Amazon Q Business anonymous MCP Server
AWS Labs Amazon Q Business anonymous mode MCP Server
An AWS Labs Model Context Protocol (MCP) server for Amazon Q Business anonymous mode application. This is a simple MCP server for Amazon Q Business, and it supports Amazon Q Business application created using anonymous mode access. Use this MCP server to query the Amazon Q Business application created using anonymous mode to get responses based on the content you have ingested in it.
Features
- You can use this MCP server from your local machine
- Query Amazon Q Business application created using anonymous mode to get responses based on the content you have ingested in it.
Prerequisites
- Sign up for an AWS account
- Create an Amazon Q Business application using anonynmous mode
- Install
uvfrom Astral or the GitHub README - Install Python using
uv python install 3.10
Tools
QBusinessQueryTool
- The QBusinessQueryTool takes the query specified by the user and queries the Amazon Q Business application to get a response.
- Required parameter: query(str)
- Example:
Can you get me the details of the ACME project? Use the QBusinessQueryTool to get the context.. Note that in this case the details of the ACME are required to be ingested to the underlying Amazon Q Business application created using anonymous mode.
Setup
IAM Configuration
- Provision a user in your AWS account IAM
- Attach a policy that contains at a minimum the
qbusiness:ChatSyncpermission. Always follow the principal or least privilege when granting users permissions. See the documentation for more information on IAM permissions for Amazon Q Business. - Use
aws configureon your environment to configure the credentials (access ID and access key)
Installation
| Cursor | VS Code |
|---|---|
 |  |
Configure the MCP server in your MCP client configuration (e.g., for Amazon Q Developer CLI, edit ~/.aws/amazonq/mcp.json): |
{
"mcpServers": {
"awslabs.amazon-qbusiness-anonymous-mcp-server": {
"command": "uvx",
"args": ["awslabs.qbusiness-anonymous-mcp-server"],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR",
"QBUSINESS_APPLICATION_ID": "[Your Amazon Q Business application id]",
"AWS_PROFILE": "[Your AWS Profile Name]",
"AWS_REGION": "[Region where your Amazon Q Business application resides]"
},
"disabled": false,
"autoApprove": []
}
}
}
Windows Installation
For Windows users, the MCP server configuration format is slightly different:
{
"mcpServers": {
"awslabs.amazon-qbusiness-anonymous-mcp-server": {
"disabled": false,
"timeout": 60,
"type": "stdio",
"command": "uv",
"args": [
"tool",
"run",
"--from",
"awslabs.amazon-qbusiness-anonymous-mcp-server@latest",
"awslabs.amazon-qbusiness-anonymous-mcp-server.exe"
],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR",
"QBUSINESS_APPLICATION_ID": "[Your Amazon Q Business application id]",
"AWS_PROFILE": "[Your AWS Profile Name]",
"AWS_REGION": "[Region where your Amazon Q Business application resides]"
},
}
}
}
or docker after a successful docker build -t awslabs/amazon-kendra-index-mcp-server.:
# fictitious `.env` file with AWS temporary credentials
AWS_ACCESS_KEY_ID=<from the profile you set up>
AWS_SECRET_ACCESS_KEY=<from the profile you set up>
AWS_SESSION_TOKEN=<from the profile you set up>
{
"mcpServers": {
"awslabs.amazon-qbusiness-anonymous-mcp-server": {
"command": "docker",
"args": [
"run",
"--rm",
"--interactive",
"--env-file",
"/full/path/to/file/above/.env",
"awslabs/amazon-qbusiness-anonymous-mcp-server:latest"
],
"env": {},
"disabled": false,
"autoApprove": []
}
}
}
NOTE: Your credentials will need to be kept refreshed from your host
Best Practices
- Follow the principle of least privilege when setting up IAM permissions
- Use separate AWS profiles for different environments (dev, test, prod)
- Monitor broker metrics and logs for performance and issues
- Implement proper error handling in your client applications
Security Considerations
When using this MCP server, consider:
- This MCP server needs permissions to use conversation APIs with your Amazon Q Business application created in anonymous mode.
- This MCP server cannot create, modify, or delete resources in your account
Troubleshooting
- If you encounter permission errors, verify your IAM user has the correct policies attached
- For connection issues, check network configurations and security groups
- If resource modification fails with a tag validation error, it means the resource was not created by the MCP server
- For general Amazon Q Business issues, consult the Amazon Q Business user guide
Version
Current MCP server version: 0.0.0