| Name | awslabs.ec2-mcp-server JSON |
| Version |
0.1.1
JSON |
| download |
| home_page | None |
| Summary | An AWS Labs Model Context Protocol (MCP) server for managing AWS EC2 instances, AMIs, security groups, volumes, snapshots, and related infrastructure |
| upload_time | 2025-07-26 14:36:36 |
| maintainer | None |
| docs_url | None |
| author | Amazon Web Services |
| requires_python | >=3.10 |
| license | Apache-2.0 |
| keywords |
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# AWS EC2 MCP Server
A Model Context Protocol (MCP) server for managing AWS EC2 instances, AMIs, security groups, volumes, and related infrastructure.
## Features
This MCP server acts as a **bridge** between MCP clients and AWS EC2, allowing generative AI models to create, configure, and manage EC2 resources. The server provides a secure way to interact with AWS EC2 resources while maintaining proper access controls and resource validation.
### Core Capabilities
- **EC2 Instances**: Launch, terminate, start, stop, and reboot instances
- **Security Groups**: Create, modify, and delete security groups and rules
- **Key Pairs**: Create and manage SSH key pairs with secure storage
- **EBS Volumes**: Create, attach, detach, and delete volumes
- **EBS Snapshots**: Create and manage volume snapshots
- **AMIs**: Create custom AMIs from instances and manage their lifecycle
- **VPC Management**: List and manage VPCs, subnets, and networking components
### Security Features
- Input validation for all AWS resource IDs
- Permission-based access control with environment variable controls
- Response sanitization to prevent sensitive data leakage
- Secure private key storage in AWS services (Parameter Store, S3, Secrets Manager)
- Configurable write operation protection
## Prerequisites
1. AWS account with permissions to manage EC2 resources
2. AWS credentials configured (AWS CLI, environment variables, or IAM roles)
## Installation
| Cursor | VS Code |
|:------:|:-------:|
| [](https://cursor.com/install-mcp?name=awslabs.ec2-mcp-server&config=ewogICJjb21tYW5kIjogInV2eCIsCiAgImFyZ3MiOiBbImF3c2xhYnMuZWMyLW1jcC1zZXJ2ZXJAbGF0ZXN0Il0sCiAgImVudiI6IHsKICAgICJBV1NfUFJPRklMRSI6ICJkZWZhdWx0IiwKICAgICJBV1NfUkVHSU9OIjogInVzLXdlc3QtMiIsCiAgICAiRkFTVE1DUF9MT0dfTEVWRUwiOiAiSU5GTyIsCiAgICAiQUxMT1dfV1JJVEUiOiAidHJ1ZSIsCiAgICAiQUxMT1dfU0VOU0lUSVZFX0RBVEEiOiAiZmFsc2UiCiAgfQp9) | [](https://insiders.vscode.dev/redirect/mcp/install?name=AWS%20EC2%20MCP%20Server&config=%7B%22command%22%3A%22uvx%22%2C%22args%22%3A%5B%22awslabs.ec2-mcp-server%40latest%22%5D%2C%22env%22%3A%7B%22AWS_PROFILE%22%3A%22default%22%2C%22AWS_REGION%22%3A%22us-west-2%22%2C%22FASTMCP_LOG_LEVEL%22%3A%22INFO%22%2C%22ALLOW_WRITE%22%3A%22true%22%2C%22ALLOW_SENSITIVE_DATA%22%3A%22false%22%7D%7D) |
### Using uvx (Recommended)
Configure the MCP server in your MCP client configuration (e.g., for Claude Desktop, edit the configuration file):
```json
{
"mcpServers": {
"awslabs.ec2-mcp-server": {
"command": "uvx",
"args": ["awslabs.ec2-mcp-server@latest"],
"env": {
"AWS_PROFILE": "default",
"AWS_REGION": "us-west-2",
"FASTMCP_LOG_LEVEL": "INFO",
"ALLOW_WRITE": "true",
"ALLOW_SENSITIVE_DATA": "false"
},
"disabled": false,
"autoApprove": []
}
}
}
```
### Using Docker
First, build the Docker image:
```bash
docker build -t awslabs/ec2-mcp-server .
```
Then configure with Docker in your MCP client:
```json
{
"mcpServers": {
"awslabs.ec2-mcp-server": {
"command": "docker",
"args": [
"run",
"--rm",
"--interactive",
"--env", "AWS_PROFILE=default",
"--env", "AWS_REGION=us-west-2",
"--env", "FASTMCP_LOG_LEVEL=INFO",
"--env", "ALLOW_WRITE=true",
"--env", "ALLOW_SENSITIVE_DATA=false",
"--volume", "~/.aws:/root/.aws:ro",
"awslabs/ec2-mcp-server:latest"
],
"env": {},
"disabled": false,
"autoApprove": []
}
}
}
```
**Note**: The Docker configuration includes a read-only mount of your AWS credentials directory (`~/.aws`) to provide AWS authentication to the container.
