Light-weight MCP server that lets AI assistants run AWS CLI commands (with security controls) via Model Context Protocol.
https://github.com/alexei-led/aws-mcp-serverYour AI assistant knows exactly what AWS commands to run, but you're still copying and pasting between Claude and your terminal. AWS MCP Server changes that by giving your AI direct, secure access to AWS CLI commands – without compromising your infrastructure.
You're already using Claude or Cursor to help with AWS tasks, but the workflow is broken:
Meanwhile, you're worried about giving an AI assistant direct AWS access because one wrong command could cost you hundreds of dollars or expose sensitive data.
This MCP server creates a secure bridge between your AI assistant and AWS CLI. Your AI can execute AWS commands directly, chain them with Unix pipes, and receive properly formatted results – all while running in a containerized environment with comprehensive security controls.
# Instead of this manual dance:
You: "List my S3 buckets"
AI: "Run: aws s3 ls"
You: [copies to terminal, pastes result back]
# You get this direct interaction:
You: "Show me S3 buckets that haven't been accessed in 30 days"
AI: "Let me check that for you."
# AI runs: aws s3 ls | grep "bucket-name" | xargs -I {} aws s3api head-bucket --bucket {}
# Returns: "Found 3 buckets with no recent access..."
The Docker-first approach isn't just convenient – it's the primary security mechanism. Every AWS command runs in an isolated container that:
rm -rf only affect the throwaway container# These commands get blocked automatically:
aws iam create-user --user-name backdoor-user # ❌ Blocked
aws cloudtrail delete-trail --name audit-log # ❌ Blocked
aws s3api put-bucket-policy --bucket my-bucket --policy file://public.json # ❌ Blocked
# These work perfectly:
aws ec2 describe-instances --filters "Name=tag:Environment,Values=production" # ✅ Allowed
aws s3 ls | grep backup | head -10 # ✅ Allowed with pipes
Infrastructure Auditing: Ask your AI to "Check which EC2 instances don't have backup tags" and watch it construct the perfect command pipeline automatically.
Cost Optimization: "Find RDS instances that have been idle for 2 weeks" becomes a single conversation, not a research project.
Security Reviews: Built-in prompt templates guide your AI through comprehensive security audits following AWS best practices.
Troubleshooting: Your AI can gather logs, check configurations, and analyze metrics across multiple services in one session.
Adding this to Claude Desktop requires one config file edit:
{
"mcpServers": {
"aws-mcp-server": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-v", "/Users/yourname/.aws:/home/appuser/.aws:ro",
"ghcr.io/alexei-led/aws-mcp-server:latest"
]
}
}
}
Restart Claude Desktop, and you'll see the hammer icon indicating AWS MCP Server is available. Your AI can now execute AWS commands directly in your conversations.
Versus manual copy-paste: Eliminates context switching and enables complex multi-command workflows your AI can execute autonomously.
Versus giving AI raw AWS access: Provides the security controls and isolation you need for production environments.
Versus writing custom scripts: Includes 15+ pre-built prompt templates for common AWS operations, plus the flexibility to handle ad-hoc requests.
Versus other MCP servers: Purpose-built for AWS with comprehensive security validation and production-ready Docker deployment.
# Clone and run
git clone https://github.com/alexei-led/aws-mcp-server.git
cd aws-mcp-server
docker compose -f deploy/docker/docker-compose.yml up -d
# Add to Claude Desktop config
# Restart Claude Desktop
# Start having AWS conversations with your AI
Your AI assistant is already smart enough to manage AWS infrastructure. AWS MCP Server gives it the secure access it needs to actually help you.
The 137 GitHub stars and active development show this isn't just a proof of concept – it's a production-ready tool that's already improving workflows for developers who've moved beyond manual AWS CLI work.