Iam Security Servers Awslabs Mcp Deepwiki

Loading... Loading... Menu - .github/CODEOWNERS - docusaurus/docs/servers/sagemaker-unified-studio-spark-troubleshooting-mcp-server.md - docusaurus/docs/servers/sagemaker-unified-studio-spark-upgrade-mcp-server.md - docusaurus/sidebars.ts - docusaurus/static/assets/server-cards.json - src/aws-bedrock-data-automation-mcp-server/README.md - src/aws-diagram-mcp-server/README.md - src/aws-documentation-mcp-server/README.md - src/aws-support-mcp-server/README.md - src/bedrock-kb-retrieval-mcp-server/README.md - src/cdk-mcp-server/README.md - src/cfn-mcp-server/README.md - src/core-mcp-server/README.md - src/frontend-mcp-server/README.md - src/lambda-tool-mcp-server/README.md - src/mysql-mcp-server/README.md - src/nova-canvas-mcp-server/README.md - src/postgres-mcp-server/awslabs/postgres_mcp_server/connection/cp_api_connection.py - src/postgres-mcp-server/awslabs/postgres_mcp_server/connection/db_connection_map.py - src/postgres-mcp-server/kiro_power/POWER.md - src/postgres-mcp-server/kiro_power/steering/aurora-postgres-mcp.md - src/postgres-mcp-server/kiro_power/steering/aurora-postgres.md - src/postgres-mcp-server/kiro_proj_steering/tech.md - src/sagemaker-unified-studio-spark-troubleshooting-mcp-server/README.md - src/sagemaker-unified-studio-spark-upgrade-mcp-server/README.md - src/terraform-mcp-server/README.md This page documents MCP servers for AWS database services beyond DynamoDB and PostgreSQL.

These servers provide AI assistants with access to specialized database types including relational (MySQL), distributed SQL (Aurora DSQL), document (DocumentDB), graph (Neptune), wide-column (Keyspaces), and time-series (Timestream) databases. For PostgreSQL-specific features, see PostgreSQL MCP Server. For DynamoDB operations, see DynamoDB MCP Server. For data warehousing with Redshift, see Analytics & Data Processing Servers. The MySQL MCP Server (mysql-mcp-server ) provides natural language to SQL query conversion and execution for Aurora MySQL, RDS MySQL, RDS MariaDB, and self-hosted MySQL/MariaDB instances.

The server supports two distinct connection methods: Connection Method 1: RDS Data API (for Aurora MySQL only) - Uses AWS RDS Data API service - No direct network connectivity required - Authentication via AWS credentials - Requires Data API enabled on cluster - Serverless, no connection pooling needed Connection Method 2: Direct MySQL Connection (for all MySQL-compatible databases) - Uses asyncmy Python driver for direct connectivity - Requires network access to database endpoint - Supports Aurora MySQL, RDS MySQL, RDS MariaDB, self-hosted MySQL/MariaDB - Credentials retrieved from AWS Secrets Manager - Standard MySQL wire protocol (port 3306 by default) Sources: src/mysql-mcp-server/README.md1-172 Configuration for Aurora MySQL using the RDS Data API: Key parameters: --resource_arn : Aurora cluster ARN (identifies the database cluster)--secret_arn : AWS Secrets Manager secret containing master credentials--database : Target database name within the cluster--readonly : WhenTrue , only SELECT queries allowed; set toFalse for write access Configuration for direct MySQL connectivity (works with all MySQL-compatible databases): Key parameters: --hostname : Database endpoint address (cluster endpoint, instance endpoint, or self-hosted IP/domain)--port : MySQL port (defaults to 3306, only specify if non-standard)--secret_arn : AWS Secrets Manager secret withusername andpassword keys The --port parameter is optional and defaults to 3306 (the standard MySQL port).

Specify it only when using a non-default port. Sources: src/mysql-mcp-server/README.md42-96 The MySQL MCP Server provides natural language to SQL query conversion and execution: Tool: Natural Language to SQL Query The primary tool converts human-readable questions into structured MySQL SQL queries and executes them against the configured database.

