Skip to main content

AWS MSK MCP Server

AWS Labs aws-msk MCP Server

An AWS Labs Model Context Protocol (MCP) server for Amazon Managed Streaming for Kafka (MSK).

Overview

The AWS MSK MCP Server provides a set of tools for interacting with Amazon MSK through the Model Context Protocol. It enables AI assistants to manage, monitor, and optimize Amazon MSK clusters by providing structured access to MSK APIs.

Features

  • Cluster Management: Create, describe, and update MSK clusters (both provisioned and serverless)
  • Configuration Management: Create and manage MSK configurations
  • VPC Connection Management: Create, describe, and manage VPC connections
  • Monitoring and Telemetry: Access cluster metrics, logs, and operational data
  • Security Management: Configure authentication, encryption, and access policies
  • Best Practices: Get recommendations for cluster sizing, configuration, and performance optimization
  • Read-Only Mode: Server runs in write mode by default, switch to read-only to protect against accidental modifications

Tools

Cluster Operations

  • describe_cluster_operation: Gets information about a specific cluster operation
  • get_cluster_info: Retrieves various types of information about MSK clusters
  • get_global_info: Gets global information about MSK resources
  • create_cluster: Creates a new MSK cluster (provisioned or serverless)
  • update_broker_storage: Updates storage size of brokers
  • update_broker_type: Updates broker instance type
  • update_broker_count: Updates number of brokers in a cluster
  • update_cluster_configuration: Updates configuration of a cluster
  • update_monitoring: Updates monitoring settings
  • update_security: Updates security settings
  • reboot_broker: Reboots brokers in a cluster

Configuration Operations

  • get_configuration_info: Gets information about MSK configurations
  • create_configuration: Creates a new MSK configuration
  • update_configuration: Updates an existing configuration

VPC Operations

  • describe_vpc_connection: Gets information about a VPC connection
  • create_vpc_connection: Creates a new VPC connection
  • delete_vpc_connection: Deletes a VPC connection
  • reject_client_vpc_connection: Rejects a client VPC connection request

Security Operations

  • put_cluster_policy: Puts a resource policy on a cluster
  • associate_scram_secret: Associates SCRAM secrets with a cluster
  • disassociate_scram_secret: Disassociates SCRAM secrets from a cluster
  • list_tags_for_resource: Lists all tags for an MSK resource
  • tag_resource: Adds tags to an MSK resource
  • untag_resource: Removes tags from an MSK resource
  • list_customer_iam_access: Lists IAM access information for a cluster

Monitoring and Best Practices

  • get_cluster_telemetry: Retrieves telemetry data for MSK clusters
  • get_cluster_best_practices: Gets best practices and recommendations for MSK clusters

Usage

This MCP server can be used by AI assistants to help users manage their Amazon MSK resources. It provides structured access to MSK APIs, making it easier for AI to understand and interact with MSK clusters.

Prerequisites

  1. Install uv from Astral or the GitHub README
  2. Install Python using uv python install 3.10
  3. Set up AWS credentials with access to AWS services
    • You need an AWS account with appropriate permissions
    • Configure AWS credentials with profile name 'default' with aws configure or environment variables

Installation

CursorVS Code
Install MCP ServerInstall on VS Code

To use this MCP server with your MCP client, add the following configuration to your MCP client settings:

"awslabs.aws-msk-mcp-server": {
    "command": "uvx",
    "args": [
        "awslabs.aws-msk-mcp-server@latest",
        "--allow-writes"
    ],
    "env": {
        "FASTMCP_LOG_LEVEL": "ERROR"
    },
    "disabled": false,
    "autoApprove": []
}

Windows Installation

For Windows users, the MCP server configuration format is slightly different:

{
  "mcpServers": {
    "awslabs.aws-msk-mcp-server": {
      "disabled": false,
      "timeout": 60,
      "type": "stdio",
      "command": "uv",
      "args": [
        "tool",
        "run",
        "--from",
        "awslabs.aws-msk-mcp-server@latest",
        "awslabs.aws-msk-mcp-server.exe"
      ],
      "env": {
        "FASTMCP_LOG_LEVEL": "ERROR",
        "AWS_PROFILE": "your-aws-profile",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

Alternatively, you can use the MCP Inspector to test the server:

npx @modelcontextprotocol/inspector \
  uv \
  --directory <absolute path to your server code> \
  run \
  server.py

AWS Credentials

The server requires AWS credentials to access MSK resources. These can be provided through:

  1. Environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN)
  2. AWS credentials file (~/.aws/credentials)
  3. IAM roles for Amazon EC2 or ECS tasks

Server Configuration Options

--allow-writes

By default, the MSK MCP server runs in write mode.

To disable write operations, remove the --allow-writes parameter to your MCP client configuration:

"args": [
    "--directory",
    "<absolute path to your server code>",
    "run",
    "server.py"
    //Removed "--allow-writes"
]

In this mode, only read operations (tools in directories prefixed with "read_") and utility tools are available. Write operations (tools in directories prefixed with "mutate_") are disabled.

Region Selection

Most tools require specifying an AWS region. The server will prompt for a region if one is not provided.

Example Use Cases

  • Creating and configuring new MSK clusters
  • Monitoring cluster performance and health
  • Implementing best practices for MSK clusters
  • Managing security and access controls
  • Troubleshooting cluster issues