Manage SageMaker HyperPod clusters and nodes with both read and write operations. This tool provides operations for managing SageMaker HyperPod clusters and nodes, including listing clusters, listing nodes, describing a specific node, updating cluster software, and deleting nodes. It serves as a...
High parameter count (17 properties); Single-target operation; Admin/system-level operation
Part of the Amazon SageMaker AI MCP Server MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents may call manage_hyperpod_cluster_nodes to permanently remove or destroy resources in Amazon SageMaker AI MCP Server. Without a policy, an autonomous agent could delete critical data in a loop with no way to undo the damage. Intercept blocks destructive tools by default and requires explicit human approval before enabling them.
Without a policy, an AI agent could call manage_hyperpod_cluster_nodes in a loop, permanently destroying resources in Amazon SageMaker AI MCP Server. There is no undo for destructive operations. Intercept blocks this tool by default and only allows it when a human explicitly approves the action.
Destructive tools permanently remove data. Block by default. Only enable with explicit approval workflows.
tools:
manage_hyperpod_cluster_nodes:
rules:
- action: deny
reason: "Blocked by default — enable with approval"See the full Amazon SageMaker AI MCP Server policy for all 4 tools.
Agents calling destructive-class tools like manage_hyperpod_cluster_nodes have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Destructive risk category across the catalogue. The same policy patterns (deny, require_approval) apply to each.
manage_hyperpod_cluster_nodes is one of the critical-risk operations in Amazon SageMaker AI MCP Server. For the full severity-focused view — only the critical-risk tools with their recommended policies — see the breakdown for this server, or browse all critical-risk tools across every MCP server.
Manage SageMaker HyperPod clusters and nodes with both read and write operations. This tool provides operations for managing SageMaker HyperPod clusters and nodes, including listing clusters, listing nodes, describing a specific node, updating cluster software, and deleting nodes. It serves as a consolidated interface for all cluster and node-related operations, simplifying the management of HyperPod resources. ## Operations - **list_clusters**: List SageMaker HyperPod clusters with options for pagination and filtering - **list_nodes**: List nodes in a SageMaker HyperPod cluster with options for pagination and filtering - **describe_node**: Get detailed information about a specific node in a SageMaker HyperPod cluster - **update_software**: Update the software for a SageMaker HyperPod cluster IMMEDIATELY - **batch_delete**: Delete multiple nodes from a SageMaker HyperPod cluster in a single operation ## Response Information The response type varies based on the operation: - list_clusters: Returns ListClustersResponse with a list of clusters - list_nodes: Returns ListClusterNodesResponse with a list of nodes - describe_node: Returns DescribeClusterNodeResponse with detailed node information - update_software: Returns UpdateClusterSoftwareResponse with the cluster ARN - batch_delete: Returns BatchDeleteClusterNodesResponse with details of the deletion operation ## Important Notes - ALWAYS show the important notes for operations batch_delete and update_software BEFORE execute the operations - For update_software: (BEFORE executing: ALWAYS ask user whether they want to update immediately or schedule for later; follow "update_hp_cluster" tool instructions for scheduled updates) The UpgradeClusterSoftware API call may impact your SageMaker HyperPod cluster uptime and availability. Plan accordingly to mitigate potential disruptions to your workloads - For batch_delete: - BEFORE running the tool, ALWAYS remind user all followings - To safeguard your work, back up your data to Amazon S3 or an FSx for Lustre file system before invoking the API on a worker node group. This will help prevent any potential data loss from the instance root volume. For more information about backup, see Use the backup script provided by SageMaker HyperPod: https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-backup-restore.html - If you want to invoke this API on an existing cluster, you'll first need to patch the cluster by running the UpdateClusterSoftware API. For more information about patching a cluster, see Update the SageMaker HyperPod platform software of a cluster: https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-update-software.html - Deleting nodes will permanently remove them from the cluster - This operation cannot be undone - Ensure you have selected the correct nodes before proceeding - This operation requires write access to be enabled for the handler ## Usage Tips - Use "list_clusters" operation to get an overview of all available clusters in a specified region - Use "list_nodes" operation to get an overview of all nodes in a specific cluster - Use "describe_node" operation to get detailed information about a specific node - Use "update_software" operation to update the software IMMEDIATELY on all nodes or specific instance groups - Use "batch_delete" operation to delete multiple nodes in a single request - Specify region_name to operate on a cluster in a specific region - Specify profile_name to use a specific AWS profile with appropriate permissions ## Fallback Options: - If this tool fails, advise using AWS SageMaker CLI alternatives: - List clusters: `aws sagemaker list-clusters --region <cluster_region>` - List nodes: `aws sagemaker list-cluster-nodes --cluster-name <name> --region <cluster_region>` - Describe node: `aws sagemaker describe-cluster-node --cluster-name <name> --node-id <id> --region <cluster_region>` - Update software: `aws sagemaker update-cluster-software --cluster-name <name> --region <cluster_region>` - Delete nodes: `aws sagemaker batch-delete-cluster-nodes --cluster-name <name> --node-ids <ids> --region <cluster_region>` - Or, as another alternative: Advise using SageMaker HyperPod console for cluster and node management Args: ctx: MCP context operation: Operation to perform (list_clusters, list_nodes, describe_node, update_software, or batch_delete) cluster_name: The name of the cluster (required for all operations except list_clusters) node_id: The ID of the node (required for describe_node operation) node_ids: List of node IDs to delete (required for batch_delete operation) max_results: Maximum number of results to return (for list_clusters and list_nodes operations) next_token: Token for pagination (for list_clusters and list_nodes operations) name_contains: Filter clusters by name (for list_clusters operation) creation_time_after: Filter by creation time after (for list_clusters and list_nodes operations) creation_time_before: Filter by creation time before (for list_clusters and list_nodes operations) instance_group_name_contains: Filter by instance group name (for list_nodes operation) sort_by: Sort field (for list_clusters and list_nodes operations) sort_order: Sort order (for list_clusters and list_nodes operations) training_plan_arn: Filter clusters by training plan ARN (for list_clusters operation) deployment_config: Configuration for the update process (for update_software operation) instance_groups: Specific instance groups to update (for update_software operation) region_name: AWS region name (default: us-east-1) profile_name: AWS profile name (optional) Returns: Union[ListClustersResponse, ListClusterNodesResponse, DescribeClusterNodeResponse, UpdateClusterSoftwareResponse, BatchDeleteClusterNodesResponse]: Response specific to the operation performed. It is categorised as a Destructive tool in the Amazon SageMaker AI MCP Server MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Add a rule in your Intercept YAML policy under the tools section for manage_hyperpod_cluster_nodes. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Amazon SageMaker AI MCP Server MCP server.
manage_hyperpod_cluster_nodes is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the manage_hyperpod_cluster_nodes rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for manage_hyperpod_cluster_nodes. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
manage_hyperpod_cluster_nodes is provided by the Amazon SageMaker AI MCP Server MCP server (awslabs.sagemaker-ai-mcp-server). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.