AWS MCP Servers: A Complete Guide
Comprehensive guide to setting up and using AWS-powered MCP servers with Bedrock, S3, DynamoDB, and more.
Amazon Web Services offers powerful MCP integrations that let AI assistants interact with your AWS infrastructure. This guide covers the most popular AWS MCP servers and how to configure them.
Overview
AWS MCP servers bridge the gap between AI clients and AWS services. They enable natural-language interactions with:
- Amazon Bedrock — Invoke and manage foundation models
- Amazon S3 — Read, write, and manage storage buckets
- Amazon DynamoDB — Query and manage NoSQL databases
- AWS Lambda — Invoke serverless functions
- Amazon CloudWatch — Monitor logs and metrics
Prerequisites
- An AWS account with appropriate IAM permissions
- AWS CLI configured with credentials (
aws configure) - Node.js 18+ for running MCP servers
- An MCP-compatible client (Claude Desktop, Cursor, Windsurf)
Setting Up AWS Credentials
AWS MCP servers use the standard AWS credential chain. Configure your credentials before starting:
aws configure
# Enter your AWS Access Key ID
# Enter your AWS Secret Access Key
# Enter default region (e.g., us-east-1)
# Enter default output format (json)Alternatively, set environment variables:
export AWS_ACCESS_KEY_ID=AKIA...
export AWS_SECRET_ACCESS_KEY=wJal...
export AWS_REGION=us-east-1Amazon Bedrock MCP Server
The Bedrock MCP server lets AI clients invoke foundation models directly.
Installation
npx @modelcontextprotocol/server-aws-bedrockConfiguration
Add to your MCP client config:
{
"mcpServers": {
"aws-bedrock": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-aws-bedrock"],
"env": {
"AWS_REGION": "us-east-1"
}
}
}
}Available Tools
| Tool | Description |
|---|---|
invoke_model | Invoke a Bedrock foundation model |
list_models | List available Bedrock models |
list_model_versions | Show versions of a specific model |
Example Usage
Ask your AI client: “Use Bedrock to generate a summary of this document using Claude 3 Sonnet.” The client will use the invoke_model tool with the appropriate parameters.
Amazon S3 MCP Server
Interact with S3 buckets and objects through natural language.
Installation
npx @modelcontextprotocol/server-aws-s3Configuration
{
"mcpServers": {
"aws-s3": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-aws-s3"],
"env": {
"AWS_REGION": "us-east-1"
}
}
}
}Available Tools
| Tool | Description |
|---|---|
list_buckets | List all S3 buckets in the account |
list_objects | List objects in a bucket (with optional prefix filter) |
get_object | Read the contents of an S3 object |
put_object | Upload content to an S3 bucket |
delete_object | Delete an object from S3 |
Available Resources
| Resource URI | Description |
|---|---|
s3://{bucket}/ | Browse objects in a bucket |
s3://{bucket}/{key} | Read object contents |
Amazon DynamoDB MCP Server
Query and manage DynamoDB tables through MCP.
Installation
npx @modelcontextprotocol/server-aws-dynamodbConfiguration
{
"mcpServers": {
"aws-dynamodb": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-aws-dynamodb"],
"env": {
"AWS_REGION": "us-east-1"
}
}
}
}Available Tools
| Tool | Description |
|---|---|
list_tables | List all DynamoDB tables |
describe_table | Get table schema and metadata |
get_item | Retrieve an item by key |
query | Query a table with key condition expression |
scan | Scan a table (with optional filter) |
put_item | Insert or update an item |
delete_item | Delete an item by key |
AWS Lambda MCP Server
Invoke and manage Lambda functions through MCP.
Installation
npx @modelcontextprotocol/server-aws-lambdaConfiguration
{
"mcpServers": {
"aws-lambda": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-aws-lambda"],
"env": {
"AWS_REGION": "us-east-1"
}
}
}
}Available Tools
| Tool | Description |
|---|---|
list_functions | List all Lambda functions |
invoke_function | Invoke a Lambda function with a payload |
get_function_config | Get function configuration details |
list_function_versions | Show versions of a function |
Running Multiple AWS Servers
You can run multiple AWS MCP servers in a single config:
{
"mcpServers": {
"aws-s3": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-aws-s3"],
"env": { "AWS_REGION": "us-east-1" }
},
"aws-dynamodb": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-aws-dynamodb"],
"env": { "AWS_REGION": "us-west-2" }
},
"aws-lambda": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-aws-lambda"],
"env": { "AWS_REGION": "eu-west-1" }
}
}
}Each server can target a different region — perfect for multi-region workflows.
Security Best Practices
IAM Permissions
Create dedicated IAM policies with least-privilege permissions. For example, a read-only S3 policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetObject"
],
"Resource": "*"
}
]
}Use IAM Roles
For production, use IAM roles instead of long-lived access keys. On EC2 or ECS, attach the role to the instance. On Lambda, use the function’s execution role.
Region Locking
Restrict each server to a specific region to limit blast radius:
{
"env": {
"AWS_REGION": "us-east-1"
}
}Troubleshooting
| Issue | Fix |
|---|---|
AccessDenied errors | Check IAM permissions for the tool or resource |
Credentials not found | Verify aws configure or env vars are set |
| Region mismatch | Some services require specific regions — verify with aws --region |
| Timeout on large S3 objects | The server streams content; large files may take time |
Next Steps
- Use the MCPConfig Builder to generate your AWS MCP configuration visually
- Browse the server templates for pre-built AWS server configs
- Check the server directory for all available MCP servers