## Configuration Options
### Environment Variables
- **`AWS_PROFILE`**: AWS profile name (default: "default")
- **`AWS_REGION`**: AWS region (default: "us-east-1")
- **`ALLOW_WRITE`**: Enable write operations like create/modify/delete (default: "false")
- **`ALLOW_SENSITIVE_DATA`**: Enable access to sensitive resource data (default: "false")
- **`FASTMCP_LOG_LEVEL`**: Logging level - DEBUG, INFO, WARNING, ERROR (default: "INFO")
- **`FASTMCP_LOG_FILE`**: Optional log file path
### Security Settings
**Important**: Write operations are disabled by default for security. Set `ALLOW_WRITE=true` to enable resource creation/modification/deletion.
### Key Pair Storage Configuration
When creating key pairs, you must specify a storage method:
- **`DEFAULT_STORAGE_METHOD`**: "parameter_store", "s3_encrypted", or "secrets_manager"
- **`PARAMETER_STORE_PREFIX`**: Prefix for Parameter Store keys (default: "/ec2/keypairs")
- **`S3_KEYPAIR_BUCKET`**: S3 bucket for encrypted key storage
- **`SECRETS_MANAGER_PREFIX`**: Prefix for Secrets Manager (default: "ec2/keypairs")
## Available Tools
### EC2 Instances (9 tools)
- `list_instances` - List EC2 instances with filtering options
- `get_instance_details` - Get detailed information about a specific instance
- `launch_instance` - Launch new EC2 instances with full configuration
- `terminate_instance` - Terminate EC2 instances permanently
- `start_instance` - Start stopped instances
- `stop_instance` - Stop running instances (with optional force flag)
- `reboot_instance` - Reboot running instances
- `get_subnet_info` - Get subnet information for networking
- `list_subnets` - List available subnets for instance placement
### Security Groups (5 tools)
- `list_security_groups` - List security groups with filtering
- `get_security_group_details` - Get detailed security group configuration
- `create_security_group` - Create new security groups with descriptions
- `delete_security_group` - Delete security groups
- `modify_security_group_rules` - Add/remove inbound and outbound rules
### Key Pairs (3 tools) - ⚠️ Storage Method Required
- `list_key_pairs` - List available EC2 key pairs
- `create_key_pair` - **Requires storage_method parameter**
- Must specify one of: "secrets_manager", "s3_encrypted", or "parameter_store"
- Cannot create key pair without specifying where to store the private key
- `delete_key_pair` - Delete key pairs and associated stored private keys
### EBS Volumes (5 tools)
- `list_volumes` - List EBS volumes with status and attachment info
- `create_volume` - Create new EBS volumes with specified size and type
- `delete_volume` - Delete EBS volumes (must be unattached)
- `attach_volume` - Attach volumes to EC2 instances
- `detach_volume` - Detach volumes from instances
### EBS Snapshots (2 tools)
- `list_snapshots` - List EBS snapshots with filtering
- `create_snapshot` - Create snapshots from EBS volumes
### AMIs - Amazon Machine Images (4 tools)
- `list_amis` - List AMIs with ownership and filtering options
- `get_popular_amis` - Get popular public AMIs (Amazon Linux, Ubuntu, Windows, RHEL)
- `create_image` - Create custom AMIs from running instances
- `deregister_image` - Deregister/delete AMIs
### VPC & Networking (5 tools)
- `list_vpcs` - List Virtual Private Clouds
- `get_default_vpc` - Get the default VPC for the region
- `find_suitable_subnet` - Find appropriate subnets for instance placement
- `delete_vpc` - Delete VPCs (advanced operation)
- `list_subnets` - List subnets with VPC filtering
## Common Workflows
### Launch a Web Server
1. `get_popular_amis` - Find latest Amazon Linux AMI
2. `create_key_pair` with storage_method="secrets_manager"
3. `create_security_group` for HTTP/SSH access
4. `launch_instance` with the AMI, key pair, and security group
### Create Custom AMI
1. `list_instances` - Find your configured instance
2. `stop_instance` - Stop for consistent snapshot
3. `create_image` - Create AMI from instance
4. `start_instance` - Restart original instance
### Volume Management
1. `create_volume` - Create additional storage
2. `attach_volume` - Attach to running instance
3. `create_snapshot` - Backup volume data
## Required AWS Permissions
The server requires the following IAM permissions:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:*",
"ssm:GetParameter",
"ssm:PutParameter",
"ssm:DeleteParameter",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"secretsmanager:GetSecretValue",
"secretsmanager:CreateSecret",
"secretsmanager:DeleteSecret",
"sts:GetCallerIdentity"
],
"Resource": "*"
}
]
}
```
For production use, consider implementing more restrictive permissions based on your specific needs.
