Skip to main content

Amazon Q Business anonymous MCP Server

AWS Labs Amazon Q Business anonymous mode MCP Server

An AWS Labs Model Context Protocol (MCP) server for Amazon Q Business anonymous mode application. This is a simple MCP server for Amazon Q Business, and it supports Amazon Q Business application created using anonymous mode access. Use this MCP server to query the Amazon Q Business application created using anonymous mode to get responses based on the content you have ingested in it.

Features

  • You can use this MCP server from your local machine
  • Query Amazon Q Business application created using anonymous mode to get responses based on the content you have ingested in it.

Prerequisites

  1. Sign up for an AWS account
  2. Create an Amazon Q Business application using anonynmous mode
  3. Install uv from Astral or the GitHub README
  4. Install Python using uv python install 3.10

Tools

QBusinessQueryTool

  • The QBusinessQueryTool takes the query specified by the user and queries the Amazon Q Business application to get a response.
  • Required parameter: query(str)
  • Example:
    • Can you get me the details of the ACME project? Use the QBusinessQueryTool to get the context.. Note that in this case the details of the ACME are required to be ingested to the underlying Amazon Q Business application created using anonymous mode.

Setup

IAM Configuration

  1. Provision a user in your AWS account IAM
  2. Attach a policy that contains at a minimum the qbusiness:ChatSync permission. Always follow the principal or least privilege when granting users permissions. See the documentation for more information on IAM permissions for Amazon Q Business.
  3. Use aws configure on your environment to configure the credentials (access ID and access key)

Installation

CursorVS Code
Install MCP ServerInstall on VS Code
Configure the MCP server in your MCP client configuration (e.g., for Amazon Q Developer CLI, edit ~/.aws/amazonq/mcp.json):
{
"mcpServers": {
"awslabs.amazon-qbusiness-anonymous-mcp-server": {
"command": "uvx",
"args": ["awslabs.qbusiness-anonymous-mcp-server"],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR",
"QBUSINESS_APPLICATION_ID": "[Your Amazon Q Business application id]",
"AWS_PROFILE": "[Your AWS Profile Name]",
"AWS_REGION": "[Region where your Amazon Q Business application resides]"
},
"disabled": false,
"autoApprove": []
}
}
}

or docker after a successful docker build -t awslabs/amazon-kendra-index-mcp-server.:

# fictitious `.env` file with AWS temporary credentials
AWS_ACCESS_KEY_ID=<from the profile you set up>
AWS_SECRET_ACCESS_KEY=<from the profile you set up>
AWS_SESSION_TOKEN=<from the profile you set up>
  {
"mcpServers": {
"awslabs.amazon-qbusiness-anonymous-mcp-server": {
"command": "docker",
"args": [
"run",
"--rm",
"--interactive",
"--env-file",
"/full/path/to/file/above/.env",
"awslabs/amazon-qbusiness-anonymous-mcp-server:latest"
],
"env": {},
"disabled": false,
"autoApprove": []
}
}
}

NOTE: Your credentials will need to be kept refreshed from your host

Best Practices

  • Follow the principle of least privilege when setting up IAM permissions
  • Use separate AWS profiles for different environments (dev, test, prod)
  • Monitor broker metrics and logs for performance and issues
  • Implement proper error handling in your client applications

Security Considerations

When using this MCP server, consider:

  • This MCP server needs permissions to use conversation APIs with your Amazon Q Business application created in anonymous mode.
  • This MCP server cannot create, modify, or delete resources in your account

Troubleshooting

  • If you encounter permission errors, verify your IAM user has the correct policies attached
  • For connection issues, check network configurations and security groups
  • If resource modification fails with a tag validation error, it means the resource was not created by the MCP server
  • For general Amazon Q Business issues, consult the Amazon Q Business user guide

Version

Current MCP server version: 0.0.0