High-risk tools in Amazon ECS MCP Server
5 of the 10 tools in Amazon ECS MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
build_and_push_image_to_ecrExecuteCreates ECR infrastructure and builds/pushes a Docker image to ECR. This tool automates the complete ECR setup and image deployment process: 1. Creates ECR repository via Cloud...
-
containerize_appExecuteStart here if a user wants to run their application locally or deploy an app to the cloud. Provides guidance for containerizing a web application. This tool provides guidance o...
-
ecs_resource_managementExecuteExecute ECS API operations directly. This tool allows direct execution of ECS API operations using boto3. Supported operations: - CreateCapacityProvider (requires WRITE permis...
-
ecs_troubleshooting_toolExecuteECS troubleshooting tool with multiple diagnostic actions. This tool provides access to all ECS troubleshooting operations through a single interface. Use the 'action' paramete...
-
wait_for_service_readyExecuteWaits for ECS tasks in a service to reach RUNNING status. This tool polls the service every 10 seconds to check if tasks are running. It will wait up to the specified timeout b...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.