mcpSource-backedReview first Safety ✓ Privacy ✓

AWS Lambda Tool MCP Server

Official AWS Labs MCP server that exposes selected AWS Lambda functions as MCP tools without code changes, letting AI assistants invoke your allowlisted functions to reach private resources, databases, and internal applications.

by AWS Labs·added 2026-06-21·

Claude Code Codex Cursor Claude Desktop

HarnessClaude CodeCodexCursorClaude Desktop

Install

Source

uvx awslabs.lambda-tool-mcp-server@latest

Readiness

TrustReview first
Sourcesource-backed
Safety notesPresent
ReviewedYes

Documentation Source repository Registry JSON · LLM text

Review first — review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Canonical URL: https://heyclau.de/entry/mcp/aws-lambda-tool-mcp-server
Source URLs: https://github.com/awslabs/mcp/blob/main/src/lambda-tool-mcp-server/README.md, https://github.com/awslabs/mcp, https://awslabs.github.io/mcp/
Brand: AWS Labs
Brand domain: aws.amazon.com
Brand asset source: brandfetch
Safety notes: Only functions matching your `FUNCTION_PREFIX`/`FUNCTION_LIST`/`FUNCTION_TAG_*` allowlist are exposed; scope this narrowly so the model can invoke just the intended functions., By design the client only needs `lambda:InvokeFunction`; each function uses its own execution role to reach other AWS services, keeping segregation of duties. Invoking a function runs whatever that function does (including writes), so only allowlist functions you trust the model to call., This server invokes real Lambda functions with your AWS credentials; scope the profile to invoke-only on the allowlisted functions and run it only on a trusted host.
Privacy notes: Function names, ARNs, input arguments, and returned payloads pass through the model; an invoked function can read or write whatever its own role allows., Keep account identifiers, credentials, and sensitive function inputs/outputs out of public prompts, issues, and screenshots.
Author: AWS Labs
Submitted by: jaso0n0818
Claim status: unclaimed
Last verified: 2026-06-21

Safety notes

Only functions matching your `FUNCTION_PREFIX`/`FUNCTION_LIST`/`FUNCTION_TAG_*` allowlist are exposed; scope this narrowly so the model can invoke just the intended functions.
By design the client only needs `lambda:InvokeFunction`; each function uses its own execution role to reach other AWS services, keeping segregation of duties. Invoking a function runs whatever that function does (including writes), so only allowlist functions you trust the model to call.
This server invokes real Lambda functions with your AWS credentials; scope the profile to invoke-only on the allowlisted functions and run it only on a trusted host.

Privacy notes

Function names, ARNs, input arguments, and returned payloads pass through the model; an invoked function can read or write whatever its own role allows.
Keep account identifiers, credentials, and sensitive function inputs/outputs out of public prompts, issues, and screenshots.

Prerequisites

An AWS account with the Lambda functions you want to expose, and permission to invoke them.
Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package.
AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped to `lambda:InvokeFunction` for the allowlisted functions only.
An allowlist of functions via `FUNCTION_PREFIX`, `FUNCTION_LIST`, or `FUNCTION_TAG_KEY`/`FUNCTION_TAG_VALUE`; only matching functions are exposed as tools.
An MCP client that supports stdio servers; the server runs locally on the same host as the client.

Schema details

Install type: cli
Troubleshooting: No

Source repository stats

Scope: Source repo

Collection metadata

Estimated setup: 15 minutes
Difficulty: advanced

Tool listing metadata

Website: https://awslabs.github.io/mcp/
Pricing: open-source
Disclosure: editorial
Application category: DeveloperApplication
Operating system: Cross-platform

