiCache clusters (Redis/Memcached). Returns engine, node type, status, endpoint, and configuration. |
| aws_elasticache_describe_replication_groupsA | Describe ElastiCache Redis replication groups (clusters with replicas). Returns primary/replica endpoints, node groups, and failover settings. |
| aws_elasticache_describe_serverless_cachesC | Describe ElastiCache Serverless caches (Redis/Memcached serverless). |
| aws_elasticache_describe_eventsA | Get recent ElastiCache events (maintenance, failover, scaling, etc.). |
| aws_elbv2_describe_load_balancersA | List ALB, NLB, and Gateway Load Balancers with their DNS names and state. |
| aws_elbv2_describe_target_groupsC | List target groups, optionally filtered by load balancer. |
| aws_elbv2_describe_target_healthA | Get health status of all targets registered in a target group. |
| aws_elbv2_describe_listenersB | List listeners for a load balancer (ports, protocols, rules). |
| aws_emr_list_clustersC | List EMR clusters in the account/region. |
| aws_emr_describe_clusterC | Get detailed information about an EMR cluster. |
| aws_emr_list_stepsC | List steps in an EMR cluster. |
| aws_events_list_event_busesB | List EventBridge event buses (default, custom, and partner). |
| aws_events_list_rulesB | List EventBridge rules, optionally on a specific event bus. |
| aws_events_describe_ruleB | Get full configuration for an EventBridge rule. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/marcelobrake/aws-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server