// SCAN REPORT

AWS

58 tools. 12 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

12 can modify or destroy data
46 read-only
58 tools total
// TOOL MAP
Read (46) Write / Execute (9) Destructive / Financial (3)
// WHAT CAN GO WRONG

Destructive tools (cancel_logs_insight_query, delete_resource, tf_destroy) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (create_resource, create_table_from_csv, manage_eks_stacks) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (call_aws, execute_log_insights_query, invoke_lambda) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

One command. Full control.

Intercept sits between your agent and AWS. Every tool call checked against your policy before it executes — so your agent can do its job without breaking things.

npx -y @policylayer/intercept scan -- npx -y @awslabs/mcp
Scans every tool. Generates a policy. Starts enforcing.
Works with Claude Code · Cursor · Claude Desktop · Windsurf · any MCP client
// RECOMMENDED RULES
Deny destructive operations
cancel_logs_insight_query:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
create_resource:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
analyze_log_group:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 58 AWS TOOLS
DESTRUCTIVE 3 tools
Destructive cancel_logs_insight_query Destructive delete_resource Destructive tf_destroy
EXECUTE 3 tools
Execute call_aws Execute execute_log_insights_query Execute invoke_lambda
WRITE 6 tools
Write create_resource Write create_table_from_csv Write manage_eks_stacks Write manage_k8s_resource Write tf_apply Write update_resource
READ 46 tools
Read analyze_log_group Read analyze_metric Read analyze_stack_failures Read aws___read_documentation Read aws___recommend Read aws___search_documentation Read azureterraformbestpractices Read bedrock_kb_retrieve Read check_cdk_nag_suppressions Read describe_log_groups Read dynamodb_data_model_validation Read dynamodb_data_modeling Read explain_cdk_nag_rule Read get_active_alarms Read get_alarm_history Read get_bestpractices Read get_cdk_best_practices Read get_cloudwatch_logs Read get_cloudwatch_metrics Read get_eks_vpc_config Read get_k8s_events Read get_logs_insight_query_results Read get_pod_logs Read get_regional_availability Read get_resource Read get_schema Read list_api_versions Read list_k8s_resources Read list_knowledge_bases Read list_regions Read list_resources Read query_sql Read read_documentation Read retrieve_agent_sop Read search_cdk_documentation Read search_cfn_documentation Read search_documentation Read source_db_analyzer Read suggest_aws_commands Read tf_init Read tf_output Read tf_plan Read tf_state_list Read tf_validate Read validate_cfn_security Read validate_cfn_template
// FAQ
Can an AI agent delete data through the AWS MCP server? +

Yes. The AWS server exposes 3 destructive tools including cancel_logs_insight_query, delete_resource, tf_destroy. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through AWS? +

The AWS server has 6 write tools including create_resource, create_table_from_csv, manage_eks_stacks. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the AWS MCP server expose? +

58 tools across 1 categories: Read. 46 are read-only. 12 can modify, create, or delete data.

How do I add Intercept to my AWS setup? +

One line change. Instead of running the AWS server directly, prefix it with Intercept: intercept -c aws.yaml -- npx -y @@awslabs/mcp. Download a pre-built policy from policylayer.com/policies/aws and adjust the limits to match your use case.

policylayer/intercept

Control every MCP tool call
your agent makes.

Set budgets, approvals, and hard limits across MCP servers.

npx -y @policylayer/intercept init
Protect your agent in 30 seconds. Scans your MCP config and generates enforcement policies for every server.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.