// MCP TOOL REFERENCE

AWS TOOLS

300 tools from the AWS MCP Server, categorised by risk level.

View the AWS policy →
// ALL 300 AWS TOOLS
READ 152 tools
Read bitmap_pos Find positions of bits set to a specific value. Args: key: The name of the bitmap key ... Read cdk_best_practices Returns CDK best practices and security guidelines. ## Usage This tool provides comprehensive CDK... Read json_arrindex Get the index of value in array at path. Args: key: The name of the key path: The path... Read analyze_batch_translation_errors analyze_batch_translation_errors Read analyze_canary_failures analyze_canary_failures Read audit_service_operations audit_service_operations Read audit_services audit_services Read audit_slos audit_slos Read bitmap_count Count the number of set bits (1) in a range. Args: key: The name of the bitmap key sta... Read bitmap_get Get the bit value at offset. Args: key: The name of the bitmap key offset: The bit off... Read cache_get Get a value from the cache. Args: key: The key to retrieve Returns: Value or erro... Read cache_get_many Get multiple values from the cache. Args: keys: List of keys to retrieve Returns: ... Read cache_get_multi Get multiple values from the cache (alias for get_many). Args: keys: List of keys to retrieve ... Read cache_gets Get a value and its CAS token from the cache. Args: key: The key to retrieve Returns: ... Read cache_stats Get cache statistics. Args: args: Optional list of stats to retrieve Returns: Sta... Read cache_version Get the version of the cache server. Returns: Version string or error message Read calculate_route calculate_route Read check_cloudformation_template_compliance check_cloudformation_template_compliance Read check_environment_variables Check if required environment variables are set correctly. Read client_list Get a list of connected clients to the Valkey server. Read compute_performances_and_costs compute_performances_and_costs Read dbsize Get the number of keys stored in the Valkey database. Read detect_language Detect the language of the provided text using Amazon Translate. Returns the detected language with co... Read dynamodb_data_model_schema_converter dynamodb_data_model_schema_converter Read dynamodb_data_model_schema_validator dynamodb_data_model_schema_validator Read dynamodb_data_model_validation dynamodb_data_model_validation Read dynamodb_data_modeling Retrieves the complete DynamoDB Data Modeling Expert prompt. This tool returns a prompt to help user w... Read extract_slides_as_images extract_slides_as_images Read find_all_tools_in_package Find all tool definitions in a package directory. Returns: List of tuples: (tool_name, file_pa... Read geocode Get coordinates for a location name or address using Amazon Location Service geo-places geocode API. Read get_api_guide Get all available SecurityAgent API operations. Returns operation names dynamically from the service m... Read get_available_services Fetch available services from AWS China documentation. ## Usage Available services in AWS China a... Read get_aws_account_info get_aws_account_info Read get_aws_session_info get_aws_session_info Read get_bucket_metadata_config get_bucket_metadata_config Read get_cloudformation_pre_deploy_validation_instructions Get instructions for CloudFormation pre-deployment validation. Returns structured JSON guidance for us... Read get_datastore Get information about a specific data store. Read get_dicom_export_job get_dicom_export_job Read get_dicom_import_job get_dicom_import_job Read get_group Get detailed information about a specific IAM group. This tool retrieves comprehensive information abo... Read get_image_frame get_image_frame Read get_image_set get_image_set Read get_image_set_metadata get_image_set_metadata Read get_language_metrics get_language_metrics Read get_maintenance_job_status Get the status of a maintenance job for a table. Gets the status of a maintenance job for a table. For... Read get_managed_policy_document get_managed_policy_document Read get_patient_dicomweb_studies get_patient_dicomweb_studies Read get_patient_series get_patient_series Read get_patient_studies get_patient_studies Read get_place get_place Read get_resource get_resource Read get_resource_request_status get_resource_request_status Read get_resource_schema_information get_resource_schema_information Read get_role_policy get_role_policy Read get_scan_findings get_scan_findings Read get_scan_status Check the status of a security scan. Useful for checking a previous scan from an earlier session, or v... Read get_series_primary_image_set get_series_primary_image_set Read get_study_primary_image_sets get_study_primary_image_sets Read get_table_maintenance_config Get details about the maintenance configuration of a table. Gets details about the maintenance configu... Read get_table_metadata_location Get the location of the S3 table metadata. Gets the S3 URI location of the table metadata, which conta... Read get_terminology Get detailed information about a specific terminology. Returns terminology metadata, term pairs, and u... Read get_translation_job