mcpSource-backedReview first Safety ✓ Privacy ✓

AWS Serverless MCP Server

Official AWS Labs MCP server for serverless development that gives AI assistants contextual guidance plus tools to initialize, build, deploy, and troubleshoot AWS SAM and Lambda-based serverless applications.

by AWS Labs·added 2026-06-21·

Claude Code Codex Cursor Claude Desktop

HarnessClaude CodeCodexCursorClaude Desktop

Install

Source

uvx awslabs.aws-serverless-mcp-server@latest

Readiness

TrustReview first
Sourcesource-backed
Safety notesPresent
ReviewedYes

Documentation Source repository Registry JSON · LLM text

Review first — review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Canonical URL: https://heyclau.de/entry/mcp/aws-serverless-mcp-server
Source URLs: https://github.com/awslabs/mcp/blob/main/src/aws-serverless-mcp-server/README.md, https://github.com/awslabs/mcp, https://awslabs.github.io/mcp/
Brand: AWS Labs
Brand domain: aws.amazon.com
Brand asset source: brandfetch
Safety notes: The configuration above uses the read-only default. Adding the `--allow-write` flag lets the server deploy and modify infrastructure (SAM/CloudFormation stacks, Lambda functions, custom domains, CloudFront) and `--allow-sensitive-data-access` exposes logs; enable these only deliberately., This server can build and deploy real serverless infrastructure with your AWS credentials; scope the profile to the intended account and region, and prefer non-production targets while evaluating it., Run it only on a trusted host, and review generated SAM templates and deployment actions before applying them.
Privacy notes: Application configuration, SAM templates, resource ARNs, and account/region metadata can be returned through tool calls and exposed to the model., With sensitive-data access enabled, logs and metrics may be returned; keep account identifiers, credentials, and log contents out of public prompts, issues, and screenshots.
Author: AWS Labs
Submitted by: jaso0n0818
Claim status: unclaimed
Last verified: 2026-06-21

Safety notes

The configuration above uses the read-only default. Adding the `--allow-write` flag lets the server deploy and modify infrastructure (SAM/CloudFormation stacks, Lambda functions, custom domains, CloudFront) and `--allow-sensitive-data-access` exposes logs; enable these only deliberately.
This server can build and deploy real serverless infrastructure with your AWS credentials; scope the profile to the intended account and region, and prefer non-production targets while evaluating it.
Run it only on a trusted host, and review generated SAM templates and deployment actions before applying them.

Privacy notes

Application configuration, SAM templates, resource ARNs, and account/region metadata can be returned through tool calls and exposed to the model.
With sensitive-data access enabled, logs and metrics may be returned; keep account identifiers, credentials, and log contents out of public prompts, issues, and screenshots.

Prerequisites

An AWS account with permissions for the serverless resources you intend to inspect or deploy.
Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package.
AWS SAM CLI and AWS CLI installed for the build/deploy and lifecycle tools.
AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped to the intended account and region.
An MCP client that supports stdio servers; the server runs locally on the same host as the client.

Schema details

Install type: cli
Troubleshooting: No

Source repository stats

Scope: Source repo

Collection metadata

Estimated setup: 15 minutes
Difficulty: advanced

Tool listing metadata

Website: https://awslabs.github.io/mcp/
Pricing: open-source
Disclosure: editorial
Application category: DeveloperApplication
Operating system: Cross-platform

Full copyable content

{
  "awslabs.aws-serverless-mcp-server": {
    "command": "uvx",
    "args": ["awslabs.aws-serverless-mcp-server@latest"],
    "env": {
      "AWS_PROFILE": "${AWS_PROFILE}",
      "AWS_REGION": "us-east-1"
    }
  }
}

About this resource

Overview

AWS Serverless MCP Server is an official AWS Labs Model Context Protocol server that combines AI assistance with serverless expertise. It provides contextual guidance for serverless development and tools to initialize, build, deploy, monitor, and troubleshoot AWS SAM and Lambda-based applications across the development lifecycle.

It runs locally over stdio via uvx from the published awslabs.aws-serverless-mcp-server Python package and uses your local AWS credentials. The configuration shown uses read-only defaults; write and sensitive-data access are opt-in flags.

Features

Application lifecycle — initialize, build, and deploy SAM applications with the SAM CLI, and test Lambda functions locally and remotely (write mode).
Web app deployment — deploy full-stack, frontend, and backend web apps via the Lambda Web Adapter, with custom domains and CloudFront (write mode).
Observability — retrieve logs and metrics for serverless resources.
Guidance and templates — Lambda use-case guidance, IaC-framework selection, and sample SAM templates from Serverless Land.
Event schemas — schema types and EventBridge schema-registry discovery for type-safe Lambda development.

Use Cases

Get architecture guidance and pick serverless patterns for a new application.
Initialize and build a SAM application from a template.
Test a Lambda function locally before deploying.
Deploy a serverless web application with a custom domain (write mode).

