mcp-proxy-for-aws

Provides an MCP proxy server and a Python client library that connect MCP clients/frameworks to MCP servers running on AWS that require AWS IAM (SigV4) authentication, by signing MCP/HTTP requests using local AWS credentials.

Evaluated Mar 30, 2026 (21d ago)
Repo ↗ API Gateway mcp aws sigv4 iam proxy python agent-integration
⚙ Agent Friendliness
59
/ 100
Can an agent use this?
🔒 Security
69
/ 100
Is it safe for agents?
⚡ Reliability
34
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
60
Documentation
70
Error Messages
0
Auth Simplicity
80
Rate Limits
20

🔒 Security

TLS Enforcement
70
Auth Strength
85
Scope Granularity
40
Dep. Hygiene
70
Secret Handling
75

Uses SigV4 signing with AWS credentials (strong cryptographic auth) but scope granularity is largely determined by IAM permissions of the credentials you provide. Proxy requires access to AWS secrets/role credentials locally; avoid logging them and ensure least-privilege IAM policies. README indicates credentials can come from environment variables or profiles; secure secret handling practices depend on runtime configuration.

⚡ Reliability

Uptime/SLA
0
Version Stability
55
Breaking Changes
40
Error Recovery
40
AF Security Reliability

Best When

You need MCP tool access to AWS-hosted services where authentication is via AWS IAM SigV4 and your MCP client/framework cannot natively sign requests.

Avoid When

You cannot provide AWS credentials securely (or cannot restrict them via IAM) and you require strict auditability of every request without local credential usage.

Use Cases

  • Connect MCP clients (e.g., Claude Desktop, Kiro CLI) to AWS-hosted MCP servers that use SigV4/IAM auth
  • Programmatically integrate IAM-secured MCP servers into Python agent frameworks (LangChain, LlamaIndex, etc.)
  • Avoid implementing SigV4 signing logic in MCP client tooling

Not For

  • MCP servers that use OAuth-based authentication without AWS IAM/SigV4
  • Environments that do not have valid AWS credentials/permissions available to the proxy/library

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
Yes
Webhooks
No

Authentication

Methods: AWS IAM SigV4 (via local AWS credentials)
OAuth: No Scopes: No

Auth is handled by signing upstream MCP requests using AWS credentials sourced from AWS CLI/profile, environment variables, or IAM roles.

Pricing

Free tier: No
Requires CC: No

No pricing information provided; costs (if any) are likely limited to your own AWS usage for the upstream MCP server.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Proxy behavior depends on correct AWS credentials/region/service inference; misconfiguration may lead to auth/signing failures.
  • If using Cline, README warns against using --log-level because Cline scans stderr for the word 'error'.

Alternatives

Build a custom MCP client/transport that performs SigV4 signing directly Use or implement an OAuth-capable MCP layer if the AWS MCP server supports switching auth modes Place an authenticated reverse proxy in front of the AWS MCP server that handles SigV4

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-proxy-for-aws.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered