AUTOMATIONSWITCH
VendorCloud

AWS API MCP Server

by AWS Labs

The official AWS Labs catch-all server. Bridges any AWS CLI command to MCP, giving agents universal access to the AWS API surface. Helps the agent select the right CLI command for a task; respects the local AWS credential chain.

8,894·2 tools·Released DEC 2024·Apache-2.0
uvx awslabs.aws-api-mcp-server@latest
Share:

The AWS API MCP server is the broadest of the AWS Labs servers and the one most teams will reach for first. It exposes the AWS CLI itself as the agent's interface: any command the local CLI can run, the agent can call. This makes it the universal AWS surface area. The trade-off is that the surface area is gigantic and the safety boundary lives in IAM; tool whitelisting effectively sits at the credential layer. With admin-level credentials, this server lets the agent do anything those credentials permit. The fix is the same as for any cloud-shell-with-an-AI: scope the IAM role narrowly, set AWS_API_MCP_PROFILE_NAME to a profile that uses that role, and route destructive operations through a separate confirmation flow. With that discipline in place, this is the server that pays for itself in week one.

Reviewed by M. Nouriel · APR 2026
// Connect

INSTALL THIS SERVER

Requires authenticationAWS profile via AWS_API_MCP_PROFILE_NAME (recommended) or AWS_PROFILE
{ "mcpServers": { "awslabs.aws-api-mcp-server": { "command": "uvx", "args": [ "awslabs.aws-api-mcp-server@latest" ], "env": { "AWS_PROFILE": "your-aws-profile", "AWS_REGION": "us-east-1", "FASTMCP_LOG_LEVEL": "ERROR" } } } }
PrereqmacOS path: ~/Library/Application Support/Claude/claude_desktop_config.json. Requires uvx (install via `uv tool install awslabs.mcp`) and AWS CLI credentials.
{ "mcpServers": { "awslabs.aws-api-mcp-server": { "command": "uvx", "args": [ "awslabs.aws-api-mcp-server@latest" ], "env": { "AWS_PROFILE": "your-aws-profile", "AWS_REGION": "us-east-1", "FASTMCP_LOG_LEVEL": "ERROR" } } } }
{ "mcpServers": { "awslabs.aws-api-mcp-server": { "command": "uvx", "args": [ "awslabs.aws-api-mcp-server@latest" ], "env": { "AWS_PROFILE": "your-aws-profile", "AWS_REGION": "us-east-1", "FASTMCP_LOG_LEVEL": "ERROR" } } } }
{ "mcpServers": { "awslabs.aws-api-mcp-server": { "command": "uvx", "args": [ "awslabs.aws-api-mcp-server@latest" ], "env": { "AWS_PROFILE": "your-aws-profile", "AWS_REGION": "us-east-1", "FASTMCP_LOG_LEVEL": "ERROR" } } } }
{ "mcpServers": { "awslabs.aws-api-mcp-server": { "command": "uvx", "args": [ "awslabs.aws-api-mcp-server@latest" ], "env": { "AWS_PROFILE": "your-aws-profile", "AWS_REGION": "us-east-1", "FASTMCP_LOG_LEVEL": "ERROR" } } } }
// Tools

2 TOOLS AVAILABLE

call_aws
Execute any AWS CLI command via boto3
Admin
suggest_aws_commands
Help select the right AWS CLI command for a given task
Read
// Editorial Review

OUR ASSESSMENT

Strengths
  • Exposes the entire AWS CLI surface; coverage tracks whatever AWS supports, including services released after the LLM's training cutoff.
  • Helps the agent choose the right CLI command for the task; reduces hallucinated commands compared to giving an agent raw aws shell access.
  • Profile-based credential management via AWS_API_MCP_PROFILE_NAME keeps secrets out of the MCP config and respects the local credential chain.
  • Active maintenance from the same team that ships the rest of the awslabs/mcp monorepo.
Weaknesses
  • The breadth is also the risk: with admin credentials, the agent can do anything those credentials permit. Scoped IAM is mandatory.
  • AWS CLI version drift between the MCP server's bundled CLI and the locally installed CLI can cause command behaviour mismatches; the README recommends a virtual environment.
  • Less guided than a service-specific server like the ECS or EKS MCP; the agent has more freedom and more places to go wrong.
Security Notes

