Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| WRITE | No | Allow mutating operations. Corresponds to the --write CLI flag. | false |
| LOG_DIR | No | Directory for JSONL log files. Corresponds to the --log-dir CLI flag. | logs |
| READONLY | No | Force readonly mode explicitly. Corresponds to the --readonly CLI flag. | true |
| LOG_LEVEL | No | Log verbosity: DEBUG, INFO, WARNING, ERROR. Corresponds to the --log-level CLI flag. | INFO |
| OTEL_EXPORTER_OTLP_ENDPOINT | No | The endpoint for exporting OpenTelemetry traces (e.g., http://localhost:4317). Tracing is only enabled when this is set. | |
| AWS_MCP_SENSITIVE_ACCESS_TOKEN | No | An out-of-band token required for accessing sensitive data (Secrets Manager and decrypted SSM parameters), even when the server is in write mode. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| aws_acm_list_certificates | List ACM certificates in the account/region, optionally filtered by status. |
| aws_acm_describe_certificate | Describe an ACM certificate in detail. |
| aws_apigateway_get_rest_apis | List API Gateway REST APIs (v1). |
| aws_apigateway_get_resources | List resources (paths) for a REST API, including configured methods. |
| aws_apigateway_get_stages | List deployment stages for a REST API. |
| aws_apigatewayv2_get_apis | List API Gateway v2 APIs (HTTP and WebSocket). |
| aws_apigatewayv2_get_routes | List routes for an HTTP/WebSocket API (v2). |
| aws_apigatewayv2_get_stages | List stages for an HTTP/WebSocket API (v2). |
| aws_athena_list_work_groups | List Athena workgroups. |
| aws_athena_list_databases | List databases in an Athena data catalog. |
| aws_athena_list_table_metadata | List tables in an Athena database. |
| aws_athena_start_query_execution | Start an Athena SQL query execution. Blocked in --readonly mode. Returns a query execution ID to check results with get_query_results. |
| aws_athena_get_query_execution | Get status and details of an Athena query execution. |
| aws_athena_get_query_results | Get results of a completed Athena query execution. |
| aws_autoscaling_describe_auto_scaling_groups | List Auto Scaling Groups with their current capacity, health, and instance details. |
| aws_autoscaling_describe_scaling_policies | List scaling policies for Auto Scaling Groups. |
| aws_autoscaling_describe_scaling_activities | Get recent scaling activities for an Auto Scaling Group (scale-out/in events, failures). |
| aws_autoscaling_describe_launch_configurations | List launch configurations used by Auto Scaling Groups. |
| aws_backup_list_backup_plans | List AWS Backup plans. |
| aws_backup_list_backup_jobs | List AWS Backup jobs with their status and resource details. |
| aws_backup_list_backup_vaults | List AWS Backup vaults. |
| aws_backup_list_recovery_points_by_backup_vault | List recovery points (backups) stored in a backup vault. |
| aws_cfn_list_stacks | List CloudFormation stacks with optional status filter. |
| aws_cfn_describe_stacks | Get detailed info for one or all CloudFormation stacks (parameters, outputs, tags). |
| aws_cfn_list_stack_resources | List all resources in a CloudFormation stack. |
| aws_cfn_get_template | Get the CloudFormation template body for a stack. |
| aws_cfn_describe_stack_events | Get recent events for a CloudFormation stack (useful for debugging deployments). |
| aws_cloudfront_list_distributions | List CloudFront distributions with domain names, origins, and status. |
| aws_cloudfront_get_distribution | Get full configuration details for a CloudFront distribution. |
| aws_cloudfront_list_invalidations | List recent cache invalidation requests for a CloudFront distribution. |
| aws_cloudfront_create_invalidation | Create a cache invalidation for a CloudFront distribution. Blocked in --readonly mode. |
| aws_cloudtrail_describe_trails | Describe CloudTrail trails in the account. |
| aws_cloudtrail_get_trail_status | Get logging status for a CloudTrail trail. |
| aws_cloudtrail_lookup_events | Look up recent CloudTrail management events. Filter by event name, resource type, user name, etc. Returns the last 90 days by default. |
| aws_logs_describe_log_groups | List CloudWatch Log groups with optional prefix filter. |
| aws_logs_get_log_events | Retrieve log events from a specific CloudWatch log stream. Provide both log_group_name and log_stream_name. |
| aws_logs_filter_log_events | Search CloudWatch log events using a filter pattern across one or more log streams. Useful for searching logs by keyword or pattern. |
| aws_cloudwatch_describe_alarms | List CloudWatch alarms with their state and threshold configuration. |
| aws_cloudwatch_list_metrics | List available CloudWatch metrics for a namespace or resource. |
| aws_cloudwatch_get_metric_data | Retrieve time-series metric data for one or more CloudWatch metrics. Supports multiple metrics and math expressions in a single call. |
| aws_cloudwatch_get_metric_statistics | Get statistics (Average, Sum, Min, Max) for a single CloudWatch metric over a time period. |
| aws_codebuild_list_projects | List CodeBuild project names. |
| aws_codebuild_batch_get_projects | Get full configuration details for one or more CodeBuild projects. |
| aws_codebuild_list_builds_for_project | List recent build IDs for a CodeBuild project. |
| aws_codebuild_batch_get_builds | Get full details (status, logs, duration, phases) for CodeBuild builds. |
| aws_codedeploy_list_applications | List CodeDeploy application names. |