Example conversational inputs: - "How many active users are in the customers table?" - "Show me the top 10 products by revenue" - "What is the average order value for each customer segment?" The server translates these into appropriate SQL queries, executes them, and returns formatted results.

Sources: src/mysql-mcp-server/README.md5-10 The MySQL MCP Server implements several security controls: Credential Management: - Master username and password must be stored in AWS Secrets Manager - Server retrieves credentials at runtime using AWS IAM permissions - No credentials stored in configuration files Access Control: - Read-only mode enabled by default ( --readonly True ) - Explicit opt-in required for write operations ( --readonly False ) - IAM permissions required for RDS Data API access - Network security group rules control direct MySQL access Prerequisites: - Aurora MySQL cluster with Data API enabled (for RDS Data API method) - AWS Secrets Manager secret with database credentials - IAM permissions for Secrets Manager access - IAM permissions for RDS Data API (if using that method) - Network connectivity to database endpoint (for direct connection method) Sources: src/mysql-mcp-server/README.md13-22 src/mysql-mcp-server/README.md159-172 The Aurora DSQL MCP Server (aurora-dsql-mcp-server ) provides access to Amazon Aurora DSQL, a distributed SQL database with PostgreSQL compatibility and strong consistency guarantees.

Key Characteristics: - Distributed SQL: Multi-region active-active replication with strong consistency - PostgreSQL Compatibility: Standard PostgreSQL syntax and drivers - Serverless: Automatic scaling with per-request pricing - High Availability: 99.99% availability SLA with multi-region deployment Sources: docusaurus/static/assets/server-cards.json604-622 Aurora DSQL is designed for: - Multi-region applications requiring strong consistency - Distributed transactions across geographic regions - Applications with variable workload patterns - Systems requiring PostgreSQL compatibility with global distribution Sources: docusaurus/static/assets/server-cards.json604-622 .github/CODEOWNERS29 The DocumentDB MCP Server (documentdb-mcp-server ) provides access to Amazon DocumentDB, a MongoDB-compatible document database service.

MongoDB Compatibility: - Compatible with MongoDB 3.6, 4.0, and 5.0 APIs - Supports standard MongoDB drivers - Query language and aggregation framework compatibility - Document data model with JSON-like documents Sources: docusaurus/static/assets/server-cards.json624-642 .github/CODEOWNERS60 The Neptune MCP Server (amazon-neptune-mcp-server ) provides access to Amazon Neptune, a fully managed graph database supporting both property graph (openCypher, Gremlin) and RDF graph (SPARQL) models.

Supported Query Languages: - openCypher: Declarative query language for property graphs - Pattern matching with ASCII-art syntax: (a)-[:KNOWS]->(b) - Aggregations, filtering, and complex graph patterns - Read and write operations - Pattern matching with ASCII-art syntax: - Gremlin: Imperative graph traversal language - Step-by-step graph traversal - Functional composition of traversal steps - Full CRUD support for vertices and edges Amazon Neptune is optimized for: - Social Networks: Friend relationships, recommendations, influence analysis - Knowledge Graphs: Entity relationships, semantic search, inference - Fraud Detection: Transaction networks, pattern recognition, anomaly detection - Network Topology: Infrastructure mapping, dependency analysis, impact assessment - Recommendation Engines: User-item relationships, collaborative filtering Sources: docusaurus/static/assets/server-cards.json644-663 .github/CODEOWNERS25 The Keyspaces MCP Server (amazon-keyspaces-mcp-server ) provides access to Amazon Keyspaces, a scalable, managed Apache Cassandra-compatible database service.

