// SCAN REPORT

Amazon Data Processing MCP Server

36 tools. 32 can modify or destroy data without limits.

32 write tools that can modify data. Rate limits recommended.

Last updated:

32 can modify or destroy data
4 read-only
36 tools total
// TOOL MAP
Read (4) Write / Execute (32) Destructive / Financial (0)
// WHAT CAN GO WRONG

Write operations (add_inline_policy, create_data_processing_role, manage_aws_athena_data_catalogs) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

// RECOMMENDED RULES
Rate limit write operations
add_inline_policy:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
analyze_s3_usage_for_data_processing:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 36 AMAZON DATA PROCESSING MCP SERVER TOOLS
WRITE 32 tools
Write add_inline_policy Write create_data_processing_role Write manage_aws_athena_data_catalogs Write manage_aws_athena_databases_and_tables Write manage_aws_athena_named_queries Write manage_aws_athena_query_executions Write manage_aws_athena_workgroups Write manage_aws_emr_clusters Write manage_aws_emr_ec2_instances Write manage_aws_emr_ec2_steps Write manage_aws_emr_serverless_applications Write manage_aws_emr_serverless_job_runs Write manage_aws_glue_catalog Write manage_aws_glue_classifiers Write manage_aws_glue_connection_metadata Write manage_aws_glue_connection_types Write manage_aws_glue_connections Write manage_aws_glue_crawler_management Write manage_aws_glue_crawlers Write manage_aws_glue_databases Write manage_aws_glue_encryption Write manage_aws_glue_jobs Write manage_aws_glue_partitions Write manage_aws_glue_resource_policies Write manage_aws_glue_security_configurations Write manage_aws_glue_sessions Write manage_aws_glue_statements Write manage_aws_glue_tables Write manage_aws_glue_triggers Write manage_aws_glue_usage_profiles Write manage_aws_glue_workflows Write upload_to_s3
READ 4 tools
Read analyze_s3_usage_for_data_processing Read get_policies_for_role Read get_roles_for_service Read list_s3_buckets
// FAQ
How do I prevent bulk modifications through Amazon Data Processing MCP Server? +

The Amazon Data Processing MCP Server server has 32 write tools including add_inline_policy, create_data_processing_role, manage_aws_athena_data_catalogs. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Amazon Data Processing MCP Server MCP server expose? +

36 tools across 2 categories: Read, Write. 4 are read-only. 32 can modify, create, or delete data.

How do I add Intercept to my Amazon Data Processing MCP Server setup? +

One line change. Instead of running the Amazon Data Processing MCP Server server directly, prefix it with Intercept: intercept -c amazon-data-processing-mcp-server.yaml -- npx -y @awslabs.aws-dataprocessing-mcp-server. Download a pre-built policy from policylayer.com/policies/amazon-data-processing-mcp-server and adjust the limits to match your use case.

Let agents act without letting them run wild.

Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.

GET STARTED →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.