dynamodb_data_model_schema_validator

// WHEN AI AGENTS USE THIS TOOL

AI agents call dynamodb_data_model_schema_validator to retrieve information from AWS DynamoDB MCP Server without modifying any data. This is common in research, monitoring, and reporting workflows where the agent needs context before taking action. Because read operations don't change state, they are generally safe to allow without restrictions -- but you may still want rate limits to control API costs.

// WHY ENFORCE A POLICY ON DYNAMODB_DATA_MODEL_SCHEMA_VALIDATOR

Even though dynamodb_data_model_schema_validator only reads data, uncontrolled read access can leak sensitive information or rack up API costs. An agent caught in a retry loop could make thousands of calls per minute. A rate limit gives you a safety net without blocking legitimate use.

// RECOMMENDED POLICY

Read-only tools are safe to allow by default. No rate limit needed unless you want to control costs.

aws-dynamodb-mcp-server.yaml

tools:
  dynamodb_data_model_schema_validator:
    rules:
      - action: allow

See the full AWS DynamoDB MCP Server policy for all 8 tools.

// DETAILS

Tool Name dynamodb_data_model_schema_validator

Category Read

MCP Server AWS DynamoDB MCP Server MCP Server

Risk Level Low

// MORE AWS DYNAMODB MCP SERVER TOOLS

Execute source_db_analyzer Write compute_performances_and_costs Write generate_data_access_layer Write generate_resources Read dynamodb_data_model_schema_converter Read dynamodb_data_model_validation Read dynamodb_data_modeling

// WHAT CAN GO WRONG

Agents calling read-class tools like dynamodb_data_model_schema_validator have been implicated in these attack patterns. Read the full case and prevention policy for each:

Browse the full MCP Attack Database →

// OTHER READ TOOLS ACROSS MCP SERVERS

Other tools in the Read risk category across the catalogue. The same policy patterns (rate-limit, allow) apply to each.

Firecrawl Web Scraping Server firecrawl_check_crawl_status Firecrawl Web Scraping Server firecrawl_crawl Firecrawl Web Scraping Server firecrawl_deep_research Firecrawl Web Scraping Server firecrawl_extract Firecrawl Web Scraping Server firecrawl_map Firecrawl Web Scraping Server firecrawl_scrape

// RELATED READING

// FAQ

What does the dynamodb_data_model_schema_validator tool do? +

Validates a schema.json file - the structured JSON representation of your DynamoDB data model. This tool validates that your schema.json file is properly formatted and contains all required fields for use with the repository generation tool and other automation tools. It provides detailed error messages with suggestions for fixing any issues found. Optionally, if usage_data_path is provided, it will also validate the usage_data.json file against the schema to ensure consistency. The validation checks: - Required sections (table_config, entities) exist - All required fields are present - Field types are valid (string, integer, decimal, boolean, array, object, uuid) - Enum values are correct (operation types, return types, etc.) - Pattern IDs are unique across all entities - GSI names match between gsi_list and gsi_mappings - Fields referenced in templates exist in entity fields - Range conditions are valid and have correct parameter counts - Access patterns have valid operations and return types - Usage data validation (if usage_data_path provided) Security: - Schema files must be within the current working directory or subdirectories - Path traversal attempts (e.g., ../../../../etc/passwd) are blocked Args: schema_path: Absolute path to the schema.json file to validate usage_data_path: Optional absolute path to the usage_data.json file to validate Returns: Validation result with either success message or detailed error messages with suggestions Example Usage: dynamodb_data_model_schema_validator("/path/to/schema.json") dynamodb_data_model_schema_validator("/path/to/schema.json", "/path/to/usage_data.json") Example Success Output: "✅ Schema validation passed!" or "✅ Schema validation passed! ✅ Usage data validation passed!" Example Error Output: "❌ Schema validation failed: • entities.User.fields[0].type: Invalid type value 'strng' 💡 Did you mean 'string'? Valid options: string, integer, decimal, boolean, array, object, uuid". It is categorised as a Read tool in the AWS DynamoDB MCP Server MCP Server, which means it retrieves data without modifying state.

How do I enforce a policy on dynamodb_data_model_schema_validator? +

Add a rule in your Intercept YAML policy under the tools section for dynamodb_data_model_schema_validator. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the AWS DynamoDB MCP Server MCP server.

What risk level is dynamodb_data_model_schema_validator? +

dynamodb_data_model_schema_validator is a Read tool with low risk. Read-only tools are generally safe to allow by default.

Can I rate-limit dynamodb_data_model_schema_validator? +

Yes. Add a rate_limit block to the dynamodb_data_model_schema_validator rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block dynamodb_data_model_schema_validator completely? +

Set action: deny in the Intercept policy for dynamodb_data_model_schema_validator. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides dynamodb_data_model_schema_validator? +

dynamodb_data_model_schema_validator is provided by the AWS DynamoDB MCP Server MCP server (awslabs.dynamodb-mcp-server). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.

dynamodb_data_model_schema_validator

Let agents act without letting them run wild.