## License
This project is licensed under the Apache License, Version 2.0.
Raw data
{
"_id": null,
"home_page": null,
"name": "awslabs.ec2-mcp-server",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": null,
"author": "Amazon Web Services",
"author_email": "AWSLabs MCP <203918161+awslabs-mcp@users.noreply.github.com>, Senthamil Chezhian <senthamilchezhian2003@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/7c/e2/cf3bbc2eddd4c467b8b50d340d90a3b02371ac75e7b23f737ce74e04b38d/awslabs_ec2_mcp_server-0.1.1.tar.gz",
"platform": null,
"description": "# AWS EC2 MCP Server\n\nA Model Context Protocol (MCP) server for managing AWS EC2 instances, AMIs, security groups, volumes, and related infrastructure.\n\n## Features\n\nThis MCP server acts as a **bridge** between MCP clients and AWS EC2, allowing generative AI models to create, configure, and manage EC2 resources. The server provides a secure way to interact with AWS EC2 resources while maintaining proper access controls and resource validation.\n\n### Core Capabilities\n- **EC2 Instances**: Launch, terminate, start, stop, and reboot instances\n- **Security Groups**: Create, modify, and delete security groups and rules \n- **Key Pairs**: Create and manage SSH key pairs with secure storage\n- **EBS Volumes**: Create, attach, detach, and delete volumes\n- **EBS Snapshots**: Create and manage volume snapshots\n- **AMIs**: Create custom AMIs from instances and manage their lifecycle\n- **VPC Management**: List and manage VPCs, subnets, and networking components\n\n### Security Features\n- Input validation for all AWS resource IDs\n- Permission-based access control with environment variable controls\n- Response sanitization to prevent sensitive data leakage\n- Secure private key storage in AWS services (Parameter Store, S3, Secrets Manager)\n- Configurable write operation protection\n\n## Prerequisites\n\n1. AWS account with permissions to manage EC2 resources\n2. AWS credentials configured (AWS CLI, environment variables, or IAM roles)\n\n## Installation\n\n| Cursor | VS Code |\n|:------:|:-------:|\n| [](https://cursor.com/install-mcp?name=awslabs.ec2-mcp-server&config=ewogICJjb21tYW5kIjogInV2eCIsCiAgImFyZ3MiOiBbImF3c2xhYnMuZWMyLW1jcC1zZXJ2ZXJAbGF0ZXN0Il0sCiAgImVudiI6IHsKICAgICJBV1NfUFJPRklMRSI6ICJkZWZhdWx0IiwKICAgICJBV1NfUkVHSU9OIjogInVzLXdlc3QtMiIsCiAgICAiRkFTVE1DUF9MT0dfTEVWRUwiOiAiSU5GTyIsCiAgICAiQUxMT1dfV1JJVEUiOiAidHJ1ZSIsCiAgICAiQUxMT1dfU0VOU0lUSVZFX0RBVEEiOiAiZmFsc2UiCiAgfQp9) | [](https://insiders.vscode.dev/redirect/mcp/install?name=AWS%20EC2%20MCP%20Server&config=%7B%22command%22%3A%22uvx%22%2C%22args%22%3A%5B%22awslabs.ec2-mcp-server%40latest%22%5D%2C%22env%22%3A%7B%22AWS_PROFILE%22%3A%22default%22%2C%22AWS_REGION%22%3A%22us-west-2%22%2C%22FASTMCP_LOG_LEVEL%22%3A%22INFO%22%2C%22ALLOW_WRITE%22%3A%22true%22%2C%22ALLOW_SENSITIVE_DATA%22%3A%22false%22%7D%7D) |\n\n### Using uvx (Recommended)\n\nConfigure the MCP server in your MCP client configuration (e.g., for Claude Desktop, edit the configuration file):\n\n```json\n{\n \"mcpServers\": {\n \"awslabs.ec2-mcp-server\": {\n \"command\": \"uvx\",\n \"args\": [\"awslabs.ec2-mcp-server@latest\"],\n \"env\": {\n \"AWS_PROFILE\": \"default\",\n \"AWS_REGION\": \"us-west-2\",\n \"FASTMCP_LOG_LEVEL\": \"INFO\",\n \"ALLOW_WRITE\": \"true\",\n \"ALLOW_SENSITIVE_DATA\": \"false\"\n },\n \"disabled\": false,\n \"autoApprove\": []\n }\n }\n}\n```\n\n### Using Docker\n\nFirst, build the Docker image:\n\n```bash\ndocker build -t awslabs/ec2-mcp-server .