What is AWS MCP and when should I use it?

AWS MCP provides either a full API-call capable server or a documentation-search server for AWS knowledge. Use the full MCP when your agent needs to execute AWS API calls; use AWS Documentation MCP when you only need AWS docs/search.

Do I need AWS credentials for AWS Documentation MCP?

No. The AWS Documentation MCP Server does not require AWS credentials and is designed for documentation search only.

How can I verify that MCP configuration is active?

Run claude mcp list to confirm active MCP servers (look for aws-mcp or awdocs entries) and check your .mcp.json/.claude.json files for mcpServers with aws-mcp, aws, or awdocs keys.

aws-mcp-setup

npx machina-cli add skill zxkane/aws-skills/aws-mcp-setup --openclaw

Files (1)

SKILL.md

4.7 KB

AWS MCP Server Configuration Guide

Overview

This guide helps you configure AWS MCP tools for AI agents. Two options are available:

Option	Requirements	Capabilities
Full AWS MCP Server	Python 3.10+, uvx, AWS credentials	Execute AWS API calls + documentation search
AWS Documentation MCP	None	Documentation search only

Step 1: Check Existing Configuration

Before configuring, check if AWS MCP tools are already available using either method:

Method A: Check Available Tools (Recommended)

Look for these tool name patterns in your agent's available tools:

mcp__aws-mcp__* or mcp__aws__* → Full AWS MCP Server configured
mcp__*awsdocs*__aws___* → AWS Documentation MCP configured

How to check: Run /mcp command to list all active MCP servers.

Method B: Check Configuration Files

Agent tools use hierarchical configuration (precedence: local → project → user → enterprise):

Scope	File Location	Use Case
Local	`.claude.json` (in project)	Personal/experimental
Project	`.mcp.json` (project root)	Team-shared
User	`~/.claude.json`	Cross-project personal
Enterprise	System managed directories	Organization-wide

Check these files for mcpServers containing aws-mcp, aws, or awsdocs keys:

# Check project config
cat .mcp.json 2>/dev/null | grep -E '"(aws-mcp|aws|awsdocs)"'

# Check user config
cat ~/.claude.json 2>/dev/null | grep -E '"(aws-mcp|aws|awsdocs)"'

# Or use Claude CLI
claude mcp list

If AWS MCP is already configured, no further setup needed.

Step 2: Choose Configuration Method

Automatic Detection

Run these commands to determine which option to use:

# Check for uvx (requires Python 3.10+)
which uvx || echo "uvx not available"

# Check for valid AWS credentials
aws sts get-caller-identity || echo "AWS credentials not configured"

Option A: Full AWS MCP Server (Recommended)

Use when: uvx available AND AWS credentials valid

Prerequisites:

Python 3.10+ with uv package manager
AWS credentials configured (via profile, environment variables, or IAM role)

Required IAM Permissions:

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": [
      "aws-mcp:InvokeMCP",
      "aws-mcp:CallReadOnlyTool",
      "aws-mcp:CallReadWriteTool"
    ],
    "Resource": "*"
  }]
}

Configuration (add to your MCP settings):

{
  "mcpServers": {
    "aws-mcp": {
      "command": "uvx",
      "args": [
        "mcp-proxy-for-aws@latest",
        "https://aws-mcp.us-east-1.api.aws/mcp",
        "--metadata", "AWS_REGION=us-west-2"
      ]
    }
  }
}

Credential Configuration Options:

AWS Profile (recommended for development):

"args": [
  "mcp-proxy-for-aws@latest",
  "https://aws-mcp.us-east-1.api.aws/mcp",
  "--profile", "my-profile",
  "--metadata", "AWS_REGION=us-west-2"
]

Environment Variables:

"env": {
  "AWS_ACCESS_KEY_ID": "...",
  "AWS_SECRET_ACCESS_KEY": "...",
  "AWS_REGION": "us-west-2"
}

IAM Role (for EC2/ECS/Lambda): No additional config needed - uses instance credentials

Additional Options:

--region <region>: Override AWS region
--read-only: Restrict to read-only tools
--log-level <level>: Set logging level (debug, info, warning, error)

Reference: https://github.com/aws/mcp-proxy-for-aws

Option B: AWS Documentation MCP Server (No Auth)

Use when:

No Python/uvx environment
No AWS credentials
Only need documentation search (no API execution)

Configuration:

{
  "mcpServers": {
    "awsdocs": {
      "type": "http",
      "url": "https://knowledge-mcp.global.api.aws"
    }
  }
}

Step 3: Verification

After configuration, verify tools are available:

For Full AWS MCP:

Look for tools: mcp__aws-mcp__aws___search_documentation, mcp__aws-mcp__aws___call_aws

For Documentation MCP:

Look for tools: mcp__awsdocs__aws___search_documentation, mcp__awsdocs__aws___read_documentation

Troubleshooting

Issue	Cause	Solution
`uvx: command not found`	uv not installed	Install with `pip install uv` or use Option B
`AccessDenied` error	Missing IAM permissions	Add aws-mcp:* permissions to IAM policy
`InvalidSignatureException`	Credential issue	Check `aws sts get-caller-identity`
Tools not appearing	MCP not started	Restart your agent after config change

Source

git clone https://github.com/zxkane/aws-skills/blob/main/plugins/aws-common/skills/aws-mcp-setup/SKILL.mdView on GitHub

Overview

Configure AWS MCP tools for AI agents to query up-to-date AWS knowledge, APIs, and best practices. Choose between a Full AWS MCP Server that can execute API calls or an AWS Documentation MCP Server for documentation search only.

How This Skill Works

First, verify existing MCP configuration. Then pick Option A (Full AWS MCP Server) or Option B (AWS Documentation MCP Server). The full server uses uvx with mcp-proxy-for-aws and supports AWS credentials via profile, environment variables, or IAM roles; the docs-only option uses an HTTP MCP server pointed at the knowledge endpoint for search-only capabilities.

When to Use It

When the agent must execute AWS API calls live (full MCP server).
When you only need AWS knowledge via documentation search (AWS Documentation MCP).
When you have no Python/uvx environment but still need docs access (docs MCP).
When you want to operate with read-only access to AWS tools (use --read-only).
When you need to verify or adjust existing MCP configuration across local/project/user scopes.

Quick Start

Step 1: Check existing configuration with claude mcp list and inspect project/user config files.
Step 2: Choose Option A (full MCP) or Option B (docs MCP) and add the corresponding mcpServers entry.
Step 3: Apply changes, restart Claude if needed, and verify with sample AWS queries or searches.

Best Practices

Verify uvx availability and Python 3.10+ before enabling the full MCP.
Apply least-privilege IAM permissions for AWS MCP actions.
Prefer the Docs MCP option when API execution is not required.
Version-control mcpServers configurations and audit changes.
Test connectivity and responses regularly using claude mcp list and sample queries.

Example Use Cases

Developer enables a Full AWS MCP Server on a Python 3.10+ host with uvx to allow live AWS API calls.
Team configures AWS Documentation MCP Server to empower agents with AWS knowledge search only.
Use AWS_PROFILE to configure credentials for MCP without embedding secrets.
Project adds mcpServers entries in .mcp.json and validates with claude mcp list.
Agent runs on EC2 with an IAM Role and uses the Full MCP Server without extra credential config.

Frequently Asked Questions

Add this skill to your agents