6 tools. 0 can modify or destroy data without limits.
Read-only server. Low risk, but rate limits prevent runaway API costs.
Last updated:
Even read-only tools carry cost. An agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up bills.
CheckNetworkSecurity:
rules:
- rate_limit: 60/minute Controls API costs and prevents retry loops from exhausting upstream rate limits.
The AWS Well-Architected Security Assessment Tool MCP Server server is primarily read-only with 6 read tools. While it cannot modify data, an agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up costs. Rate limiting is still recommended.
6 tools across 1 categories: Read. 6 are read-only. 0 can modify, create, or delete data.
One line change. Instead of running the AWS Well-Architected Security Assessment Tool MCP Server server directly, prefix it with Intercept: intercept -c aws-well-architected-security-assessment-tool-mcp-server.yaml -- npx -y @awslabs.well-architected-security-mcp-server. Download a pre-built policy from policylayer.com/policies/aws-well-architected-security-assessment-tool-mcp-server and adjust the limits to match your use case.
Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.