awslabs.s3-tables-mcp-server 0.0.21

An AWS Labs Model Context Protocol (MCP) server for awslabs.s3-tables-mcp-server

AWS S3 Tables MCP Server

⚠️ IMPORTANT: YOU ARE RESPONSIBLE FOR YOUR AGENTS

You are solely responsible for the actions and permissions of agents using the MCP server.

• By default, the MCP server operates in read-only mode.
• To enable write access, you must explicitly configure the MCP with the necessary IAM permissions and use "--allow-write" flag to enable create and append operations on S3 Tables using the MCP server.
• Always follow the principle of least privilege—grant only the permissions necessary for the agent to function.
• If enabling write operations, we recommend you take a backup of your data and carefully validate any instructions generated by your LLM before execution.
• With AWS S3 Tables MCP Server, we recommend exercising caution when integrating it into automated workflows.

Misconfigured permissions or unverified agent actions may result in data loss, failed operations, or unexpected LLM behavior.

An AWS Labs Model Context Protocol (MCP) server for AWS S3 Tables that enables AI assistants to interact with S3-based table storage.

Overview

The S3 Tables MCP Server simplifies the management of S3-based tables by providing capabilities to create and query tables, generate tables directly from CSV files uploaded to S3, and access metadata through the S3 Metadata Table. This allows for streamlined data operations and easier integration with S3-stored datasets.

Features

• Table Bucket Management: Create and list S3 Table Buckets to organize your tabular data at scale. (No delete or update operations supported.)
• Namespace Management: Define and list namespaces within table buckets for logical data separation and organization. (No delete or update operations supported.)
• Table Management: Create, rename, and list individual tables within namespaces for flexible data modeling. (No delete or general update operations; only renaming is supported.)
• Maintenance Configuration: Retrieve maintenance settings for tables and buckets. (Read-only; no update or delete.)
• Policy Management: Access resource policies for tables and buckets to control access and security. (Read-only; no update or delete.)
• Metadata Management: View detailed table metadata, including schema and storage information. Metadata file can be updated.
• Read-Only Mode: Enable an optional security mode that restricts all operations to read-only, preventing any modifications.
• SQL Query Support: Run read-only SQL queries directly against S3 Tables for seamless data analysis and reporting. For write operations, only appending new data (inserts) is supported; updates and deletes via SQL are not available.
• CSV to Table Conversion: Automatically create S3 Tables from CSV files uploaded to S3, streamlining data ingestion and onboarding. (No delete or update of tables via this operation.)
• Metadata Discovery: Discover and access comprehensive bucket metadata through the S3 Metadata Table for enhanced data governance and cataloging. (Read-only.)

Prerequisites

1. Install uv from Astral or the GitHub README
2. Install Python using uv python install 3.10
3. Set up AWS credentials with access to AWS services
   • You need an AWS account with appropriate permissions
   • Configure AWS credentials with aws configure or environment variables

Setup

Installation

Kiro	Cursor	VS Code

Configure the MCP server in your MCP client configuration (e.g., for Kiro, edit ~/.kiro/settings/mcp.json):

{
  "mcpServers": {
    "awslabs.s3-tables-mcp-server": {
      "command": "uvx",
      "args": ["awslabs.s3-tables-mcp-server@latest"],
      "env": {
        "AWS_PROFILE": "your-aws-profile",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

Windows Installation

For Windows users, the MCP server configuration format is slightly different:

{
  "mcpServers": {
    "awslabs.s3-tables-mcp-server": {
      "disabled": false,
      "timeout": 60,
      "type": "stdio",
      "command": "uv",
      "args": [
        "tool",
        "run",
        "--from",
        "awslabs.s3-tables-mcp-server@latest",
        "awslabs.s3-tables-mcp-server.exe"
      ],
      "env": {
        "FASTMCP_LOG_LEVEL": "ERROR",
        "AWS_PROFILE": "your-aws-profile",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

or docker after a successful docker build -t awslabs/s3-tables-mcp-server.:

# fictitious `.env` file with AWS temporary credentials
AWS_ACCESS_KEY_ID=<from the profile you set up>
AWS_SECRET_ACCESS_KEY=<from the profile you set up>
AWS_SESSION_TOKEN=<from the profile you set up>

