Can I use AWS as a CLI?

Yes. KosmoKrator exposes a AWS CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose AWS through MCP?

Yes. The KosmoKrator MCP gateway can expose selected AWS tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are AWS credentials stored?

AWS credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for AWS MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

other

AWS MCP Integration for CrewAI

Connect AWS to CrewAI through the local KosmoKrator MCP gateway with scoped tools, credentials, and write policy.

8 functions 7 read 1 write Bearer token auth

Submit AWS feedback View package source

Connect AWS to CrewAI

Expose KosmoKrator integrations to CrewAI workers as scoped local tools.

Wrap kosmo integrations:call for specific tasks or connect workers to a local MCP gateway. The gateway is local, scoped to this integration, and starts with --write=deny so CrewAI can inspect read-capable tools without receiving write access by default.

AWS MCP Config for CrewAI

Use per-worker integration scopes to avoid giving every worker every tool.

{
  "mcpServers": {
    "kosmokrator-aws": {
      "type": "stdio",
      "command": "kosmo",
      "args": [
        "mcp:serve",
        "--integration=aws",
        "--write=deny"
      ]
    }
  }
}

Run the Gateway Manually

kosmokrator mcp:serve --integration=aws --write=deny

Why Use KosmoKrator Here

Scoped tools

Expose only AWS instead of a broad multi-service tool list.

Local credentials

Reuse credentials already configured for the KosmoKrator CLI and Lua runtime.

Write policy

Start read-only, then opt into ask or allow for trusted workspaces.

AWS Tools Visible to CrewAI

CrewAI sees stable MCP tool names generated from the AWS integration catalog.

MCP tool	Source function	Type	Description
`integration__aws__aws_list_s3_buckets`	`aws.aws_list_s3_buckets`	Read	List all S3 buckets in the AWS account. Returns bucket names, creation dates, and regions.
`integration__aws__aws_list_ec2_instances`	`aws.aws_list_ec2_instances`	Read	Describe EC2 instances in the AWS account. Returns instance IDs, types, states, and metadata. Supports filtering by instance IDs, states, or tags.
`integration__aws__aws_list_lambda_functions`	`aws.aws_list_lambda_functions`	Read	List all Lambda functions in the AWS account. Returns function names, runtimes, descriptions, and configuration.
`integration__aws__aws_invoke_lambda`	`aws.aws_invoke_lambda`	Write	Invoke an AWS Lambda function with an optional payload. Supports synchronous (RequestResponse) and asynchronous (Event) invocation modes.
`integration__aws__aws_list_dynamodb_tables`	`aws.aws_list_dynamodb_tables`	Read	List all DynamoDB tables in the AWS account. Returns table names and can be used with pagination to enumerate all tables.
`integration__aws__aws_get_cloudwatch_metrics`	`aws.aws_get_cloudwatch_metrics`	Read	Get CloudWatch metric data for AWS resources. Supports querying metrics by namespace, metric name, dimensions, and time range with configurable statistics and periods.
`integration__aws__aws_list_sns_topics`	`aws.aws_list_sns_topics`	Read	List all SNS notification topics in the AWS account. Returns topic ARNs and names.
`integration__aws__aws_get_current_user`	`aws.aws_get_current_user`	Read	Get the current IAM user identity. Returns user ARN, account ID, and user ID. Useful for verifying credentials and understanding which AWS account is being accessed.

Related AWS Pages

AWS CLIUse direct JSON commands instead of MCP discovery. AWS MCPFull gateway reference and MCP tool names. KosmoKrator for CrewAIClient-level gateway setup.