Cassandra Compatibility: - Compatible with Apache Cassandra Query Language (CQL) 3.11 - Supports standard Cassandra data types - Partition and clustering key definitions - Secondary indexes and materialized views - Lightweight transactions (compare-and-set) Key Concepts: Amazon Keyspaces is optimized for: - High-throughput write workloads (IoT telemetry, clickstream data) - Time-series data with wide rows - Applications requiring millisecond latency at scale - Cassandra migration from on-premises to AWS Sources: docusaurus/static/assets/server-cards.json665-683 .github/CODEOWNERS23 The Timestream for InfluxDB MCP Server (timestream-for-influxdb-mcp-server ) provides access to Amazon Timestream for InfluxDB, a fully managed time-series database with InfluxDB API compatibility.

InfluxDB Compatibility: - Compatible with InfluxDB 2.x APIs - Line Protocol for high-performance writes - Flux query language for complex time-series analysis - Bucket and organization model - Task scheduling for continuous queries The InfluxDB data model consists of: - Measurements: Named containers for time-series data (e.g., temperature ,cpu_usage ) - Tags: Indexed string key-value pairs for metadata (e.g., region=us-east-1 ,host=server-01 ) - Fields: Non-indexed key-value pairs storing actual measurements (e.g., value=72.5 ,count=42 ) - Timestamps: Nanosecond-precision timestamps for each data point Example Data Point: temperature,region=us-east-1,host=server-01 value=72.5 1609459200000000000 - Measurement: temperature - Tags: region=us-east-1 ,host=server-01 - Field: value=72.5 - Timestamp: 1609459200000000000 (nanoseconds) Timestream for InfluxDB is designed for: - IoT Telemetry: Device metrics, sensor readings, operational data - Application Monitoring: Performance metrics, resource utilization, error rates - DevOps Metrics: Infrastructure monitoring, log aggregation, alerting - Real-Time Analytics: Streaming data analysis, anomaly detection, forecasting Sources: docusaurus/static/assets/server-cards.json685-703 .github/CODEOWNERS86 All database MCP servers in this category share common configuration patterns: Common Environment Variables: Standard Installation Pattern: All servers use the uvx command with the pattern: uvx awslabs.<server-name>@latest Where <server-name> corresponds to: mysql-mcp-server aurora-dsql-mcp-server documentdb-mcp-server amazon-neptune-mcp-server amazon-keyspaces-mcp-server timestream-for-influxdb-mcp-server Sources: src/mysql-mcp-server/README.md42-66 src/aws-documentation-mcp-server/README.md23-45 Credential Management: - Store database credentials in AWS Secrets Manager (required for MySQL, recommended for others) - Use IAM roles with least-privilege permissions - Rotate credentials regularly - Never embed credentials in configuration files Network Security: - Use VPC security groups to restrict database access - Enable encryption in transit (TLS/SSL) - Enable encryption at rest for data storage - Use VPC endpoints for AWS service access when available Access Control: - Enable read-only mode by default where available - Require explicit confirmation for write operations - Use database-level access controls (users, roles, permissions) - Monitor database access via AWS CloudTrail and database audit logs Sources: src/mysql-mcp-server/README.md159-172 Decision Criteria: Refresh this wiki - Other Database Servers - Purpose and Scope - MySQL MCP Server - Connection Architecture - Configuration Examples - RDS Data API Configuration - Direct MySQL Connection Configuration - Features and Tools - Security Considerations - Aurora DSQL MCP Server - Overview - Configuration - Use Cases - DocumentDB MCP Server - Architecture - Features - Configuration - Neptune MCP Server - Query Language Support - Graph Use Cases - Configuration - Keyspaces MCP Server - Cassandra Compatibility - Wide-Column Data Model - Configuration - Use Cases - Timestream for InfluxDB MCP Server - Time-Series Architecture - Time-Series Data Model - Configuration - Use Cases - Common Configuration Patterns - Cross-Server Configuration Elements - Security Best Practices - Database Selection Guide - Choosing the Right Database Server

People Also Asked

• IAM & Security Servers | awslabs/mcp | DeepWiki
• AWS IAM MCP Server | Welcome to Open Source MCP Servers for AWS
• Understanding IAM for Managed AWS MCP Servers | AWS Security Blog
• mcp/src/iam-mcp-server at main · awslabs/mcp · GitHub
• awslabs.iam-mcp-server · PyPI