32 tools from the AWS Serverless MCP Server MCP Server, categorised by risk level.
View the AWS Serverless MCP Server policy →describe_schema Retrieve the schema definition for the specified schema version.
REQUIREMENTS:
- You MUST use this tool to get complete schema definitions before ... esm_deployment_precheck Validate deployment readiness and confirm user intent before ESM deployment.
This tool performs pre-deployment validation by:
1. Analyzing user pr... esm_get_config_tradeoff Analyze ESM configuration tradeoffs for specific optimization targets.
Provides comprehensive analysis of how different ESM configuration paramete... esm_guidance Comprehensive guidance for AWS Lambda Event Source Mappings (ESM).
This unified tool provides setup guidance, networking configuration, and troubl... esm_kafka_diagnosis Diagnoses timeout issues in Kafka Event Source Mappings by identifying when they occur.
This tool analyzes logs, metrics, and configurations to de... esm_kafka_resolution Provides targeted resolutions for Kafka Event Source Mapping timeout issues.
Based on the identified timeout location (pre-broker, post-broker, et... esm_kafka_troubleshoot Comprehensive Kafka ESM troubleshooting tool for both MSK and self-managed Kafka.
This unified tool supports both Amazon MSK and self-managed Apac... esm_msk_policy Generate comprehensive IAM policy for MSK cluster access with ESM.
Creates an IAM policy document that grants the necessary permissions for
Lambda... esm_msk_security_group Generate SAM template with security group rules for MSK ESM connectivity.
Creates CloudFormation resources for security group ingress and egress r... esm_optimize Comprehensive ESM optimization tool combining analysis, validation, and template generation.
This consolidated tool provides three main optimizati... esm_validate_configs Validate ESM configurations against AWS limits and event source restrictions.
Performs comprehensive validation including:
1. Event source specifi... get_iac_guidance Returns guidance on selecting an infrastructure as code (IaC) platform to deploy Serverless applications to AWS.
Using IaC is a best practice when... get_lambda_event_schemas Returns AWS Lambda event schemas for different event sources (e.g. s3, sns, apigw) and programming languages.
When a event source triggers a Lambd... get_lambda_guidance Use this tool to determine if AWS Lambda is suitable platform to deploy an application.
Returns a comprehensive guide on when to choose AWS Lambda... get_metrics Retrieves CloudWatch metrics from a deployed web application.
Use this tool get metrics on error rates, latency, throttles, etc. of Lambda functio... get_serverless_templates Returns example SAM templates from the Serverless Land GitHub repo.
Use this tool to get examples for building serverless applications with AWS La... list_registries Lists the registries in your account.
REQUIREMENTS:
- For AWS service events, you MUST use the aws.events registry directly
- For custom schemas, ... sam_logs Fetches CloudWatch logs that are generated by Lambda function and API GW resources in a SAM application.
Requirements:
- AWS SAM CLI MUST be insta... search_schema Search for schemas in a registry using keywords.
REQUIREMENTS:
- You MUST use this tool to find schemas for AWS service events
- You MUST search i... secure_esm_dynamodb_policy Generate security-approved IAM policy for DynamoDB Streams ESM.
This tool uses pre-approved policy templates and only performs parameter substitut... secure_esm_kinesis_policy Generate security-approved IAM policy for Kinesis ESM.
This tool uses pre-approved policy templates and only performs parameter substitution.
All ... secure_esm_msk_policy Generate security-approved IAM policy for MSK Kafka ESM.
This tool uses pre-approved policy templates and only performs parameter substitution.
It... secure_esm_sqs_policy Generate security-approved IAM policy for SQS ESM.
This tool uses pre-approved policy templates and only performs parameter substitution.
All perm... webapp_deployment_help Get help information about using the deploy_webapp_tool to perform web application deployments.
If deployment_type is provided, returns help infor... configure_domain Configures a custom domain for a deployed web application on AWS Serverless.
Before using this tool, you must already own the domain name and have... sam_init Initializes a serverless application using AWS SAM (Serverless Application Model) CLI.
Requirements:
- AWS SAM CLI MUST be installed and configure... update_webapp_frontend Update the frontend assets of a deployed web application.
This tool uploads new frontend assets to S3 and optionally invalidates the CloudFront ca... deploy_serverless_app_help Provides instructions on how to deploy a serverless application to AWS Lambda.
Deploying a Lambda application requires generating IaC templates, b... deploy_webapp Deploy web applications to AWS Serverless, including Lambda as compute, DynamoDB as databases, API GW, ACM Certificates, and Route 53 DNS records.
... sam_build Builds a serverless application using AWS SAM (Serverless Application Model) CLI.
Requirements:
- AWS SAM CLI MUST be installed and configured in ... sam_deploy Deploys a serverless application onto AWS Cloud using AWS SAM (Serverless Application Model) CLI and CloudFormation.
Requirements:
- AWS SAM CLI M... sam_local_invoke Locally invokes a Lambda function using AWS SAM CLI.
Requirements:
- AWS SAM CLI MUST be installed and configured in your environment
- Docker mus... The AWS Serverless MCP Server MCP server exposes 32 tools across 3 categories: Read, Write, Execute.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the AWS Serverless MCP Server server.
AWS Serverless MCP Server tools are categorised as Read (24), Write (3), Execute (5). Each category has a recommended default policy.
Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.