// SCAN REPORT

AWS

58 tools. 12 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

12 can modify or destroy data
46 read-only
58 tools total

12 AWS tools can modify or destroy data, with no limits today. PolicyLayer puts allow, deny, and rate-limit rules on every call. Live in minutes.

SECURE AWS →

Free to start. No card required.

TOOL MAP

Read (46) Write / Execute (9) Destructive / Financial (3)

WHAT CAN GO WRONG

Destructive tools (cancel_logs_insight_query, delete_resource, tf_destroy) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (create_resource, create_table_from_csv, manage_eks_stacks) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (call_aws, execute_log_insights_query, invoke_lambda) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

RECOMMENDED RULES

Deny destructive operations
{
  "cancel_logs_insight_query": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "create_resource": {
    "limits": [
      {
        "counter": "create_resource_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "analyze_log_group": {
    "limits": [
      {
        "counter": "analyze_log_group_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Get this policy live on your own AWS server in minutes. Tune the limits to your setup; PolicyLayer enforces it on every call.

ENFORCE ON MY AWS →

ALL 58 AWS TOOLS

DESTRUCTIVE 3 tools
Destructive cancel_logs_insight_query Destructive delete_resource Destructive tf_destroy
EXECUTE 3 tools
Execute call_aws Execute execute_log_insights_query Execute invoke_lambda
WRITE 6 tools
Write create_resource Write create_table_from_csv Write manage_eks_stacks Write manage_k8s_resource Write tf_apply Write update_resource
READ 46 tools
Read analyze_log_group Read analyze_metric Read analyze_stack_failures Read aws___read_documentation Read aws___recommend Read aws___search_documentation Read azureterraformbestpractices Read bedrock_kb_retrieve Read check_cdk_nag_suppressions Read describe_log_groups Read dynamodb_data_model_validation Read dynamodb_data_modeling Read explain_cdk_nag_rule Read get_active_alarms Read get_alarm_history Read get_bestpractices Read get_cdk_best_practices Read get_cloudwatch_logs Read get_cloudwatch_metrics Read get_eks_vpc_config Read get_k8s_events Read get_logs_insight_query_results Read get_pod_logs Read get_regional_availability Read get_resource Read get_schema Read list_api_versions Read list_k8s_resources Read list_knowledge_bases Read list_regions Read list_resources Read query_sql Read read_documentation Read retrieve_agent_sop Read search_cdk_documentation Read search_cfn_documentation Read search_documentation Read source_db_analyzer Read suggest_aws_commands Read tf_init Read tf_output Read tf_plan Read tf_state_list Read tf_validate Read validate_cfn_security Read validate_cfn_template

FAQ

Can an AI agent delete data through the AWS MCP server? +

Yes. The AWS server exposes 3 destructive tools including cancel_logs_insight_query, delete_resource, tf_destroy. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through AWS? +

The AWS server has 6 write tools including create_resource, create_table_from_csv, manage_eks_stacks. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach AWS.

How many tools does the AWS MCP server expose? +

58 tools across 1 categories: Read. 46 are read-only. 12 can modify, create, or delete data.

How do I enforce a policy on AWS? +

Register the AWS MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every AWS tool call.

Deterministic rules across all 58 AWS tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE AWS →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.