Skip to content
ai-supply.store
EntdeckenKategorienBestenlistenCommunityAgent APIFAQ
AnmeldenKostenlos registrieren
catalog / DevOps & Infra / AWS MCP Servers
◇MCP serverDevOps & InfraFree

AWS MCP Servers

AWS Labs' suite of MCP servers for AWS docs, infrastructure, containers, databases, and cost analysis.

@ai-supply
Installationen43k
↗ Quell-Repository
← More DevOps & InfraDevOps & Infra leaderboard →How we grade security →Source ↗

AWS MCP Servers

awslabs/mcp is an open-source suite of specialized Model Context Protocol servers maintained by AWS Labs, designed to help you get more out of AWS from any MCP client.

The monorepo ships many focused servers spanning real-time access to official AWS documentation, infrastructure and deployment (CDK, Terraform, CloudFormation), container platforms (ECS, EKS), serverless, databases, and cost analysis. Each server exposes AWS capabilities as MCP tools that coding agents can call directly.

It is intended for developers and cloud engineers building on AWS who want their AI assistant to reference AWS docs and interact with AWS services programmatically.

Rating rank
#1
of 23 in DevOps & Infra
Install rank
#19
of 23 in DevOps & Infra
Security score
58/100 · D
review
Security rank
#6
of 23 in DevOps & Infra
Installs
43k
cat avg 212k
This listing vs category average
Installs
this
cat avg
Security (of 100)
this
cat avg
Adoption trend
See the DevOps & Infra leaderboard →
! Security: Review · 5858/100 · grade Dscanned 36m ago
⚠ 1 compromise signal45 risk-surface · 10/20 OWASP controls flagged

Only compromise signals — malicious or tampered code (leaked secrets, backdoors, a dropped executable) — reduce the score. Dangerous-by-capability traits are risk surface, expected for some capabilities. Every finding is mapped to the OWASP control it belongs to below.

What this capability can do · high confidence (static)
Tools (3)
tool_namenamemcp_generate_image
⚑ filesystem⚑ shell⚑ network⚑ secrets
egress → sscce.org, docs.aws.amazon.com, feathericons.com, docs.github.com, pypi.org, gh.io, www.apache.org, gallery.ecr.aws +32

Findings mapped to the OWASP Top 10 for LLM Applications (2025) and the OWASP Machine Learning Security Top 10. Expand any flagged control for the exact findings — compromise reduces the score; expected/risk-surface do not.

