// SCAN REPORT

AWS MCP Server

54 tools. 42 can modify or destroy data without limits.

14 destructive tools with no built-in limits. Policy required.

Last updated:

42 can modify or destroy data
12 read-only
54 tools total

Community server · catalogue entry verified 11/06/2026

How to control AWS MCP Server ↓

TOOL MAP

What AWS MCP Server exposes to your agents

Read (12) Write / Execute (28) Destructive / Financial (14)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous AWS MCP Server tools

Destructive · High delete-ami Deleting an AMI is an irreversible operation that destroys a resource and cannot be undone without restoring from backups. Destructive · Critical delete-bucket Deleting an S3 bucket permanently destroys storage infrastructure and any data within it (unless separately archived). Destructive · Critical delete-db-instance Deleting an RDS DB instance is a destructive operation that permanently removes a database and cannot be undone. Destructive · High delete-instance-tag Deletion of instance tags is destructive because it permanently removes metadata that cannot be recovered without re-applying the tags.

42 of AWS MCP Server's 54 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control AWS MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and AWS MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete-ami": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "associate-route-table": {
    "limits": [
      {
        "counter": "associate-route-table_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "list-amis": {
    "limits": [
      {
        "counter": "list-amis_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register AWS MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON AWS →

Free to start. No card required.

FULL CATALOGUE

All 54 AWS MCP Server tools

DESTRUCTIVE 14 tools
Destructive delete-ami Delete an AMI Destructive delete-bucket Delete an S3 bucket in the given region Destructive delete-db-instance Delete a given RDS DB instance in the given region Destructive delete-instance-tag Delete instance tag Destructive delete-internet-gateway Delete an internet gateway by ID in the given region Destructive delete-key-pair Delete a key pair in the given region Destructive delete-route-table Delete a route table in the given region Destructive delete-security-group Delete a security group in the given region Destructive delete-subnet Delete a subnet by subnet ID in the given region Destructive delete-vpc Delete a VPC by VPC ID in the given region Destructive revoke-security-group-egress Revoke a security group egress in the given region Destructive revoke-security-group-ingress Revoke a security group ingress in the given region Destructive detach-internet-gateway Detach an internet gateway from a VPC Destructive terminate-ec2-instance Terminate an EC2 instance in a given region
EXECUTE 4 tools
Execute launch-ec2-instance Launch an EC2 instance in a given region Execute start-ec2-instance Start an EC2 instance in a given region Execute stop-ec2-instance Stop an EC2 instance in a given region Execute reboot-ec2-instance Reboot an EC2 instance in a given region
WRITE 24 tools
Write associate-route-table Associate a route table with a subnet or internet gateway or virtual private gateway Write attach-internet-gateway Attach an internet gateway to a VPC Write authorize-security-group-egress Authorize a security group egress in the given region Write authorize-security-group-ingress Authorize a security group ingress in the given region Write create-ami Create an AMI Write create-bucket Create a new S3 bucket in the given region Write create-db-instance Create a new RDS DB instance in the given region Write create-instance-tag Create instance tag Write create-internet-gateway Create a new internet gateway in the given region Write create-key-pair Create a key pair in the given region Write create-route-table Create a route table in the given region Write create-security-group Create a security group in the given region Write create-subnet Create a subnet in the given region Write create-vpc Create a new VPC in the given region Write disassociate-route-table Disassociate a route table from a subnet or internet gateway or virtual private gateway Write import-key-pair Import a key pair in the given region Write modify-security-group-rules Modify a security group rule in the given region Write replace-route-table-association Replace the route table association for a subnet or internet gateway or virtual private gateway Write update-db-instance Update a given RDS DB instance in the given region Write update-security-group-rule-descriptions-egress Update the description of a security group rule egress in the given region Write update-security-group-rule-descriptions-ingress Update the description of a security group rule ingress in the given region Write update-subnet-attribute Update a subnet attributes by subnet ID in the given region Write update-vpc-attribute Update a VPC attribute(EnableDnsHostnames, EnableDnsSupport, EnableNetworkAddressUsageMetrics) by VPC ID in th Write update-vpc-endpoint Update a VPC endpoint(Gateway endpoint, Interface endpoint) by VPC endpoint ID in the given region
READ 12 tools
Read list-amis List AMIs Read list-buckets List all the S3 buckets in the given region Read list-db-instances List all the RDS DB instances in the given region Read list-ec2-instances List EC2 instances in a given region Read list-instance-tags List instance tags Read list-internet-gateways List all internet gateways in the given region Read list-key-pairs List key pairs in the given region Read list-route-tables List route tables in the given region Read list-security-group-rules List all security group rules in the given region Read list-security-groups List all security groups in the given region Read list-subnets List all the subnets in the given region Read list-vpcs List all the VPCs in the given region
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about AWS MCP Server

Can an AI agent delete data through the AWS MCP Server MCP server? +

Yes. The AWS MCP Server server exposes 14 destructive tools including delete-ami, delete-bucket, delete-db-instance. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through AWS MCP Server? +

The AWS MCP Server server has 24 write tools including associate-route-table, attach-internet-gateway, authorize-security-group-egress. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach AWS MCP Server.

How many tools does the AWS MCP Server MCP server expose? +

54 tools across 4 categories: Destructive, Execute, Read, Write. 12 are read-only. 42 can modify, create, or delete data.

How do I enforce a policy on AWS MCP Server? +

Register the AWS MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every AWS MCP Server tool call.

Deterministic rules across all 54 AWS MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON AWS →

Free to start. No card required.

54 AWS MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.