Credentials are sourced via boto3's standard credential chain, controlled by AWS_API_MCP_PROFILE_NAME (recommended) or AWS_PROFILE. The server inherits whatever permissions the configured IAM principal holds, so the boundary lives in IAM; the MCP layer hands credentials through to AWS directly. AWS recommends a dedicated IAM role with least-privilege policies; pair with CloudTrail to audit what the agent runs.

Best For

Teams who want a single AWS server covering every service from one install. Pair with tightly scoped IAM roles.

// Technical

TECHNICAL DETAILS

Language
python
Transport
stdio
Clients
Claude DesktopClaude CodeCursorVS CodeWindsurf
License
Apache-2.0
GitHub
awslabs/mcp · ★ 8,894
npm
awslabs.aws-api-mcp-server
Last Release
0.7.4APR 22, 2026
First Released
DEC 4, 2024
// Adoption

ADOPTION METRICS

// GitHub Stars
8,894

// Reading thisShares the awslabs/mcp 8.9k star base. The AWS API server is the universal-surface flagship and drives a meaningful share of monorepo install traffic.

// Popularity Rank
#8
Globally · #2 in Cloud

// Reading thisTop-tier vendor cloud MCP for breadth. The catch-all design makes it the default starting point for AWS-on-MCP work, which earns it a top-10 ranking.

// How we found this server

SOURCES & VERIFICATION

We don't take any single directory's word for it. Before scoring, we cross-reference 5 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.

01
Discovered
Manual submission
First indexed APR 28, 2026
02
Cross-referenced
5 directories
PulseMCP, Official MCP Registry, Awesome MCP Servers, Smithery, Glama
03
Verified against
Claude Desktop, Cursor, VS Code
Installed and tested across clients
04
Last re-checked
APR 28, 2026
Weekly re-verification
// How other directories see it

The same server, 5 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.

SourceTheir ratingTheir star countTheir downloadsLast synced
AutomationSwitch This page4.5editorial8,894APR 28, 2026
PulseMCP— unratedunavailableunavailableAPR 28, 2026
Official MCP Registry— unratedunavailableunavailableAPR 28, 2026
Awesome MCP Servers— unratedunavailableunavailableAPR 28, 2026
Smithery— unratedunavailableunavailableAPR 28, 2026
Glama— unratedunavailableunavailableAPR 28, 2026

// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.

// Alternatives

OTHER CLOUD MCP SERVERS

Vendor4.5

Cloudflare MCP

Cloudflare

Cloudflare's MCP offering: 14 hosted remote MCP servers segmented by product surface (Workers Bindings, Observability, Radar, Browser Rendering, Logpush, AI Gateway, Audit Logs, DNS Analytics, DEX, CASB, GraphQL, Docs, Container, Builds) plus a Code Mode server for broader API access. All authenticate via OAuth.

0 tools3,665
Vendor4.2

Amazon ECS MCP Server

AWS Labs

Vendor-built ECS MCP server covering the full container deployment lifecycle: containerize, push to ECR, deploy via ECS Express Mode with ALB, troubleshoot. Notable for ALLOW_WRITE and ALLOW_SENSITIVE_DATA environment flags that make read-only mode a configuration default.

8 tools8,894
Vendor4

Amazon EKS MCP Server

AWS Labs

AWS Labs server for Amazon EKS covering cluster creation via CloudFormation, full Kubernetes resource lifecycle, log retrieval, event fetching, and troubleshooting. Read-only and write IAM policies documented separately for scoped credential setup.

7 tools8,894
Vendor4

Vercel

Vercel

Deployment layer for managing Vercel projects, deployments, environment variables, and domains. Deploy, promote, rollback, and inspect from your agent context.

16 tools2,400
// Get in touch

DISCUSS YOUR
MCP REQUIREMENTS.

Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.

Discuss Your MCP Requirements →