Can I use AWS as a CLI?

Yes. KosmoKrator exposes a AWS CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose AWS through MCP?

Yes. The KosmoKrator MCP gateway can expose selected AWS tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are AWS credentials stored?

AWS credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for AWS MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

other

AWS MCP Integration for OpenAI Agents SDK

Connect AWS to OpenAI Agents SDK through the local KosmoKrator MCP gateway with scoped tools, credentials, and write policy.

8 functions 7 read 1 write Bearer token auth

Submit AWS feedback View package source

Connect AWS to OpenAI Agents SDK

Attach KosmoKrator integration tools to OpenAI Agents SDK workflows through a local MCP gateway.

Start the KosmoKrator MCP gateway locally and point the OpenAI Agents SDK MCP tool at that process or wrapper. The gateway is local, scoped to this integration, and starts with --write=deny so OpenAI Agents can inspect read-capable tools without receiving write access by default.

AWS MCP Config for OpenAI Agents SDK

Use headless JSON commands for CI-style execution and MCP for agent tool discovery.

{
  "mcpServers": {
    "kosmokrator-aws": {
      "type": "stdio",
      "command": "kosmo",
      "args": [
        "mcp:serve",
        "--integration=aws",
        "--write=deny"
      ]
    }
  }
}

Run the Gateway Manually

kosmokrator mcp:serve --integration=aws --write=deny

Why Use KosmoKrator Here

Scoped tools

Expose only AWS instead of a broad multi-service tool list.

Local credentials

Reuse credentials already configured for the KosmoKrator CLI and Lua runtime.

Write policy

Start read-only, then opt into ask or allow for trusted workspaces.

AWS Tools Visible to OpenAI Agents

OpenAI Agents sees stable MCP tool names generated from the AWS integration catalog.

MCP tool	Source function	Type	Description
`integration__aws__aws_list_s3_buckets`	`aws.aws_list_s3_buckets`	Read	List all S3 buckets in the AWS account. Returns bucket names, creation dates, and regions.
`integration__aws__aws_list_ec2_instances`	`aws.aws_list_ec2_instances`	Read	Describe EC2 instances in the AWS account. Returns instance IDs, types, states, and metadata. Supports filtering by instance IDs, states, or tags.
`integration__aws__aws_list_lambda_functions`	`aws.aws_list_lambda_functions`	Read	List all Lambda functions in the AWS account. Returns function names, runtimes, descriptions, and configuration.
`integration__aws__aws_invoke_lambda`	`aws.aws_invoke_lambda`	Write	Invoke an AWS Lambda function with an optional payload. Supports synchronous (RequestResponse) and asynchronous (Event) invocation modes.
`integration__aws__aws_list_dynamodb_tables`	`aws.aws_list_dynamodb_tables`	Read	List all DynamoDB tables in the AWS account. Returns table names and can be used with pagination to enumerate all tables.
`integration__aws__aws_get_cloudwatch_metrics`	`aws.aws_get_cloudwatch_metrics`	Read	Get CloudWatch metric data for AWS resources. Supports querying metrics by namespace, metric name, dimensions, and time range with configurable statistics and periods.
`integration__aws__aws_list_sns_topics`	`aws.aws_list_sns_topics`	Read	List all SNS notification topics in the AWS account. Returns topic ARNs and names.
`integration__aws__aws_get_current_user`	`aws.aws_get_current_user`	Read	Get the current IAM user identity. Returns user ARN, account ID, and user ID. Useful for verifying credentials and understanding which AWS account is being accessed.

Related AWS Pages

AWS CLIUse direct JSON commands instead of MCP discovery. AWS MCPFull gateway reference and MCP tool names. KosmoKrator for OpenAI AgentsClient-level gateway setup.