OWASP Top 10 for LLM Applications
⚠LLM02Sensitive Information Disclosurecompromise · high
Secrets, credentials or PII shipped inside the artifact.
•Embedded credentials — found: hardcoded credential · awslabs-mcp-8e7650b/src/amazon-bedrock-agentcore-mcp-server/tests/code_interpreter/test_session.py (CWE-798)expected
•Embedded credentials — found: AWS access key id, AWS secret key, hardcoded credential · awslabs-mcp-8e7650b/src/amazon-translate-mcp-server/tests/test_aws_client.py (CWE-798)expected
•Embedded credentials — found: AWS access key id, AWS secret key · awslabs-mcp-8e7650b/src/amazon-translate-mcp-server/tests/test_config.py (CWE-798)expected
•Embedded credentials — found: DB connection string with credentials · awslabs-mcp-8e7650b/src/aurora-dsql-mcp-server/kiro_power/steering/language.md (CWE-798)expected
•Embedded credentials — found: AWS access key id · awslabs-mcp-8e7650b/src/aws-location-mcp-server/tests/test_server.py (CWE-798)expected
•Verified secret leak (deep scan) — 109 leak(s): generic-api-key (CWE-798)compromise
⚠LLM07System Prompt Leakagecompromise · high
Secrets, internal hosts or proprietary logic exposed in shipped prompts.
•Embedded credentials — found: hardcoded credential · awslabs-mcp-8e7650b/src/amazon-bedrock-agentcore-mcp-server/tests/code_interpreter/test_session.py (CWE-798)expected
•Embedded credentials — found: AWS access key id, AWS secret key, hardcoded credential · awslabs-mcp-8e7650b/src/amazon-translate-mcp-server/tests/test_aws_client.py (CWE-798)expected
•Embedded credentials — found: AWS access key id, AWS secret key · awslabs-mcp-8e7650b/src/amazon-translate-mcp-server/tests/test_config.py (CWE-798)expected
•Embedded credentials — found: DB connection string with credentials · awslabs-mcp-8e7650b/src/aurora-dsql-mcp-server/kiro_power/steering/language.md (CWE-798)expected
•Internal host / private infrastructure reference — shipped content references a private IP range or internal-only host · awslabs-mcp-8e7650b/src/aws-api-mcp-server/tests/middleware/test_http_header_validation_middleware.py (CWE-200)expected
•Embedded credentials — found: AWS access key id · awslabs-mcp-8e7650b/src/aws-location-mcp-server/tests/test_server.py (CWE-798)expected
•Verified secret leak (deep scan) — 109 leak(s): generic-api-key (CWE-798)compromise
⚠LLM03Supply Chaincritical
Vulnerable/compromised dependencies, models or archives in the artifact.
•Dependency manifest — 117 pip requirements declared · awslabs-mcp-8e7650b/.github/workflows/bandit-requirements.txtrisk surface
•Dependency manifest — 162 pip requirements declared · awslabs-mcp-8e7650b/.github/workflows/detect-secrets-requirements.txtrisk surface
•Dependency manifest — 81 pip requirements declared · awslabs-mcp-8e7650b/.github/workflows/pre-commit-requirements.txtrisk surface
•Dependency manifest — 479 pip requirements declared · awslabs-mcp-8e7650b/.github/workflows/semgrep-requirements.txtrisk surface
•Dependency manifest — 13 npm dependencies declared · awslabs-mcp-8e7650b/docusaurus/package.jsonrisk surface
•Dependency manifest — 20 pip requirements declared · awslabs-mcp-8e7650b/src/amazon-bedrock-agentcore-mcp-server/uv-requirements.txtrisk surface
•Vulnerable dependencies — 2588 known vulnerabilities in: @ai-sdk/provider-utils@3.0.15, @babel/core@7.28.4, @babel/plugin-transform-modules-systemjs@7.27.1, ajv@6.12.6, ajv@8.17.1, brace-expansion@1.1.12, fast-uri@3.1.0, follow-redirects@1.15.11 (CWE-1395)risk surface
⚠LLM01Prompt Injectionhigh
Adversarial instructions embedded in an artifact that hijack a downstream LLM.
•Prompt-injection phrasing — instruction-subversion language detected · awslabs-mcp-8e7650b/src/amazon-bedrock-agentcore-mcp-server/awslabs/amazon_bedrock_agentcore_mcp_server/tools/identity/oauth2_providers.py (CWE-77)risk surface
⚠LLM05Improper Output Handlinghigh
Code that pipes model/user output into shell, eval, SQL or paths unsafely.
