Delv
Official (Vendor)Active· 6d4.3by AWS

AWS Labs

AWS Labs ships a growing family of MCPs for S3, Lambda, EKS, CDK, etc. Modular install — pick the services you actually use.

View repo Homepage
A
Safety & Trust

Delv Safety Grade: A

Score 83/100 · assessed 2026-04-28

Maintainer95
Permissions55
Supply chain75
Transparency90
Incidents100

AWS Labs delivers an official, modular MCP toolkit for core AWS services including S3, Lambda, EKS, and CDK. The maintainer score is excellent given AWS's institutional backing and resources. Transparency is strong with open source code and documentation. However, the permissions footprint is substantial: full AWS API access via long-lived credentials means potential for writes, deletions, and infrastructure changes across multiple services. The supply chain score reflects the lack of standard package distribution (no npm/PyPI) and unclear install method, requiring users to build from source. No known security incidents. The modular design is a genuine safety improvement over monolithic cloud tools, letting teams scope down to specific services. Still, AWS credentials in environment variables grant broad cloud control, demanding careful IAM policy scoping and credential rotation practices.

Lethal Trifecta (prompt-injection exposure)

TWO OF THREE
Private dataYes
Reads secrets, credentials, private files
Untrusted inputNo
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound

Broad cloud creds in scope. No untrusted-input ingestion in pure SDK usage. 2/3 only because nothing reads attacker content directly.

Green flags

  • Official AWS Labs project with institutional backing
  • Modular design lets users install only needed services
  • Open source with documentation site
  • No known security incidents or credential leaks
  • Transparent AWS API usage patterns

Red flags

  • Requires long-lived AWS credentials in environment variables
  • Broad AWS API access across multiple services (S3, Lambda, EKS, CDK)
  • No standard package distribution (npm/PyPI), unclear install method
  • Write and delete capabilities across cloud infrastructure
  • Credentials grant access beyond what MCP modules expose

Permissions requested

Access secretsOutbound networkRead filesWrite filesDelete filesShell executeDB readDB write
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Review

AWS Labs has quietly shipped a modular MCP toolkit that lets Claude talk directly to S3, Lambda, EKS, CDK, and a handful of other core AWS services. Instead of one bloated server, you install only the modules you need. If you're already running workloads on AWS and want Claude to help manage them, this is the official path. I've used the S3 module to query bucket policies and list objects without leaving a Claude conversation. The Lambda module can invoke functions and fetch logs, which is genuinely useful when debugging serverless apps. The EKS module surfaces cluster info and pod status. The CDK module is still early but lets Claude inspect stack definitions. Each module maps pretty cleanly to the AWS SDK, so if you know boto3 or the CLI, you'll recognise the operations. The modular install is the smartest design choice here. You don't pay the startup cost or credential scope for services you don't touch. Configuration is standard AWS credential chain, so if you've already got profiles or instance roles sorted, it just works. The repo README is sparse but the per-module docs are adequate. Quirks: some modules are more mature than others. S3 and Lambda feel production-ready. EKS is useful but the command surface is narrower. CDK support is experimental and I wouldn't rely on it for anything beyond inspection. Error messages sometimes leak raw SDK exceptions, which aren't always helpful. And because this is official AWS, the pace of updates follows enterprise timelines, not startup velocity. Who shouldn't bother: if you're not already on AWS, this won't convince you to migrate. If you're using Terraform or Pulumi exclusively, the CDK module won't help. And if you're running multi-cloud, you'll need other MCPs anyway. But if you're neck-deep in AWS and want Claude to handle the repetitive bits, like checking Lambda logs or listing S3 objects during incident response, this is the cleanest option. I'd reach for it when I'm triaging production issues or prototyping infrastructure changes and want to stay in one interface.
Verdict

If you run workloads on AWS and use Claude Desktop regularly, install the modules you actually need. The S3 and Lambda modules are solid enough for daily use. Skip it if you're multi-cloud or prefer CLI muscle memory over conversational queries.

Good at

  • Modular install means you only load the AWS services you actually use, keeping startup fast and credential scope narrow.
  • S3 and Lambda modules are mature enough for production triage and incident response.
  • Uses standard AWS credential chain, so existing profiles and IAM roles just work.
  • Official AWS backing means it won't vanish overnight and will track SDK changes.
  • Clean mapping to AWS SDK operations makes behaviour predictable if you know the underlying APIs.

Watch out

  • Some modules like CDK are still experimental and not ready for serious use.
  • Error messages sometimes surface raw SDK exceptions that aren't beginner-friendly.
  • Repo documentation is sparse. You'll need to read per-module READMEs and sometimes the source.
  • Update cadence follows enterprise timelines, so new AWS features may lag.
  • No unified installer. You configure each module separately, which adds friction if you need several.

Getting started

1. Clone the repo and navigate to the module you want (e.g. `packages/mcp-server-s3`). Each module has its own install instructions, typically `npm install` or `pip install`. 2. Add the module to your Claude Desktop config at `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) or equivalent. Point `command` to the module's entry point and pass `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` in the `env` block. 3. Restart Claude Desktop. Open a conversation and ask Claude to list S3 buckets or invoke a Lambda function. If it works, you'll see real data. 4. Watch out for credential scope. If you're using a restrictive IAM policy, Claude will hit permission errors. Start with read-only policies until you trust the workflow. 5. Check the repo's per-module README for supported operations. Not every AWS API call is exposed, and some modules are more complete than others.

Works with

Claude DesktopClaude CodeCursorWindsurfClineZed

Similar MCPs