Get the status and details of a translation job. Returns current job status, progress, and results loc... Read get_user Get detailed information about a specific IAM user. This tool retrieves comprehensive information abou... Read get_user_policy get_user_policy Read get_workflow_status Get the current status of a specific workflow. Returns detailed information about workflow progress, c... Read hash_exists Check if field exists in hash. Args: key: The name of the key field: The field name ... Read hash_get Get field from hash. Args: key: The name of the key field: The field name Returns... Read hash_get_all Get all fields and values from hash. Args: key: The name of the key Returns: Dict... Read hash_keys Get all field names from hash. Args: key: The name of the key Returns: List of fi... Read hash_length Get number of fields in hash. Args: key: The name of the key Returns: Number of f... Read hash_random_field Get random field(s) from hash. Args: key: The name of the key count: Number of fields ... Read hash_random_field_with_values Get random field(s) with their values from hash. Args: key: The name of the key count:... Read hash_strlen Get length of field value in hash. Args: key: The name of the key field: The field nam... Read hash_values Get all values from hash. Args: key: The name of the key Returns: List of values ... Read hll_count Get the estimated cardinality of a HyperLogLog. Args: key: The name of the HyperLogLog key ... Read info Get Valkey server information and statistics. Args: section: The section of the info command (... Read json_arrlen Get the length of array at path. Args: key: The name of the key path: The path in the ... Read json_get Get the JSON value at path. Args: key: The name of the key path: The path in the JSON ... Read json_objkeys Get the keys in the object at path. Args: key: The name of the key path: The path in t... Read json_objlen Get the number of keys in the object at path. Args: key: The name of the key path: The... Read json_strlen Get the length of string at path. Args: key: The name of the key path: The path in the... Read list_active_workflows List all currently active workflows. Returns information about workflows that are currently executing,... Read list_canaries List all CloudWatch Synthetics canaries in the account. Use this tool to discover canaries before anal... Read list_datastores list_datastores Read list_dicom_export_jobs list_dicom_export_jobs Read list_dicom_import_jobs list_dicom_import_jobs Read list_get Get value at index from list. Args: key: The name of the key index: The index (0-based... Read list_groups list_groups Read list_image_set_versions list_image_set_versions Read list_language_pairs List all supported language pairs for translation. Returns all available source-target language combin... Read list_length Get length of list. Args: key: The name of the key Returns: Length or error message Read list_move list_move Read list_namespaces List all namespaces across all S3 table buckets. Permissions: You must have the s3tables:ListNames... Read list_policies list_policies Read list_position Find position(s) of value in list. Args: key: The name of the key value: Value to sear... Read list_range Get range of values from list. Args: key: The name of the key start: Start index (incl... Read list_resources list_resources Read list_role_policies List all inline policies for an IAM role. This tool retrieves the names of all inline policies attache... Read list_roles list_roles Read list_scans List all recent security scans tracked locally with their status. Read list_table_buckets List all S3 table buckets for your AWS account. Permissions: You must have the s3tables:ListTableB... Read list_tables List all S3 tables across all table buckets and namespaces. Permissions: You must have the s3table... Read list_tags_for_resource List tags for a resource. Read list_terminologies List all available custom terminologies. Returns a list of terminologies with their metadata and langu... Read list_translation_jobs list_translation_jobs Read list_user_policies List all inline policies for an IAM user. This tool retrieves the names of all inline policies attache... Read list_users list_users Read monitor_batch_translation monitor_batch_translation Read read_document read_document Read read_documentation read_documentation Read read_image read_image Read read_sections read_sections Read recommend Get content recommendations for an AWS documentation page. ## Usage This tool provides recommenda... Read reverse_geocode reverse_geocode Read search_by_patient_id search_by_patient_id Read search_by_series_uid search_by_series_uid Read search_by_study_uid search_by_study_uid Read search_cdk_documentation search_cdk_documentation Read search_cdk_samples_and_constructs search_cdk_samples_and_constructs Read search_cloudformation_documentation search_cloudformation_documentation Read search_documentation search_documentation Read search_image_sets search_image_sets Read search_nearby search_nearby Read search_places search_places Read