•Suspicious code patterns — pipe-to-shell install · awslabs-mcp-8e7650b/.github/workflows/trivy.yml (CWE-494)expected
•Suspicious code patterns — dynamic code execution · awslabs-mcp-8e7650b/DESIGN_GUIDELINES.md (CWE-95)expected
•Path traversal sequences — '../' present in content or name · awslabs-mcp-8e7650b/docs/migration-core.md (CWE-22)expected
•Suspicious code patterns — OS command execution · awslabs-mcp-8e7650b/src/aws-healthomics-mcp-server/awslabs/aws_healthomics_mcp_server/tools/workflow_linting.py (CWE-78)expected
⚠LLM06Excessive Agencyhigh
Over-broad tool/permission surface or unrestricted egress.
•External endpoints declared — 1 distinct host(s) · awslabs-mcp-8e7650b/.github/CODEOWNERSexpected
•External endpoints declared — 2 distinct host(s) · awslabs-mcp-8e7650b/.github/ISSUE_TEMPLATE/bug_report.ymlexpected
•Egress to a private/loopback host — feathericons.com · awslabs-mcp-8e7650b/.github/actions/build-and-push-container-image/action.yml (CWE-918)expected
•Broad capability surface — 4 high-impact capability categories referenced — verify least-privilege · awslabs-mcp-8e7650b/.github/workflows/python.yml (CWE-272)risk surface
•External endpoints declared — 3 distinct host(s) · awslabs-mcp-8e7650b/.github/workflows/release.ymlexpected
•External endpoints declared — 11 distinct host(s) · awslabs-mcp-8e7650b/.gitignoreexpected
•Broad capability surface — 3 high-impact capability categories referenced — verify least-privilege · awslabs-mcp-8e7650b/DESIGN_GUIDELINES.md (CWE-272)risk surface
•External endpoints declared — 4 distinct host(s) · awslabs-mcp-8e7650b/DESIGN_GUIDELINES.mdexpected
•Egress to a private/loopback host — 127.0.0.1 · awslabs-mcp-8e7650b/DEVELOPER_GUIDE.md (CWE-918)expected
•External endpoints declared — 12 distinct host(s) · awslabs-mcp-8e7650b/DEVELOPER_GUIDE.mdexpected
•External endpoints declared — 21 distinct host(s) · awslabs-mcp-8e7650b/README.mdexpected
•External endpoints declared — 6 distinct host(s) · awslabs-mcp-8e7650b/VIBE_CODING_TIPS_TRICKS.mdexpected
•External endpoints declared — 7 distinct host(s) · awslabs-mcp-8e7650b/docusaurus/docs/installation.mdexpected
•External endpoints declared — 5 distinct host(s) · awslabs-mcp-8e7650b/docusaurus/docusaurus.config.tsexpected
•External endpoints declared — 8 distinct host(s) · awslabs-mcp-8e7650b/src/amazon-kendra-index-mcp-server/README.mdexpected
•External endpoints declared — 9 distinct host(s) · awslabs-mcp-8e7650b/src/aurora-dsql-mcp-server/README.mdexpected
•External endpoints declared — 14 distinct host(s) · awslabs-mcp-8e7650b/src/aws-api-mcp-server/README.mdexpected
•Egress to a private/loopback host — 192.168.1.1 · awslabs-mcp-8e7650b/src/aws-api-mcp-server/tests/middleware/test_http_header_validation_middleware.py (CWE-918)expected
•Egress to a private/loopback host — 127.0.0.1, [::1], 192.168.1.1 · awslabs-mcp-8e7650b/src/aws-api-mcp-server/tests/parser/test_parser.py (CWE-918)expected
•Egress to a private/loopback host — 127.0.0.1, 127.0.0.2, 127.255.255.255, 10.0.0.1, 192.168.1.1, 172.16.0.1, 172.31.255.255, 169.254.169.254, 169.254.0.1, 0.0.0.0, [::1], [fe80::1], [fc00::1], 0.0.0.127, 0.0.0.1 · awslabs-mcp-8e7650b/src/aws-appsync-mcp-server/tests/test_create_datasource.py (CWE-918)expected
•External endpoints declared — 20 distinct host(s) · awslabs-mcp-8e7650b/src/aws-appsync-mcp-server/tests/test_create_datasource.pyexpected
•External endpoints declared — 10 distinct host(s) · awslabs-mcp-8e7650b/src/aws-dataprocessing-mcp-server/README.mdexpected
⚠LLM10Unbounded Consumptionmedium
Unbounded loops/recursion causing DoS or runaway cost.
Enforced at runtime by the gateway (rate limits + spend caps + size caps); static check flags unbounded loops.
•Potentially unbounded loop — an infinite loop (while True / while(1) / for(;;)) may cause runaway consumption · awslabs-mcp-8e7650b/src/amazon-bedrock-agentcore-mcp-server/awslabs/amazon_bedrock_agentcore_mcp_server/tools/browser/__init__.py (CWE-835)risk surface
§LLM09MisinformationGovernance
Artifacts designed to produce false/deceptive output.
Detectable only by runtime behavioral evaluation; addressed via responsible-use attestation.
✓LLM04Data and Model PoisoningPassed
Backdoors/poisoning in training data or serialized models.
Behavioral poisoning needs model execution; static check covers unsafe serialization + dataset skew only.
✓LLM08Vector and Embedding WeaknessesPassed
PII or plaintext source leakage in embedding/vector exports.
Embedding inversion/poisoning is largely runtime; static check covers PII in vector exports.
OWASP Machine Learning Security Top 10
⚠ML06AI Supply Chaincritical
Compromised PyPI/npm packages, typosquats, unsafe serialized models.
•Dependency manifest — 117 pip requirements declared · awslabs-mcp-8e7650b/.github/workflows/bandit-requirements.txtrisk surface
•Dependency manifest — 162 pip requirements declared · awslabs-mcp-8e7650b/.github/workflows/detect-secrets-requirements.txtrisk surface
•Dependency manifest — 81 pip requirements declared · awslabs-mcp-8e7650b/.github/workflows/pre-commit-requirements.txtrisk surface
•Dependency manifest — 479 pip requirements declared · awslabs-mcp-8e7650b/.github/workflows/semgrep-requirements.txtrisk surface
•Dependency manifest — 13 npm dependencies declared · awslabs-mcp-8e7650b/docusaurus/package.jsonrisk surface
•Dependency manifest — 20 pip requirements declared · awslabs-mcp-8e7650b/src/amazon-bedrock-agentcore-mcp-server/uv-requirements.txtrisk surface
•Vulnerable dependencies — 2588 known vulnerabilities in: @ai-sdk/provider-utils@3.0.15, @babel/core@7.28.4, @babel/plugin-transform-modules-systemjs@7.27.1, ajv@6.12.6, ajv@8.17.1, brace-expansion@1.1.12, fast-uri@3.1.0, follow-redirects@1.15.11 (CWE-1395)risk surface
⚠ML02Data Poisoninghigh
Poisoned training datasets with triggers or anomalous distributions.
Static check covers trigger phrasing, PII and label skew; full poisoning detection is runtime.
•Prompt-injection phrasing — instruction-subversion language detected · awslabs-mcp-8e7650b/src/amazon-bedrock-agentcore-mcp-server/awslabs/amazon_bedrock_agentcore_mcp_server/tools/identity/oauth2_providers.py (CWE-77)risk surface
⚠ML09Output Integrityhigh
Middleware tampering with model outputs in transit.
Gateway enforces TLS + response integrity; static check flags output-rewriting code.
•Suspicious code patterns — pipe-to-shell install · awslabs-mcp-8e7650b/.github/workflows/trivy.yml (CWE-494)expected
•Suspicious code patterns — dynamic code execution · awslabs-mcp-8e7650b/DESIGN_GUIDELINES.md (CWE-95)expected
•Path traversal sequences — '../' present in content or name · awslabs-mcp-8e7650b/docs/migration-core.md (CWE-22)expected
•Suspicious code patterns — OS command execution · awslabs-mcp-8e7650b/src/aws-healthomics-mcp-server/awslabs/aws_healthomics_mcp_server/tools/workflow_linting.py (CWE-78)expected
§ML01Input Manipulation (Adversarial)Governance
Models vulnerable to adversarial perturbations.
Requires runtime robustness evaluation; addressed via publisher robustness attestation.
§ML03Model InversionGovernance
Training data reconstructable from a model's outputs.
Runtime/evaluation property; addressed via model-card data-provenance + DP attestation.
§ML04Membership InferenceGovernance
Determining whether a record was in the training set.
Runtime/evaluation property; addressed via overfitting disclosure + DP attestation.
§ML08Model SkewingGovernance
Models trained on skewed data producing biased output.
Requires fairness evaluation; addressed via model-card bias/limitations disclosure.
✓ML05Model TheftPassed
Unlicensed re-distribution / license-incompatible derivatives.
Static check verifies license declaration; extraction throttling is runtime.
✓ML07Transfer Learning AttackPassed
Backdoored base models / LoRA adapters propagating to derivatives.
