Amazon Q Business anonymous MCP Server
AWS Labs Amazon Q Business anonymous mode MCP Server
An AWS Labs Model Context Protocol (MCP) server for Amazon Q Business anonymous mode application. This is a simple MCP server for Amazon Q Business, and it supports Amazon Q Business application created using anonymous mode access. Use this MCP server to query the Amazon Q Business application created using anonymous mode to get responses based on the content you have ingested in it.
Features
- You can use this MCP server from your local machine
- Query Amazon Q Business application created using anonymous mode to get responses based on the content you have ingested in it.
Prerequisites
- Sign up for an AWS account
- Create an Amazon Q Business application using anonynmous mode
- Install
uv
from Astral or the GitHub README - Install Python using
uv python install 3.10
Tools
QBusinessQueryTool
- The QBusinessQueryTool takes the query specified by the user and queries the Amazon Q Business application to get a response.
- Required parameter: query(str)
- Example:
Can you get me the details of the ACME project? Use the QBusinessQueryTool to get the context.
. Note that in this case the details of the ACME are required to be ingested to the underlying Amazon Q Business application created using anonymous mode.
Setup
IAM Configuration
- Provision a user in your AWS account IAM
- Attach a policy that contains at a minimum the
qbusiness:ChatSync
permission. Always follow the principal or least privilege when granting users permissions. See the documentation for more information on IAM permissions for Amazon Q Business. - Use
aws configure
on your environment to configure the credentials (access ID and access key)
Installation
Cursor | VS Code |
---|---|
Configure the MCP server in your MCP client configuration (e.g., for Amazon Q Developer CLI, edit ~/.aws/amazonq/mcp.json ): |
{
"mcpServers": {
"awslabs.amazon-qbusiness-anonymous-mcp-server": {
"command": "uvx",
"args": ["awslabs.qbusiness-anonymous-mcp-server"],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR",
"QBUSINESS_APPLICATION_ID": "[Your Amazon Q Business application id]",
"AWS_PROFILE": "[Your AWS Profile Name]",
"AWS_REGION": "[Region where your Amazon Q Business application resides]"
},
"disabled": false,
"autoApprove": []
}
}
}
or docker after a successful docker build -t awslabs/amazon-kendra-index-mcp-server.
:
# fictitious `.env` file with AWS temporary credentials
AWS_ACCESS_KEY_ID=<from the profile you set up>
AWS_SECRET_ACCESS_KEY=<from the profile you set up>
AWS_SESSION_TOKEN=<from the profile you set up>
{
"mcpServers": {
"awslabs.amazon-qbusiness-anonymous-mcp-server": {
"command": "docker",
"args": [
"run",
"--rm",
"--interactive",
"--env-file",
"/full/path/to/file/above/.env",
"awslabs/amazon-qbusiness-anonymous-mcp-server:latest"
],
"env": {},
"disabled": false,
"autoApprove": []
}
}
}
NOTE: Your credentials will need to be kept refreshed from your host
Best Practices
- Follow the principle of least privilege when setting up IAM permissions
- Use separate AWS profiles for different environments (dev, test, prod)
- Monitor broker metrics and logs for performance and issues
- Implement proper error handling in your client applications
Security Considerations
When using this MCP server, consider:
- This MCP server needs permissions to use conversation APIs with your Amazon Q Business application created in anonymous mode.
- This MCP server cannot create, modify, or delete resources in your account
Troubleshooting
- If you encounter permission errors, verify your IAM user has the correct policies attached
- For connection issues, check network configurations and security groups
- If resource modification fails with a tag validation error, it means the resource was not created by the MCP server
- For general Amazon Q Business issues, consult the Amazon Q Business user guide
Version
Current MCP server version: 0.0.0