AWS IAM MCP

by AWS Labs

Official AWS Labs MCP for IAM administration: users, roles, groups, policies, inline policies, access keys, and policy simulation. Read-only mode supported via --allow-write opt-in pattern. Apache-2.0 within awslabs/mcp monorepo.

★ 8,924·7 tools·Released APR 2025·Apache-2.0

pip install awslabs.iam-mcp-server

“Official AWS Labs MCP for IAM administration: users, roles, groups, policies, inline policies, access keys, and policy simulation. Read-only mode is supported via the --allow-write opt-in pattern. 5 commits on the server path in the last 30 days. Apache-2.0 with AWS Labs official-vendor signal.”
Reviewed by M. Nouriel · MAY 2026

// Connect

INSTALL THIS SERVER

Requires authenticationAWS credentials chain (AWS_PROFILE, environment, or instance role). IAM permissions required: iam read for default mode; mutation permissions for --allow-write mode.

{
  "mcpServers": {
    "awslabs.iam-mcp-server": {
      "command": "uvx",
      "args": [
        "awslabs.iam-mcp-server@latest"
      ],
      "env": {
        "AWS_PROFILE": "default",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

PrereqRequires uv installed and an AWS profile with IAM permissions. PyPI package: `awslabs.iam-mcp-server`. Default mode is read-only; pass --allow-write to enable IAM mutations. Recommended posture is read-only for production. Path: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS).

{
  "mcpServers": {
    "awslabs.iam-mcp-server": {
      "command": "uvx",
      "args": [
        "awslabs.iam-mcp-server@latest"
      ],
      "env": {
        "AWS_PROFILE": "default",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

{
  "mcpServers": {
    "awslabs.iam-mcp-server": {
      "command": "uvx",
      "args": [
        "awslabs.iam-mcp-server@latest"
      ],
      "env": {
        "AWS_PROFILE": "default",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

{
  "mcpServers": {
    "awslabs.iam-mcp-server": {
      "command": "uvx",
      "args": [
        "awslabs.iam-mcp-server@latest"
      ],
      "env": {
        "AWS_PROFILE": "default",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

{
  "mcpServers": {
    "awslabs.iam-mcp-server": {
      "command": "uvx",
      "args": [
        "awslabs.iam-mcp-server@latest"
      ],
      "env": {
        "AWS_PROFILE": "default",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

// Tools

7 TOOLS AVAILABLE

list_users

List IAM users in the account

Read

list_roles

List IAM roles

Read

list_policies

List managed and inline policies

Read

attach_user_policy

Attach a managed policy to a user (gated by --allow-write)

Write

put_user_policy

Set an inline policy on a user (gated by --allow-write)

Write

simulate_principal_policy

Test permissions before applying

Read

// Editorial Review

OUR ASSESSMENT

Strengths

5 commits on the server path in the last 30 days.
Apache-2.0 licence.
Official AWS Labs maintenance.
Policy simulation surface for testing permissions before applying.
Force-delete capability handles users with associated resources.
Permissions Boundary support for enhanced security guardrails.
Trust policy validation runs JSON validation before submission.
Read-only default with explicit --allow-write opt-in.

Weaknesses

IAM mistakes carry blast-radius risk; broad MCP access to mutating IAM operations carries significant operational risk.
AWS account-level scoping; multi-account IAM administration runs separate MCP instances per account.
Policy simulation depends on accurate input policies; results reflect the simulated state, distinct from live evaluation.
5 commits on the path in the last 30 days, modest cadence.

Security Notes

IAM is the security-critical control plane of an AWS account; MCP access carries the same blast radius. Default to --allow-write off. Run the MCP under a dedicated AWS profile with IAM administration scoped to a least-privilege admin role (avoid root). Use Permissions Boundaries on any roles the MCP creates to enforce that the boundary applies to created principals. For production environments, restrict the MCP to read-only and use it for diagnostic surfaces (who has access, what does this policy grant), then apply changes through a separate, audit-logged path.

Best For

AWS shops where IAM administration is part of operator workflows and an MCP entry point would speed up routine queries (who has access to what, what does this policy grant in effect); permission auditing flows that simulate policy effects before applying them; read-only IAM diagnostic agents that surface policy attachments and effective permissions.