search_places_open_now search_places_open_now Read source_db_analyzer source_db_analyzer Read stream_info Get information about stream. Args: key: The name of the key Returns: Stream info... Read stream_info_consumers Get information about consumers in group. Args: key: The name of the key group_name: N... Read stream_info_groups Get information about consumer groups. Args: key: The name of the key Returns: Co... Read stream_length Get length of stream. Args: key: The name of the key Returns: Length or error mes... Read stream_range stream_range Read stream_read stream_read Read stream_read_group Read entries from stream as part of consumer group. Args: key: The name of the key gro... Read string_get Get string value. Args: key: The name of the key Returns: Value or error message Read string_get_range Get substring. Args: key: The name of the key start: Start index (inclusive) e... Read string_length Get string length. Args: key: The name of the key Returns: Length or error message Read validate_cloudformation_template validate_cloudformation_template Read validate_translation validate_translation Read json_type Get the type of JSON value at path. Args: key: The name of the key path: The path in t... Read set_cardinality Get number of members in set. Args: key: The name of the key Returns: Number of m... Read set_contains Check if member exists in set. Args: key: The name of the key member: Member to check ... Read set_members Get all members in set. Args: key: The name of the key Returns: List of members o... Read set_random_member Get random member(s) from set without removing. Args: key: The name of the key count: ... Read setup_check Check if AWS Security Agent prerequisites are configured. Verifies agent space and service role are av... Read sorted_set_cardinality Get number of members in sorted set. Args: key: The name of the key min_score: Minimum... Read sorted_set_range Get range of members from sorted set. Args: key: The name of the key start: Start inde... Read sorted_set_range_by_lex Get range of members by lexicographical order. Args: key: The name of the key min_lex:... Read sorted_set_range_by_score Get range of members by score. Args: key: The name of the key min_score: Minimum score... Read sorted_set_rank Get rank of member in sorted set. Args: key: The name of the key member: The member to... Read sorted_set_score Get score of member in sorted set. Args: key: The name of the key member: The member t... Read troubleshoot_cloudformation_deployment Troubleshoot CloudFormation deployment failures with root cause analysis and CloudTrail integration. T... Read type Returns the string representation of the type of the value stored at key. Args: key (str): The...
WRITE 89 tools
Write remove_user_from_group remove_user_from_group Write append_rows_to_table append_rows_to_table Write cache_append Append a string to an existing value. Args: key: The key to append to value: String to... Write cache_decr Decrement a counter in the cache. Args: key: The key to decrement value: Amount to dec... Write cache_incr Increment a counter in the cache. Args: key: The key to increment value: Amount to inc... Write cache_prepend Prepend a string to an existing value. Args: key: The key to prepend to value: String ... Write detach_group_policy detach_group_policy Write hash_increment Increment field value in hash. Args: key: The name of the key field: The field name ... Write json_arrappend Append values to the array at path. Args: key: The name of the key path: The path in t... Write json_arrpop Pop a value from the array at path and index. Args: key: The name of the key path: The... Write json_numincrby Increment the number at path by value. Args: key: The name of the key path: The path i... Write json_nummultby Multiply the number at path by value. Args: key: The name of the key path: The path in... Write json_strappend Append a string to the string at path. Args: key: The name of the key path: The path i... Write json_toggle Toggle boolean value at path. Args: key: The name of the key path: The path in the JSO... Write list_append Append value to list. Args: key: The name of the key value: The value to append R... Write list_append_multiple Append multiple values to list. Args: key: The name of the key values: List of values ... Write list_insert_after Insert value after pivot in list. Args: key: The name of the key pivot: The pivot valu... Write list_insert_before Insert value before pivot in list. Args: key: The name of the key pivot: The pivot val... Write list_pop_right Pop value(s) from right of list. Args: key: The name of the key count: Number of value... Write list_prepend Prepend value to list. Args: key: The name of the key value: The value to prepend ... Write list_prepend_multiple Prepend multiple values to list. Args: key: The name of the key values: List of values... Write list_remove Remove occurrences of value from list. Args: key: The name of the key value: Value to ... Write list_set Set value at index in list. Args: key: The name of the key index: The index (0-based, ... Write string_append