🚀 AWS MCP Servers for Claude Code: AI-Powered Infrastructure Management

Transform your AWS operations with Claude Code's intelligent automation

A Sati Technology, Inc. Guide by Justin Pursati

AWS Solutions Architect/Developer | AI Integration Specialist | SaaS Builder

📋 This Guide is for Claude Code: This guide specifically shows how to set up AWS MCP servers with Claude Code (claude.ai/code). All commands use the claude CLI that comes with Claude Code.

💡 Developer-Friendly: All commands are presented in separate, easily copy-pasteable bash blocks for your convenience.

🚀 Why This Matters for Your Business - If you hire or plan on hiring AWS developers

Cut AWS management time by 80% while maintaining enterprise-grade security. These MCP (Model Context Protocol) servers enable Claude Code to:

✅ Query infrastructure without console access
✅ Analyze costs before deploying resources
✅ Generate IaC with built-in security scanning
✅ Automate compliance with read-only safety modes
✅ Document systems automatically

Bottom Line: Your team spends less time on AWS console tasks and more time building value.

📋 Prerequisites

Before starting this guide, ensure you have:

Claude Code installed - Download from claude.ai/code
AWS CLI configured with valid credentials (aws configure)
Terminal access to run the claude CLI commands

💡 Note: This guide uses the claude command-line tool that comes with Claude Code. All MCP servers will be integrated directly into your Claude Code environment.

⚡ 5-Minute Quick Start

⚠️ CRITICAL FIRST STEP: You MUST install the AWS Core Server before any other AWS MCP servers! Also, make sure you set the values for the Environment Variables before adding ANY servers!

Step 1: Set Your Environment Variables

Copy and paste this entire block into your terminal:

export AWS_PROFILE="your-aws-profile"
export AWS_REGION="us-east-1"
export MCP_LOG_LEVEL="ERROR"
export DDB_READONLY="true"
export MCP_SAFE_MODE="true"
export LAMBDA_PREFIX="prod-"
export COST_THRESHOLD="1000"

To make these permanent, add the above to your shell profile (~/.bashrc, ~/.zshrc, or ~/.profile).

Step 2: Install AWS Core Server (REQUIRED FIRST!)

⚠️ IMPORTANT: Always install the AWS Core Server before any other AWS MCP servers.

claude mcp add awslabs.core-mcp-server -e FASTMCP_LOG_LEVEL=$MCP_LOG_LEVEL -- uvx awslabs.core-mcp-server@latest

Step 3: Install Your First Functional Server

# Enable AI-powered DynamoDB queries (safe read-only mode)
claude mcp add awslabs.dynamodb-mcp-server -e DDB-MCP-READONLY=$DDB_READONLY -e AWS_PROFILE=$AWS_PROFILE -e AWS_REGION=$AWS_REGION -e FASTMCP_LOG_LEVEL=$MCP_LOG_LEVEL -- uvx awslabs.dynamodb-mcp-server@latest

That's it! You can now ask Claude to query your DynamoDB tables safely.

💼 Common Business Scenarios

Scenario 1: Cost Analysis Before Deployment

"What will this infrastructure cost us?"

claude mcp add awslabs.cost-analysis-mcp-server -e FASTMCP_LOG_LEVEL=$MCP_LOG_LEVEL -e AWS_PROFILE=$AWS_PROFILE -- uvx awslabs.cost-analysis-mcp-server@latest

Business Value: Get accurate cost estimates before committing resources. No more budget surprises.

Scenario 2: Safe Production Access for Developers

"Let developers query production data without risk" — Don't use this in a regulated industry like HIPAA or SOC2 compliant environments without having the proper permission or BAA in place. *There are other ways to achieve this that meet the requirements of the regulations.

export PROD_PROFILE="production-readonly"

export DDB_READONLY="true"

claude mcp add awslabs.dynamodb-mcp-server -e DDB-MCP-READONLY=$DDB_READONLY -e AWS_PROFILE=$PROD_PROFILE -e AWS_REGION=$AWS_REGION -- uvx awslabs.dynamodb-mcp-server@latest

Business Value: Developers get answers without production access. Reduces tickets to DevOps by 70%.

Scenario 3: Infrastructure Documentation Generator

"Document our entire AWS setup automatically"

Step 1: Install Core Server (if not already installed)

claude mcp add awslabs.core-mcp-server -e FASTMCP_LOG_LEVEL=$MCP_LOG_LEVEL -- uvx awslabs.core-mcp-server@latest

Step 2: Add documentation server

claude mcp add awslabs.aws-documentation-mcp-server -e AWS_DOCUMENTATION_PARTITION=aws -- uvx awslabs.aws-documentation-mcp-server@latest

Business Value: Always up-to-date documentation. Perfect for audits and onboarding.

Scenario 4: Serverless Development Accelerator

"Ship Lambda functions 5x faster"

claude mcp add awslabs.aws-serverless-mcp-server -e AWS_PROFILE=$AWS_PROFILE -e AWS_REGION=$AWS_REGION -- uvx awslabs.aws-serverless-mcp-server@latest --allow-write --allow-sensitive-data-access

Business Value: AI-assisted serverless development. From idea to deployment in minutes.

📚 Complete Server Catalog

🎯 Core Server (INSTALL THIS FIRST!)

AWS Core MCP Server - Required Foundation

claude mcp add awslabs.core-mcp-server -e FASTMCP_LOG_LEVEL=$MCP_LOG_LEVEL -- uvx awslabs.core-mcp-server@latest

Purpose: Manages and coordinates all other AWS MCP servers. This is the foundation that enables other servers to work properly.

🏗️ Infrastructure as Code

AWS CDK Server - Best Practices Built-In

Install CDK CLI first:

npm install -g aws-cdk

Add CDK server with security scanning:

claude mcp add awslabs.cdk-mcp-server -e FASTMCP_LOG_LEVEL=$MCP_LOG_LEVEL -- uvx awslabs.cdk-mcp-server@latest

Features: CDK patterns, security scanning with CDK Nag, compliance validation

Terraform Server - Infrastructure with Guardrails

claude mcp add awslabs.terraform-mcp-server -e FASTMCP_LOG_LEVEL=$MCP_LOG_LEVEL -- uvx awslabs.terraform-mcp-server@latest

Features: Terraform workflows, Checkov security scanning, AWS best practices

💾 Database Access

DynamoDB Server - NoSQL with Safety

Safe mode (recommended):

claude mcp add awslabs.dynamodb-mcp-server -e DDB-MCP-READONLY=$DDB_READONLY -e AWS_PROFILE=$AWS_PROFILE -e AWS_REGION=$AWS_REGION -- uvx awslabs.dynamodb-mcp-server@latest

Full access (use with caution):

claude mcp add awslabs.dynamodb-mcp-server -e DDB-MCP-READONLY=false -e AWS_PROFILE=$AWS_PROFILE -e AWS_REGION=$AWS_REGION -- uvx awslabs.dynamodb-mcp-server@latest

⚡ Compute & Serverless

Lambda Tool Server - Function as a Service

Basic setup:

claude mcp add awslabs.lambda-tool-mcp-server -e AWS_PROFILE=$AWS_PROFILE -e AWS_REGION=$AWS_REGION -- uvx awslabs.lambda-tool-mcp-server@latest

Filtered by prefix:

claude mcp add awslabs.lambda-tool-mcp-server -e AWS_PROFILE=$AWS_PROFILE -e AWS_REGION=$AWS_REGION -e FUNCTION_PREFIX=$LAMBDA_PREFIX -- uvx awslabs.lambda-tool-mcp-server@latest

Specific functions only:

claude mcp add awslabs.lambda-tool-mcp-server -e AWS_PROFILE=$AWS_PROFILE -e AWS_REGION=$AWS_REGION -e FUNCTION_LIST="billing-calculator,user-auth,data-processor" -- uvx awslabs.lambda-tool-mcp-server@latest

AWS Serverless Server - SAM CLI Integration

Read-only mode (default):

claude mcp add awslabs.aws-serverless-mcp-server -e AWS_PROFILE=$AWS_PROFILE -e AWS_REGION=$AWS_REGION -- uvx awslabs.aws-serverless-mcp-server@latest

Write-enabled mode (use with caution):

claude mcp add awslabs.aws-serverless-mcp-server -e AWS_PROFILE=$AWS_PROFILE -e AWS_REGION=$AWS_REGION -- uvx awslabs.aws-serverless-mcp-server@latest --allow-write --allow-sensitive-data-access

Features: Complete serverless application lifecycle management with SAM CLI

EKS Server - Kubernetes Made Simple

Read-only mode (default):

claude mcp add awslabs.eks-mcp-server -e FASTMCP_LOG_LEVEL=$MCP_LOG_LEVEL -e AWS_PROFILE=$AWS_PROFILE -e AWS_REGION=$AWS_REGION -- uvx awslabs.eks-mcp-server@latest

Full cluster management (production use with caution):

claude mcp add awslabs.eks-mcp-server -e FASTMCP_LOG_LEVEL=$MCP_LOG_LEVEL -e AWS_PROFILE=$AWS_PROFILE -e AWS_REGION=$AWS_REGION -- uvx awslabs.eks-mcp-server@latest --allow-write --allow-sensitive-data-access