{
  "mcpServers": {
    "awslabs.s3-tables-mcp-server": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "--interactive",
        "--env-file",
        "/full/path/to/file/above/.env",
        "awslabs/s3-tables-mcp-server:latest"
      ],
      "env": {},
      "disabled": false,
      "autoApprove": []
    }
  }
}

Server Configuration Options

The AWS S3 Tables MCP Server supports several command-line arguments that can be used to configure its behavior:

--allow-write

Enables tools that create or modify resources in the user's AWS account. When this flag is not enabled, the server runs in read-only mode that only allows read operations. This enhances security by preventing any modifications to the tables. In read-only mode:

• Read operations (list_table_buckets, list_namespaces, list_tables) work normally
• Write operations (create_table_bucket, delete_table_bucket, append data, etc.) are blocked and return a permission error

This mode is particularly useful for:

• Demonstration environments
• Security-sensitive applications
• Integration with public-facing AI assistants
• Protecting production tables from unintended modifications

Example:

{
  "mcpServers": {
    "awslabs.s3-tables-mcp-server": {
      "command": "uvx",
      "args": [
        "awslabs.s3-tables-mcp-server@latest",
        "--allow-write"
      ],
      "env": {
        "AWS_PROFILE": "your-aws-profile",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

--log-dir

Specifies the directory where the server writes its log files. If not provided, the default log directory depends on the operating system:

• macOS: ~/Library/Logs
• Windows: ~/AppData/Local/Logs
• Linux/Other: ~/.local/share/s3-tables-mcp-server/logs/

You can override the default by providing the --log-dir flag with a custom path. Example:

{
  "mcpServers": {
    "awslabs.s3-tables-mcp-server": {
      "command": "uvx",
      "args": [
        "awslabs.s3-tables-mcp-server@latest",
        "--log-dir",
        "/tmp/s3-tables-logs"
      ],
      "env": {
        "AWS_PROFILE": "your-aws-profile",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

Usage Examples

Prompt	Description
Query all available metadata about test-bucket	Retrieves comprehensive metadata information for a specific table bucket, including namespaces, tables, and configuration details
Find top 3 customers by spending in the transactions table	Executes a SQL query to analyze customer transaction data and identify the highest-spending customers
Create a table bucket with name hello-world	Creates a new S3 Tables bucket for organizing and managing table data with the specified name
Create an s3 table from s3://my-bucket/data.csv	Automatically generates an S3 Table from an existing CSV file in S3, enabling immediate querying and analysis of the data
List all tables in the sales namespace	Displays all available tables within a specific namespace for data discovery and exploration
Show the schema for customer_data table	Retrieves the table structure and column definitions to understand the data format and types
Run a query to find monthly revenue trends	Performs data analysis using read-only SQL queries to extract business insights from stored table data. For write operations, only appending new data (inserts) is supported; updates and deletes are not available via SQL.

Using Kiro with S3 Tables MCP Server

Kiro can provide better answers and code suggestions when it has additional context. To enhance Kiro's understanding of S3 Tables, you can add the provided context file to your Kiro environment.

How to Add Context to Kiro CLI

1. Download the CONTEXT.md file

   • Download the CONTEXT.md file from the GitHub repository for this project.

2. Start Kiro CLI

   • Run the following command to start a chat session with Kiro:

     kiro-cli chat
     

3. Add the Context File

   • In the Kiro chat, run:

     /context add <path>/CONTEXT.md
     

   • Replace <path> with the actual path to where you downloaded CONTEXT.md.

Now, Kiro CLI will have improved context about S3 Tables and can provide more relevant answers.

Security Considerations

When using this MCP server, consider:

• The MCP server needs permissions to create and manage AWS S3 Tables resources
• Resource creation is disabled by default, enable it by setting the --allow-write flag
• Follow the principle of least privilege when setting up IAM permissions
• Use separate AWS profiles for different environments (dev, test, prod)

Troubleshooting

• If you encounter permission errors, verify your IAM user has the correct policies attached
• For connection issues, check network configurations and security groups
• For general AWS S3 Tables issues, consult the AWS S3 Tables documentation