create_table

// WHEN AI AGENTS USE THIS TOOL

AI agents use create_table to create or modify resources in AWS S3 Tables MCP Server. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.

// WHY ENFORCE A POLICY ON CREATE_TABLE

Without a policy, an AI agent could call create_table repeatedly, creating or modifying resources faster than any human could review. Intercept's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach AWS S3 Tables MCP Server.

// RECOMMENDED POLICY

Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.

aws-s3-tables-mcp-server.yaml

tools:
  create_table:
    rules:
      - action: allow
        rate_limit:
          max: 30
          window: 60

See the full AWS S3 Tables MCP Server policy for all 16 tools.

// DETAILS

Tool Name create_table

Category Write

MCP Server AWS S3 Tables MCP Server MCP Server

Risk Level Medium

// MORE AWS S3 TABLES MCP SERVER TOOLS

Write create_namespace Write create_table_bucket Write import_csv_to_table Write import_parquet_to_table Write rename_table Write update_table_metadata_location Read append_rows_to_table Read get_bucket_metadata_config

View all 16 tools →

// WHAT CAN GO WRONG

Agents calling write-class tools like create_table have been implicated in these attack patterns. Read the full case and prevention policy for each:

Browse the full MCP Attack Database →

// OTHER WRITE TOOLS ACROSS MCP SERVERS

Other tools in the Write risk category across the catalogue. The same policy patterns (rate-limit, validate) apply to each.

Firecrawl Web Scraping Server firecrawl_generate_llmstxt AbraFlexi contact_create AbraFlexi contact_update AbraFlexi evidence_create AbraFlexi evidence_update AbraFlexi invoice_issued_update

// RELATED READING

// FAQ

What does the create_table tool do? +

Create a new S3 table in an S3 table bucket. Creates a new S3 table associated with the given S3 namespace in an S3 table bucket. The S3 table can be configured with specific format and metadata settings. Metadata contains the schema of the table. Do not use the metadata parameter if the schema is unclear. Supported Iceberg Primitive Types: - boolean: True or false - int: 32-bit signed integers (can promote to long) - long: 64-bit signed integers - float: 32-bit IEEE 754 floating point (can promote to double) - double: 64-bit IEEE 754 floating point - decimal(P,S): Fixed-point decimal with precision P and scale S (precision must be 38 or less) - date: Calendar date without timezone or time - time: Time of day, microsecond precision, without date or timezone - timestamp: Timestamp, microsecond precision, without timezone (represents date and time regardless of zone) - timestamptz: Timestamp, microsecond precision, with timezone (stored as UTC) - string: Arbitrary-length character sequences (UTF-8 encoded) Note: Binary field types (binary, fixed, uuid) are not supported. Example of S3 table metadata: { "metadata": { "iceberg": { "schema": { "type": "struct", "fields": [ { "id": 1, "name": "id", "type": "long", "required": true }, { "id": 2, "name": "bool_field", "type": "boolean", "required": false }, { "id": 3, "name": "int_field", "type": "int", "required": false }, { "id": 4, "name": "long_field", "type": "long", "required": false }, { "id": 5, "name": "float_field", "type": "float", "required": false }, { "id": 6, "name": "double_field", "type": "double", "required": false }, { "id": 7, "name": "decimal_field", "type": "decimal(10,2)", "required": false }, { "id": 8, "name": "date_field", "type": "date", "required": false }, { "id": 9, "name": "time_field", "type": "time", "required": false }, { "id": 10, "name": "timestamp_field", "type": "timestamp", "required": false }, { "id": 11, "name": "timestamptz_field", "type": "timestamptz", "required": false }, { "id": 12, "name": "string_field", "type": "string", "required": false } ] }, "partition-spec": [ { "source-id": 8, "field-id": 1000, "transform": "month", "name": "date_field_month" } ], "table-properties": { "description": "Example table demonstrating supported Iceberg primitive types" } } } } Permissions: You must have the s3tables:CreateTable permission to use this operation.. It is categorised as a Write tool in the AWS S3 Tables MCP Server MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

How do I enforce a policy on create_table? +

Add a rule in your Intercept YAML policy under the tools section for create_table. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the AWS S3 Tables MCP Server MCP server.

What risk level is create_table? +

create_table is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit create_table? +

Yes. Add a rate_limit block to the create_table rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block create_table completely? +

Set action: deny in the Intercept policy for create_table. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides create_table? +

create_table is provided by the AWS S3 Tables MCP Server MCP server (awslabs.s3-tables-mcp-server). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Let agents act without letting them run wild.