Back to Details

aws-mcp-setup

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

AWS MCP Server Configuration Guide

AWS MCP服务器配置指南

Overview

概述

This guide helps you configure AWS MCP tools for AI agents. Two options are available:
OptionRequirementsCapabilities
Full AWS MCP ServerPython 3.10+, uvx, AWS credentialsExecute AWS API calls + documentation search
AWS Documentation MCPNoneDocumentation search only
本指南帮助你为AI Agent配置AWS MCP工具。提供两种选项:
选项要求功能
完整AWS MCP服务器Python 3.10+、uvx、AWS凭证执行AWS API调用 + 文档搜索
AWS Documentation MCP仅文档搜索

Step 1: Check Existing Configuration

步骤1:检查现有配置

Before configuring, check if AWS MCP tools are already available using either method:
在配置之前,可通过以下任一方法检查AWS MCP工具是否已可用:

Method A: Check Available Tools (Recommended)

方法A:检查可用工具(推荐)

Look for these tool name patterns in your agent's available tools:
  • mcp__aws-mcp__*
    or 
    mcp__aws__*
    → Full AWS MCP Server configured
  • mcp__*awsdocs*__aws___*
    → AWS Documentation MCP configured
How to check: Run 
/mcp
command to list all active MCP servers.
在Agent的可用工具中查找以下工具名称模式:
  • mcp__aws-mcp__*
    mcp__aws__*
    → 已配置完整AWS MCP服务器
  • mcp__*awsdocs*__aws___*
    → 已配置AWS Documentation MCP
检查方式:运行
/mcp
命令列出所有活跃的MCP服务器。

Method B: Check Configuration Files

方法B:检查配置文件

Agent tools use hierarchical configuration (precedence: local → project → user → enterprise):
ScopeFile LocationUse Case
Local
.claude.json
(in project)		Personal/experimental
Project
.mcp.json
(project root)		Team-shared
User
~/.claude.json
Cross-project personal
EnterpriseSystem managed directoriesOrganization-wide
Check these files for 
mcpServers
containing 
aws-mcp
, 
aws
, or 
awsdocs
keys:
bash
undefined
Agent工具使用分层配置(优先级:本地 → 项目 → 用户 → 企业):
范围文件位置使用场景
本地项目中的
.claude.json
个人/实验用途
项目项目根目录的
.mcp.json
团队共享
用户
~/.claude.json
跨项目个人配置
企业系统管理目录组织范围配置
检查这些文件中是否包含带有
aws-mcp
aws
awsdocs
键的
mcpServers
bash
undefined

Check project config

检查项目配置

cat .mcp.json 2>/dev/null | grep -E '"(aws-mcp|aws|awsdocs)"'
cat .mcp.json 2>/dev/null | grep -E '"(aws-mcp|aws|awsdocs)"'

Check user config

检查用户配置

cat ~/.claude.json 2>/dev/null | grep -E '"(aws-mcp|aws|awsdocs)"'
cat ~/.claude.json 2>/dev/null | grep -E '"(aws-mcp|aws|awsdocs)"'

Or use Claude CLI

或使用Claude CLI

claude mcp list

If AWS MCP is already configured, no further setup needed.
claude mcp list

如果AWS MCP已配置,则无需进一步设置。

Step 2: Choose Configuration Method

步骤2:选择配置方法

Automatic Detection

自动检测

Run these commands to determine which option to use:
bash
undefined
运行以下命令确定要使用的选项:
bash
undefined

Check for uvx (requires Python 3.10+)

检查uvx是否可用(需要Python 3.10+)

which uvx || echo "uvx not available"
which uvx || echo "uvx not available"

Check for valid AWS credentials

检查AWS凭证是否有效

aws sts get-caller-identity || echo "AWS credentials not configured"
undefined
aws sts get-caller-identity || echo "AWS credentials not configured"
undefined

Option A: Full AWS MCP Server (Recommended)

选项A:完整AWS MCP服务器(推荐)

