Skip to content

RFC: AWS LakeFormation MCP Server #2390

New issue
New issue
Open
Open
RFC: AWS LakeFormation MCP Server#2390
Labels
RFC-proposalA Request for Comments to announce intentions and get early feedback (mainly for new MCP servers)needs-triageThis needs to be handled, it is the first automatically assigned label to issues.
@JinglunJiang

Description

@JinglunJiang
JinglunJiang
opened on Feb 10, 2026

Is this related to an existing feature request or issue?

No

Summary

Propose adding an AWS Lake Formation MCP Server to provide AI assistants with comprehensive data lake permissions management, resource visibility, and governance capabilities. This server enables data engineers and platform teams to interact with AWS Lake Formation through natural language queries, making data lake permissions monitoring, auditing, and management more accessible.

Quip Doc: https://quip-amazon.com/cdVaA7Hez9Lx/MCP-for-SageMaker-Lakehouse

Use case

  • Data engineers need to quickly understand who has access to what across their data lake

  • Platform teams want to audit permissions and ensure proper governance

  • Security teams need visibility into Lake Formation permissions for compliance

  • AI assistants require structured access to Lake Formation data for automated reporting and dashboard generation

  • Organizations need to simplify data lake permission management without navigating complex console workflows

Proposal

Implement a FastMCP-based server that provides core read-only tools (V1):

  1. list_permissions – List Lake Formation permissions with filtering by principal, resource, and resource type
  2. get_data_lake_settings – Retrieve current data lake configuration and settings
  3. list_resources – List registered data lake resources
  4. describe_resource – Get detailed information about a specific registered resource
  5. get_effective_permissions_for_path – Get effective permissions for a specific S3 path
  6. lf_tags – List and search Lake Formation tags and tag-based permissions

The server follows existing AWS MCP server patterns with proper error handling, comprehensive testing, and security best practices.

Out of scope

  • Write operations (grant/revoke permissions – planned for V2)
  • Cross-account permissions management
  • Lake Formation transaction management
  • Governed table operations
  • Data filters creation or modification

Potential challenges

  • ListPermissions API doesn't support --principal only argument (need to handle filtering client-side)
  • GetEffectivePermissionsForPath is single-path only, limited applicability beyond Glue-to-LF migration
  • Cross-account permissions add complexity (deferred to future version)
  • Large permission sets in enterprise environments (handled with pagination and filtering)
  • IAM and Lake Formation permission model complexity (documented with minimal required permissions)

Dependencies and Integrations

  • boto3 for AWS API access
  • FastMCP framework (consistent with other AWS MCP servers)
  • Pydantic for type safety
  • Standard AWS credential chain

Alternative solutions

Direct AWS CLI usage (less user-friendly for AI assistants)
Custom boto3 scripts (no standardized MCP interface)
AWS Console (manual, not AI-accessible)
Existing DP MCP server (has known issues, not Lake Formation specific)

Metadata

Metadata

Assignees

No one assigned

    Labels

    RFC-proposalA Request for Comments to announce intentions and get early feedback (mainly for new MCP servers)needs-triageThis needs to be handled, it is the first automatically assigned label to issues.

    Type

    No type

    Projects

    awslabs/mcp Project

    Status

    To triage

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions