FastMCP server exposing the AWS Service Authorization Reference — query IAM actions, find destructive operations, and search across all AWS services | FastMCP · MCP · AWS IAM · Python
aws-sar-mcp
FastMCP server exposing the AWS Service Authorization Reference — query IAM actions, find destructive operations, and search across all AWS services.
What This Is
The AWS Service Authorization Reference is AWS's own database of every IAM action for every service. This server fetches it and exposes it as MCP tools — so any Claude client can query it directly.
No AWS credentials required. The SAR is a public API.
Tools
| Tool | What it does |
|---|---|
| sar_lookup(service) | All IAM actions for a service with descriptions and access levels |
| sar_delete_actions(service) | Destructive actions only — Delete, Terminate, Remove, Purge... |
| sar_actions_by_level(service, level) | Filter by Read / Write / List / Tagging / Permissions management |
| sar_search(query, services?) | Search action names + descriptions across services |
| sar_compare(service1, service2) | Side-by-side action breakdown between two services |
| sar_list_services() | All 300+ AWS services available in SAR |
Example Queries
Once connected, ask Claude:
"What S3 actions can delete things?"
→ sar_delete_actions("s3")
→ s3:DeleteBucket, s3:DeleteObject, s3:DeleteObjectVersion...
"What IAM actions involve encryption?"
→ sar_search("encrypt", services=["kms", "s3", "secretsmanager"])
→ kms:Encrypt, kms:GenerateDataKey, s3:PutEncryptionConfiguration...
"How many write actions does EC2 have vs ECS?"
→ sar_compare("ec2", "ecs")
→ EC2: 312 total (89 Write), ECS: 87 total (31 Write)
"What can I do with SQS at the Read level?"
→ sar_actions_by_level("sqs", "Read")
→ sqs:GetQueueAttributes, sqs:GetQueueUrl, sqs:ReceiveMessage...
Architecture
Claude Desktop / Claude Code / Custom Agent
│
│ MCP (stdio or http)
▼
aws-sar-mcp (FastMCP server)
│
├── sar_lookup()
├── sar_delete_actions()
├── sar_actions_by_level() ──► SAR API (public)
├── sar_search() https://servicereference
├── sar_compare() .us-east-1.amazonaws.com/v1
└── sar_list_services()
│
TTL Cache (1hr)
No re-fetch while warm
Quick Start
Install
git clone https://github.com/TanishkaMarrott/aws-sar-mcp.git
cd aws-sar-mcp
pip install -r requirements.txt
Connect to Claude Code
claude mcp add aws-sar -- fastmcp run /path/to/aws-sar-mcp/server.py
Connect to Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"aws-sar": {
"command": "fastmcp",
"args": ["run", "/path/to/aws-sar-mcp/server.py"]
}
}
}
Run standalone
fastmcp run server.py
Run Tests
pytest tests/
# Tests hit the real SAR API — no mocking, no credentials needed
Why This Is Useful
For security engineers:
- Quickly find all destructive actions before writing deny policies
- Compare permission sets between similar services
- Search for risky patterns (e.g.
sar_search("PassRole"))
For AI agents:
- Agents that enforce IAM policies need to know what actions exist
- Combine with dual-agent-memory — Resource Finder uses SAR to validate cleanup targets
For developers:
- Understand what a service can do before requesting permissions
- Write least-privilege policies without reading AWS docs manually
Project Structure
aws-sar-mcp/
├── server.py # FastMCP server — 6 tools
├── sar/
│ └── client.py # SAR API client with TTL caching
└── tests/
└── test_sar.py # Integration tests (real API)
Author
Built by Tanishka Marrott — AI Agent Systems Engineer