// SCAN REPORT

AWS Support MCP Server

11 tools. 4 can modify or destroy data without limits.

4 write tools that can modify data. Rate limits recommended.

Last updated:

4 can modify or destroy data
7 read-only
11 tools total
// TOOL MAP
Read (7) Write / Execute (4) Destructive / Financial (0)
// WHAT CAN GO WRONG

Write operations (add_attachments_to_set, add_communication_to_case, create_support_case) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

// RECOMMENDED RULES
Rate limit write operations
add_attachments_to_set:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
describe_attachment:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 11 AWS SUPPORT MCP SERVER TOOLS
WRITE 4 tools
Write add_attachments_to_set Write add_communication_to_case Write create_support_case Write resolve_support_case
READ 7 tools
Read describe_attachment Read describe_communications Read describe_create_case_options Read describe_services Read describe_severity_levels Read describe_support_cases Read describe_supported_languages
// FAQ
How do I prevent bulk modifications through AWS Support MCP Server? +

The AWS Support MCP Server server has 4 write tools including add_attachments_to_set, add_communication_to_case, create_support_case. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the AWS Support MCP Server MCP server expose? +

11 tools across 2 categories: Read, Write. 7 are read-only. 4 can modify, create, or delete data.

How do I add Intercept to my AWS Support MCP Server setup? +

One line change. Instead of running the AWS Support MCP Server server directly, prefix it with Intercept: intercept -c aws-support-mcp-server.yaml -- npx -y @awslabs.aws-support-mcp-server. Download a pre-built policy from policylayer.com/policies/aws-support-mcp-server and adjust the limits to match your use case.

Let agents act without letting them run wild.

Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.

GET STARTED →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.