Append to string value. Args: key: The name of the key value: String to append Re... Write string_decrement Decrement integer value. Args: key: The name of the key amount: Amount to decrement by... Write string_get_set Set new value and return old value. Args: key: The name of the key value: New value to... Write string_increment Increment integer value. Args: key: The name of the key amount: Amount to increment by... Write string_increment_float Increment float value. Args: key: The name of the key amount: Amount to increment by ... Write tag_resource tag_resource Write untag_resource untag_resource Write add_user_to_group add_user_to_group Write attach_group_policy attach_group_policy Write attach_user_policy attach_user_policy Write bitmap_set Set the bit at offset to value. Args: key: The name of the bitmap key offset: The bit ... Write bulk_update_patient_metadata bulk_update_patient_metadata Write cache_add Add a value to the cache only if the key doesn't exist. Args: key: The key to add valu... Write cache_cas Set a value using CAS (Check And Set). Args: key: The key to set value: The value to s... Write cache_replace Replace a value in the cache only if the key exists. Args: key: The key to replace val... Write cache_set Set a value in the cache. Args: key: The key to set value: The value to store ... Write cache_set_many Set multiple values in the cache. Args: mapping: Dictionary of key-value pairs expire:... Write cache_set_multi Set multiple values in the cache (alias for set_many). Args: mapping: Dictionary of key-value ... Write cache_touch Update the expiration time for a key. Args: key: The key to update expire: New expirat... Write copy_image_set copy_image_set Write create_access_key create_access_key Write create_broker create_broker Write create_configuration Create configuration for AmazonMQ broker. Write create_datastore create_datastore Write create_group create_group Write create_namespace Create a new namespace in an S3 table bucket. Creates a namespace. A namespace is a logical grouping o... Write create_queue create_queue Write create_resource create_resource Write create_role create_role Write create_table create_table Write create_table_bucket create_table_bucket Write create_template create_template Write create_terminology create_terminology Write create_topic create_topic Write create_user create_user Write expire Set an expiration time for a Redis key. Args: name: The Redis key. expire_seconds: Tim... Write finch_create_ecr_repo finch_create_ecr_repo Write hash_set Set field in hash. Args: key: The name of the key field: The field name value:... Write hash_set_if_not_exists Set field in hash only if it does not exist. Args: key: The name of the key field: The... Write hash_set_multiple Set multiple fields in hash. Args: key: The name of the key mapping: Dictionary of fie... Write hll_add Add one element to a HyperLogLog. Args: key: The name of the HyperLogLog key element: ... Write import_csv_to_table import_csv_to_table Write import_parquet_to_table import_parquet_to_table Write import_terminology import_terminology Write json_set json_set Write put_role_policy put_role_policy Write put_user_policy put_user_policy Write rename rename Write rename_table rename_table Write set_add Add member to set. Args: key: The name of the key member: Member to add Returns: ... Write set_move Move member from one set to another. Args: source: Source set key destination: Destina... Write set_remove Remove member from set. Args: key: The name of the key member: Member to remove R... Write sorted_set_add Add member-score pairs to sorted set. Args: key: The name of the key mapping: Dictiona... Write sorted_set_add_incr Add member to sorted set or increment its score. Args: key: The name of the key member... Write sorted_set_popmax Remove and return members with highest scores. Args: key: The name of the key count: N... Write sorted_set_popmin Remove and return members with lowest scores. Args: key: The name of the key count: Nu... Write sorted_set_remove Remove member(s) from sorted set. Args: key: The name of the key *members: Members to ... Write sorted_set_remove_by_rank Remove members by rank range. Args: key: The name of the key start: Start rank (inclus... Write stream_group_create stream_group_create Write stream_group_set_id Set consumer group's last delivered ID. Args: key: The name of the key group_name: Nam... Write string_set Set string value. Args: key: The name of the key value: The value to set ex: E... Write string_set_range Overwrite part of string. Args: key: The name of the key offset: Position to start ove... Write update_image_set_metadata update_image_set_metadata Write update_patient_study_metadata update_patient_study_metadata Write update_resource update_resource Write update_table_metadata_location update_table_metadata_location
DESTRUCTIVE 34 tools
