by alexei-led
A lightweight service that enables AI assistants to execute AWS CLI commands (in safe containerized environment) through the Model Context Protocol (MCP). Bridges Claude, Cursor, and other MCP-aware AI tools with AWS CLI for enhanced cloud infrastructure management.
# Add to your Claude Code skills
git clone https://github.com/alexei-led/aws-mcp-serverGuides for using ai agents skills like aws-mcp-server.
Last scanned: 5/30/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-30T15:46:26.909Z",
"npmAuditRan": true,
"pipAuditRan": true
}aws-mcp-server is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by alexei-led. A lightweight service that enables AI assistants to execute AWS CLI commands (in safe containerized environment) through the Model Context Protocol (MCP). Bridges Claude, Cursor, and other MCP-aware AI tools with AWS CLI for enhanced cloud infrastructure management. It has 182 GitHub stars.
Yes. aws-mcp-server passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/alexei-led/aws-mcp-server" and add it to your Claude Code skills directory (see the Installation section above).
aws-mcp-server is primarily written in Python. It is open-source under alexei-led on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh aws-mcp-server against similar tools.
No comments yet. Be the first to share your thoughts!
Give Claude access to all 200+ AWS services through the AWS CLI.
This MCP server lets Claude run AWS CLI commands on your behalf. Instead of wrapping each AWS API individually, it wraps the CLI itself—giving Claude complete AWS access through just two tools:
| Tool | Purpose |
|---|---|
aws_cli_help |
Get documentation for any AWS command |
aws_cli_pipeline |
Execute AWS CLI commands with optional pipes (jq, grep, etc.) |
Claude learns commands on-demand using --help, then executes them. Your IAM policy controls what it can actually do.
flowchart LR
Claude[Claude] -->|MCP| Server[AWS MCP Server]
Server --> CLI[AWS CLI]
CLI --> AWS[AWS Cloud]
IAM[Your IAM Policy] -.->|controls| AWS
streamable-http transport for web-based MCP clients, replacing the deprecated sse transport (#33)isError: true) instead of regular results (#34)instructions field (#35)uvx)Add to your MCP settings (Cmd+Shift+P → "Claude: Open MCP Config"):
{
"mcpServers": {
"aws": {
"command": "uvx",
"args": ["aws-mcp"]
}
}
}
Add to your Claude Desktop config file:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"aws": {
"command": "uvx",
"args": ["aws-mcp"]
}
}
}
Docker provides stronger isolation by running commands in a container:
{
"mcpServers": {
"aws": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-v",
"~/.aws:/home/appuser/.aws:ro",
"ghcr.io/alexei-led/aws-mcp-server:latest"
]
}
}
}
Note: Replace
~/.awswith the full path on Windows (e.g.,C:\Users\YOU\.aws).
For web-based MCP clients, use the streamable-http transport:
docker run --rm -p 8000:8000 \
-e AWS_MCP_TRANSPORT=streamable-http \
-v ~/.aws:/home/appuser/.aws:ro \
ghcr.io/alexei-led/aws-mcp-server:latest
The server will be available at http://localhost:8000/mcp.
Note: The
ssetransport is deprecated. Usestreamable-httpinstead.
The server uses the standard AWS credential chain. Your credentials are discovered automatically from:
AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY~/.aws/credentials~/.aws/config (for profiles and region)To use a specific profile:
{
"mcpServers": {
"aws": {
"command": "uvx",
"args": ["aws-mcp"],
"env": {
"AWS_PROFILE": "my-profile"
}
}
}
}
| Environment Variable | Description | Default |
|---|---|---|
AWS_PROFILE |
AWS profile to use | default |
AWS_REGION |
AWS region (also accepts AWS_DEFAULT_REGION) |
us-east-1 |
AWS_CONFIG_FILE |
Custom path to AWS config file | ~/.aws/config |
AWS_SHARED_CREDENTIALS_FILE |
Custom path to credentials file | ~/.aws/credentials |
| Environment Variable | Description | Default |
|---|---|---|
AWS_MCP_TIMEOUT |
Command execution timeout in seconds | 300 |
AWS_MCP_MAX_OUTPUT |
Maximum output size in characters | 100000 |
AWS_MCP_TRANSPORT |
Transport protocol (stdio, sse, or streamable-http) |
stdio |
AWS_MCP_SANDBOX |
Sandbox mode (auto, disabled, required) |
auto |
AWS_MCP_SANDBOX_CREDENTIALS |
Credential passing (env, aws_config, both) |
both |
Your IAM policy is your security boundary. This server executes whatever AWS commands Claude requests—IAM controls what actually succeeds.
Best practices:
For detailed security architecture, see Security Documentation.
MIT License — see LICENSE for details.