Full copyable content

{
  "awslabs.lambda-tool-mcp-server": {
    "command": "uvx",
    "args": ["awslabs.lambda-tool-mcp-server@latest"],
    "env": {
      "AWS_PROFILE": "${AWS_PROFILE}",
      "AWS_REGION": "us-east-1",
      "FUNCTION_PREFIX": "your-function-prefix",
      "FUNCTION_LIST": "your-first-function,your-second-function",
      "FUNCTION_TAG_KEY": "your-tag-key",
      "FUNCTION_TAG_VALUE": "your-tag-value"
    }
  }
}

About this resource

Overview

AWS Lambda Tool MCP Server is an official AWS Labs Model Context Protocol server that selects and runs AWS Lambda functions as MCP tools without code changes. It acts as a bridge between MCP clients and Lambda, so an AI model can invoke your functions to reach internal applications, databases, and private networks — without those resources needing public access.

It runs locally over stdio via uvx from the published awslabs.lambda-tool-mcp-server Python package and uses your local AWS credentials. You choose which functions are exposed through an allowlist.

Features

Functions as tools — expose selected Lambda functions to the model as MCP tools, with no changes to the function code.
Allowlisting — scope which functions are available via FUNCTION_PREFIX, FUNCTION_LIST, or function tags.
Private access — reach internal apps, databases, VPC resources, and the public internet through the function, not the client.
Segregation of duties — the client only invokes functions; each function uses its own execution role for downstream AWS access.
Input schemas — optionally attach input schemas to functions via tags.

Use Cases

Let Claude call an internal API or database that lives in a private VPC.
Expose a curated set of operational Lambda functions as safe, named tools.
Reuse existing Lambda business logic as model tools without rewriting it.
Keep broad AWS permissions in function roles while the client stays invoke-only.

Installation

Claude Code

Install Python 3.10+ and uv.
Configure an AWS profile scoped to lambda:InvokeFunction for your functions.
Add the server with the stdio configuration above and set an allowlist (FUNCTION_PREFIX, FUNCTION_LIST, or FUNCTION_TAG_*).
Verify it is connected with claude mcp list.

Claude Desktop / Cursor / Kiro / VS Code

Add the configSnippet above to your client's MCP configuration, set AWS_PROFILE/AWS_REGION, and define the function allowlist. The first run downloads the package via uvx.

Source And Trust

This entry is based on the official AWS Labs awslabs/mcp repository and the published PyPI package (Apache-2.0). The server invokes real Lambda functions with your AWS credentials, so keep the client invoke-only, allowlist functions narrowly, and verify the configuration against the linked source before using it in automated workflows.

#aws #lambda #serverless #tools #aws-labs

Source citations

Source methodology →

Add this badge to your README

Show that AWS Lambda Tool MCP Server is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

[![Listed on HeyClaude](https://heyclau.de/badge/mcp/aws-lambda-tool-mcp-server.svg)](https://heyclau.de/entry/mcp/aws-lambda-tool-mcp-server)

How it compares

AWS Lambda Tool MCP Server side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field	AWS Lambda Tool MCP Server Official AWS Labs MCP server that exposes selected AWS Lambda functions as MCP tools without code changes, letting AI assistants invoke your allowlisted functions to reach private resources, databases, and internal applications. Open dossier	AWS Serverless MCP Server Official AWS Labs MCP server for serverless development that gives AI assistants contextual guidance plus tools to initialize, build, deploy, and troubleshoot AWS SAM and Lambda-based serverless applications. Open dossier	AWS Step Functions Tool MCP Server Official AWS Labs MCP server that exposes selected AWS Step Functions state machines as MCP tools without code changes, letting AI assistants run existing Standard and Express workflows that coordinate work across AWS services. Open dossier	Amazon ECS MCP Server Official AWS Labs MCP server for Amazon ECS that helps AI assistants containerize applications, deploy them to ECS, troubleshoot deployments, and explore ECS and ECR resources across the container application lifecycle. Open dossier
Trust
Install risk	Review first	Review first	Review first	Review first
Notes	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓
Brand	AWS Labs	AWS Labs	AWS Labs	AWS Labs
Category	mcp	mcp	mcp	mcp
Source	source-backed	source-backed	source-backed	source-backed
Author	AWS Labs	AWS Labs	AWS Labs	AWS Labs
Added	2026-06-21	2026-06-21	2026-06-21	2026-06-21
Platforms	Claude CodeCodexCursorClaude Desktop	Claude CodeClaude Desktop	Claude CodeClaude Desktop	Claude CodeClaude Desktop
Source repo	—	—	—	—
Safety notes	✓Only functions matching your `FUNCTION_PREFIX`/`FUNCTION_LIST`/`FUNCTION_TAG_*` allowlist are exposed; scope this narrowly so the model can invoke just the intended functions. By design the client only needs `lambda:InvokeFunction`; each function uses its own execution role to reach other AWS services, keeping segregation of duties. Invoking a function runs whatever that function does (including writes), so only allowlist functions you trust the model to call. This server invokes real Lambda functions with your AWS credentials; scope the profile to invoke-only on the allowlisted functions and run it only on a trusted host.	✓The configuration above uses the read-only default. Adding the `--allow-write` flag lets the server deploy and modify infrastructure (SAM/CloudFormation stacks, Lambda functions, custom domains, CloudFront) and `--allow-sensitive-data-access` exposes logs; enable these only deliberately. This server can build and deploy real serverless infrastructure with your AWS credentials; scope the profile to the intended account and region, and prefer non-production targets while evaluating it. Run it only on a trusted host, and review generated SAM templates and deployment actions before applying them.	✓Only state machines matching your `STATE_MACHINE_PREFIX`/`STATE_MACHINE_LIST`/`STATE_MACHINE_TAG_*` allowlist are exposed; scope this narrowly so the model can run just the intended workflows. The client only needs permission to start executions; each state machine uses its own IAM role to reach other AWS services (separation of duties). Running a workflow executes whatever it does, including writes, so only allowlist machines you trust the model to run. This server starts real Step Functions executions with your AWS credentials; scope the profile narrowly and run it only on a trusted host.	✓The configuration above is read-only. Setting `ALLOW_WRITE=true` lets the server create and modify infrastructure (ECR repos, CloudFormation stacks, ECS services) and `ALLOW_SENSITIVE_DATA=true` exposes logs; enable these only deliberately. AWS documents this server as primarily for development, testing, and non-critical environments; keep write/sensitive-data disabled for production accounts and prefer non-production targets while evaluating it. This server acts on real infrastructure with your AWS credentials; scope the profile to the intended account, region, and resources, and run it only on a trusted host.
