A community-driven registry for Claude, Cursor, Windsurf, Cline & more. Not affiliated with Anthropic.
Are you the author? Sign in to claim
AWS MCP Proxy Server
The MCP Proxy for AWS package provides two ways to connect AI applications to MCP servers on AWS:
The Problem: The official MCP specification supports OAuth-based authentication, but MCP servers on AWS can also use AWS IAM authentication (SigV4). Standard MCP clients don't know how to sign requests with AWS credentials.
The Solution: This package bridges that gap by:
Use as a proxy if you want to:
Use as a library if you want to:
uv package managerThe MCP Proxy serves as a lightweight, client-side bridge between MCP clients (AI assistants and developer tools) and IAM-secured MCP servers on AWS. The proxy handles SigV4 authentication using local AWS credentials and provides dynamic tool discovery.
# Run the server
uvx mcp-proxy-for-aws@1.6.0 <SigV4 MCP endpoint URL>
Note: It is recommended to pin to a specific version (e.g., @1.6.0) to ensure reproducible behavior. Using @latest may pull in breaking changes. Check PyPI for the latest stable version.
Note: The first run may take tens of seconds as uvx downloads and caches dependencies. Subsequent runs will start in seconds. Actual startup time depends on your network and hardware.
git clone https://github.com/aws/mcp-proxy-for-aws.git
cd mcp-proxy-for-aws
uv run mcp_proxy_for_aws/server.py <SigV4 MCP endpoint URL>
Docker images are published to the public AWS ECR registry.
You can use the pre-built image:
# Pull the latest image
docker pull public.ecr.aws/mcp-proxy-for-aws/mcp-proxy-for-aws:latest
# Or pull a specific version
docker pull public.ecr.aws/mcp-proxy-for-aws/mcp-proxy-for-aws:1.1.6
Or build the image locally:
# Build the Docker image
docker build -t mcp-proxy-for-aws .
| Parameter | Description | Default | Required |
|---|---|---|---|
endpoint | MCP endpoint URL (e.g., https://your-service.us-east-1.amazonaws.com/mcp) | N/A | Yes |
| --- | --- | --- | --- |
--service | AWS service name for SigV4 signing, if omitted we try to infer this from the url | Inferred from endpoint if not provided | No |
--profile | AWS profile(s) to use. First profile is the default. Additional profiles enable per-call switching via aws_profile tool parameter (e.g., --profile prod-readonly dev staging) | Falls back to AWS_PROFILE if --profile and AWS_MCP_PROXY_PROFILES are not set | No |
--region | AWS region to use | Uses AWS_REGION environment variable if not set | No |
--metadata | Metadata to inject into MCP requests as key=value pairs (e.g., --metadata KEY1=value1 KEY2=value2) | AWS_REGION is automatically injected based on --region if not provided | No |
--read-only | Disable tools which may require write permissions (tools which DO NOT require write permissions are annotated with readOnlyHint=true) | False | No |
--retries | Configures number of retries done when calling upstream services, setting this to 0 disables retries. | 0 | No |
--log-level | Set the logging level (DEBUG/INFO/WARNING/ERROR/CRITICAL) | INFO | No |
--timeout | Set desired timeout in seconds across all operations | 180 | No |
--connect-timeout | Set desired connect timeout in seconds | 60 | No |
--read-timeout | Set desired read timeout in seconds | 120 | No |
--write-timeout | Set desired write timeout in seconds | 180 | No |
--tool-timeout | Maximum seconds a tool call may take before being cancelled. When set, returns a graceful error to the agent instead of hanging indefinitely | 300 | No |
--skip-auth | Skip request signing when AWS credentials are unavailable instead of failing | False | No |
--disable-telemetry | Disables telemetry data collection | False | No |
Set the environment variables for the MCP Proxy for AWS:
# Credentials through profile
export AWS_PROFILE=<aws_profile>
# Credentials through parameters
export AWS_ACCESS_KEY_ID=<access_key_id>
export AWS_SECRET_ACCESS_KEY=<secret_access_key>
export AWS_SESSION_TOKEN=<session_token>
# AWS Region
export AWS_REGION=<aws_region>
# Multi-profile switching (alternative to --profile flag, useful for plugin integration)
export AWS_MCP_PROXY_PROFILES="prod-readonly dev staging"
Note:
AWS_MCP_PROXY_PROFILEStakes precedence over--profile/AWS_PROFILEwhen set.
The proxy supports per-call AWS profile switching, allowing agents to work across multiple accounts without restarting.