Backdoor detection needs behavioral probing; static check covers unsafe serialization + provenance.
✓ML10Model Poisoning (Weights)Passed
Tampered model weight files; integrity must be verifiable.
Static check enforces safe formats + records a content hash for downstream verification.
Other findings (21) · hygiene / uncategorized
•Unrecognized file type — '.?' is not on the allowlist · awslabs-mcp-8e7650b/.github/CODEOWNERSrisk surface
•Unrecognized file type — '.gitignore' is not on the allowlist · awslabs-mcp-8e7650b/.gitignorerisk surface
•Unrecognized file type — '.python-version' is not on the allowlist · awslabs-mcp-8e7650b/.python-versionrisk surface
•Unrecognized file type — '.baseline' is not on the allowlist · awslabs-mcp-8e7650b/.secrets.baselinerisk surface
•Suspicious network references — raw IP URL (18 URLs) · awslabs-mcp-8e7650b/DEVELOPER_GUIDE.mdexpected
•Possible obfuscation — very long lines · awslabs-mcp-8e7650b/README.mdrisk surface
•Unrecognized file type — '.mdx' is not on the allowlist · awslabs-mcp-8e7650b/docusaurus/docs/servers/amazon-translate-mcp-server.mdxrisk surface
•Unrecognized file type — '.tmx' is not on the allowlist · awslabs-mcp-8e7650b/src/amazon-translate-mcp-server/tests/fixtures/sample_terminology.tmxrisk surface
•Unrecognized file type — '.dockerignore' is not on the allowlist · awslabs-mcp-8e7650b/src/aurora-dsql-mcp-server/.dockerignorerisk surface
•Unrecognized file type — '.gitattributes' is not on the allowlist · awslabs-mcp-8e7650b/src/aws-api-mcp-server/.gitattributesrisk surface
•Suspicious network references — raw IP URL (28 URLs) · awslabs-mcp-8e7650b/src/aws-api-mcp-server/README.mdexpected
•Unrecognized file type — '.typed' is not on the allowlist · awslabs-mcp-8e7650b/src/aws-api-mcp-server/awslabs/aws_api_mcp_server/core/common/py.typedrisk surface
•Suspicious network references — raw IP URL (33 URLs) · awslabs-mcp-8e7650b/src/aws-api-mcp-server/tests/middleware/test_http_header_validation_middleware.pyexpected
•Suspicious network references — raw IP URL (10 URLs) · awslabs-mcp-8e7650b/src/aws-api-mcp-server/tests/parser/test_parser.pyexpected
•Suspicious network references — raw IP URL (25 URLs) · awslabs-mcp-8e7650b/src/aws-appsync-mcp-server/tests/test_create_datasource.pyexpected
•Suspicious network references — suspicious TLD (6 URLs) · awslabs-mcp-8e7650b/src/aws-documentation-mcp-server/awslabs/aws_documentation_mcp_server/server_aws_cn.pyexpected
•Suspicious network references — suspicious TLD (2 URLs) · awslabs-mcp-8e7650b/src/aws-documentation-mcp-server/tests/test_aws_cn_get_available_services_live.pyexpected
•Suspicious network references — suspicious TLD (3 URLs) · awslabs-mcp-8e7650b/src/aws-documentation-mcp-server/tests/test_aws_cn_read_documentation_live.pyexpected
•Suspicious network references — suspicious TLD (7 URLs) · awslabs-mcp-8e7650b/src/aws-documentation-mcp-server/tests/test_server_aws_cn.pyexpected
•Unrecognized file type — '.guard' is not on the allowlist · awslabs-mcp-8e7650b/src/aws-iac-mcp-server/awslabs/aws_iac_mcp_server/data/default_guard_rules.guardrisk surface
•Unrecognized file type — '.j2' is not on the allowlist · awslabs-mcp-8e7650b/src/aws-serverless-mcp-server/awslabs/aws_serverless_mcp_server/template/templates/backend.j2risk surface
✔ verified source · pinned awslabs-mcp-8e7650b · changed since last scan (+42 pts) · +egress sscce.org, feathericons.com, docs.github.com, pypi.org, gh.io, gallery.ecr.aws, cyclonedx.org, openvex.dev, security-tracker.debian.org, help.github.com, pre-commit.com, docs.astral.sh, www.python.org, git-scm.com, cookiecutter.readthedocs.io, www.conventionalcommits.org, img.shields.io, app.codecov.io, scorecard.dev, kiro.dev, cursor.com, insiders.vscode.dev, vscode.dev, www.cursor.com, marketplace.visualstudio.com, code.visualstudio.com, en.wikipedia.org, www.youtube.com, youtu.be, community.aws, contrib.rocks, cline.bot, d1.awsstatic.com, app.terraform.io
Check against a policy

