AI Skill Hub 强烈推荐:mcp-proxy-for-aws MCP工具 是一款优质的MCP工具。AI 综合评分 8.2 分,在同类工具中表现稳健。如果你正在寻找可靠的MCP工具解决方案,这是一个值得深入了解的选择。
为AWS服务提供MCP(模型上下文协议)代理的开源工具。支持SigV4签名认证,让大模型能通过标准MCP接口调用AWS API,适合需要集成AWS服务的AI应用开发者。
mcp-proxy-for-aws MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
为AWS服务提供MCP(模型上下文协议)代理的开源工具。支持SigV4签名认证,让大模型能通过标准MCP接口调用AWS API,适合需要集成AWS服务的AI应用开发者。
mcp-proxy-for-aws MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
# 方式一:通过 Claude Code CLI 一键安装
claude skill install https://github.com/aws/mcp-proxy-for-aws
# 方式二:手动配置 claude_desktop_config.json
{
"mcpServers": {
"mcp-proxy-for-aws-mcp--": {
"command": "npx",
"args": ["-y", "mcp-proxy-for-aws"]
}
}
}
# 配置文件位置
# macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
# Windows: %APPDATA%/Claude/claude_desktop_config.json
# 安装后在 Claude 对话中直接使用 # 示例: 用户: 请帮我用 mcp-proxy-for-aws MCP工具 执行以下任务... Claude: [自动调用 mcp-proxy-for-aws MCP工具 MCP 工具处理请求] # 查看可用工具列表 # 在 Claude 中输入:"列出所有可用的 MCP 工具"
// claude_desktop_config.json 配置示例
{
"mcpServers": {
"mcp-proxy-for-aws_mcp__": {
"command": "npx",
"args": ["-y", "mcp-proxy-for-aws"],
"env": {
// "API_KEY": "your-api-key-here"
}
}
}
}
// 保存后重启 Claude Desktop 生效
The MCP Proxy for AWS package provides two ways to connect AI applications to MCP servers on AWS:
Use as a proxy if you want to: - Connect MCP clients like Claude Desktop or Kiro CLI to MCP servers on AWS with IAM credentials - Add MCP servers on AWS to your AI assistant's configuration - Use a command-line tool that runs as a bridge between your MCP client and AWS
Use as a library if you want to: - Build AI agents programmatically using popular frameworks like LangChain, Strands Agents, or LlamaIndex - Integrate AWS IAM-secured MCP servers directly into your Python applications - Have fine-grained control over the MCP session lifecycle in your code
uv package manager---
```bash
docker build -t mcp-proxy-for-aws . ```
Add the following configuration to your MCP client config file (e.g., for Kiro CLI, edit ~/.kiro/settings/mcp.json): Note Add your own endpoint by replacing <SigV4 MCP endpoint URL>
{
"mcpServers": {
"<mcp server name>": {
"disabled": false,
"type": "stdio",
"command": "uv",
"args": [
"--directory",
"/path/to/mcp_proxy_for_aws",
"run",
"server.py",
"<SigV4 MCP endpoint URL>",
"--service",
"<your service code>",
"--profile",
"default",
"--region",
"us-east-1",
"--read-only",
"--log-level",
"INFO",
]
}
}
}
[!NOTE] Cline users should not use --log-level argument because Cline checks the log messages in stderr for text "error" (case insensitive).
