localstack-aws-replicator

Replicate external AWS resources into a running LocalStack instance using the AWS Replicator HTTP API.

Server Localstack @localstack/localstack-mcp-server
Category Write
Risk class Medium
Parameters 81 required

What localstack-aws-replicator does on Localstack

AI agents use localstack-aws-replicator to create or update resources in Localstack — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Localstack environment.

ParameterTypeRequiredDescription
action string Yes The AWS Replicator action to perform: start a job, check job status, list jobs, or list supported resource types.
job_id string Replication job id. Required for the status action.
resource_arn string Full ARN of the resource to replicate. Only supported for SINGLE_RESOURCE jobs and mutually exclusive with resource_type/resource_identifier.
resource_type string CloudFormation resource type to replicate, e.g. AWS::EC2::VPC or AWS::SSM::Parameter. Use this with resource_identifier, or provide resource_arn instead.
replication_type string Replication job type. Use SINGLE_RESOURCE for one resource, or BATCH for supported batch jobs such as SSM parameters under a path prefix.
target_account_id string Optional LocalStack target AWS account id override. LocalStack defaults to account 000000000000, so this is only needed when replicating into a non-default acco
target_region_name string Optional LocalStack target AWS region override. Defaults to the source region.
resource_identifier string CloudControl identifier for the resource to replicate, such as a VPC ID (vpc-...), SSM parameter name, IAM role name, or ECR repository name. Required when usin

Parameters from the server's own tool schema.

Why localstack-aws-replicator needs a policy

This tool copies/replicates AWS resources into a LocalStack instance, which is a Write operation — it creates or modifies data within the LocalStack environment. While not directly destructive or financial, misuse could overwrite existing LocalStack state with unintended AWS resources at scale, hence high severity.

From the tool's definition Replicate external AWS resources into a running LocalStack instance

Questions about localstack-aws-replicator

What does the localstack-aws-replicator tool do? +

Replicate external AWS resources into a running LocalStack instance using the AWS Replicator HTTP API. It is categorised as a Write tool in the Localstack MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

What parameters does localstack-aws-replicator accept? +

localstack-aws-replicator accepts 8 parameters: action, job_id, resource_arn, resource_type, replication_type, target_account_id, target_region_name, resource_identifier. Required: action. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on localstack-aws-replicator? +

Register the Localstack MCP server in PolicyLayer and add a rule for localstack-aws-replicator: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Localstack. Nothing to install.

What risk level is localstack-aws-replicator? +

localstack-aws-replicator is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit localstack-aws-replicator? +

Yes. Add a rate_limit block to the localstack-aws-replicator rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block localstack-aws-replicator completely? +

Set action: deny in the PolicyLayer policy for localstack-aws-replicator. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides localstack-aws-replicator? +

localstack-aws-replicator is provided by the Localstack MCP server (@localstack/localstack-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.