58 tools from the AWS MCP Server, categorised by risk level.
View the AWS policy →analyze_log_group Detect anomalies and errors in logs 3/5 analyze_metric Analyse CloudWatch metric trends 3/5 analyze_stack_failures Diagnose failed CloudFormation stacks 3/5 aws___read_documentation Fetch and convert an AWS documentation page to markdown format.
## Usage
This tool retrieves the content of an AWS documentation page and... 2/5 aws___recommend Get content recommendations for an AWS documentation page.
## Usage
This tool provides recommendations for related AWS documentation page... aws___search_documentation Search AWS documentation using the official AWS Documentation Search API.
## Usage
This tool searches across all AWS documentation and ot... azureterraformbestpractices Get Terraform best practices for Azure 2/5 bedrock_kb_retrieve Query Bedrock knowledge bases 2/5 check_cdk_nag_suppressions Validate CDK Nag suppressions 2/5 describe_log_groups List metadata about CloudWatch log groups 2/5 dynamodb_data_model_validation Validate DynamoDB data models 2/5 dynamodb_data_modeling Interactive DynamoDB data modelling 2/5 explain_cdk_nag_rule Explain specific CDK Nag security rules 2/5 get_active_alarms Identify currently active CloudWatch alarms 2/5 get_alarm_history Retrieve alarm state change history 2/5 get_bestpractices Get AWS development and deployment guidance 2/5 get_cdk_best_practices Retrieve AWS CDK best practices 2/5 get_cloudwatch_logs Access CloudWatch logs for EKS 2/5 get_cloudwatch_metrics Retrieve CloudWatch metrics for EKS 2/5 get_eks_vpc_config Retrieve VPC configuration for EKS 2/5 get_k8s_events List Kubernetes events 2/5 get_logs_insight_query_results Retrieve CloudWatch Insights query results 2/5 get_pod_logs Retrieve Kubernetes pod logs 2/5 get_regional_availability Check regional availability for AWS services 2/5 get_resource Retrieve specific AWS resource details 2/5 get_schema Get CloudFormation schema for resources 2/5 list_api_versions List available Kubernetes API versions 2/5 list_k8s_resources List Kubernetes resources by kind 2/5 list_knowledge_bases List available Bedrock knowledge bases 2/5 list_regions List all AWS regions 2/5 list_resources Enumerate resources of specified types 2/5 query_sql Execute read-only SQL queries against S3 Tables 3/5 read_documentation Retrieve AWS docs as markdown 2/5 retrieve_agent_sop Search AWS operational procedures 2/5 search_cdk_documentation Search CDK docs and constructs 2/5 search_cfn_documentation Query CloudFormation docs and patterns 2/5 search_documentation Search across AWS documentation 2/5 source_db_analyzer Extract schema from existing databases 3/5 suggest_aws_commands Get AWS CLI command syntax help 2/5 tf_init Initialise Terraform working directory 2/5 tf_output Retrieve Terraform output values 2/5 tf_plan Generate Terraform execution plan 3/5 tf_state_list List resources in Terraform state 2/5 tf_validate Validate Terraform configuration 2/5 validate_cfn_security Check CloudFormation compliance 2/5 validate_cfn_template Validate CloudFormation syntax and schema 2/5 create_resource Create AWS resources declaratively 5/5 create_table_from_csv Convert CSV files to S3 Tables 4/5 manage_eks_stacks Manage EKS CloudFormation stacks 5/5 manage_k8s_resource Create, update, or delete Kubernetes resources 5/5 tf_apply Apply Terraform changes to infrastructure 5/5 update_resource Update existing AWS resources 5/5 The AWS MCP server exposes 58 tools across 4 categories: Read, Write, Destructive, Execute.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the AWS server.
AWS tools are categorised as Read (46), Write (6), Destructive (3), Execute (3). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept