How do I use AWS MCP Gateway?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@AWS MCP Gateway what's my AWS cost for last month?" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

AWS MCP Gateway

by rafaself

Overview Schema Related Servers Score Discussions

TypeScript

Remote

AWS MCP Gateway

A minimal, security-focused MCP gateway for connecting ChatGPT to AWS account data through explicit, read-only tools.

The initial goal is to expose AWS cost, inventory and observability data to ChatGPT without giving the model direct or generic access to AWS APIs. The gateway runs as a Cloudflare Worker, exposes an MCP endpoint over HTTPS and calls AWS APIs using tightly scoped credentials stored as Cloudflare secrets.

Goals

Provide a remote MCP endpoint for ChatGPT.
Start with read-only AWS tools for cost, EC2 inventory, CloudWatch alarms and recent log errors.
Keep the infrastructure small enough for personal use and low-cost operation.
Avoid over-engineering while preserving the minimum security controls required for AWS data access.
Keep the repository public-safe by storing all secrets outside Git.

Related MCP server: AWS MCP Server

Non-goals

No generic AWS CLI execution tool.
No arbitrary AWS API proxy.
No write or management operations in the MVP.
No dashboard or database in the initial version.
No Kubernetes, ECS, App Runner or long-running server requirement for the MVP.

Architecture

ChatGPT
  -> Remote MCP connector over HTTPS
  -> Cloudflare Worker MCP Gateway
  -> Explicit MCP tools
  -> AWS signed API requests
  -> AWS Cost Explorer, EC2, CloudWatch, CloudWatch Logs and Budgets

The Worker acts as a policy and translation layer. ChatGPT calls strongly typed MCP tools, and the Worker decides which AWS APIs are allowed to run.

Recommended stack

TypeScript
Cloudflare Workers
Cloudflare Workers KV for optional cache
Cloudflare Secrets for credentials and auth configuration
MCP SDK / Cloudflare Agents MCP helpers
aws4fetch or AWS SDK v3 for signed AWS requests
Zod for input validation
Wrangler for local development and deployment
GitHub Actions for CI

Security model

The MVP must remain read-only.

Required controls:

MCP endpoint must require authentication.
AWS credentials must be stored only as Cloudflare secrets.
IAM permissions must be least-privilege and read-only.
Tools must be explicit and allowlisted.
Tool inputs must enforce date, region and result-size limits.
Cost Explorer calls must be cached to reduce cost and avoid repeated paid API calls.
Logs and errors must never expose secrets, AWS access keys, bearer tokens or raw stack traces.

Forbidden controls:

Do not commit .env, .dev.vars or real secrets.
Do not expose a run_aws_cli tool.
Do not expose a call_any_aws_api tool.
Do not add AWS write permissions in the MVP.

Initial MCP tools

The MVP should implement these tools first:

get_aws_cost_summary
get_aws_cost_by_service
list_ec2_instances
get_cloudwatch_alarms
get_recent_log_errors

Future read-only tools:

get_aws_daily_cost_trend
get_aws_cost_forecast
get_budget_status
list_rds_instances
list_lambda_functions
get_service_inventory

Management tools may be added later, but they must use a separate security model, separate IAM permissions and explicit confirmation requirements.

Environment variables and secrets

Use .env.example for documentation only. Real values must be configured with Cloudflare secrets.

Required secrets:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_REGION
MCP_AUTH_TOKEN

Recommended variables:

AWS_ALLOWED_REGIONS=sa-east-1,us-east-1
APP_ENV=production
MCP_NAME=aws-mcp-gateway

Configure secrets with Wrangler:

wrangler secret put AWS_ACCESS_KEY_ID
wrangler secret put AWS_SECRET_ACCESS_KEY
wrangler secret put MCP_AUTH_TOKEN

AWS IAM policy

The initial IAM policy should be scoped to read-only APIs required by the first tools.

Example actions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "CostRead",
      "Effect": "Allow",
      "Action": [
        "ce:GetCostAndUsage",
        "ce:GetCostForecast",
        "budgets:ViewBudget"
      ],
      "Resource": "*"
    },
    {
      "Sid": "InfraObservabilityRead",
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeInstanceStatus",
        "cloudwatch:DescribeAlarms",
        "cloudwatch:GetMetricData",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams",
        "logs:FilterLogEvents",
        "tag:GetResources"
      ],
      "Resource": "*"
    }
  ]
}

This template is intentionally narrow. Do not use AdministratorAccess or broad AWS-managed policies for the gateway.

Cost controls

The most important cost control is caching Cost Explorer responses.

Recommended cache TTLs:

Cost summary: 30-60 minutes
Cost by service: 30-60 minutes
EC2 inventory: 1-5 minutes
CloudWatch alarms: 1-5 minutes
Recent log errors: 1-5 minutes

Tool-level limits should reject overly broad requests before calling AWS.

Local development

Expected commands after scaffolding:

npm install
npm run typecheck
npm run test
wrangler dev

Deployment

Expected deployment flow:

wrangler secret put AWS_ACCESS_KEY_ID
wrangler secret put AWS_SECRET_ACCESS_KEY
wrangler secret put MCP_AUTH_TOKEN
wrangler deploy

The deployed MCP endpoint should look like:

https://aws-mcp-gateway.<account>.workers.dev/mcp

A custom domain can be added later, but it is not required for the MVP.

ChatGPT connection

The ChatGPT connector should point to the deployed HTTPS MCP endpoint:

https://<your-worker-domain>/mcp

The connector must authenticate before calling AWS-backed tools.

Repository safety

This repository is intended to be public-safe.

Safe to commit:

Source code
Tool schemas
Documentation
Example IAM policy templates
.env.example
Wrangler configuration without secrets

Never commit:

AWS access keys
Cloudflare API tokens
OAuth client secrets
Bearer tokens
.env
.dev.vars
.wrangler/

Roadmap

Scaffold the Cloudflare Workers TypeScript project.
Add a stateless MCP endpoint.
Add authentication.
Add AWS signed request client.
Implement read-only cost and observability tools.
Add KV caching.
Add CI, tests and security documentation.
Design future management mode without changing the MVP read-only security boundary.

Commit convention

Use conventional commits:

type(scope): message

Examples:

docs(readme): add setup instructions
feat(mcp): add stateless server endpoint
feat(aws): implement cost summary tool
security(auth): require bearer token for mcp endpoint

This server cannot be installed

license - permissive license

quality - not tested

maintenance

How are these scores calculated?

Maintenance

–Maintainers

15hResponse time

–Release cycle

–Releases (12mo)

Commit activity

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/rafaself/aws-mcp-gateway'

If you have feedback or need assistance with the MCP directory API, please join our Discord server