AWS FinOps MCP Server

76 tools. 0 can modify or destroy data without limits.

Read-only server. Low risk, but rate limits prevent runaway API costs.

Last updated:

0 can modify or destroy data
76 read-only
76 tools total

Community server · catalogue entry verified 03/07/2026

How to control AWS FinOps MCP Server ↓

What AWS FinOps MCP Server exposes to your agents

Read (76) Write / Execute (0) Destructive / Financial (0)

What can go wrong

Even read-only tools carry cost. An agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up bills.

How to control AWS FinOps MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and AWS FinOps MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Cap read operations
{
  "analyze_api_gateway_performance": {
    "limits": [
      {
        "counter": "analyze_api_gateway_performance_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register AWS FinOps MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON AWS FINOPS →

Instant setup, no code required.

All 76 AWS FinOps MCP Server tools

READ 76 tools
Read analyze_api_gateway_performance Analyze API Gateway performance metrics. Read analyze_cloudfront_cache_hit_ratio Analyze CloudFront cache hit ratios. Read analyze_data_transfer_costs Analyze data transfer costs using AWS Cost Explorer. Read analyze_dynamodb_throttling Analyze DynamoDB tables for throttling issues. Read analyze_lambda_cold_starts Analyze Lambda functions for cold start issues. Read analyze_rds_performance_insights Analyze RDS Performance Insights data. Read analyze_reserved_instance_utilization Analyze Reserved Instance utilization and coverage. Read analyze_tag_compliance Analyze tag compliance across AWS resources. Read find_asgs_with_old_amis find_asgs_with_old_amis Read find_ebs_volumes_with_old_types Find EBS volumes using previous generation volume types. Read find_ec2_instances_with_old_generations Find EC2 instances using previous generation instance types. Read find_old_ecs_task_definitions Find old ECS task definitions not used by any service. Read find_orphaned_cloudwatch_alarms Find CloudWatch alarms not associated with any active AWS resources. Read find_orphaned_cloudwatch_dashboards Find CloudWatch dashboards with widgets referencing deleted resources. Read find_outdated_ecs_platform_versions Find ECS services not using the latest platform version. Read find_outdated_eks_cluster_versions Find EKS clusters not running the latest Kubernetes version. Read find_outdated_elasticache_engine_versions Find ElastiCache clusters not running the latest engine version. Read find_outdated_lambda_runtimes Find Lambda functions with deprecated or outdated runtimes. Read find_outdated_rds_engine_versions Find RDS instances not running the latest engine version. Read find_overly_permissive_security_groups Find security groups with overly permissive rules (0.0.0.0/0 or ::/0). Read find_overutilized_dynamodb_tables Find DynamoDB tables with high capacity utilization (>80%). Read find_overutilized_ec2_instances find_overutilized_ec2_instances Read find_overutilized_elasticache_clusters Find ElastiCache clusters with high CPU or memory utilization (>80%). Read find_overutilized_rds_instances find_overutilized_rds_instances Read find_public_s3_buckets Find S3 buckets with public access enabled. Read find_target_groups_with_high_error_rate find_target_groups_with_high_error_rate Read find_target_groups_with_high_response_time find_target_groups_with_high_response_time Read find_underutilized_dynamodb_tables Find DynamoDB tables with low capacity utilization. Read find_underutilized_ec2_instances find_underutilized_ec2_instances Read find_underutilized_ecs_services Find ECS services with low CPU and memory utilization (<20%). Read find_underutilized_elasticache_clusters Find ElastiCache clusters with low CPU utilization (<20%). Read find_underutilized_lambda_functions Find Lambda functions with low invocation rates or high error rates. Read find_underutilized_rds_instances find_underutilized_rds_instances Read find_unencrypted_ebs_volumes Find EBS volumes without encryption enabled. Read find_unencrypted_rds_instances Find RDS instances without encryption enabled. Read find_unencrypted_s3_buckets Find S3 buckets without default encryption enabled. Read find_untagged_resources Find AWS resources missing required tags. Read find_unused_amis find_unused_amis Read find_unused_cloudfront_distributions Find CloudFront distributions with no requests in the specified period. Read find_unused_cloudwatch_alarms Find CloudWatch alarms in INSUFFICIENT_DATA state for extended period. Read find_unused_dynamodb_tables Find DynamoDB tables with no read/write activity. Read find_unused_ecr_images Find unused ECR images older than specified days. Read find_unused_ecs_clusters_and_services Find ECS clusters and services with no activity in the specified period. Read find_unused_elastic_ips find_unused_elastic_ips Read find_unused_eventbridge_rules Find EventBridge rules with no invocations. Read find_unused_internet_gateways Find Internet Gateways not attached or attached to VPCs with no resources. Read find_unused_lambda_functions find_unused_lambda_functions Read find_unused_launch_templates Find EC2 launch templates not used by any Auto Scaling Group or instance. Read find_unused_load_balancers find_unused_load_balancers Read find_unused_log_groups find_unused_log_groups Read find_unused_nat_gateways Find NAT Gateways with no traffic in the specified period. Read find_unused_route53_hosted_zones Find Route53 hosted zones with no query activity. Read find_unused_s3_buckets Find S3 buckets with no activity in the specified period. Read find_unused_security_groups find_unused_security_groups Read find_unused_snapshots find_unused_snapshots Read find_unused_sns_topics Find SNS topics with no subscriptions or no messages published. Read find_unused_sqs_queues Find SQS queues with no messages sent or received. Read find_unused_target_groups find_unused_target_groups Read find_unused_volumes find_unused_volumes Read find_unused_vpc_endpoints Find VPC Endpoints with no connections in the specified period. Read generate_cost_allocation_report Generate cost allocation report based on resource tags. Read get_all_cost_optimization_recommendations get_all_cost_optimization_recommendations Read get_cost_by_region get_cost_by_region Read get_cost_by_region_and_service get_cost_by_region_and_service Read get_cost_by_service get_cost_by_service Read get_cost_optimization_ebs get_cost_optimization_ebs Read get_cost_optimization_ec2 get_cost_optimization_ec2 Read get_cost_optimization_lambda get_cost_optimization_lambda Read get_cost_optimization_rds get_cost_optimization_rds Read get_daily_cost_trend get_daily_cost_trend Read get_ebs_volume_type_recommendations Get recommendations for optimizing EBS volume types based on usage patterns. Read get_nat_gateway_optimization_recommendations Get recommendations for optimizing NAT Gateway costs. Read get_reserved_instance_recommendations Get Reserved Instance purchase recommendations from AWS Cost Explorer. Read get_s3_storage_class_recommendations Get S3 storage class optimization recommendations. Read get_savings_plans_recommendations Get Savings Plans recommendations from AWS Cost Explorer. Read get_snapshot_lifecycle_recommendations Get recommendations for snapshot lifecycle management and cleanup.

Questions about AWS FinOps MCP Server

Is the AWS FinOps MCP Server MCP server safe to use without restrictions? +

The AWS FinOps MCP Server server is primarily read-only with 76 read tools. While it cannot modify data, an agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up costs. Rate limiting is still recommended.

How many tools does the AWS FinOps MCP Server MCP server expose? +

76 tools across 2 categories: Read, Write. 76 are read-only. 0 can modify, create, or delete data.

How do I enforce a policy on AWS FinOps MCP Server? +

Register the AWS FinOps MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every AWS FinOps MCP Server tool call.

Deterministic rules across all 76 AWS FinOps MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

76 AWS FinOps MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.