High-risk tools in AWS Serverless MCP Server
5 of the 32 tools in AWS Serverless MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
deploy_serverless_app_helpExecuteProvides instructions on how to deploy a serverless application to AWS Lambda. Deploying a Lambda application requires generating IaC templates, building the code, packaging th...
-
deploy_webappExecuteDeploy web applications to AWS Serverless, including Lambda as compute, DynamoDB as databases, API GW, ACM Certificates, and Route 53 DNS records. This tool uses the Lambda Web...
-
sam_buildExecuteBuilds a serverless application using AWS SAM (Serverless Application Model) CLI. Requirements: - AWS SAM CLI MUST be installed and configured in your environment - An applicat...
-
sam_deployExecuteDeploys a serverless application onto AWS Cloud using AWS SAM (Serverless Application Model) CLI and CloudFormation. Requirements: - AWS SAM CLI MUST be installed and configure...
-
sam_local_invokeExecuteLocally invokes a Lambda function using AWS SAM CLI. Requirements: - AWS SAM CLI MUST be installed and configured in your environment - Docker must be installed and running in ...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.