Configuration:
# Via CLI flag (first profile is default, rest are switchable)
mcp-proxy-for-aws https://aws-mcp.us-east-1.api.aws/mcp --profile prod-readonly dev staging
# Via environment variable (same behavior, for plugin integration)
AWS_MCP_PROXY_PROFILES="prod-readonly dev staging" mcp-proxy-for-aws https://aws-mcp.us-east-1.api.aws/mcp
How it works:
aws_profile parameter into auth-requiring toolsaws_profile on any call to route it through a specific profile's credentialsaws_profile is omitted, the default (first) profile is usedExample MCP config (Kiro):
{
"mcpServers": {
"aws": {
"command": "uvx",
"args": ["mcp-proxy-for-aws@1.6.0", "https://aws-mcp.us-east-1.api.aws/mcp"],
"env": {
"AWS_MCP_PROXY_PROFILES": "prod-readonly dev staging"
}
}
}
}
Add the following configuration to your MCP client config file (e.g., for Kiro CLI, edit ~/.kiro/settings/mcp.json):
Note Add your own endpoint by replacing <SigV4 MCP endpoint URL>
{
"mcpServers": {
"<mcp server name>": {
"disabled": false,
"type": "stdio",
"command": "uv",
"args": [
"--directory",
"/path/to/mcp_proxy_for_aws",
"run",
"server.py",
"<SigV4 MCP endpoint URL>",
"--service",
"<your service code>",
"--profile",
"default",
"--region",
"us-east-1",
"--read-only",
"--log-level",
"INFO",
]
}
}
}
[!NOTE] Cline users should not use
--log-levelargument because Cline checks the log messages in stderr for text "error" (case insensitive).
Using the pre-built public ECR image:
{
"mcpServers": {
"<mcp server name>": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--volume",
"/full/path/to/.aws:/app/.aws:ro",
"public.ecr.aws/mcp-proxy-for-aws/mcp-proxy-for-aws:latest",
"<SigV4 MCP endpoint URL>"
],
"env": {}
}
}
}
Or using a locally built image:
{
"mcpServers": {
"<mcp server name>": {
"command": "docker",
"args": [
"run",
"--rm",
"--volume",
"/full/path/to/.aws:/app/.aws:ro",
"mcp-proxy-for-aws",
"<SigV4 MCP endpoint URL>"
],
"env": {}
}
}
}
The MCP Proxy for AWS enables programmatic integration of IAM-secured MCP servers into AI agent frameworks. The library provides authenticated transport layers that work with popular Python AI frameworks.
By default, the library resolves AWS credentials automatically from the standard boto3 credential chain (environment variables, shared credentials file, etc.). You can optionally pass credentials programmatically via the credentials parameter. When provided, these take precedence over the aws_profile parameter. Note that aws_region must be explicitly specified when using credentials.
from botocore.credentials import Credentials
from mcp_proxy_for_aws.client import aws_iam_streamablehttp_client
creds = Credentials(access_key="...", secret_key="...", token="...")
mcp_client = aws_iam_streamablehttp_client(
endpoint=mcp_url,
aws_region=region,
aws_service=service,
credentials=creds, # Optional: explicitly pass AWS credentials
)
You can inject metadata into the MCP _meta field on every request using the metadata parameter. This is useful for passing additional context to the server that cannot be sent as HTTP headers due to size limits.
from mcp_proxy_for_aws.client import aws_iam_streamablehttp_client
mcp_client = aws_iam_streamablehttp_client(
endpoint=mcp_url,
aws_region=region,
aws_service=service,
metadata={
"custom/session-context": "my-value",
"custom/tracking-id": "abc-123",
},
)
The library supports two integration patterns depending on your framework:
Use with: Frameworks that accept a factory function that returns an MCP client, e.g. Strands Agents, Microsoft Agent Framework. The aws_iam_streamablehttp_client is passed as a factory to the framework, which handles the connection lifecycle internally.
Example - Strands Agents:
from mcp_proxy_for_aws.client import aws_iam_streamablehttp_client
mcp_client_factory = lambda: aws_iam_streamablehttp_client(
endpoint=mcp_url, # The URL of the MCP server
aws_region=region, # The region of the MCP server
aws_service=service # The underlying AWS service, e.g. "bedrock-agentcore"
)
with MCPClient(mcp_client_factory) as mcp_client:
mcp_tools = mcp_client.list_tools_sync()
agent = Agent(tools=mcp_tools, ...)