Using the pre-built public ECR image:
{
"mcpServers": {
"<mcp server name>": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--volume",
"/full/path/to/.aws:/app/.aws:ro",
"public.ecr.aws/mcp-proxy-for-aws/mcp-proxy-for-aws:latest",
"<SigV4 MCP endpoint URL>"
],
"env": {}
}
}
}
Or using a locally built image:
{
"mcpServers": {
"<mcp server name>": {
"command": "docker",
"args": [
"run",
"--rm",
"--volume",
"/full/path/to/.aws:/app/.aws:ro",
"mcp-proxy-for-aws",
"<SigV4 MCP endpoint URL>"
],
"env": {}
}
}
}
---
The client library is included when you install the package:
pip install mcp-proxy-for-aws
For development:
git clone https://github.com/aws/mcp-proxy-for-aws.git
cd mcp-proxy-for-aws
uv sync
---
Explore complete working examples for different frameworks in the ./examples/mcp-client directory:
Available examples: - LangChain - LlamaIndex - Microsoft Agent Framework - Strands Agents SDK
Run examples individually:
cd examples/mcp-client/[framework] # e.g. examples/mcp-client/strands
uv run main.py
| Parameter | Description | Default | Required |
|---|---|---|---|
endpoint | MCP endpoint URL (e.g., https://your-service.us-east-1.amazonaws.com/mcp) | N/A | Yes |
| --- | --- | --- | --- |
--service | AWS service name for SigV4 signing, if omitted we try to infer this from the url | Inferred from endpoint if not provided | No |
--profile | AWS profile(s) to use. First profile is the default. Additional profiles enable per-call switching via aws_profile tool parameter (e.g., --profile prod-readonly dev staging) | Falls back to AWS_PROFILE if --profile and AWS_MCP_PROXY_PROFILES are not set | No |
--region | AWS region to use | Uses AWS_REGION environment variable if not set | No |
--metadata | Metadata to inject into MCP requests as key=value pairs (e.g., --metadata KEY1=value1 KEY2=value2) | AWS_REGION is automatically injected based on --region if not provided | No |
--read-only | Disable tools which may require write permissions (tools which DO NOT require write permissions are annotated with [readOnlyHint=true](https://modelcontextprotocol.io/specification/2025-06-18/schema#toolannotations-readonlyhint)) | False | No |
--retries | Configures number of retries done when calling upstream services, setting this to 0 disables retries. | 0 | No |
--log-level | Set the logging level (DEBUG/INFO/WARNING/ERROR/CRITICAL) | INFO | No |
--timeout | Set desired timeout in seconds across all operations | 180 | No |
--connect-timeout | Set desired connect timeout in seconds | 60 | No |
--read-timeout | Set desired read timeout in seconds | 120 | No |
--write-timeout | Set desired write timeout in seconds | 180 | No |
--tool-timeout | Maximum seconds a tool call may take before being cancelled. When set, returns a graceful error to the agent instead of hanging indefinitely | 300 | No |
--skip-auth | Skip request signing when AWS credentials are unavailable instead of failing | False | No |
--disable-telemetry | Disables telemetry data collection | False | No |
Set the environment variables for the MCP Proxy for AWS:
```bash
AWS_MCP_PROXY_PROFILES="prod-readonly dev staging" mcp-proxy-for-aws https://aws-mcp.us-east-1.api.aws/mcp
**How it works:**
- The proxy injects an `aws_profile` parameter into auth-requiring tools
- The agent can pass `aws_profile` on any call to route it through a specific profile's credentials
- If `aws_profile` is omitted, the default (first) profile is used
- Invalid profiles are rejected with an error listing allowed values
- Each non-default profile gets its own dedicated connection to the backend
**Example MCP config (Kiro):**
json { "mcpServers": { "aws": { "command": "uvx", "args": ["mcp-proxy-for-aws@1.6.0", "https://aws-mcp.us-east-1.api.aws/mcp"], "env": { "AWS_MCP_PROXY_PROFILES": "prod-readonly dev staging" } } } } ```
mcp-proxy-for-aws https://aws-mcp.us-east-1.api.aws/mcp --profile prod-readonly dev staging
The Problem: The official MCP specification supports OAuth-based authentication, but MCP servers on AWS can also use AWS IAM authentication (SigV4). Standard MCP clients don't know how to sign requests with AWS credentials.
The Solution: This package bridges that gap by: - Handling SigV4 authentication automatically - Uses your local AWS credentials (from AWS CLI, environment variables, or IAM roles) to sign all MCP requests using SigV4 - Providing seamless integration - Works with existing MCP clients and frameworks - Eliminating custom code - No need to build your own MCP client with SigV4 signing logic
The library supports two integration patterns depending on your framework:
Use with: Frameworks that accept a factory function that returns an MCP client, e.g. Strands Agents, Microsoft Agent Framework. The aws_iam_streamablehttp_client is passed as a factory to the framework, which handles the connection lifecycle internally.
Example - Strands Agents:
from mcp_proxy_for_aws.client import aws_iam_streamablehttp_client
mcp_client_factory = lambda: aws_iam_streamablehttp_client(
endpoint=mcp_url, # The URL of the MCP server
aws_region=region, # The region of the MCP server
aws_service=service # The underlying AWS service, e.g. "bedrock-agentcore"
)
with MCPClient(mcp_client_factory) as mcp_client:
mcp_tools = mcp_client.list_tools_sync()
agent = Agent(tools=mcp_tools, ...)