The same gate an agent runs before installing (POST /api/v1/trust/aws-mcp-servers/check). Click a policy:

Consume AWS MCP Servers programmatically. Authenticate with an API key or session — see Authorize an agent.

# Agents: CHECK BEFORE YOU INSTALL (no auth) — score, grade, level, capability manifest
curl https://ai-supply.store/api/v1/trust/aws-mcp-servers

# Gate against your org policy (returns { pass, violations })
curl -X POST https://ai-supply.store/api/v1/trust/aws-mcp-servers/check \
  -H "Content-Type: application/json" \
  -d '{"minGrade":"B","denyPermissions":["shell"],"denyUnknownEgress":true}'

# CLI
npx ai-supply add aws-mcp-servers

# REST (install → download)
curl -X POST https://ai-supply.store/api/v1/listings/aws-mcp-servers/install \
  -H "Authorization: Bearer $AIM_KEY"

# MCP tool
install_listing({ "slug": "aws-mcp-servers" })
OpenAPI spec →
vlatest
! Security: Review · 585h ago

Curated mirror — latest upstream source. See the repository for tagged releases.

Sign in and install this listing to leave a review.

More from @ai-supply

View profile →
◉Agent
MetaGPT
Multi-agent framework that assigns GPT roles (PM, engineer, QA) to solve complex software tasks end-to-end.
↓ 1.0M
⇄Connector
vLLM
High-throughput, memory-efficient LLM inference engine with PagedAttention and continuous batching.
↓ 892k
⇄Connector
Meilisearch
Lightning-fast open-source search engine with typo-tolerance, semantic hybrid search, and sub-50ms response times.
↓ 811k
△Eval
Weights & Biases (wandb)
ML experiment tracking and visualization — log metrics, hyperparameters, models, and media in real time.
↓ 784k
ai-supply.store

Kostenlose, sicherheitsgeprüfte KI-Fähigkeiten – Skills, MCPs, Plugins, Agents, Datasets und mehr, jeweils bewertet und auf Aktualität überwacht, gemacht für Menschen und Agents gleichermaßen.

api · v3.1status · all green
Kontakt
support@ai-supply.storesecurity@ai-supply.store
Katalog
  • Entdecken
  • Kategorien
  • Bestenlisten
  • Benchmarks
  • Sicherheit
Community
  • Community
  • FAQ
Für Agenten
  • Schnellstart (60s)
  • Agenten autorisieren
  • Agent API
  • OpenAPI-Spezifikation
Für Entwickler
  • Veröffentlichen
  • Dashboard
Konto
  • Konto erstellen
  • Anmelden
  • Einstellungen
Rechtliches
  • Nutzungsbedingungen
  • Publisher-Vereinbarung
  • Nutzungsrichtlinien
  • Datenschutz