Replicate external AWS resources into a running LocalStack instance using the AWS Replicator HTTP API.
AI agents use localstack-aws-replicator to create or update resources in Localstack — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Localstack environment.
| Parameter | Type | Required | Description |
|---|---|---|---|
action | string | Yes | The AWS Replicator action to perform: start a job, check job status, list jobs, or list supported resource types. |
job_id | string | — | Replication job id. Required for the status action. |
resource_arn | string | — | Full ARN of the resource to replicate. Only supported for SINGLE_RESOURCE jobs and mutually exclusive with resource_type/resource_identifier. |
resource_type | string | — | CloudFormation resource type to replicate, e.g. AWS::EC2::VPC or AWS::SSM::Parameter. Use this with resource_identifier, or provide resource_arn instead. |
replication_type | string | — | Replication job type. Use SINGLE_RESOURCE for one resource, or BATCH for supported batch jobs such as SSM parameters under a path prefix. |
target_account_id | string | — | Optional LocalStack target AWS account id override. LocalStack defaults to account 000000000000, so this is only needed when replicating into a non-default acco |
target_region_name | string | — | Optional LocalStack target AWS region override. Defaults to the source region. |
resource_identifier | string | — | CloudControl identifier for the resource to replicate, such as a VPC ID (vpc-...), SSM parameter name, IAM role name, or ECR repository name. Required when usin |
Parameters from the server's own tool schema.
This tool copies/replicates AWS resources into a LocalStack instance, which is a Write operation — it creates or modifies data within the LocalStack environment. While not directly destructive or financial, misuse could overwrite existing LocalStack state with unintended AWS resources at scale, hence high severity.
From the tool's definition Replicate external AWS resources into a running LocalStack instance
Attacks that exploit this kind of access
Replicate external AWS resources into a running LocalStack instance using the AWS Replicator HTTP API. It is categorised as a Write tool in the Localstack MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
localstack-aws-replicator accepts 8 parameters: action, job_id, resource_arn, resource_type, replication_type, target_account_id, target_region_name, resource_identifier. Required: action. The full parameter table on this page comes from the server's own tool schema.
Register the Localstack MCP server in PolicyLayer and add a rule for localstack-aws-replicator: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Localstack. Nothing to install.
localstack-aws-replicator is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the localstack-aws-replicator rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for localstack-aws-replicator. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
localstack-aws-replicator is provided by the Localstack MCP server (@localstack/localstack-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →