LocalStack MCP Server

Important

The LocalStack MCP server is currently available as an experimental public preview. For questions, issues or feedback, please utilize the LocalStack Community slack or submit a GitHub Issue

A Model Context Protocol (MCP) server that provides tools to manage and interact with your LocalStack for AWS container for simplified local cloud development and testing. The LocalStack MCP Server provides simplified integration between MCP-compatible apps and your local LocalStack for AWS development environment, enabling secure and direct communication with LocalStack's emulated services and additional developer experience features.

This server eliminates custom scripts and manual LocalStack management with direct access to:

• Start, stop, restart, and monitor LocalStack for AWS container status with built-in auth.
• Deploy CDK, Terraform, and SAM projects with automatic configuration detection.
• Search LocalStack documentation for guides, API references, and configuration details.
• Parse logs, catch errors, and auto-generate IAM policies from violations. (requires active license)
• Inject chaos faults and network effects into LocalStack to test system resilience. (requires active license)
• Manage LocalStack state snapshots via Cloud Pods for development workflows. (requires active license)
• Install, remove, list, and discover LocalStack Extensions from the marketplace. (requires active license)
• Launch and manage Ephemeral Instances for remote LocalStack testing workflows.
• Replicate external AWS resources into LocalStack with AWS Replicator so IaC stacks can resolve shared dependencies locally.
• Inspect LocalStack application flows with App Inspector traces, spans, events, payload metadata, and IAM policy evaluations. (requires active license)
• Connect AI assistants and dev tools for automated cloud testing workflows.

Tools Reference

This server provides your AI with dedicated tools for managing your LocalStack environment:

Note

All tools in this MCP server require LOCALSTACK_AUTH_TOKEN.

Tool Name	Description	Key Features
localstack-management	Manages LocalStack runtime operations for AWS and Snowflake stacks	- Execute start, stop, restart, and status checks - Integrate LocalStack authentication tokens - Inject custom environment variables - Verify real-time status and perform health monitoring
localstack-deployer	Handles infrastructure deployment to LocalStack for AWS environments	- Automatically run CDK, Terraform, and SAM tooling to deploy infrastructure locally - Enable parameterized deployments with variable support - Process and present deployment results - Requires you to have cdklocal, tflocal, or samlocal installed in your system path
localstack-logs-analysis	Analyzes LocalStack for AWS logs for troubleshooting and insights	- Offer multiple analysis options including summaries, errors, requests, and raw data - Filter by specific services and operations - Generate API call metrics and failure breakdowns - Group errors intelligently and identify patterns
localstack-iam-policy-analyzer	Handles IAM policy management and violation remediation	- Set IAM enforcement levels including enforced, soft, and disabled modes - Search logs for permission-related violations - Generate IAM policies automatically from detected access failures - Requires a valid LocalStack Auth Token
localstack-chaos-injector	Injects and manages chaos experiment faults for system resilience testing	- Inject, add, remove, and clear service fault rules - Configure network latency effects - Comprehensive fault targeting by service, region, and operation - Built-in workflow guidance for chaos experiments - Requires a valid LocalStack Auth Token
localstack-cloud-pods	Manages LocalStack state snapshots for development workflows	- Save current state as Cloud Pods - Load previously saved Cloud Pods instantly - Delete Cloud Pods or reset to a clean state - Requires a valid LocalStack Auth Token
localstack-extensions	Installs, uninstalls, lists, and discovers LocalStack Extensions	- Manage installed extensions via CLI actions (list, install, uninstall) - Browse the LocalStack Extensions marketplace (available) - Requires a valid LocalStack Auth Token support
localstack-ephemeral-instances	Manages cloud-hosted LocalStack Ephemeral Instances	- Create temporary cloud-hosted LocalStack instances and get an endpoint URL - List available ephemeral instances, fetch logs, and delete instances - Supports lifetime, extension preload, Cloud Pod preload, and custom env vars on create - Requires a valid LocalStack Auth Token and LocalStack CLI
localstack-aws-client	Runs AWS CLI commands inside the LocalStack for AWS container	- Executes commands via awslocal inside the running container - Sanitizes commands to block shell chaining - Auto-detects LocalStack coverage errors and links to docs
localstack-aws-replicator	Replicates external AWS resources into a running LocalStack instance	- Start single-resource replication jobs with a resource type and identifier or ARN - Start batch replication jobs, such as SSM parameters under a path prefix - Poll job status by job ID and list existing jobs - List resource types supported by the running Replicator extension - Reads source AWS credentials from the MCP server environment and supports optional target account or region overrides
localstack-app-inspector	Inspects LocalStack application traces, spans, events, and IAM evaluations	- Enable or disable App Inspector for the running LocalStack instance - List and inspect traces to understand AWS service-to-service flows - Drill into spans, events, payload metadata, and IAM policy evaluation events - Filter by service, region, operation, resource, ARN, status, and time range - Requires a valid LocalStack Auth Token and the App Inspector feature in the connected LocalStack license
localstack-docs	Searches LocalStack documentation through CrawlChat	- Queries LocalStack docs through a public CrawlChat collection - Returns focused snippets with source links only - Helps answer coverage, configuration, and setup questions without requiring LocalStack runtime

Installation

Editor	Installation
Cursor

For other MCP Clients, refer to the configuration guide.

Prerequisites

• LocalStack CLI and Docker installed in your system path
• cdklocal, tflocal, or samlocal installed in your system path for running infrastructure deployment tooling
• A valid LocalStack Auth Token configured as LOCALSTACK_AUTH_TOKEN (required for all MCP tools)
• Node.js v22.x or higher installed in your system path

Configuration

Add the following to your MCP client's configuration file (e.g., ~/.cursor/mcp.json). This configuration uses npx to run the server, which will automatically download & install the package if not already present:

{
  "mcpServers": {
    "localstack-mcp-server": {
      "command": "npx",
      "args": ["-y", "@localstack/localstack-mcp-server"],
      "env": {
        "LOCALSTACK_AUTH_TOKEN": "<YOUR_TOKEN>"
      }
    }
  }
}

All LocalStack MCP tools require LOCALSTACK_AUTH_TOKEN to be set. You can get your LocalStack Auth Token by following the official documentation.

If you installed from source, change command and args to point to your local build:

{
  "mcpServers": {
    "localstack-mcp-server": {
      "command": "node",
      "args": ["/path/to/your/localstack-mcp-server/dist/stdio.js"],
      "env": {
        "LOCALSTACK_AUTH_TOKEN": "<YOUR_TOKEN>"
      }
    }
  }
}

LocalStack Configuration

Variable Name	Description	Default Value
LOCALSTACK_AUTH_TOKEN (required)	The LocalStack Auth Token to use for the MCP server	None
MAIN_CONTAINER_NAME	The name of the LocalStack container to use for the MCP server	localstack-main
MCP_ANALYTICS_DISABLED	Disable MCP analytics when set to 1	0
APP_INSPECTOR	Set to 1 in the LocalStack container environment to enable App Inspector by default across restarts. The MCP tool can also toggle App Inspector at runtime with set-status.	0
AWS_ACCESS_KEY_ID (required for AWS Replicator tool)	Source AWS access key used by AWS Replicator to read external AWS resources	None
AWS_SECRET_ACCESS_KEY (required for AWS Replicator tool)	Source AWS secret access key used by AWS Replicator to read external AWS resources	None
AWS_DEFAULT_REGION (required for AWS Replicator tool)	Source AWS region used by AWS Replicator	None

For AWS Replicator-specific source credentials, you can use the AWS_REPLICATOR_SOURCE_ prefixed variants instead of the unprefixed variants. Do not mix the prefixed and unprefixed source credential groups; when any AWS_REPLICATOR_SOURCE_ variable is set, the Replicator tool reads the source configuration only from that group.

Contributing

Built on the XMCP framework, you can add new tools by adding a new file to the src/tools directory and documenting it in the manifest.json file.

Pull requests are welcomed on GitHub! To get started:

• Install Git and Node.js
• Clone the repository
• Install dependencies with yarn
• Build with yarn build

MCP Server Tester

This repository includes MCP Server Tester for tool validation in direct mode and LLM host mode.

• Run direct MCP tests (deterministic):

  yarn test:mcp:direct

• Run Gemini-based MCP host evals:

  export GOOGLE_GENERATIVE_AI_API_KEY="<your-gemini-key>"
  export LOCALSTACK_AUTH_TOKEN="<your-localstack-auth-token>"
  yarn test:mcp:evals

• Open the latest MCP Server Tester HTML report:

  npx mcp-server-tester open

• Run both:

  yarn test:mcp

Notes:

• MCP tests target the local STDIO server command node dist/stdio.js by default.
• LOCALSTACK_AUTH_TOKEN is required for all MCP tool usage and test suites.
• You can override the target command with:
  • MCP_TEST_COMMAND
  • MCP_TEST_ARGS (space-separated arguments)

License

Apache License 2.0