mcpSource-backedReview first Safety ✓ Privacy ✓

AWS IAM MCP Server

Official AWS Labs MCP server for AWS Identity and Access Management that lets AI assistants inspect and manage IAM users, roles, groups, policies, and access keys, with policy simulation and an opt-in read-only mode.

by AWS Labs·added 2026-06-21·

Claude Code Codex Cursor Claude Desktop

HarnessClaude CodeCodexCursorClaude Desktop

Install

Source

uvx awslabs.iam-mcp-server@latest --readonly

Readiness

TrustReview first
Sourcesource-backed
Safety notesPresent
ReviewedYes

Documentation Source repository Registry JSON · LLM text

Review first — review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Canonical URL: https://heyclau.de/entry/mcp/aws-iam-mcp-server
Source URLs: https://github.com/awslabs/mcp/blob/main/src/iam-mcp-server/README.md, https://github.com/awslabs/mcp, https://awslabs.github.io/mcp/
Brand: AWS Labs
Brand domain: aws.amazon.com
Brand asset source: brandfetch
Safety notes: Run with the `--readonly` flag (shown above) to block all mutating operations. Without it the server can create and delete IAM users, roles, groups, policies, and access keys — high-impact identity changes — so enable write access only deliberately and with scoped permissions., IAM controls account-wide access; a misused write operation can grant or revoke permissions broadly. Prefer non-production accounts while evaluating, and use policy simulation to test changes before applying them., This server acts on real IAM with your AWS credentials; scope the profile tightly and run it only on a trusted host.
Privacy notes: IAM user/role/group names, ARNs, policy documents, and account metadata can be returned through tool calls and exposed to the model., Access key IDs and other identity material may appear in responses; never expose secret access keys, and keep account identifiers and policy contents out of public prompts, issues, and screenshots.
Author: AWS Labs
Submitted by: jaso0n0818
Claim status: unclaimed
Last verified: 2026-06-21

Safety notes

Run with the `--readonly` flag (shown above) to block all mutating operations. Without it the server can create and delete IAM users, roles, groups, policies, and access keys — high-impact identity changes — so enable write access only deliberately and with scoped permissions.
IAM controls account-wide access; a misused write operation can grant or revoke permissions broadly. Prefer non-production accounts while evaluating, and use policy simulation to test changes before applying them.
This server acts on real IAM with your AWS credentials; scope the profile tightly and run it only on a trusted host.

Privacy notes

IAM user/role/group names, ARNs, policy documents, and account metadata can be returned through tool calls and exposed to the model.
Access key IDs and other identity material may appear in responses; never expose secret access keys, and keep account identifiers and policy contents out of public prompts, issues, and screenshots.

Prerequisites

An AWS account with IAM access and permissions for the IAM read (and, if write is enabled, manage) operations you intend to use.
Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package.
AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped least-privilege; read-only IAM permissions are enough for the recommended `--readonly` mode.
An MCP client that supports stdio servers; the server runs locally on the same host as the client.

Schema details

Install type: cli
Troubleshooting: No

Source repository stats

Scope: Source repo

Collection metadata

Estimated setup: 15 minutes
Difficulty: advanced

Tool listing metadata

Website: https://awslabs.github.io/mcp/
Pricing: open-source
Disclosure: editorial
Application category: DeveloperApplication
Operating system: Cross-platform

Full copyable content

{
  "awslabs.iam-mcp-server": {
    "command": "uvx",
    "args": ["awslabs.iam-mcp-server@latest", "--readonly"],
    "env": {
      "AWS_PROFILE": "${AWS_PROFILE}",
      "AWS_REGION": "us-east-1",
      "FASTMCP_LOG_LEVEL": "ERROR"
    }
  }
}

About this resource

Overview

AWS IAM MCP Server is an official AWS Labs Model Context Protocol server for AWS Identity and Access Management. It lets AI assistants inspect and manage IAM users, roles, groups, policies, and access keys while following security best practices, and includes policy simulation to test permissions before applying changes.

It runs locally over stdio via uvx from the published awslabs.iam-mcp-server Python package and uses your local AWS credentials. The recommended configuration enables --readonly mode; write access is opt-in.

Features

User, role, and group management — create, list, retrieve, and delete IAM users, roles (with trust policies), and groups (write mode).
Policy management — list and manage managed and inline policies, including full CRUD for inline policies (write mode).
Permission management — attach and detach policies, and manage access keys (write mode).
Policy simulation — test whether a policy allows an action without making any change.
Read-only mode — the --readonly flag blocks all mutating operations while still allowing inspection and simulation.

Use Cases

Audit IAM users, roles, groups, and attached policies (read-only).
Simulate whether a policy grants a specific permission before changing it.
Review inline and managed policy documents for least-privilege gaps.
Manage IAM identities and permissions when write access is explicitly enabled.

Installation

Claude Code

Install Python 3.10+ and uv.
Configure an AWS profile with (at minimum) read-only IAM permissions.
Add the server with the --readonly stdio configuration above. To allow changes, remove --readonly and grant the matching IAM write permissions — only when you intend those operations.
Verify it is connected with claude mcp list.

Claude Desktop / Cursor / Kiro / VS Code

Add the configSnippet above (which includes --readonly) to your client's MCP configuration and set AWS_PROFILE/AWS_REGION. The first run downloads the package via uvx.

Source And Trust

This entry is based on the official AWS Labs awslabs/mcp repository and the published PyPI package (Apache-2.0). The server can make account-wide IAM changes when write access is enabled, so keep --readonly on by default, use least-privilege credentials, simulate before applying, and verify the configuration against the linked source before using it in automated workflows.

#aws #iam #security #identity #aws-labs

Source citations

Source methodology →

Add this badge to your README

Show that AWS IAM MCP Server is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

[![Listed on HeyClaude](https://heyclau.de/badge/mcp/aws-iam-mcp-server.svg)](https://heyclau.de/entry/mcp/aws-iam-mcp-server)