// Technical

TECHNICAL DETAILS

Language

python

Transport

stdio

Clients

Claude DesktopClaude CodeCursorVS CodeWindsurf

License

Apache-2.0

GitHub

awslabs/mcp · ★ 8,924

npm

awslabs.iam-mcp-server

Last Release

awslabs.iam-mcp-server (PyPI)MAY 1, 2026

First Released

APR 1, 2025

// Adoption

ADOPTION METRICS

// GitHub Stars

8,924

// Reading this8,924 stars on the awslabs/mcp parent monorepo. 5 commits on the IAM server path in the last 30 days.

// Popularity Rank

Globally · #4 in Security

// Reading thisFourth-ranked in security. Tier 2 cadence; Tier 1 vendor signal.

// How we found this server

SOURCES & VERIFICATION

We don't take any single directory's word for it. Before scoring, we cross-reference 4 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.

Discovered

Manual submission

First indexed MAY 1, 2026

Cross-referenced

4 directories

PulseMCP, MCP.so, Glama, Official MCP Registry

Verified against

Claude Desktop, Cursor, Cline, Kiro (per awslabs/mcp install instructions)

Installed and tested across clients

Last re-checked

MAY 1, 2026

Weekly re-verification

// How other directories see it

The same server, 4 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.

Source	Their rating	Their star count	Their downloads	Last synced
AutomationSwitch This page	4.1editorial	8,924	—	MAY 1, 2026
PulseMCP	— unrated	unavailable	unavailable	MAY 1, 2026
MCP.so	— unrated	unavailable	unavailable	MAY 1, 2026
Glama	— unrated	unavailable	unavailable	MAY 1, 2026
Official MCP Registry	— unrated	unavailable	unavailable	MAY 1, 2026

// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.

// Alternatives

OTHER SECURITY MCP SERVERS

Vendor4.6

Prowler MCP

Prowler

Cloud Security Posture Management (CSPM) platform with 1000+ security checks across multiple cloud providers and 70+ compliance frameworks, exposed through MCP. Three deployment options: Prowler Cloud (recommended), local stdio, self-hosted HTTP. 13,717 stars, Apache-2.0.

8 tools★ 13,717

Vendor4.3

Auth0 MCP Server

Auth0

Official Auth0 MCP server connecting Claude, Cursor, Windsurf, VS Code, and Gemini to Auth0 Management APIs. Create apps, deploy Actions, debug logs, and query users with natural-language commands. Read-only mode and tool-glob filtering supported. Beta software per Auth0.

8 tools★ 106

Official4.2

HashiCorp Vault MCP

HashiCorp

Official HashiCorp MCP for Vault: secrets, mounts, KV, and PKI management with stdio and Streamable HTTP transports. 9 commits on main in the last 30 days. MPL-2.0 with HashiCorp official-vendor signal.

9 tools★ 45

Official4

AWS CloudTrail MCP

AWS Labs

Official AWS Labs MCP for CloudTrail: 90 days of management events via lookup_events and Trino-compatible SQL queries against CloudTrail Lake Event Data Stores. 3 commits on the server path in the last 30 days. Pairs with the IAM MCP for security audit workflows.

5 tools★ 8,924

Vendor4

Infisical MCP

Infisical

Official Infisical MCP server for secrets management. 10 tools cover the full secret lifecycle plus project, environment, folder, and member management. Two authentication methods (machine identity universal-auth and access-token), self-hostable instance support via INFISICAL_HOST_URL.

10 tools★ 45

Vendor3.8

Trivy MCP

Aqua Security

Official Aqua Security Trivy plugin that turns Trivy scanning capabilities into an MCP server. Distributed as a Trivy plugin: `trivy plugin install mcp`. Three transport modes (stdio, streamable HTTP, SSE), IDE integration for VS Code, Cursor, JetBrains, and Claude Desktop.

4 tools★ 37

// Get in touch

DISCUSS YOUR
MCP REQUIREMENTS.

Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.

Discuss Your MCP Requirements →

AWS IAM MCP

INSTALL THIS SERVER

7 TOOLS AVAILABLE

OUR ASSESSMENT

TECHNICAL DETAILS

ADOPTION METRICS

SOURCES & VERIFICATION

OTHER SECURITY MCP SERVERS

Prowler MCP

Auth0 MCP Server

HashiCorp Vault MCP

AWS CloudTrail MCP

Infisical MCP

Trivy MCP

DISCUSS YOURMCP REQUIREMENTS.

DISCUSS YOUR
MCP REQUIREMENTS.