Destructive bulk_delete_by_criteria bulk_delete_by_criteria Destructive cache_delete Delete a value from the cache. Args: key: The key to delete Returns: Success mess... Destructive cache_delete_many Delete multiple values from the cache. Args: keys: List of keys to delete Returns: ... Destructive cache_delete_multi Delete multiple values from the cache (alias for delete_many). Args: keys: List of keys to del... Destructive delete Delete a Valkey key. Args: key (str): The key to delete. Returns: str: Confirmati... Destructive delete_access_key delete_access_key Destructive delete_datastore Delete a data store from AWS HealthImaging. Destructive delete_group delete_group Destructive delete_image_set delete_image_set Destructive delete_instance_in_series delete_instance_in_series Destructive delete_instance_in_study delete_instance_in_study Destructive delete_patient_studies delete_patient_studies Destructive delete_resource delete_resource Destructive delete_role_policy delete_role_policy Destructive delete_series_by_uid delete_series_by_uid Destructive delete_study delete_study Destructive delete_user delete_user Destructive delete_user_policy delete_user_policy Destructive json_clear Clear container at path (array or object). Args: key: The name of the key path: The pa... Destructive json_del Delete value at path. Args: key: The name of the key path: The path in the JSON docume... Destructive remove_instance_from_image_set remove_instance_from_image_set Destructive remove_series_from_image_set remove_series_from_image_set Destructive stream_delete Delete entries from stream. Args: key: The name of the key id: Entry ID to delete ... Destructive stream_group_delete_consumer Delete consumer from group. Args: key: The name of the key group_name: Name of consume... Destructive stream_group_destroy Destroy consumer group. Args: key: The name of the key group_name: Name of consumer gr... Destructive json_arrtrim Trim array at path to include only elements within range. Args: key: The name of the key ... Destructive cache_flush_all Flush all cache entries. Args: delay: Optional delay in seconds before flushing Returns: ... Destructive detach_user_policy detach_user_policy Destructive list_pop_left Pop value(s) from left of list. Args: key: The name of the key count: Number of values... Destructive list_trim Trim list to specified range. Args: key: The name of the key start: Start index (inclu... Destructive stream_trim Trim stream to specified length. Args: key: The name of the key maxlen: Maximum length... Destructive set_pop Remove and return random member(s) from set. Args: key: The name of the key count: Num... Destructive sorted_set_remove_by_lex Remove members by lexicographical range. Args: key: The name of the key min_lex: Minim... Destructive sorted_set_remove_by_score Remove members by score range. Args: key: The name of the key min_score: Minimum score...
EXECUTE 14 tools
Execute finch_build_container_image finch_build_container_image Execute run_checkov run_checkov Execute start_batch_translation start_batch_translation Execute start_dicom_export_job start_dicom_export_job Execute start_dicom_import_job start_dicom_import_job Execute start_security_scan start_security_scan Execute stop_scan Stop a running security scan. Execute trigger_batch_translation trigger_batch_translation Execute call_api call_api Execute query_database query_database Execute simulate_principal_policy simulate_principal_policy Execute translate_text translate_text Execute finch_push_image finch_push_image Execute generate_infrastructure_code generate_infrastructure_code
OTHER 11 tools
Other cache_quit Close the connection to the cache server. Returns: Success message or error message Other explain explain Other managed_batch_translation_workflow managed_batch_translation_workflow Other name name Other optimize_waypoints optimize_waypoints Other smart_translate_workflow smart_translate_workflow Other tool_name tool_name Other generate_data_access_layer generate_data_access_layer Other generate_resources generate_resources Other setup setup Other stream_add stream_add
// RUNNING THIS SERVER

The managed route: connect AWS through the PolicyLayer gateway — every tool call above is checked against your policy before it runs, with a full audit log.

DIRECT INSTALL (UNMANAGED) npx -y @awslabs/mcp

Route AWS through PolicyLayer and every one of its 300 tools is checked against your policy before it runs.

CHECK YOUR STACK →

See every tool, the dangerous ones, and the token cost across your stack.

// FAQ
How many tools does the AWS MCP server have? +

The AWS MCP server exposes 300 tools across 5 categories: Read, Write, Destructive, Execute, Other.

How do I enforce policies on AWS tools? +

Route the AWS server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard; they are enforced on every call before it reaches the server.

What risk categories do AWS tools fall into? +

AWS tools are categorised as Read (152), Write (89), Destructive (34), Execute (14), Other (11). Each category has a recommended default policy.

Enforce policy on every AWS tool call.

Start from AWS, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

CHECK YOUR STACK →

Free to start. No card required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.