Amazon Aurora Postgres MCP Server
AWS Labs postgres MCP Server
An AWS Labs Model Context Protocol (MCP) server for Aurora Postgres
Features
Natural language to Postgres SQL query
- Converting human-readable questions and commands into structured Postgres-compatible SQL queries and executing them against the configured Aurora Postgres database.
Prerequisites
- Install
uv
from Astral or the GitHub README - Install Python using
uv python install 3.10
- Aurora Postgres Cluster with Postgres username and password stored in AWS Secrets Manager
- Enable RDS Data API for your Aurora Postgres Cluster, see instructions here
- This MCP server can only be run locally on the same host as your LLM client.
- Docker runtime
- Set up AWS credentials with access to AWS services
- You need an AWS account with appropriate permissions
- Configure AWS credentials with
aws configure
or environment variables
Installation
Cursor | VS Code |
---|---|
Configure the MCP server in your MCP client configuration (e.g., for Amazon Q Developer CLI, edit ~/.aws/amazonq/mcp.json
):
Option 1: Using RDS Data API Connection (for Aurora Postgres)
{
"mcpServers": {
"awslabs.postgres-mcp-server": {
"command": "uvx",
"args": [
"awslabs.postgres-mcp-server@latest",
"--resource_arn", "[your data]",
"--secret_arn", "[your data]",
"--database", "[your data]",
"--region", "[your data]",
"--readonly", "True"
],
"env": {
"AWS_PROFILE": "your-aws-profile",
"AWS_REGION": "us-east-1",
"FASTMCP_LOG_LEVEL": "ERROR"
},
"disabled": false,
"autoApprove": []
}
}
}
Option 2: Using Direct PostgreSQL(psycopg) Connection (for Aurora Postgres and RDS Postgres)
{
"mcpServers": {
"awslabs.postgres-mcp-server": {
"command": "uvx",
"args": [
"awslabs.postgres-mcp-server@latest",
"--hostname", "[your data]",
"--secret_arn", "[your data]",
"--database", "[your data]",
"--region", "[your data]",
"--readonly", "True"
],
"env": {
"AWS_PROFILE": "your-aws-profile",
"AWS_REGION": "us-east-1",
"FASTMCP_LOG_LEVEL": "ERROR"
},
"disabled": false,
"autoApprove": []
}
}
}
Note: The --port
parameter is optional and defaults to 5432 (the standard PostgreSQL port). You only need to specify it if your PostgreSQL instance uses a non-standard port.
Build and install docker image locally on the same host of your LLM client
- 'git clone https://github.com/awslabs/mcp.git'
- Go to sub-directory 'src/postgres-mcp-server/'
- Run 'docker build -t awslabs/postgres-mcp-server:latest .'
Add or update your LLM client's config with following:
Option 1: Using RDS Data API Connection (for Aurora Postgres)
{
"mcpServers": {
"awslabs.postgres-mcp-server": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e", "AWS_ACCESS_KEY_ID=[your data]",
"-e", "AWS_SECRET_ACCESS_KEY=[your data]",
"-e", "AWS_REGION=[your data]",
"awslabs/postgres-mcp-server:latest",
"--resource_arn", "[your data]",
"--secret_arn", "[your data]",
"--database", "[your data]",
"--region", "[your data]",
"--readonly", "True"
]
}
}
}
Option 2: Using Direct PostgreSQL (psycopg) Connection (for Aurora Postgres and RDS Postgres)
{
"mcpServers": {
"awslabs.postgres-mcp-server": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e", "AWS_ACCESS_KEY_ID=[your data]",
"-e", "AWS_SECRET_ACCESS_KEY=[your data]",
"-e", "AWS_REGION=[your data]",
"awslabs/postgres-mcp-server:latest",
"--hostname", "[your data]",
"--secret_arn", "[your data]",
"--database", "[your data]",
"--region", "[your data]",
"--readonly", "True"
]
}
}
}
Note: The --port
parameter is optional and defaults to 5432 (the standard PostgreSQL port). You only need to specify it if your PostgreSQL instance uses a non-standard port.
NOTE: By default, only read-only queries are allowed and it is controlled by --readonly parameter above. Set it to False if you also want to allow writable DML or DDL.
Connection Methods
This MCP server supports two connection methods:
-
RDS Data API Connection (using
--resource_arn
): Uses the AWS RDS Data API to connect to Aurora PostgreSQL. This method requires that your Aurora cluster has the Data API enabled. -
Direct PostgreSQL Connection (using
--hostname
): Uses psycopg to connect directly to any PostgreSQL database, including Aurora PostgreSQL, RDS PostgreSQL, or self-hosted PostgreSQL instances. This method provides better performance for frequent queries but requires direct network access to the database.
Choose the connection method that best fits your environment and requirements.
AWS Authentication
The MCP server uses the AWS profile specified in the AWS_PROFILE
environment variable. If not provided, it defaults to the "default" profile in your AWS configuration file.
"env": {
"AWS_PROFILE": "your-aws-profile"
}
Make sure the AWS profile has permissions to access the RDS data API, and the secret from AWS Secrets Manager. The MCP server creates a boto3 session using the specified profile to authenticate with AWS services. Your AWS IAM credentials remain on your local machine and are strictly used for accessing AWS services.