Example - Microsoft Agent Framework:
from mcp_proxy_for_aws.client import aws_iam_streamablehttp_client
mcp_client_factory = lambda: aws_iam_streamablehttp_client(
endpoint=mcp_url, # The URL of the MCP server
aws_region=region, # The region of the MCP server
aws_service=service # The underlying AWS service, e.g. "bedrock-agentcore"
)
mcp_tools = MCPStreamableHTTPTool(name="MCP Tools", url=mcp_url)
mcp_tools.get_mcp_client = mcp_client_factory
async with mcp_tools:
agent = ChatAgent(tools=[mcp_tools], ...)
Use with: Frameworks that require direct access to the MCP sessions, e.g. LangChain, LlamaIndex. The aws_iam_streamablehttp_client provides the authenticated transport streams, which are then used to create an MCP ClientSession.
Example - LangChain:
from mcp_proxy_for_aws.client import aws_iam_streamablehttp_client
mcp_client = aws_iam_streamablehttp_client(
endpoint=mcp_url, # The URL of the MCP server
aws_region=region, # The region of the MCP server
aws_service=service # The underlying AWS service, e.g. "bedrock-agentcore"
)
async with mcp_client as (read, write, session_id_callback):
async with ClientSession(read, write) as session:
mcp_tools = await load_mcp_tools(session)
agent = create_langchain_agent(tools=mcp_tools, ...)
Example - LlamaIndex:
from mcp_proxy_for_aws.client import aws_iam_streamablehttp_client
mcp_client = aws_iam_streamablehttp_client(
endpoint=mcp_url, # The URL of the MCP server
aws_region=region, # The region of the MCP server
aws_service=service # The underlying AWS service, e.g. "bedrock-agentcore"
)
async with mcp_client as (read, write, session_id_callback):
async with ClientSession(read, write) as session:
mcp_tools = await McpToolSpec(client=session).to_tool_list_async()
agent = ReActAgent(tools=mcp_tools, ...)
Explore complete working examples for different frameworks in the ./examples/mcp-client directory:
Available examples:
Run examples individually:
cd examples/mcp-client/[framework] # e.g. examples/mcp-client/strands
uv run main.py
The client library is included when you install the package:
pip install mcp-proxy-for-aws
For development:
git clone https://github.com/aws/mcp-proxy-for-aws.git
cd mcp-proxy-for-aws
uv sync
We try to autodetect the service from the url, sometimes this fails, ensure that --service is set correctly to the
service you are attempting to connect to.
Otherwise the SigV4 signing will not be able to be verified by the service you connect to, resulting in this error.
Also ensure that you have valid IAM credentials on your machine before retrying.
For long-running sessions, consider using long-lived credentials:
--profileaws sso login before starting the proxyThe proxy reads fresh credentials from disk on every request, so credential refreshes and account switches take effect immediately — no restart or retry required. Simply refresh your credentials (e.g., aws sso login) and the next request will use them.
If your MCP client hangs waiting for a tool call response (e.g., due to an unresponsive endpoint), use --tool-timeout to set a maximum duration in seconds for each tool call. When the timeout is exceeded, the proxy returns a graceful error to the agent instead of hanging indefinitely.
By default, the proxy signs all outgoing requests with SigV4 using your local AWS credentials. If you need to connect to an MCP endpoint that does not require SigV4 credentials (e.g., a local development server or a publicly accessible endpoint), use the --skip-auth flag:
uvx mcp-proxy-for-aws@1.6.0 https://my-endpoint.example.com/mcp --skip-auth
When --skip-auth is set, the proxy sends requests without signing them if AWS credentials are unavailable. If credentials are available, requests are still signed as usual — the flag only changes behavior when credentials cannot be resolved.
For development setup, testing, and contribution guidelines, see:
Resources to understand SigV4:
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License").
LLMs are non-deterministic and they make mistakes, we advise you to always thoroughly test and follow the best practices of your organization before using these tools on customer facing accounts. Users of this package are solely responsible for implementing proper security controls and MUST use AWS Identity and Access Management (IAM) to manage access to AWS resources. You are responsible for configuring appropriate IAM policies, roles, and permissions, and any security vulnerabilities resulting from improper IAM configuration are your sole responsibility. By using this package, you acknowledge that you have read and understood this disclaimer and agree to use the package at your own risk.
A Jetbrains IDE IntelliJ plugin aimed to provide coding agents the ability to leverage intelliJ's indexing of the codeba
MCP server integration for DaVinci Resolve Studio
mcp-language-server gives MCP enabled clients access semantic tools like get definition, references, rename, and diagnos