AWS MSK MCP Server
AWS Labs aws-msk MCP Server
An AWS Labs Model Context Protocol (MCP) server for Amazon Managed Streaming for Kafka (MSK).
Overview
The AWS MSK MCP Server provides a set of tools for interacting with Amazon MSK through the Model Context Protocol. It enables AI assistants to manage, monitor, and optimize Amazon MSK clusters by providing structured access to MSK APIs.
Features
- Cluster Management: Create, describe, and update MSK clusters (both provisioned and serverless)
- Configuration Management: Create and manage MSK configurations
- VPC Connection Management: Create, describe, and manage VPC connections
- Monitoring and Telemetry: Access cluster metrics, logs, and operational data
- Security Management: Configure authentication, encryption, and access policies
- Best Practices: Get recommendations for cluster sizing, configuration, and performance optimization
- Read-Only Mode: Server runs in write mode by default, switch to read-only to protect against accidental modifications
Tools
Cluster Operations
- describe_cluster_operation: Gets information about a specific cluster operation
- get_cluster_info: Retrieves various types of information about MSK clusters
- get_global_info: Gets global information about MSK resources
- create_cluster: Creates a new MSK cluster (provisioned or serverless)
- update_broker_storage: Updates storage size of brokers
- update_broker_type: Updates broker instance type
- update_broker_count: Updates number of brokers in a cluster
- update_cluster_configuration: Updates configuration of a cluster
- update_monitoring: Updates monitoring settings
- update_security: Updates security settings
- reboot_broker: Reboots brokers in a cluster
Configuration Operations
- get_configuration_info: Gets information about MSK configurations
- create_configuration: Creates a new MSK configuration
- update_configuration: Updates an existing configuration
VPC Operations
- describe_vpc_connection: Gets information about a VPC connection
- create_vpc_connection: Creates a new VPC connection
- delete_vpc_connection: Deletes a VPC connection
- reject_client_vpc_connection: Rejects a client VPC connection request
Security Operations
- put_cluster_policy: Puts a resource policy on a cluster
- associate_scram_secret: Associates SCRAM secrets with a cluster
- disassociate_scram_secret: Disassociates SCRAM secrets from a cluster
- list_tags_for_resource: Lists all tags for an MSK resource
- tag_resource: Adds tags to an MSK resource
- untag_resource: Removes tags from an MSK resource
- list_customer_iam_access: Lists IAM access information for a cluster
Monitoring and Best Practices
- get_cluster_telemetry: Retrieves telemetry data for MSK clusters
- get_cluster_best_practices: Gets best practices and recommendations for MSK clusters
Usage
This MCP server can be used by AI assistants to help users manage their Amazon MSK resources. It provides structured access to MSK APIs, making it easier for AI to understand and interact with MSK clusters.
Prerequisites
- Install
uv
from Astral or the GitHub README - Install Python using
uv python install 3.10
- Set up AWS credentials with access to AWS services
- You need an AWS account with appropriate permissions
- Configure AWS credentials with profile name 'default' with
aws configure
or environment variables
Installation
Cursor | VS Code |
---|---|
To use this MCP server with your MCP client, add the following configuration to your MCP client settings:
"awslabs.aws-msk-mcp-server": {
"command": "uvx",
"args": [
"awslabs.aws-msk-mcp-server@latest",
"--allow-writes"
],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR"
},
"disabled": false,
"autoApprove": []
}
Windows Installation
For Windows users, the MCP server configuration format is slightly different:
{
"mcpServers": {
"awslabs.aws-msk-mcp-server": {
"disabled": false,
"timeout": 60,
"type": "stdio",
"command": "uv",
"args": [
"tool",
"run",
"--from",
"awslabs.aws-msk-mcp-server@latest",
"awslabs.aws-msk-mcp-server.exe"
],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR",
"AWS_PROFILE": "your-aws-profile",
"AWS_REGION": "us-east-1"
}
}
}
}
Alternatively, you can use the MCP Inspector to test the server:
npx @modelcontextprotocol/inspector \
uv \
--directory <absolute path to your server code> \
run \
server.py
AWS Credentials
The server requires AWS credentials to access MSK resources. These can be provided through:
- Environment variables (
AWS_ACCESS_KEY_ID
,AWS_SECRET_ACCESS_KEY
,AWS_SESSION_TOKEN
) - AWS credentials file (
~/.aws/credentials
) - IAM roles for Amazon EC2 or ECS tasks
Server Configuration Options
--allow-writes
By default, the MSK MCP server runs in write mode.
To disable write operations, remove the --allow-writes
parameter to your MCP client configuration:
"args": [
"--directory",
"<absolute path to your server code>",
"run",
"server.py"
//Removed "--allow-writes"
]
In this mode, only read operations (tools in directories prefixed with "read_") and utility tools are available. Write operations (tools in directories prefixed with "mutate_") are disabled.
Region Selection
Most tools require specifying an AWS region. The server will prompt for a region if one is not provided.
Example Use Cases
- Creating and configuring new MSK clusters
- Monitoring cluster performance and health
- Implementing best practices for MSK clusters
- Managing security and access controls
- Troubleshooting cluster issues