Amazon EKS MCP Server

What is Amazon EKS MCP Server?

The Amazon EKS MCP Server provides a standardized API interface that allows LLM-driven agents and automation tools to seamlessly manage AWS Elastic Kubernetes Service (EKS) clusters and Kubernetes resources via the Model Context Protocol (MCP). It abstracts AWS-specific complexities and Kubernetes operations behind easily discoverable tools, making cloud-native management accessible to both code assistants and interactive applications.

How to Configure

Prerequisites
- Ensure Python 3.10 or higher is installed (recommended via uv).
- Set up AWS credentials (via profile or environment variables) with sufficient permissions to manage EKS, VPC, IAM, CloudFormation, and related services.

Install the Server

Add the following configuration to your MCP client settings (e.g., mcp.json, cline_mcp_settings.json):

{
  "awslabs.eks-mcp-server": {
    "command": "uvx",
    "args": ["awslabs.eks-mcp-server@latest"],
    "env": {
      "AWS_PROFILE": "your-aws-profile",
      "AWS_REGION": "us-east-1",
      "FASTMCP_LOG_LEVEL": "ERROR"
    }
  }
}

Adjust AWS_PROFILE and AWS_REGION as appropriate for your AWS environment.

Permissions and Security
- IAM credentials must allow full or scoped EKS administration, VPC, CloudFormation, and Kubernetes API access.
- You can configure read-only mode and sensitive data controls using environment variables or tool parameters if required (see server documentation for advanced settings).
Start the Server
- The MCP client or orchestrator (e.g., Cline, Cursor, Windsurf) will launch the EKS MCP Server as specified in your configuration.

How to Use

Discover Tools
- Use your MCP-enabled client to list available EKS MCP tools (typically via tools/list or the client command palette).
- Tools are function-like commands such as create_eks_cluster, apply_k8s_manifest, etc.
Invoke Tools
- Call the desired tool with required parameters (either interactively in chat, via code assistants, or automated flows).
- Example: "Create a new EKS cluster named 'test-cluster' with 3 nodes in us-east-1 using the EKS MCP Server."
- The client will prompt you for tool arguments, validate permissions/approval, and execute the requested action.
Monitoring and Feedback
- Use tools such as get_pod_logs or get_cloudwatch_metrics to analyze workloads, troubleshoot applications, and monitor clusters—receiving results directly within your AI assistant or app.
Security Control
- Restrict operations by enabling read-only mode or limiting sensitive actions if your workflow demands higher controls.
Combine With Other MCP Servers
- Orchestrate end-to-end cloud workflows by leveraging EKS MCP in concert with tools for VPC, IAM, CI/CD, database, or cost analysis.

Key Features

EKS Cluster Management: Create, configure, update, and delete Amazon EKS clusters, including full VPC and networking setup, CloudFormation orchestration, and rolling upgrades.
Kubernetes Resource Lifecycle: Apply, update, list, or remove Kubernetes manifests and resources using well-defined tool endpoints.
Application Deployment: Generate and deploy manifests for containerized workloads with parameterization and best-practices baked in.
Operational Support: Access real-time and historical logs, events, and cluster health metrics—including direct CloudWatch integration.
Security and Permissions: Support for IAM-based authentication/authorization, sensitive data access controls, and optional read-only operation.
Customizable Modes: Fine-tune server settings (e.g., logging, access level, auto-approval) via configuration or environment variables to match your workflow and compliance requirements.

Use Cases

Automated EKS Cluster Provisioning: Enable an AI coding assistant to spin up or tear down entire EKS clusters as part of a DevOps workflow or CI/CD pipeline.
Declarative Infrastructure Updates: Use prompt-driven interfaces to generate and apply Kubernetes resource manifests, rapidly iterating on applications.
Multi-Stage Application Deployment: Deploy, scale, and roll back microservices or web apps with minimal manual intervention.
Transparent Troubleshooting: Retrieve pod logs, event streams, and cluster/status metrics in natural language or interactive notebook environments.
Training, Demos, and Sandboxes: Provision ephemeral clusters or namespaces for testing, demonstration, and educational purposes—with simple teardown for cost control.
Security-Aware Operations: Adopt read-only or restricted modes for QA, audit, or review scenarios—ensuring guardrails around sensitive production resources.

FAQ

Q1: Can I use the EKS MCP Server to manage clusters across multiple AWS accounts or regions?

Yes, you can configure the server to use different AWS profiles and regions. Each server instance operates with the permissions and context of the specified credentials/environment variables.

Q2: How does the server handle sensitive operations like deleting clusters or modifying IAM permissions?

By default, operations require explicit invocation and user approval (unless auto-approve is enabled). Sensitive operations can be restricted or require additional parameters. Read-only mode is also available for safety.

Q3: What happens if my AWS credentials expire or have insufficient permissions?

The server will report permission errors back to your client. For uninterrupted operation, ensure credentials are valid and that your IAM roles or users have all necessary EKS, Kubernetes, and underlying AWS API permissions.

Q4: Can I run multiple EKS MCP Server instances for different environments?

Absolutely. Each server can be configured separately for distinct AWS environments (dev, staging, prod), with separate profiles/regions.

Q5: Does the server support custom Kubernetes resource definitions (CRDs)?

Yes, as long as valid manifests are provided, the server can apply, update, or delete custom K8s resources using the relevant tool endpoints.

Tool Name	Description
create_eks_cluster	Create a new Amazon EKS cluster with specified name, version, VPC configuration, worker node parameters, and IAM roles using CloudFormation for robust and repeatable deployments.
delete_eks_cluster	Delete an existing Amazon EKS cluster and associated resources, including optionally tearing down VPCs and node groups based on configuration.
apply_k8s_manifest	Apply one or more Kubernetes YAML manifests to the connected EKS cluster for creating or updating resources (deployments, services, etc.).
list_k8s_resources	Retrieve a filtered or full listing of Kubernetes resources (pods, deployments, namespaces, etc.) currently deployed on the target EKS cluster.
get_pod_logs	Fetch and return logs for a specified Kubernetes pod, supporting namespace and container selection, for debugging and real-time monitoring.
get_cloudwatch_metrics	Retrieve EKS cluster metrics and logs from Amazon CloudWatch, including cluster health, resource utilization, and workload performance data.
update_k8s_resource	Update a specific Kubernetes resource with new configuration or manifest data, supporting in-place updates and rolling changes.
delete_k8s_resource	Delete a named Kubernetes resource (deployment, pod, service, etc.) from the EKS cluster, with safety checks and dry-run option.

Amazon EKS MCP Server