| aws_codedeploy_list_deployment_groups | List deployment groups for a CodeDeploy application. |
| aws_codedeploy_list_deployments | List CodeDeploy deployments, optionally filtered by application and status. |
| aws_codedeploy_get_deployment | Get full details of a CodeDeploy deployment (status, duration, error info). |
| aws_codepipeline_list_pipelines | List CodePipeline pipelines. |
| aws_codepipeline_get_pipeline | Get the full structure and stage configuration of a CodePipeline. |
| aws_codepipeline_get_pipeline_state | Get the current execution state of each stage in a CodePipeline. |
| aws_codepipeline_list_pipeline_executions | List recent executions of a CodePipeline with their status. |
| aws_cognito_list_user_pools | List Cognito user pools in the account/region. |
| aws_cognito_describe_user_pool | Get detailed configuration for a Cognito user pool. |
| aws_cognito_list_users | List users in a Cognito user pool with optional filter. |
| aws_cognito_list_groups | List groups in a Cognito user pool. |
| aws_ce_get_cost_and_usage | Get cost and usage data for a time period. Group by service, account, region, tag, etc. TimePeriod format: {'Start': 'YYYY-MM-DD', 'End': 'YYYY-MM-DD'}. |
| aws_ce_get_cost_forecast | Get a cost forecast for a future time period. |
| aws_docdb_describe_db_clusters | Describe DocumentDB clusters. |
| aws_docdb_describe_db_instances | Describe DocumentDB instances. |
| aws_dynamodb_list_tables | List DynamoDB tables in the account/region. |
| aws_dynamodb_describe_table | Get schema, throughput, indexes, and status for a DynamoDB table. |
| aws_dynamodb_query | Query a DynamoDB table using a key condition expression. Items are returned deserialized as plain JSON objects. |
| aws_dynamodb_scan | Scan a DynamoDB table (reads every item). Use sparingly on large tables. Prefer query when you know the partition key. |
| aws_ec2_describe_instances | Describe EC2 instances. Filter by instance IDs, state, tags, or custom filters. Returns instance details including ID, type, state, IPs, and tags. |
| aws_ec2_describe_security_groups | Describe EC2 security groups. Filter by group IDs, names, or VPC. |
| aws_ec2_manage_instances | Start, stop, or reboot EC2 instances. In --readonly mode, this executes with DryRun=True to validate permissions without making changes. |
| aws_ecr_describe_repositories | List and describe ECR repositories. |
| aws_ecr_list_images | List images in an ECR repository with tag status and digest. |
| aws_ecr_describe_images | Get detailed metadata for ECR images: size, push date, scan status, and vulnerability counts. |
| aws_ecr_get_lifecycle_policy | Get the lifecycle policy for an ECR repository. |
| aws_ecs_list_clusters | List ECS clusters in the account/region. |
| aws_ecs_describe_clusters | Get detailed information about one or more ECS clusters. |
| aws_ecs_list_services | List ECS services in a cluster. |
| aws_ecs_describe_services | Get detailed information about ECS services including deployments and events. |
| aws_ecs_list_tasks | List ECS tasks in a cluster with optional service or status filter. |
| aws_ecs_describe_tasks | Get detailed information about ECS tasks. |
| aws_efs_describe_file_systems | List EFS file systems with their size, throughput mode, and lifecycle state. |
| aws_efs_describe_mount_targets | List EFS mount targets for a file system or VPC subnet. |
| aws_efs_describe_access_points | List EFS access points (application-specific entry points with path and permissions). |
| aws_eks_list_clusters | List EKS clusters in the account/region. |
| aws_eks_describe_cluster | Get detailed EKS cluster info: version, endpoint, VPC config, logging, status, and platform version. |
| aws_eks_list_nodegroups | List managed node groups for an EKS cluster. |
| aws_eks_describe_nodegroup | Get details for an EKS managed node group. |
| aws_eks_list_fargate_profiles | List Fargate profiles for an EKS cluster. |
| aws_elasticache_describe_cache_clusters | Describe ElastiCache clusters (Redis/Memcached). Returns engine, node type, status, endpoint, and configuration. |
| aws_elasticache_describe_replication_groups | Describe ElastiCache Redis replication groups (clusters with replicas). Returns primary/replica endpoints, node groups, and failover settings. |
| aws_elasticache_describe_serverless_caches | Describe ElastiCache Serverless caches (Redis/Memcached serverless). |
| aws_elasticache_describe_events | Get recent ElastiCache events (maintenance, failover, scaling, etc.). |
| aws_elbv2_describe_load_balancers | List ALB, NLB, and Gateway Load Balancers with their DNS names and state. |
| aws_elbv2_describe_target_groups | List target groups, optionally filtered by load balancer. |
| aws_elbv2_describe_target_health | Get health status of all targets registered in a target group. |
| aws_elbv2_describe_listeners | List listeners for a load balancer (ports, protocols, rules). |
| aws_emr_list_clusters | List EMR clusters in the account/region. |
| aws_emr_describe_cluster | Get detailed information about an EMR cluster. |
| aws_emr_list_steps | List steps in an EMR cluster. |
| aws_events_list_event_buses | List EventBridge event buses (default, custom, and partner). |
| aws_events_list_rules | List EventBridge rules, optionally on a specific event bus. |
| aws_events_describe_rule | Get full configuration for an EventBridge rule. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |