AWS already had an abundance of niche MCP servers, but I have been waiting for them to release a generic MCP server to rule them all, and that is what they did with their AWS API MCP Server.

It has 2 regular tool calls. The first one suggests the command you want to run, and the second one executes the command.

Could this go really, really wrong for someone?

Of course, someone is going to vibe code this while running it as Administrator, the LLM is going to provision some junk, crash or otherwise forget its session and leave it running while it tries again and again until there are 50 ec2 instances spinning away, burning through cash.

Would I use it to provision infrastructure?

No, I want every change version-controlled in Terraform or the IoC tool of choice. When you operate at the scale of my clients, there is no room for error.

What would I use it for?

I spend hours and hours, even days sometimes, sifting through and mapping out my clients' systems. It can be maddening. Having something that can help me map out their systems and track down what is causing a few 100ms of latency across a few million requests per hour would be really nice.

Keep security in mind. Whatever IAM permissions you give it to play with (Not Admin) should be well thought out, keeping the Principle of Least Privilege top of mind. Even giving it read-only access to Secret Manager or SSM Param Store could lead to the leaking of sensitive information.

If you are an AWS beginner and want to learn more about security, you should check out my course on Oreilly.com - Zero to Hero on AWS Security: An Animated Guide to Security in the Cloud.

Question:

What tools are you using to provision and debug your infrastructure on AWS?