Installation

Claude Code

Install Python 3.10+, uv, the AWS SAM CLI, and the AWS CLI.
Configure an AWS profile and region scoped to the target account.
Add the server with the read-only stdio configuration above. To enable deployments, append --allow-write (and --allow-sensitive-data-access for logs) to args — only when you intend those operations.
Verify it is connected with claude mcp list.

Claude Desktop / Cursor / Kiro / VS Code

Add the configSnippet above to your client's MCP configuration and set AWS_PROFILE/AWS_REGION. The first run downloads the package via uvx.

Source And Trust

This entry is based on the official AWS Labs awslabs/mcp repository and the published PyPI package (Apache-2.0). The server can build and deploy real serverless infrastructure when write access is enabled, so keep the write and sensitive-data flags opt-in, scope credentials tightly, and verify the configuration against the linked source before using it in automated workflows.

#aws #serverless #lambda #sam #aws-labs

Source citations

Source methodology →

Add this badge to your README

Show that AWS Serverless MCP Server is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

[![Listed on HeyClaude](https://heyclau.de/badge/mcp/aws-serverless-mcp-server.svg)](https://heyclau.de/entry/mcp/aws-serverless-mcp-server)

How it compares

AWS Serverless MCP Server side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field	AWS Serverless MCP Server Official AWS Labs MCP server for serverless development that gives AI assistants contextual guidance plus tools to initialize, build, deploy, and troubleshoot AWS SAM and Lambda-based serverless applications. Open dossier	AWS Lambda Tool MCP Server Official AWS Labs MCP server that exposes selected AWS Lambda functions as MCP tools without code changes, letting AI assistants invoke your allowlisted functions to reach private resources, databases, and internal applications. Open dossier	Amazon ECS MCP Server Official AWS Labs MCP server for Amazon ECS that helps AI assistants containerize applications, deploy them to ECS, troubleshoot deployments, and explore ECS and ECR resources across the container application lifecycle. Open dossier	Amazon EKS MCP Server Official AWS Labs MCP server for Amazon EKS that gives AI code assistants real-time cluster state visibility and Kubernetes/EKS resource management, from cluster setup through deployment, troubleshooting, and optimization. Open dossier
Trust
Install risk	Review first	Review first	Review first	Review first
Notes	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓
Brand	AWS Labs	AWS Labs	AWS Labs	AWS Labs
Category	mcp	mcp	mcp	mcp
Source	source-backed	source-backed	source-backed	source-backed
Author	AWS Labs	AWS Labs	AWS Labs	AWS Labs
Added	2026-06-21	2026-06-21	2026-06-21	2026-06-21
Platforms	Claude CodeCodexCursorClaude Desktop	Claude CodeClaude Desktop	Claude CodeClaude Desktop	Claude CodeClaude Desktop
Source repo	—	—	—	—
Safety notes	✓The configuration above uses the read-only default. Adding the `--allow-write` flag lets the server deploy and modify infrastructure (SAM/CloudFormation stacks, Lambda functions, custom domains, CloudFront) and `--allow-sensitive-data-access` exposes logs; enable these only deliberately. This server can build and deploy real serverless infrastructure with your AWS credentials; scope the profile to the intended account and region, and prefer non-production targets while evaluating it. Run it only on a trusted host, and review generated SAM templates and deployment actions before applying them.	✓Only functions matching your `FUNCTION_PREFIX`/`FUNCTION_LIST`/`FUNCTION_TAG_*` allowlist are exposed; scope this narrowly so the model can invoke just the intended functions. By design the client only needs `lambda:InvokeFunction`; each function uses its own execution role to reach other AWS services, keeping segregation of duties. Invoking a function runs whatever that function does (including writes), so only allowlist functions you trust the model to call. This server invokes real Lambda functions with your AWS credentials; scope the profile to invoke-only on the allowlisted functions and run it only on a trusted host.	✓The configuration above is read-only. Setting `ALLOW_WRITE=true` lets the server create and modify infrastructure (ECR repos, CloudFormation stacks, ECS services) and `ALLOW_SENSITIVE_DATA=true` exposes logs; enable these only deliberately. AWS documents this server as primarily for development, testing, and non-critical environments; keep write/sensitive-data disabled for production accounts and prefer non-production targets while evaluating it. This server acts on real infrastructure with your AWS credentials; scope the profile to the intended account, region, and resources, and run it only on a trusted host.	✓The configuration above is read-only. Adding the `--allow-write` flag lets the server create, update, patch, and delete EKS/Kubernetes resources (including creating clusters via CloudFormation) and `--allow-sensitive-data-access` exposes logs and events; enable these only deliberately. This server acts on real infrastructure with your AWS credentials; scope the profile to the intended account, region, and clusters, and prefer non-production targets while evaluating it. Run it only on a trusted host, and review any generated manifests or CloudFormation actions before applying them.
Privacy notes	✓Application configuration, SAM templates, resource ARNs, and account/region metadata can be returned through tool calls and exposed to the model. With sensitive-data access enabled, logs and metrics may be returned; keep account identifiers, credentials, and log contents out of public prompts, issues, and screenshots.	✓Function names, ARNs, input arguments, and returned payloads pass through the model; an invoked function can read or write whatever its own role allows. Keep account identifiers, credentials, and sensitive function inputs/outputs out of public prompts, issues, and screenshots.	✓Cluster, service, task, task-definition, and ECR metadata plus account/region identifiers can be returned through tool calls and exposed to the model. With sensitive-data access enabled, logs and deployment details may be returned; keep account identifiers, credentials, and log contents out of public prompts, issues, and screenshots.	✓Cluster state, resource manifests, ARNs, and account/region metadata can be returned through tool calls and exposed to the model. With sensitive-data access enabled, pod logs and Kubernetes events may be returned; keep account identifiers, credentials, and log contents out of public prompts, issues, and screenshots.
Prerequisites	An AWS account with permissions for the serverless resources you intend to inspect or deploy. Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package. AWS SAM CLI and AWS CLI installed for the build/deploy and lifecycle tools. AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped to the intended account and region.	An AWS account with the Lambda functions you want to expose, and permission to invoke them. Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package. AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped to `lambda:InvokeFunction` for the allowlisted functions only. An allowlist of functions via `FUNCTION_PREFIX`, `FUNCTION_LIST`, or `FUNCTION_TAG_KEY`/`FUNCTION_TAG_VALUE`; only matching functions are exposed as tools.	An AWS account with Amazon ECS/ECR and permissions to view (and, if enabled, deploy) the target resources. Docker or Finch for containerization and local image builds. Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package. AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped to the intended account, region, and resources.	An AWS account with Amazon EKS and permissions to view (and, if enabled, manage) the target clusters. Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package. AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped to the intended account, region, and clusters. An MCP client that supports stdio servers; the server runs locally on the same host as the client.
Install	`uvx awslabs.aws-serverless-mcp-server@latest`	`uvx awslabs.lambda-tool-mcp-server@latest`	`uvx --from awslabs-ecs-mcp-server ecs-mcp-server`	`uvx awslabs.eks-mcp-server@latest`
Config	`{ "mcpServers": { "awslabs.aws-serverless-mcp-server": { "command": "uvx", "args": ["awslabs.aws-serverless-mcp-server@latest"], "env": { "AWS_PROFILE": "${AWS_PROFILE}", "AWS_REGION": "us-east-1" }, "type": "stdio" } } }`	`{ "mcpServers": { "awslabs.lambda-tool-mcp-server": { "command": "uvx", "args": ["awslabs.lambda-tool-mcp-server@latest"], "env": { "AWS_PROFILE": "${AWS_PROFILE}", "AWS_REGION": "us-east-1", "FUNCTION_PREFIX": "your-function-prefix", "FUNCTION_LIST": "your-first-function,your-second-function", "FUNCTION_TAG_KEY": "your-tag-key", "FUNCTION_TAG_VALUE": "your-tag-value" }, "type": "stdio" } } }`	`{ "mcpServers": { "awslabs.ecs-mcp-server": { "command": "uvx", "args": ["--from", "awslabs-ecs-mcp-server", "ecs-mcp-server"], "env": { "AWS_PROFILE": "${AWS_PROFILE}", "AWS_REGION": "us-east-1", "FASTMCP_LOG_LEVEL": "ERROR", "ALLOW_WRITE": "false", "ALLOW_SENSITIVE_DATA": "false" }, "type": "stdio" } } }`	`{ "mcpServers": { "awslabs.eks-mcp-server": { "command": "uvx", "args": ["awslabs.eks-mcp-server@latest"], "env": { "AWS_PROFILE": "${AWS_PROFILE}", "AWS_REGION": "us-east-1", "FASTMCP_LOG_LEVEL": "ERROR" }, "type": "stdio" } } }`
Citations	Source repositorygithub.com 2026-06-22T23:55:05-07:00 Documentationgithub.com Websiteawslabs.github.io Submitted by jaso0n08182026-06-21 Source methodology →	Source repositorygithub.com 2026-06-22T23:55:05-07:00 Documentationgithub.com Submitted by jaso0n08182026-06-21 Source methodology →	Source repositorygithub.com 2026-06-22T23:55:05-07:00 Documentationgithub.com Submitted by jaso0n08182026-06-21 Source methodology →	Source repositorygithub.com 2026-06-22T23:55:05-07:00 Documentationgithub.com Submitted by jaso0n08182026-06-21 Source methodology →
Claim	Unclaimed	Unclaimed	Unclaimed	Unclaimed

Related guides

Source-backed guides for putting this to work.

guides

Claude Code on Amazon Bedrock Setup

Configure Claude Code to run on Amazon Bedrock with correct AWS auth.

Review firstSource-backedReview firstAdded 9d ago

Safety ✓ Privacy ✓

guides

Claude Code vs Amazon Q Developer vs Gemini Code Assist

Compare Claude Code, Amazon Q Developer (formerly CodeWhisperer), and Google Gemini Code Assist on form factor, agentic features, and ecosystem fit.

Review firstSource-backedReview firstAdded 8mo ago

Safety · Privacy ✓

Signals

Loading live community signals…