Navigation
Aws Service Authorization Reference: Centralized Compliance & Control - MCP Implementation

Aws Service Authorization Reference: Centralized Compliance & Control

Master AWS permissions: centralized, compliance-driven authorization for enterprise security, granular control, and seamless trust—trusted by thousands.

Visit Repository
Research And Data
4.1(54 reviews)
81 saves
37 comments

48% of users reported increased productivity after just one week

About Aws Service Authorization Reference

What is AWS Service Authorization Reference?

AWS Service Authorization Reference is a centralized repository of IAM permissions data for all AWS services. It consolidates Identity and Access Management (IAM) actions, resources, and condition keys into a unified resource, eliminating the need to manually cross-reference fragmented service-specific documentation. The service introduced programmatic access capabilities in 2024, with expanded resource and condition key coverage implemented in March 2025.

How to Utilize the Service

Integrate the service via its REST API endpoints or SDKs to retrieve permissions metadata programmatically. Deployment options include native execution via the uv command-line tool or containerized deployment using Docker. Configuration requires setting environment variables or using JSON configuration files to define authentication parameters and service endpoints.

Aws Service Authorization Reference Features

Key Features

  • Unified permissions metadata aggregation across 200+ AWS services
  • Persistent caching mechanism for frequently accessed permissions data
  • Versioned API endpoints ensuring backward compatibility
  • Role-based access controls for API consumers

Use Cases

  • Automating IAM policy generation for new services
  • Validating cross-service permissions in CI/CD pipelines
  • Building custom permission management dashboards
  • Compliance reporting for audit requirements

Aws Service Authorization Reference FAQ

FAQ

  • Q: Does the service require AWS credentials?
    A: Yes, API consumers must provide valid IAM credentials with the iam:Describe* permissions scope.
  • Q: How are deprecations handled?
    A: Sunsetted permissions are marked as deprecated but remain accessible for historical reference.
  • Q: What guarantees data accuracy?
    A: Data is synchronized directly from AWS official sources and validated through automated consistency checks.

Content

AWS Service Reference Information MCP Server

A Model Context Protocol server providing access to AWS Service Reference Information. This server enables LLMs to retrieve IAM actions, resources and conditions keys.

What is AWS Service Authorization Reference?

AWS Service Authorization Reference is a piece of documentation available here where AWS gives exhaustive reference data on all IAM Actions, Resources and Condition Keys, grouping information that was otherwise scattered across multiple service documentations.

In 2024, AWS added programmatic support to access this data.

Since March 13, 2025, Service Reference Information includes Resources and Condition Keys.

Available Tools

  • retrieve_service_codes - Lists all service codes for which we have documentation available
  • retrieve_service_stats - Tells how many Actions, Resources and Condition Keys are documented.
    • service (string, required): the code of the service
  • retrieve_service_actions - A comma-separeted list of all actions for a service
    • service (string, required): the code of the service
  • retrieve_service_resources - A comma-separeted list of all resources for a service
    • service (string, required): the code of the service
  • retrieve_service_condition_keys - A comma-separeted list of all conditions keys for a service
    • service (string, required): the code of the service
  • retrieve_service_action_information - Retrieve the authorization reference data (resources and condition keys) for a single AWS service action
    • service (string, required): the code of the service
    • action (string, required): the code of the action
  • retrieve_service_resource_information - Retrieve the authorization reference data (resources and condition keys) for a single AWS service action
    • service (string, required): the code of the service
    • resource (string, required): the code of the action
  • retrieve_service_condition_key_information - Retrieve the authorization reference data (resources and condition keys) for a single AWS service action
    • service (string, required): the code of the service
    • condition_key (string, required): the code of the action

Installation

Using uv

With uv no specific installation is needed. Run uv build then uv run main.py.

Configuration

Configure for Claude.app

Add to your Claude settings:

Using uv 
"mcpServers": {
  "aws-service-authorization-reference": {
    "command": "uv",
    "args": [
      "--directory",
      "/root/to/folder/aws-service-authorization-reference",
      "run",
      "main.py"
    ]
  }
}
Using docker 
"mcpServers": {
  "aws-service-authorization-reference": {
    "command": "docker",
    "args": ["run", "-i", "--rm", "psantus86/aws-service-authorization-reference-mcp-server:latest"]
  }
}

Debugging

You can use the MCP inspector to debug the server. For uv installations:

npx @modelcontextprotocol/inspector \                            
  uv \
  --directory /Root/to/folder/aws-service-authorization-reference \
  run \
  main.py

License

aws-service-authorization-reference MCP Server is licensed under the MIT License. This means you are free to use, modify, and distribute the software, subject to the terms and conditions of the MIT License. For more details, please see the LICENSE file in the project repository.

Related MCP Servers & Clients

awsservice-authorization

Quick Navigation

MCP Categories

Research And Data