aws-lambda-mcp-cookbook
Blueprint to deploy a production-ready MCP server on AWS Lambda using API Gateway. Provides two variants: (1) a native/pure Lambda JSON-RPC-over-HTTP approach for simple MCP tool use, and (2) an AWS Lambda Web Adapter + FastMCP approach aligned with the official MCP protocol (including OAuth-based auth). Includes AWS CDK infrastructure, CI/CD, tests, and observability best practices.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
README mentions production API protection with AWS WAF (four AWS managed rules) and observability tooling. Session context storage in DynamoDB is called out as having a security issue: it advises that session IDs must be matched to a user. The provided content does not specify how secrets are managed or what IAM policies/secret storage mechanism is used, nor does it detail auth scopes/claims granularity.
⚡ Reliability
Best When
You want a deployable reference architecture for an AWS Lambda-hosted MCP server, including infrastructure, observability, and CI/CD, and you can adapt it to your tools/resources/prompts.
Avoid When
You need fully specified client contracts (OpenAPI/REST error codes, rate-limit details, idempotency guarantees) beyond what’s documented here, or you need strict MCP protocol completeness without choosing the FastMCP variant.
Use Cases
- • Rapidly bootstrapping an AWS-hosted MCP server (tool-oriented or full service)
- • Using AWS CDK + CI/CD to deploy an MCP endpoint at /mcp (POST)
- • Serving MCP tools/resources/prompts via FastMCP on Lambda
- • Reference implementation for Lambda resilience, logging/metrics/tracing, and input validation
- • Learning how to secure and monitor a serverless MCP endpoint (API GW + WAF + observability)
Not For
- • High-throughput streaming MCP over HTTP (the README calls out non-streamable JSON-RPC over HTTP for the pure Lambda option)
- • Use cases requiring a managed hosted MCP SaaS (this is an infrastructure/code blueprint)
- • Scenarios where detailed, published API error contract and rate-limit headers are required for client automation (not described in provided README)
Interface
Authentication
README indicates OAuth for the FastMCP/AWS web adapter path. The pure Lambda path suggests custom authentication code and WAF, but does not specify concrete auth scheme, header names, or scope model in the provided text.
Pricing
No pricing/hosted usage model described; it is a code blueprint running on AWS (costs depend on your AWS usage).
Agent Metadata
Known Gotchas
- ⚠ Two MCP implementations exist: pure Lambda has limited MCP protocol support (tools only) vs FastMCP for full services—agents should target the correct variant.
- ⚠ Native/pure Lambda uses JSON-RPC over HTTP (non-streamable) via API Gateway body payload; streaming expectations may not match MCP client behavior.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for aws-lambda-mcp-cookbook.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.