Manage AWS Glue Data Catalog connections with both read and write operations. Connections in AWS Glue store connection information for data stores, such as databases, data warehouses, and other data sources. They contain connection properties like JDBC URLs, usernames, and other metadata needed ...
Single-target operation
Part of the Amazon Data Processing MCP Server MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents use manage_aws_glue_connections to create or modify resources in Amazon Data Processing MCP Server. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call manage_aws_glue_connections repeatedly, creating or modifying resources faster than any human could review. Intercept's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Amazon Data Processing MCP Server.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
tools:
manage_aws_glue_connections:
rules:
- action: allow
rate_limit:
max: 30
window: 60See the full Amazon Data Processing MCP Server policy for all 36 tools.
Agents calling write-class tools like manage_aws_glue_connections have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Write risk category across the catalogue. The same policy patterns (rate-limit, validate) apply to each.
Manage AWS Glue Data Catalog connections with both read and write operations. Connections in AWS Glue store connection information for data stores, such as databases, data warehouses, and other data sources. They contain connection properties like JDBC URLs, usernames, and other metadata needed to connect to external data sources. ## Requirements - The server must be run with the `--allow-write` flag for create, update, delete, test, and batch-delete operations - Appropriate AWS permissions for Glue Data Catalog operations - Connection properties must be valid for the connection type ## Operations - **create-connection**: Create a new connection - **delete-connection**: Delete an existing connection - **get-connection**: Retrieve detailed information about a specific connection - **list-connections**: List all connections - **update-connection**: Update an existing connection's properties - **test-connection**: Test a connection to validate service credentials - **batch-delete-connection**: Delete multiple connections in a single call ## Usage Tips - Connection names must be unique within your catalog - Connection input should include ConnectionType and ConnectionProperties - Use get or list operations to check existing connections before creating - For test-connection, provide either connection_name (existing) or test_connection_input (new) Args: ctx: MCP context operation: Operation to perform connection_name: Name of the connection connection_input: Connection definition catalog_id: Catalog ID for the connection max_results: Maximum results to return next_token: A continuation string token, if this is a continuation call hide_password: The boolean flag to control connection password in return value for get-connection and list-connections operation test_connection_input: TestConnectionInput for test-connection operation connection_name_list: List of connection names for batch-delete-connection operation Returns: Union of response types specific to the operation performed. It is categorised as a Write tool in the Amazon Data Processing MCP Server MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Add a rule in your Intercept YAML policy under the tools section for manage_aws_glue_connections. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Amazon Data Processing MCP Server MCP server.
manage_aws_glue_connections is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the manage_aws_glue_connections rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for manage_aws_glue_connections. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
manage_aws_glue_connections is provided by the Amazon Data Processing MCP Server MCP server (awslabs.aws-dataprocessing-mcp-server). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.