Example - Microsoft Agent Framework:
from mcp_proxy_for_aws.client import aws_iam_streamablehttp_client
mcp_client_factory = lambda: aws_iam_streamablehttp_client(
endpoint=mcp_url, # The URL of the MCP server
aws_region=region, # The region of the MCP server
aws_service=service # The underlying AWS service, e.g. "bedrock-agentcore"
)
mcp_tools = MCPStreamableHTTPTool(name="MCP Tools", url=mcp_url)
mcp_tools.get_mcp_client = mcp_client_factory
async with mcp_tools:
agent = ChatAgent(tools=[mcp_tools], ...)
Use with: Frameworks that require direct access to the MCP sessions, e.g. LangChain, LlamaIndex. The aws_iam_streamablehttp_client provides the authenticated transport streams, which are then used to create an MCP ClientSession.
Example - LangChain:
from mcp_proxy_for_aws.client import aws_iam_streamablehttp_client
mcp_client = aws_iam_streamablehttp_client(
endpoint=mcp_url, # The URL of the MCP server
aws_region=region, # The region of the MCP server
aws_service=service # The underlying AWS service, e.g. "bedrock-agentcore"
)
async with mcp_client as (read, write, session_id_callback):
async with ClientSession(read, write) as session:
mcp_tools = await load_mcp_tools(session)
agent = create_langchain_agent(tools=mcp_tools, ...)
Example - LlamaIndex:
from mcp_proxy_for_aws.client import aws_iam_streamablehttp_client
mcp_client = aws_iam_streamablehttp_client(
endpoint=mcp_url, # The URL of the MCP server
aws_region=region, # The region of the MCP server
aws_service=service # The underlying AWS service, e.g. "bedrock-agentcore"
)
async with mcp_client as (read, write, session_id_callback):
async with ClientSession(read, write) as session:
mcp_tools = await McpToolSpec(client=session).to_tool_list_async()
agent = ReActAgent(tools=mcp_tools, ...)
export AWS_MCP_PROXY_PROFILES="prod-readonly dev staging" ```
Note:AWS_MCP_PROXY_PROFILEStakes precedence over--profile/AWS_PROFILEwhen set.
MCP Proxy for AWS 是一个用于连接 AI 应用程序到 MCP 服务器的包,提供两种连接方式:使用它作为代理或使用它作为库。它可以作为一个轻量级的客户端桥梁,连接 MCP 客户端(如 Claude Desktop、Kiro CLI)和 MCP 服务器。
如果您想使用 MCP Proxy for AWS 作为代理,则可以连接 MCP 客户端(如 Claude Desktop 或 Kiro CLI)到 MCP 服务器上,使用 IAM 凭证。您还可以将 MCP 服务器添加到您的 AI 助手的配置中,使用命令行工具作为桥梁。
环境依赖与系统要求:Python 3.10+、uv 包管理器和 AWS 凭证配置(通过 AWS CLI)
安装步骤:使用 PyPi 安装、构建 Docker 镜像、设置示例和运行本地示例
使用教程:运行示例、探索完整的工作示例和使用不同的框架(如 LangChain、LlamaIndex 等)
配置参数:MCP 服务器、环境变量和关键参数
工作流 / 模块说明:连接 MCP 服务器、使用 MCP 客户端和解决问题
FAQ 摘要:解决常见问题和疑难杂症
288星活跃项目,解决MCP与AWS集成的关键问题。SigV4认证设计专业,代码质量较好,生态意义重大。
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ Apache 2.0 — 宽松开源协议,可商用,需保留版权声明和 NOTICE 文件,含专利授权条款。
总体来看,mcp-proxy-for-aws MCP工具 是一款质量优秀的MCP工具,在同类工具中具备一定竞争力。AI Skill Hub 将持续追踪其更新动态,建议收藏备用,结合自身场景选择合适时机引入使用。
| 原始名称 | mcp-proxy-for-aws |
| 原始描述 | 开源MCP工具:AWS MCP Proxy Server。⭐288 · Python |
| Topics | AWSMCP协议API代理SigV4认证Python |
| GitHub | https://github.com/aws/mcp-proxy-for-aws |
| License | Apache-2.0 |
| 语言 | Python |
收录时间:2026-05-18 · 更新时间:2026-05-19 · License:Apache-2.0 · AI Skill Hub 不对第三方内容的准确性作法律背书。
选择 Agent 类型,复制安装指令后粘贴到对应客户端