{"id":"ran-isenberg-aws-lambda-mcp-cookbook","name":"aws-lambda-mcp-cookbook","homepage":"https://ran-isenberg.github.io/aws-lambda-mcp-cookbook/","repo_url":"https://github.com/ran-isenberg/aws-lambda-mcp-cookbook","category":"devtools","subcategories":[],"tags":["aws","lambda","mcp","fastmcp","serverless","cdk","api-gateway","python","iac","ci-cd","observability"],"what_it_does":"Blueprint to deploy a production-ready MCP server on AWS Lambda using API Gateway. Provides two variants: (1) a native/pure Lambda JSON-RPC-over-HTTP approach for simple MCP tool use, and (2) an AWS Lambda Web Adapter + FastMCP approach aligned with the official MCP protocol (including OAuth-based auth). Includes AWS CDK infrastructure, CI/CD, tests, and observability best practices.","use_cases":["Rapidly bootstrapping an AWS-hosted MCP server (tool-oriented or full service)","Using AWS CDK + CI/CD to deploy an MCP endpoint at /mcp (POST)","Serving MCP tools/resources/prompts via FastMCP on Lambda","Reference implementation for Lambda resilience, logging/metrics/tracing, and input validation","Learning how to secure and monitor a serverless MCP endpoint (API GW + WAF + observability)"],"not_for":["High-throughput streaming MCP over HTTP (the README calls out non-streamable JSON-RPC over HTTP for the pure Lambda option)","Use cases requiring a managed hosted MCP SaaS (this is an infrastructure/code blueprint)","Scenarios where detailed, published API error contract and rate-limit headers are required for client automation (not described in provided README)"],"best_when":"You want a deployable reference architecture for an AWS Lambda-hosted MCP server, including infrastructure, observability, and CI/CD, and you can adapt it to your tools/resources/prompts.","avoid_when":"You need fully specified client contracts (OpenAPI/REST error codes, rate-limit details, idempotency guarantees) beyond what’s documented here, or you need strict MCP protocol completeness without choosing the FastMCP variant.","alternatives":["AWS sample MCP Lambda handler (linked in README)","FastMCP deployed behind other serverless HTTP platforms (e.g., containers/managed runtimes)","General AWS API Gateway + Lambda pattern with an MCP library of your choice","Dedicated MCP hosting solutions (if you want a managed service rather than a blueprint)"],"af_score":53.5,"security_score":62.8,"reliability_score":43.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:44:05.094392+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":["Python"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Custom authentication code (pure Lambda option; described as possible with custom auth)","OAuth (FastMCP variant: described as having native auth mechanism with OAuth)"],"oauth":true,"scopes":false,"notes":"README indicates OAuth for the FastMCP/AWS web adapter path. The pure Lambda path suggests custom authentication code and WAF, but does not specify concrete auth scheme, header names, or scope model in the provided text."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing/hosted usage model described; it is a code blueprint running on AWS (costs depend on your AWS usage)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":53.5,"security_score":62.8,"reliability_score":43.8,"mcp_server_quality":78.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":65.0,"rate_limit_clarity":20.0,"tls_enforcement":90.0,"auth_strength":70.0,"scope_granularity":40.0,"dependency_hygiene":55.0,"secret_handling":55.0,"security_notes":"README mentions production API protection with AWS WAF (four AWS managed rules) and observability tooling. Session context storage in DynamoDB is called out as having a security issue: it advises that session IDs must be matched to a user. The provided content does not specify how secrets are managed or what IAM policies/secret storage mechanism is used, nor does it detail auth scopes/claims granularity.","uptime_documented":20.0,"version_stability":50.0,"breaking_changes_history":50.0,"error_recovery":55.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Two MCP implementations exist: pure Lambda has limited MCP protocol support (tools only) vs FastMCP for full services—agents should target the correct variant.","Native/pure Lambda uses JSON-RPC over HTTP (non-streamable) via API Gateway body payload; streaming expectations may not match MCP client behavior."]}}