Privacy notes	✓Function names, ARNs, input arguments, and returned payloads pass through the model; an invoked function can read or write whatever its own role allows. Keep account identifiers, credentials, and sensitive function inputs/outputs out of public prompts, issues, and screenshots.	✓Application configuration, SAM templates, resource ARNs, and account/region metadata can be returned through tool calls and exposed to the model. With sensitive-data access enabled, logs and metrics may be returned; keep account identifiers, credentials, and log contents out of public prompts, issues, and screenshots.	✓State machine names, ARNs, execution inputs, and outputs pass through the model; an executed workflow can read or write whatever its own role allows. Keep account identifiers, credentials, and sensitive execution inputs/outputs out of public prompts, issues, and screenshots.	✓Cluster, service, task, task-definition, and ECR metadata plus account/region identifiers can be returned through tool calls and exposed to the model. With sensitive-data access enabled, logs and deployment details may be returned; keep account identifiers, credentials, and log contents out of public prompts, issues, and screenshots.
Prerequisites	An AWS account with the Lambda functions you want to expose, and permission to invoke them. Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package. AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped to `lambda:InvokeFunction` for the allowlisted functions only. An allowlist of functions via `FUNCTION_PREFIX`, `FUNCTION_LIST`, or `FUNCTION_TAG_KEY`/`FUNCTION_TAG_VALUE`; only matching functions are exposed as tools.	An AWS account with permissions for the serverless resources you intend to inspect or deploy. Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package. AWS SAM CLI and AWS CLI installed for the build/deploy and lifecycle tools. AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped to the intended account and region.	An AWS account with the Step Functions state machines you want to expose, and permission to start their executions. Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package. AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped to start executions on the allowlisted state machines only. An allowlist of state machines via `STATE_MACHINE_PREFIX`, `STATE_MACHINE_LIST`, or `STATE_MACHINE_TAG_KEY`/`STATE_MACHINE_TAG_VALUE`; only matching machines are exposed.	An AWS account with Amazon ECS/ECR and permissions to view (and, if enabled, deploy) the target resources. Docker or Finch for containerization and local image builds. Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package. AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped to the intended account, region, and resources.
Install	`uvx awslabs.lambda-tool-mcp-server@latest`	`uvx awslabs.aws-serverless-mcp-server@latest`	`uvx awslabs.stepfunctions-tool-mcp-server@latest`	`uvx --from awslabs-ecs-mcp-server ecs-mcp-server`
Config	`{ "mcpServers": { "awslabs.lambda-tool-mcp-server": { "command": "uvx", "args": ["awslabs.lambda-tool-mcp-server@latest"], "env": { "AWS_PROFILE": "${AWS_PROFILE}", "AWS_REGION": "us-east-1", "FUNCTION_PREFIX": "your-function-prefix", "FUNCTION_LIST": "your-first-function,your-second-function", "FUNCTION_TAG_KEY": "your-tag-key", "FUNCTION_TAG_VALUE": "your-tag-value" }, "type": "stdio" } } }`	`{ "mcpServers": { "awslabs.aws-serverless-mcp-server": { "command": "uvx", "args": ["awslabs.aws-serverless-mcp-server@latest"], "env": { "AWS_PROFILE": "${AWS_PROFILE}", "AWS_REGION": "us-east-1" }, "type": "stdio" } } }`	`{ "mcpServers": { "awslabs.stepfunctions-tool-mcp-server": { "command": "uvx", "args": ["awslabs.stepfunctions-tool-mcp-server@latest"], "env": { "AWS_PROFILE": "${AWS_PROFILE}", "AWS_REGION": "us-east-1", "STATE_MACHINE_PREFIX": "your-state-machine-prefix", "STATE_MACHINE_LIST": "your-first-state-machine,your-second-state-machine", "STATE_MACHINE_TAG_KEY": "your-tag-key", "STATE_MACHINE_TAG_VALUE": "your-tag-value" }, "type": "stdio" } } }`	`{ "mcpServers": { "awslabs.ecs-mcp-server": { "command": "uvx", "args": ["--from", "awslabs-ecs-mcp-server", "ecs-mcp-server"], "env": { "AWS_PROFILE": "${AWS_PROFILE}", "AWS_REGION": "us-east-1", "FASTMCP_LOG_LEVEL": "ERROR", "ALLOW_WRITE": "false", "ALLOW_SENSITIVE_DATA": "false" }, "type": "stdio" } } }`
Citations	Source repositorygithub.com 2026-06-22T23:55:05-07:00 Documentationgithub.com Websiteawslabs.github.io Submitted by jaso0n08182026-06-21 Source methodology →	Source repositorygithub.com 2026-06-22T23:55:05-07:00 Documentationgithub.com Submitted by jaso0n08182026-06-21 Source methodology →	Source repositorygithub.com 2026-06-22T23:55:05-07:00 Documentationgithub.com Submitted by jaso0n08182026-06-21 Source methodology →	Source repositorygithub.com 2026-06-22T23:55:05-07:00 Documentationgithub.com Submitted by jaso0n08182026-06-21 Source methodology →
Claim	Unclaimed	Unclaimed	Unclaimed	Unclaimed