Aws Mcp Setup
Connect Claude Code or similar agents to AWS documentation search and optional live AWS API calls through MCP.
Overview
aws-mcp-setup is an agent skill for the Build phase that configures AWS MCP servers for documentation search and optional authenticated AWS API access in Claude-compatible agents.
Install
npx skills add https://github.com/zxkane/aws-skills --skill aws-mcp-setupWhat is this skill?
- Two-path setup: Full AWS MCP (Python 3.10+, uvx, credentials) vs Documentation MCP (no auth)
- Preflight checks via /mcp tool patterns and hierarchical mcp.json / claude.json config
- Troubleshooting connectivity and aws-mcp / awsdocs / uvx installation issues
- Allowed agent bash flows: which, aws sts get-caller-identity, claude mcp, config cat
- Documents execute AWS API calls plus doc search vs documentation search only
- Two MCP options documented: Full AWS MCP Server vs AWS Documentation MCP
- Full server requires Python 3.10+, uvx, and AWS credentials
Adoption & trust: 1 installs on skills.sh; 306 GitHub stars; 1/3 security scanners passed (skills.sh audits).
What problem does it solve?
You want your coding agent to use AWS docs and APIs but MCP is missing, misconfigured, or you cannot tell which AWS MCP variant is already active.
Who is it for?
Solo builders standardizing AWS MCP on one machine or repo before building cloud-backed agent workflows.
Skip if: Teams that only need occasional AWS doc lookups in a browser without any agent or MCP integration.
When should I use this skill?
Setting up AWS MCP, configuring AWS documentation tools, troubleshooting MCP connectivity, or when the user mentions aws-mcp, awsdocs, uvx setup, or MCP server configuration.
What do I get? / Deliverables
You get a verified MCP layout—full AWS server or docs-only—with working connectivity checks and clear credential requirements for API execution.
- Working AWS or awsdocs MCP entry in agent configuration
- Confirmed tool visibility via /mcp or config inspection
Recommended Skills
Journey fit
MCP server setup is a core build-time step for giving your coding agent AWS context and actions before you ship infra-backed features. Canonical shelf is agent-tooling because the skill configures MCP endpoints and agent config files, not application business logic.
How it compares
Use for MCP server wiring and troubleshooting, not as a substitute for IAM policy design or application deployment runbooks.
Common Questions / FAQ
Who is aws-mcp-setup for?
Indie and solo developers using Claude Code, Cursor, or similar agents who deploy or integrate with AWS and want MCP documented and working.
When should I use aws-mcp-setup?
During Build when standing up agent-tooling: first AWS MCP install, fixing uvx or credential errors, or choosing docs-only MCP versus full API access before feature work.
Is aws-mcp-setup safe to install?
The skill guides identity checks and config reads; review the Security Audits panel on this Prism page and treat full-server mode as requiring scoped AWS credentials you control.
SKILL.md
READMESKILL.md - Aws Mcp Setup
# AWS MCP Server Configuration Guide ## Overview This guide helps you configure AWS MCP tools for AI agents. Two options are available: | Option | Requirements | Capabilities | |--------|--------------|--------------| | **Full AWS MCP Server** | Python 3.10+, uvx, AWS credentials | Execute AWS API calls + documentation search | | **AWS Documentation MCP** | None | Documentation search only | ## Step 1: Check Existing Configuration Before configuring, check if AWS MCP tools are already available using either method: ### Method A: Check Available Tools (Recommended) Look for these tool name patterns in your agent's available tools: - `mcp__aws-mcp__*` or `mcp__aws__*` → Full AWS MCP Server configured - `mcp__*awsdocs*__aws___*` → AWS Documentation MCP configured **How to check**: Run `/mcp` command to list all active MCP servers. ### Method B: Check Configuration Files Agent tools use hierarchical configuration (precedence: local → project → user → enterprise): | Scope | File Location | Use Case | |-------|---------------|----------| | Local | `.claude.json` (in project) | Personal/experimental | | Project | `.mcp.json` (project root) | Team-shared | | User | `~/.claude.json` | Cross-project personal | | Enterprise | System managed directories | Organization-wide | Check these files for `mcpServers` containing `aws-mcp`, `aws`, or `awsdocs` keys: ```bash # Check project config cat .mcp.json 2>/dev/null | grep -E '"(aws-mcp|aws|awsdocs)"' # Check user config cat ~/.claude.json 2>/dev/null | grep -E '"(aws-mcp|aws|awsdocs)"' # Or use Claude CLI claude mcp list ``` If AWS MCP is already configured, no further setup needed. ## Step 2: Choose Configuration Method ### Automatic Detection Run these commands to determine which option to use: ```bash # Check for uvx (requires Python 3.10+) which uvx || echo "uvx not available" # Check for valid AWS credentials aws sts get-caller-identity || echo "AWS credentials not configured" ``` ### Option A: Full AWS MCP Server (Recommended) **Use when**: uvx available AND AWS credentials valid **Prerequisites**: - Python 3.10+ with `uv` package manager - AWS credentials configured (via profile, environment variables, or IAM role) **Required IAM Permissions**: ```json { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "aws-mcp:InvokeMCP", "aws-mcp:CallReadOnlyTool", "aws-mcp:CallReadWriteTool" ], "Resource": "*" }] } ``` **Configuration** (add to your MCP settings): ```json { "mcpServers": { "aws-mcp": { "command": "uvx", "args": [ "mcp-proxy-for-aws@latest", "https://aws-mcp.us-east-1.api.aws/mcp", "--metadata", "AWS_REGION=us-west-2" ] } } } ``` **Credential Configuration Options**: 1. **AWS Profile** (recommended for development): ```json "args": [ "mcp-proxy-for-aws@latest", "https://aws-mcp.us-east-1.api.aws/mcp", "--profile", "my-profile", "--metadata", "AWS_REGION=us-west-2" ] ``` 2. **Environment Variables**: ```json "env": { "AWS_ACCESS_KEY_ID": "...", "AWS_SECRET_ACCESS_KEY": "...", "AWS_REGION": "us-west-2" } ``` 3. **IAM Role** (for EC2/ECS/Lambda): No additional config needed - uses instance credentials **Additional Options**: - `--region <region>`: Override AWS region - `--read-only`: Restrict to read-only tools - `--log-level <level>`: Set loggi