aws

This MCP server exposes a conversational interface to manage a full AWS infrastructure stack, including RDS, S3, EC2, VPC components, subnets, internet gateways, route tables, security groups, key pairs, instance tags, and AMIs. Once running, you can connect via the MCP HTTP stream endpoint at /mcp or the SSE endpoint at /sse, depending on your client capabilities. The server processes natural language prompts and translates them into AWS SDK operations across the supported services, enabling you to create, list, update, and delete infrastructure components through chat-like commands. For clients like Cursor, you can point to the provided mcp.json configuration to route requests through the AWS MCP server. The tooling is organized into dedicated modules (tools/aws-clients, tools/vpc, tools/ec2, tools/s3, etc.), so you can expect modular, service-specific capabilities such as creating VPCs, subnets, security groups, configuring EC2 instances, managing AMIs, and handling RDS instances.

Prerequisites:

• Node.js >= 18.0.0
• pnpm >= 10.0.0
• AWS credentials (Access Key ID and Secret Access Key) configured or provided via MC P headers

Option A: Local development

1. Clone the repository

git clone https://github.com/lokeswaran-aj/aws-mcp.git
cd aws-mcp

2. Install dependencies

pnpm install

3. Run the development server

pnpm dev

Option B: Docker deployment

1. Ensure Docker and Docker Compose are installed.
2. Build and run with Docker Compose (recommended for multi-container setups)

docker-compose up -d

3. Alternatively, build and run the image directly

docker build -t aws-mcp .

# Run with port mapping
docker run -d --name aws-mcp-server -p 8080:8080 aws-mcp

Access points:

• MCP HTTP stream endpoint: http://localhost:8080/mcp
• MCP SSE endpoint: http://localhost:8080/sse

Notes and tips:

• Credentials are currently passed via HTTP headers in both development and Docker deployments. Ensure your client includes AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY headers (and AWS_SESSION_TOKEN if using temporary credentials).
• The server reads credentials from MCP configuration headers for now; future versions may support AWS Role ARNs.
• The roadmap includes Lambda and API Gateway tooling; currently supported services include RDS, S3, EC2, VPC, Subnet, Internet Gateway, Route Table, Security Group, Key Pair, Instance Tag, and AMI.
• If you encounter network or permission errors, verify that your AWS credentials have sufficient permissions for the targeted resources, and ensure the region matches your resources.
• When using Docker, the credentials are still passed via HTTP headers, so you don’t need to bake them into the container configuration.