📊 Analytics & Documentation

AWS Documentation Server - Always Current Docs

claude mcp add awslabs.aws-documentation-mcp-server -e AWS_DOCUMENTATION_PARTITION=aws -e FASTMCP_LOG_LEVEL=$MCP_LOG_LEVEL -- uvx awslabs.aws-documentation-mcp-server@latest

Features: Access to complete AWS documentation, best practices, and service information

Cost Analysis Server - Pre-Deployment Pricing

claude mcp add awslabs.cost-analysis-mcp-server -e FASTMCP_LOG_LEVEL=$MCP_LOG_LEVEL -e AWS_PROFILE=$AWS_PROFILE -- uvx awslabs.cost-analysis-mcp-server@latest

Features: Analyze AWS costs and provide pre-deployment cost estimates for infrastructure planning

🛠️ Development Tools

Shopify Dev Server

claude mcp add shopify-dev-mcp -- npx -y @shopify/dev-mcp@latest

Puppeteer Server - Web Automation

claude mcp add puppeteer -- npx -y @modelcontextprotocol/server-puppeteer

🔒 Enterprise Security Best Practices

Environment-Based Configuration

Development Environment:

export AWS_PROFILE="dev-full-access"
export DDB_READONLY="false"
export ALLOW_WRITES="--allow-write"

Staging Environment:

export AWS_PROFILE="staging-limited"
export DDB_READONLY="true"
export ALLOW_WRITES=""

Production Environment:

export AWS_PROFILE="prod-readonly"
export DDB_READONLY="true"
export ALLOW_WRITES=""
export REQUIRE_APPROVAL="true"

IAM Policy Examples

Read-Only DynamoDB Policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "dynamodb:DescribeTable",
        "dynamodb:Query",
        "dynamodb:Scan",
        "dynamodb:GetItem",
        "dynamodb:ListTables"
      ],
      "Resource": "*"
    }
  ]
}

Enable CloudTrail for all MCP operations:

aws cloudtrail create-trail --name mcp-audit-trail --s3-bucket-name your-audit-bucket

📈 It Adds Up

Based on typical enterprise usage - startups save a TON of money, also:

Time saved per developer: 10-20 hours/week - even more, depending on workload
Reduced AWS console errors: 95% - fix them all…
Documentation coverage: 100% automated
Onboarding time: Cut by 75%

Example: A team of 10 developers saves ~$200,000/year in productivity gains alone.

🎯 Next Steps

Install the Core Server first - This is required before any other AWS MCP servers
Start with one functional server - We recommend the DynamoDB server in read-only mode
Expand gradually - Add servers as your team gets comfortable
Measure impact - Track time saved and errors reduced
Share success - Let your team know about wins

Need Help?

Implementation support: Contact our integration team
Custom policies: We provide enterprise IAM templates
Training: 1-hour workshops available

🚨 Quick Reference Card

Save this for easy access:

ALWAYS FIRST: Install Core Server

claude mcp add awslabs.core-mcp-server -- uvx awslabs.core-mcp-server@latest

Safe production query:

export AWS_PROFILE="prod-ro"
export DDB_READONLY="true"
claude mcp add awslabs.dynamodb-mcp-server -e DDB-MCP-READONLY=$DDB_READONLY -e AWS_PROFILE=$AWS_PROFILE -- uvx awslabs.dynamodb-mcp-server@latest

Cost analysis:

claude mcp add awslabs.cost-analysis-mcp-server -e AWS_PROFILE=$AWS_PROFILE -- uvx awslabs.cost-analysis-mcp-server@latest

Ready to transform your AWS operations? Install your first server in 30 seconds and see the difference AI-powered infrastructure management can make.

About Sati Technology, Inc.

We specialize in bridging the gap between AI capabilities and startups. Our expertise in AWS architecture combined with cutting-edge AI integration helps businesses achieve unprecedented operational efficiency.

What We Do:

AWS Infrastructure Optimization
AI Integration & AI Consulting
Custom Software Development
Training & Workshops

Get Started Today: Schedule a free 30-minute consultation to see how we can transform your AWS operations.

📞 Contact Information

Justin Pursati

Owner/Operator of Sati Technology, Inc

AWS Solutions Architect/Developer | AI Integration Specialist

📧 jpursati@satitechnology.com

🔗 https://www.linkedin.com/in/justin-pursati/

📱 Schedule a Demo: https://calendly.com/jpursati/30min

"Helping businesses save 20-80% on AWS operations through intelligent automation"