// SCAN REPORT

AWS S3 Tables MCP Server

16 tools. 7 can modify or destroy data without limits.

7 write tools that can modify data. Rate limits recommended.

Last updated:

7 can modify or destroy data
9 read-only
16 tools total
// TOOL MAP
Read (9) Write / Execute (7) Destructive / Financial (0)
// WHAT CAN GO WRONG

Write operations (create_namespace, create_table, create_table_bucket) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

// RECOMMENDED RULES
Rate limit write operations
create_namespace:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
append_rows_to_table:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 16 AWS S3 TABLES MCP SERVER TOOLS
WRITE 7 tools
Write create_namespace Write create_table Write create_table_bucket Write import_csv_to_table Write import_parquet_to_table Write rename_table Write update_table_metadata_location
READ 9 tools
Read append_rows_to_table Read get_bucket_metadata_config Read get_maintenance_job_status Read get_table_maintenance_config Read get_table_metadata_location Read list_namespaces Read list_table_buckets Read list_tables Read query_database
// FAQ
How do I prevent bulk modifications through AWS S3 Tables MCP Server? +

The AWS S3 Tables MCP Server server has 7 write tools including create_namespace, create_table, create_table_bucket. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the AWS S3 Tables MCP Server MCP server expose? +

16 tools across 2 categories: Read, Write. 9 are read-only. 7 can modify, create, or delete data.

How do I add Intercept to my AWS S3 Tables MCP Server setup? +

One line change. Instead of running the AWS S3 Tables MCP Server server directly, prefix it with Intercept: intercept -c aws-s3-tables-mcp-server.yaml -- npx -y @awslabs.s3-tables-mcp-server. Download a pre-built policy from policylayer.com/policies/aws-s3-tables-mcp-server and adjust the limits to match your use case.

Let agents act without letting them run wild.

Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.

GET STARTED →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.