29 tools from the AWS IAM MCP Server MCP Server, categorised by risk level.
View the AWS IAM MCP Server policy →get_group Get detailed information about a specific IAM group.
This tool retrieves comprehensive information about an IAM group including
group members, att... get_managed_policy_document Retrieve the policy document for a managed policy.
This tool retrieves the policy document for a specific managed policy version.
Use this to exam... get_role_policy Retrieve an inline policy for an IAM role.
This tool retrieves the policy document for a specific inline policy attached to a role.
Args:
rol... get_user Get detailed information about a specific IAM user.
This tool retrieves comprehensive information about an IAM user including
attached policies, g... get_user_policy Retrieve an inline policy for an IAM user.
This tool retrieves the policy document for a specific inline policy attached to a user.
Args:
use... list_groups List IAM groups in the account.
This tool retrieves a list of IAM groups from your AWS account with optional filtering.
Use this to get an overvie... list_policies List IAM policies in the account.
Args:
scope: Scope of policies to list ("All", "AWS", or "Local")
only_attached: Only return policies th... list_role_policies List all inline policies for an IAM role.
This tool retrieves the names of all inline policies attached to the specified role.
Args:
role_nam... list_roles List IAM roles in the account.
Args:
path_prefix: Optional path prefix to filter roles
max_items: Maximum number of roles to return
Retur... list_user_policies List all inline policies for an IAM user.
This tool retrieves the names of all inline policies attached to the specified user.
Args:
user_nam... list_users List IAM users in the account.
This tool retrieves a list of IAM users from your AWS account with optional filtering.
Use this to get an overview ... simulate_principal_policy Simulate IAM policy evaluation for a principal.
Args:
policy_source_arn: ARN of the user or role to simulate
action_names: List of actions... add_user_to_group Add a user to an IAM group.
Args:
group_name: The name of the IAM group
user_name: The name of the IAM user
confirmed: Must be true to... attach_group_policy Attach a managed policy to an IAM group.
Args:
group_name: The name of the IAM group
policy_arn: The ARN of the policy to attach
confi... attach_user_policy Attach a managed policy to an IAM user.
Args:
user_name: The name of the IAM user
policy_arn: The ARN of the policy to attach
confirme... create_access_key Create a new access key for an IAM user.
Args:
user_name: The name of the IAM user
confirmed: Must be true to confirm this write operation... create_group Create a new IAM group.
This tool creates a new IAM group in your AWS account. The group will be created
without any permissions by default - you'... create_role Create a new IAM role.
Args:
role_name: The name of the new IAM role
assume_role_policy_document: The trust policy document in JSON format... create_user Create a new IAM user.
This tool creates a new IAM user in your AWS account. The user will be created
without any permissions by default - you'll ... detach_group_policy Detach a managed policy from an IAM group.
Args:
group_name: The name of the IAM group
policy_arn: The ARN of the policy to detach
con... detach_user_policy Detach a managed policy from an IAM user.
Args:
user_name: The name of the IAM user
policy_arn: The ARN of the policy to detach
confir... put_role_policy Create or update an inline policy for an IAM role.
This tool creates a new inline policy or updates an existing one for the specified role.
Inline... put_user_policy Create or update an inline policy for an IAM user.
This tool creates a new inline policy or updates an existing one for the specified user.
Inline... delete_access_key Delete an access key for an IAM user.
Args:
user_name: The name of the IAM user
access_key_id: The access key ID to delete
confirmed: ... delete_group Delete an IAM group.
Args:
group_name: The name of the IAM group to delete
force: If True, removes all members and attached policies first... delete_role_policy Delete an inline policy from an IAM role.
This tool removes an inline policy from the specified role. The policy document
will be permanently dele... delete_user Delete an IAM user.
Args:
user_name: The name of the IAM user to delete
force: If True, removes all attached policies, groups, and access ... delete_user_policy Delete an inline policy from an IAM user.
This tool removes an inline policy from the specified user. The policy document
will be permanently dele... remove_user_from_group Remove a user from an IAM group.
Args:
group_name: The name of the IAM group
user_name: The name of the IAM user
confirmed: Must be tr... The AWS IAM MCP Server MCP server exposes 29 tools across 3 categories: Read, Write, Destructive.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the AWS IAM MCP Server server.
AWS IAM MCP Server tools are categorised as Read (12), Write (11), Destructive (6). Each category has a recommended default policy.
Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.