High-risk tools in Amazon Location Service MCP Server
96 of the 805 tools in Amazon Location Service MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
cancel_logs_insight_queryExecutecancel_logs_insight_query
-
CancelAHORunBatchExecuteCancelAHORunBatch
-
batch-stop-update-actionExecutebatch-stop-update-action
-
browser_navigateExecutebrowser_navigate
-
browser_navigate_backExecutebrowser_navigate_back
-
browser_navigate_forwardExecutebrowser_navigate_forward
-
browser_wait_forExecutebrowser_wait_for
-
build_and_push_image_to_ecrExecutebuild_and_push_image_to_ecr
-
deploy_serverless_app_helpExecutedeploy_serverless_app_help
-
deploy_webappExecutedeploy_webapp
-
execute_cwl_insights_batchExecuteexecute_cwl_insights_batch
-
execute_log_insights_queryExecuteexecute_log_insights_query
-
execute_promql_queryExecuteexecute_promql_query
-
execute_promql_range_queryExecuteexecute_promql_range_query
-
execute_queryExecuteexecute_query
-
executeQueryExecuteExecutes a read-only SELECT query against the database - args: keyspace, query
-
ExecuteRangeQueryExecuteExecuteRangeQuery
-
finch_build_container_imageExecutefinch_build_container_image
-
invoke_agent_runtimeExecuteinvoke_agent_runtime
-
memory_start_extraction_jobExecutememory_start_extraction_job
-
policy_generation_startExecutepolicy_generation_start
-
run_checkovExecuterun_checkov
-
run_gremlin_queryExecuteExecutes the provided Tinkerpop Gremlin against the graph.
-
run_opencypher_queryExecuteExecutes the provided openCypher against the graph.
-
run_queryExecuteRun a SQL query against Microsoft SQL Server
-
sam_buildExecutesam_build
-
sam_deployExecutesam_deploy
-
sam_local_invokeExecutesam_local_invoke
-
start_applicationExecutestart_application
-
start_batch_translationExecutestart_batch_translation
-
start_browser_sessionExecutestart_browser_session
-
start_config_checksExecutestart_config_checks
-
start_dicom_export_jobExecutestart_dicom_export_job
-
start_dicom_import_jobExecutestart_dicom_import_job
-
start_fhir_export_jobExecuteStart a FHIR export job to export data from HealthLake
-
start_fhir_import_jobExecuteStart a FHIR import job to load data into HealthLake
-
start_security_scanExecutestart_security_scan
-
start-migrationExecutestart-migration
-
StartAHOReadSetExportJobExecuteStartAHOReadSetExportJob
-
StartAHOReadSetImportJobExecuteStartAHOReadSetImportJob
-
StartAHOReferenceImportJobExecuteStartAHOReferenceImportJob
-
StartAHORunExecuteStartAHORun
-
StartAHORunBatchExecuteStartAHORunBatch
-
stop_applicationExecutestop_application
-
stop_browser_sessionExecutestop_browser_session
-
stop_runtime_sessionExecutestop_runtime_session
-
stop_scanExecuteStop a running security scan.
-
trigger_batch_translationExecutetrigger_batch_translation
-
wait_for_service_readyExecutewait_for_service_ready
-
AssumeRoleWithIdentityContextExecuteAssumeRoleWithIdentityContext
-
browser_evaluateExecutebrowser_evaluate
-
browser_hoverExecutebrowser_hover
-
browser_mouse_wheelExecutebrowser_mouse_wheel
-
calculate_routeExecutecalculate_route
-
call_apiExecutecall_api
-
call_awsExecutecall_aws
-
CloneContainerToECRExecuteCloneContainerToECR
-
get-ssh-tunnel-command-replication-groupExecuteget-ssh-tunnel-command-replication-group
-
InfluxDBQueryExecuteQuery data from InfluxDB using Flux query language.
-
json_arrpopExecutePop a value from the array at path and index.
-
lake_queryExecutelake_query
-
list_removeExecuteRemove occurrences of value from list.
-
optimize_waypointsExecuteoptimize_waypoints
-
sam_initExecutesam_init
-
session-sqlExecutesession-sql
-
simulate_principal_policyExecutesimulate_principal_policy
-
string_appendExecuteAppend to string value.
-
string_decrementExecuteDecrement integer value.
-
string_incrementExecuteIncrement integer value.
-
translate_textExecutetranslate_text
-
troubleshoot_cloudformation_deploymentExecutetroubleshoot_cloudformation_deployment
-
batch-apply-update-actionExecutebatch-apply-update-action
-
browser_clickExecutebrowser_click
-
browser_closeExecutebrowser_close
-
browser_fill_formExecutebrowser_fill_form
-
browser_handle_dialogExecutebrowser_handle_dialog
-
browser_press_keyExecutebrowser_press_key
-
browser_select_optionExecutebrowser_select_option
-
connect_to_databaseExecuteConnect to a SQL Server RDS instance and save the connection internally
-
create_agent_runtime_endpointExecutecreate_agent_runtime_endpoint
-
finch_push_imageExecutefinch_push_image
-
generate_infrastructure_codeExecutegenerate_infrastructure_code
-
manage_aws_athena_databases_and_tablesExecutemanage_aws_athena_databases_and_tables
-
manage_aws_athena_query_executionsExecutemanage_aws_athena_query_executions
-
manage_aws_emr_clustersExecutemanage_aws_emr_clusters
-
manage_aws_emr_ec2_instancesExecutemanage_aws_emr_ec2_instances
-
manage_aws_emr_ec2_stepsExecutemanage_aws_emr_ec2_steps
-
manage_aws_emr_serverless_job_runsExecutemanage_aws_emr_serverless_job_runs
-
manage_aws_glue_crawlersExecutemanage_aws_glue_crawlers
-
manage_aws_glue_jobsExecutemanage_aws_glue_jobs
-
manage_aws_glue_sessionsExecutemanage_aws_glue_sessions
-
manage_aws_glue_statementsExecutemanage_aws_glue_statements
-
manage_aws_glue_workflowsExecutemanage_aws_glue_workflows
-
manage_hyperpod_cluster_nodesExecutemanage_hyperpod_cluster_nodes
-
schedule_start_applicationExecuteschedule_start_application
-
schedule_stop_applicationExecuteschedule_stop_application
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.