How it compares

AWS IAM MCP Server side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field	AWS IAM MCP Server Official AWS Labs MCP server for AWS Identity and Access Management that lets AI assistants inspect and manage IAM users, roles, groups, policies, and access keys, with policy simulation and an opt-in read-only mode. Open dossier	Amazon EKS MCP Server Official AWS Labs MCP server for Amazon EKS that gives AI code assistants real-time cluster state visibility and Kubernetes/EKS resource management, from cluster setup through deployment, troubleshooting, and optimization. Open dossier	AWS Billing and Cost Management MCP Server Official AWS Labs MCP server for AWS Billing and Cost Management that lets AI assistants analyze costs and usage, monitor budgets and anomalies, and surface Cost Optimizer, Savings Plans, and Reserved Instance recommendations. Open dossier	AWS CloudTrail MCP Server Official AWS Labs MCP server for AWS CloudTrail that lets AI assistants query account activity for security investigations, compliance auditing, and operational troubleshooting via Event History and CloudTrail Lake SQL. Open dossier
Trust
Install risk	Review first	Review first	Review first	Review first
Notes	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓
Brand	AWS Labs	AWS Labs	AWS Labs	AWS Labs
Category	mcp	mcp	mcp	mcp
Source	source-backed	source-backed	source-backed	source-backed
Author	AWS Labs	AWS Labs	AWS Labs	AWS Labs
Added	2026-06-21	2026-06-21	2026-06-21	2026-06-21
Platforms	Claude CodeCodexCursorClaude Desktop	Claude CodeClaude Desktop	Claude CodeClaude Desktop	Claude CodeClaude Desktop
Source repo	—	—	—	—
Safety notes	✓Run with the `--readonly` flag (shown above) to block all mutating operations. Without it the server can create and delete IAM users, roles, groups, policies, and access keys — high-impact identity changes — so enable write access only deliberately and with scoped permissions. IAM controls account-wide access; a misused write operation can grant or revoke permissions broadly. Prefer non-production accounts while evaluating, and use policy simulation to test changes before applying them. This server acts on real IAM with your AWS credentials; scope the profile tightly and run it only on a trusted host.	✓The configuration above is read-only. Adding the `--allow-write` flag lets the server create, update, patch, and delete EKS/Kubernetes resources (including creating clusters via CloudFormation) and `--allow-sensitive-data-access` exposes logs and events; enable these only deliberately. This server acts on real infrastructure with your AWS credentials; scope the profile to the intended account, region, and clusters, and prefer non-production targets while evaluating it. Run it only on a trusted host, and review any generated manifests or CloudFormation actions before applying them.	✓The provided tools read cost and usage data and recommendations; they do not purchase Savings Plans or Reserved Instances or otherwise modify your account. Grant least-privilege read access to the cost APIs. This server reads billing data with your AWS credentials; scope the profile to the intended account and run it only on a trusted host. Cost Explorer and some cost APIs charge per paid API request; broad or frequent queries can incur AWS costs, so scope time ranges and granularity deliberately.	✓The provided tools are read-only — they look up CloudTrail events and run Lake queries, and do not modify infrastructure. Grant only the CloudTrail read permissions listed in the documentation (least privilege). This server reads audit data with your AWS credentials; scope the profile to the intended account and run it only on a trusted host. CloudTrail Lake SQL queries against large event data stores can incur AWS query/scan costs; review query scope before running broad analyses.
Privacy notes	✓IAM user/role/group names, ARNs, policy documents, and account metadata can be returned through tool calls and exposed to the model. Access key IDs and other identity material may appear in responses; never expose secret access keys, and keep account identifiers and policy contents out of public prompts, issues, and screenshots.	✓Cluster state, resource manifests, ARNs, and account/region metadata can be returned through tool calls and exposed to the model. With sensitive-data access enabled, pod logs and Kubernetes events may be returned; keep account identifiers, credentials, and log contents out of public prompts, issues, and screenshots.	✓Cost, usage, budget, and account metadata — including linked-account identifiers and spend figures — can be returned to the model. Keep account identifiers, credentials, and spend details out of public prompts, issues, and screenshots, since billing data is sensitive business information.	✓CloudTrail events expose account activity: usernames, access key IDs, source IPs, ARNs, and API call details can be returned to the model. Keep account identifiers, credentials, and returned event contents out of public prompts, issues, and screenshots, since audit data is sensitive.
Prerequisites	An AWS account with IAM access and permissions for the IAM read (and, if write is enabled, manage) operations you intend to use. Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package. AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped least-privilege; read-only IAM permissions are enough for the recommended `--readonly` mode. An MCP client that supports stdio servers; the server runs locally on the same host as the client.	An AWS account with Amazon EKS and permissions to view (and, if enabled, manage) the target clusters. Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package. AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped to the intended account, region, and clusters. An MCP client that supports stdio servers; the server runs locally on the same host as the client.	An AWS account with Billing and Cost Management access (Cost Explorer, Budgets, and related APIs enabled). Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package. AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) with read permissions for the Cost Explorer, Budgets, Compute Optimizer, and related cost APIs. An MCP client that supports stdio servers; the server runs locally on the same host as the client.	An AWS account with CloudTrail enabled (Event History is on by default; CloudTrail Lake is needed for SQL queries). Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package. AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) with CloudTrail read permissions (`cloudtrail:LookupEvents`, `cloudtrail:StartQuery`, `cloudtrail:GetQueryResults`, and related). An MCP client that supports stdio servers; the server runs locally on the same host as the client.
Install	`uvx awslabs.iam-mcp-server@latest --readonly`	`uvx awslabs.eks-mcp-server@latest`	`uvx awslabs.billing-cost-management-mcp-server@latest`	`uvx awslabs.cloudtrail-mcp-server@latest`
Config	`{ "mcpServers": { "awslabs.iam-mcp-server": { "command": "uvx", "args": ["awslabs.iam-mcp-server@latest", "--readonly"], "env": { "AWS_PROFILE": "${AWS_PROFILE}", "AWS_REGION": "us-east-1", "FASTMCP_LOG_LEVEL": "ERROR" }, "type": "stdio" } } }`	`{ "mcpServers": { "awslabs.eks-mcp-server": { "command": "uvx", "args": ["awslabs.eks-mcp-server@latest"], "env": { "AWS_PROFILE": "${AWS_PROFILE}", "AWS_REGION": "us-east-1", "FASTMCP_LOG_LEVEL": "ERROR" }, "type": "stdio" } } }`	`{ "mcpServers": { "awslabs.billing-cost-management-mcp-server": { "command": "uvx", "args": ["awslabs.billing-cost-management-mcp-server@latest"], "env": { "AWS_PROFILE": "${AWS_PROFILE}", "AWS_REGION": "us-east-1", "FASTMCP_LOG_LEVEL": "ERROR" }, "type": "stdio" } } }`	`{ "mcpServers": { "awslabs.cloudtrail-mcp-server": { "command": "uvx", "args": ["awslabs.cloudtrail-mcp-server@latest"], "env": { "AWS_PROFILE": "${AWS_PROFILE}", "FASTMCP_LOG_LEVEL": "ERROR" }, "type": "stdio" } } }`
Citations	Source repositorygithub.com 2026-06-22T04:30:53+00:00 Documentationgithub.com Websiteawslabs.github.io Submitted by jaso0n08182026-06-21 Source methodology →	Source repositorygithub.com 2026-06-22T04:30:53+00:00 Documentationgithub.com Submitted by jaso0n08182026-06-21 Source methodology →	Source repositorygithub.com 2026-06-22T04:30:53+00:00 Documentationgithub.com Submitted by jaso0n08182026-06-21 Source methodology →	Source repositorygithub.com 2026-06-22T04:30:53+00:00 Documentationgithub.com Submitted by jaso0n08182026-06-21 Source methodology →
Claim	Unclaimed	Unclaimed	Unclaimed	Unclaimed