\n```\n\nThen configure with Docker in your MCP client:\n\n```json\n{\n \"mcpServers\": {\n \"awslabs.ec2-mcp-server\": {\n \"command\": \"docker\",\n \"args\": [\n \"run\",\n \"--rm\",\n \"--interactive\",\n \"--env\", \"AWS_PROFILE=default\",\n \"--env\", \"AWS_REGION=us-west-2\",\n \"--env\", \"FASTMCP_LOG_LEVEL=INFO\",\n \"--env\", \"ALLOW_WRITE=true\",\n \"--env\", \"ALLOW_SENSITIVE_DATA=false\",\n \"--volume\", \"~/.aws:/root/.aws:ro\",\n \"awslabs/ec2-mcp-server:latest\"\n ],\n \"env\": {},\n \"disabled\": false,\n \"autoApprove\": []\n }\n }\n}\n```\n\n**Note**: The Docker configuration includes a read-only mount of your AWS credentials directory (`~/.aws`) to provide AWS authentication to the container.\n\n## Configuration Options\n\n### Environment Variables\n\n- **`AWS_PROFILE`**: AWS profile name (default: \"default\")\n- **`AWS_REGION`**: AWS region (default: \"us-east-1\") \n- **`ALLOW_WRITE`**: Enable write operations like create/modify/delete (default: \"false\")\n- **`ALLOW_SENSITIVE_DATA`**: Enable access to sensitive resource data (default: \"false\")\n- **`FASTMCP_LOG_LEVEL`**: Logging level - DEBUG, INFO, WARNING, ERROR (default: \"INFO\")\n- **`FASTMCP_LOG_FILE`**: Optional log file path\n\n### Security Settings\n\n**Important**: Write operations are disabled by default for security. Set `ALLOW_WRITE=true` to enable resource creation/modification/deletion.\n\n### Key Pair Storage Configuration\n\nWhen creating key pairs, you must specify a storage method:\n- **`DEFAULT_STORAGE_METHOD`**: \"parameter_store\", \"s3_encrypted\", or \"secrets_manager\"\n- **`PARAMETER_STORE_PREFIX`**: Prefix for Parameter Store keys (default: \"/ec2/keypairs\")\n- **`S3_KEYPAIR_BUCKET`**: S3 bucket for encrypted key storage\n- **`SECRETS_MANAGER_PREFIX`**: Prefix for Secrets Manager (default: \"ec2/keypairs\")\n\n## Available Tools\n\n### EC2 Instances (9 tools)\n- `list_instances` - List EC2 instances with filtering options\n- `get_instance_details` - Get detailed information about a specific instance\n- `launch_instance` - Launch new EC2 instances with full configuration\n- `terminate_instance` - Terminate EC2 instances permanently\n- `start_instance` - Start stopped instances\n- `stop_instance` - Stop running instances (with optional force flag)\n- `reboot_instance` - Reboot running instances\n- `get_subnet_info` - Get subnet information for networking\n- `list_subnets` - List available subnets for instance placement\n\n### Security Groups (5 tools)\n- `list_security_groups` - List security groups with filtering\n- `get_security_group_details` - Get detailed security group configuration\n- `create_security_group` - Create new security groups with descriptions\n- `delete_security_group` - Delete security groups\n- `modify_security_group_rules` - Add/remove inbound and outbound rules\n\n### Key Pairs (3 tools) - \u26a0\ufe0f Storage Method Required\n- `list_key_pairs` - List available EC2 key pairs\n- `create_key_pair` - **Requires storage_method parameter**\n - Must specify one of: \"secrets_manager\", \"s3_encrypted\", or \"parameter_store\"\n - Cannot create key pair without specifying where to store the private key\n- `delete_key_pair` - Delete key pairs and associated stored private keys\n\n### EBS Volumes (5 tools)\n- `list_volumes` - List EBS volumes with status and attachment info\n- `create_volume` - Create new EBS volumes with specified size and type\n- `delete_volume` - Delete EBS volumes (must be unattached)\n- `attach_volume` - Attach volumes to EC2 instances\n- `detach_volume` - Detach volumes from instances\n\n### EBS Snapshots (2 tools)\n- `list_snapshots` - List EBS snapshots with filtering\n- `create_snapshot` - Create snapshots from EBS volumes\n\n### AMIs - Amazon Machine Images (4 tools)\n- `list_amis` - List AMIs with ownership and filtering options\n- `get_popular_amis` - Get popular public AMIs (Amazon Linux, Ubuntu, Windows, RHEL)\n- `create_image` - Create custom AMIs from running instances\n- `deregister_image` - Deregister/delete AMIs\n\n### VPC & Networking (5 tools)\n- `list_vpcs` - List Virtual Private Clouds\n- `get_default_vpc` - Get the default VPC for the region\n- `find_suitable_subnet` - Find appropriate subnets for instance placement\n- `delete_vpc` - Delete VPCs (advanced operation)\n- `list_subnets` - List subnets with VPC filtering\n\n## Common Workflows\n\n### Launch a Web Server\n1. `get_popular_amis` - Find latest Amazon Linux AMI\n2. `create_key_pair` with storage_method=\"secrets_manager\"\n3. `create_security_group` for HTTP/SSH access\n4. `launch_instance` with the AMI, key pair, and security group\n\n### Create Custom AMI\n1. `list_instances` - Find your configured instance\n2. `stop_instance` - Stop for consistent snapshot\n3. `create_image` - Create AMI from instance\n4. `start_instance` - Restart original instance\n\n### Volume Management\n1. `create_volume` - Create additional storage\n2. `attach_volume` - Attach to running instance\n3. `create_snapshot` - Backup volume data\n\n## Required AWS Permissions\n\nThe server requires the following IAM permissions:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:*\",\n \"ssm:GetParameter\",\n \"ssm:PutParameter\",\n \"ssm:DeleteParameter\",\n \"s3:GetObject\",\n \"s3:PutObject\",\n \"s3:DeleteObject\",\n \"secretsmanager:GetSecretValue\",\n \"secretsmanager:CreateSecret\",\n \"secretsmanager:DeleteSecret\",\n \"sts:GetCallerIdentity\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}\n```\n\nFor production use, consider implementing more restrictive permissions based on your specific needs.\n\n## License\n\nThis project is licensed under the Apache License, Version 2.0.",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "An AWS Labs Model Context Protocol (MCP) server for managing AWS EC2 instances, AMIs, security groups, volumes, snapshots, and related infrastructure",
"version": "0.1.1",
"project_urls": {
"changelog": "https://github.com/awslabs/mcp/blob/main/src/ec2-mcp-server/CHANGELOG.md",
"docs": "https://awslabs.github.io/mcp/servers/ec2-mcp-server/",
"documentation": "https://awslabs.github.io/mcp/servers/ec2-mcp-server/",
"homepage": "https://awslabs.github.io/mcp/",
"repository": "https://github.com/awslabs/mcp.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "d3074b2aa8df6ef74e74b676d4ddcb5fa585545b4b0128bf5bf530460ec724cc",
"md5": "cd088845df9ee15628e06ed9bba7babe",
"sha256": "0a5c72c8586174061f07947ad41dd0680a26981a121e1cc774f64f1aa3926e16"
},
"downloads": -1,
"filename": "awslabs_ec2_mcp_server-0.1.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "cd088845df9ee15628e06ed9bba7babe",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 52752,
"upload_time": "2025-07-26T14:36:34",
"upload_time_iso_8601": "2025-07-26T14:36:34.478055Z",
"url": "https://files.pythonhosted.org/packages/d3/07/4b2aa8df6ef74e74b676d4ddcb5fa585545b4b0128bf5bf530460ec724cc/awslabs_ec2_mcp_server-0.1.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "7ce2cf3bbc2eddd4c467b8b50d340d90a3b02371ac75e7b23f737ce74e04b38d",
"md5": "1885f32bf7e7d670e1854fb9acc710ad",
"sha256": "f9f7d0c7d9203f331f08fb9eb4153552cc3c60229ec958befada8fd3de3e99fd"
},
"downloads": -1,
"filename": "awslabs_ec2_mcp_server-0.1.1.tar.gz",
"has_sig": false,
"md5_digest": "1885f32bf7e7d670e1854fb9acc710ad",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 151034,
"upload_time": "2025-07-26T14:36:36",
"upload_time_iso_8601": "2025-07-26T14:36:36.415722Z",
"url": "https://files.pythonhosted.org/packages/7c/e2/cf3bbc2eddd4c467b8b50d340d90a3b02371ac75e7b23f737ce74e04b38d/awslabs_ec2_mcp_server-0.1.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-26 14:36:36",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "awslabs",
"github_project": "mcp",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "awslabs.ec2-mcp-server"
}