Use when: uvx available AND AWS credentials valid
Prerequisites:
  • Python 3.10+ with 
    uv
    package manager
  • AWS credentials configured (via profile, environment variables, or IAM role)
Required IAM Permissions:
json
{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": [
      "aws-mcp:InvokeMCP",
      "aws-mcp:CallReadOnlyTool",
      "aws-mcp:CallReadWriteTool"
    ],
    "Resource": "*"
  }]
}
Configuration (add to your MCP settings):
json
{
  "mcpServers": {
    "aws-mcp": {
      "command": "uvx",
      "args": [
        "mcp-proxy-for-aws@latest",
        "https://aws-mcp.us-east-1.api.aws/mcp",
        "--metadata", "AWS_REGION=us-west-2"
      ]
    }
  }
}
Credential Configuration Options:
  1. AWS Profile (recommended for development):
    json
    "args": [
  "mcp-proxy-for-aws@latest",
  "https://aws-mcp.us-east-1.api.aws/mcp",
  "--profile", "my-profile",
  "--metadata", "AWS_REGION=us-west-2"
]
  2. Environment Variables:
    json
    "env": {
  "AWS_ACCESS_KEY_ID": "...",
  "AWS_SECRET_ACCESS_KEY": "...",
  "AWS_REGION": "us-west-2"
}
  3. IAM Role (for EC2/ECS/Lambda): No additional config needed - uses instance credentials
Additional Options:
  • --region <region>
    : Override AWS region
  • --read-only
    : Restrict to read-only tools
  • --log-level <level>
    : Set logging level (debug, info, warning, error)
Reference: https://github.com/aws/mcp-proxy-for-aws
适用场景:已安装uvx且AWS凭证有效
前置条件
  • 带有
    uv
    包管理器的Python 3.10+
  • 已配置AWS凭证(通过配置文件、环境变量或IAM角色)
所需IAM权限
json
{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": [
      "aws-mcp:InvokeMCP",
      "aws-mcp:CallReadOnlyTool",
      "aws-mcp:CallReadWriteTool"
    ],
    "Resource": "*"
  }]
}
配置(添加到你的MCP设置中):
json
{
  "mcpServers": {
    "aws-mcp": {
      "command": "uvx",
      "args": [
        "mcp-proxy-for-aws@latest",
        "https://aws-mcp.us-east-1.api.aws/mcp",
        "--metadata", "AWS_REGION=us-west-2"
      ]
    }
  }
}
凭证配置选项
  1. AWS配置文件(推荐用于开发环境):
    json
    "args": [
  "mcp-proxy-for-aws@latest",
  "https://aws-mcp.us-east-1.api.aws/mcp",
  "--profile", "my-profile",
  "--metadata", "AWS_REGION=us-west-2"
]
  2. 环境变量
    json
    "env": {
  "AWS_ACCESS_KEY_ID": "...",
  "AWS_SECRET_ACCESS_KEY": "...",
  "AWS_REGION": "us-west-2"
}
  3. IAM角色(适用于EC2/ECS/Lambda):无需额外配置 - 使用实例凭证
附加选项
  • --region <region>
    :覆盖AWS区域
  • --read-only
    :限制为只读工具
  • --log-level <level>
    :设置日志级别(debug、info、warning、error)
参考链接https://github.com/aws/mcp-proxy-for-aws

Option B: AWS Documentation MCP Server (No Auth)

选项B:AWS Documentation MCP服务器(无需认证)

Use when:
  • No Python/uvx environment
  • No AWS credentials
  • Only need documentation search (no API execution)
Configuration:
json
{
  "mcpServers": {
    "awsdocs": {
      "type": "http",
      "url": "https://knowledge-mcp.global.api.aws"
    }
  }
}
适用场景
  • 无Python/uvx环境
  • 无AWS凭证
  • 仅需文档搜索(无需执行API)
配置
json
{
  "mcpServers": {
    "awsdocs": {
      "type": "http",
      "url": "https://knowledge-mcp.global.api.aws"
    }
  }
}

Step 3: Verification

步骤3:验证

After configuration, verify tools are available:
For Full AWS MCP:
  • Look for tools: 
    mcp__aws-mcp__aws___search_documentation
    , 
    mcp__aws-mcp__aws___call_aws
For Documentation MCP:
  • Look for tools: 
    mcp__awsdocs__aws___search_documentation
    , 
    mcp__awsdocs__aws___read_documentation
配置完成后,验证工具是否可用:
对于完整AWS MCP
  • 查找工具:
    mcp__aws-mcp__aws___search_documentation
    mcp__aws-mcp__aws___call_aws
对于Documentation MCP
  • 查找工具:
    mcp__awsdocs__aws___search_documentation
    mcp__awsdocs__aws___read_documentation

Troubleshooting

故障排除

IssueCauseSolution
uvx: command not found
uv not installedInstall with 
pip install uv
or use Option B
AccessDenied
error		Missing IAM permissionsAdd aws-mcp:* permissions to IAM policy
InvalidSignatureException
Credential issueCheck 
aws sts get-caller-identity
Tools not appearingMCP not startedRestart your agent after config change
问题原因解决方案
uvx: command not found
未安装uv使用
pip install uv
安装或选择选项B
AccessDenied
错误		缺少IAM权限为IAM策略添加
aws-mcp:*
权限
InvalidSignatureException
凭证问题检查
aws sts get-caller-identity
命令的输出
工具未显示MCP未启动修改配置后重启你的Agent