Multi-Account MCP

[mrpackethead]

I've been exploring the AWS API MCP Server codebase for multi-account use cases and noticed something interesting:

The internal call_aws_helper() function accepts a credentials parameter and the entire downstream code (in driver.py, services.py, etc.) properly handles custom credentials. However, the public call_aws MCP tool always passes credentials=None.

@server.tool(name='call_aws')
async def call_aws(
    cli_command: str,
    ctx: Context,
    max_results: int | None = None,
) -> ProgramInterpretationResponse | AwsCliAliasResponse:
    return await call_aws_helper(
        cli_command=cli_command,
        ctx=ctx,
        max_results=max_results,
        credentials=None,  # Always None
    )

Was this intentional for the single-user use case, or is there a security/design reason not to expose it?
Are there any concerns or considerations we should be aware of when implementing multi-account support?

Use case:

We're looking to extend this MCP server to support AWS Organizations with multiple accounts, where users could execute commands like:

call_aws(
    cli_command="aws ec2 describe-instances",
    account_id="123456789012"  # Assume role in this account
)

The server would internally call sts:AssumeRole to get temporary credentials for the target account and pass them to call_aws_helper().

Since the credential infrastructure is already built, this seems like a natural extension. Would love to hear your thoughts!

Thanks for the great work on this project!

[arnewouters]

call_aws is not entirely single-user, we do support multiple users using the profile parameter. Any commands like aws ec2 describe-instances --profile abc would fetch the credentials of the corresponding profile.

call_aws_helper is indeed exposed so it can be used with a custom function to fetch credentials. You can then wrap this in your own custom MCP tool.

---

I'm curious if the multi-profile support would help your use case or is there some other setup that would be a better fit?