← Back to Articles
mcpcursorawscloudsetup2026

AWS MCP Server in Cursor IDE: Query S3, Lambda & CloudWatch with AI (2026)

Add the AWS MCP server to Cursor IDE and let your AI query S3 buckets, check Lambda logs, and inspect CloudFormation stacks directly. Setup guide with IAM permissions.

By Web MCP GuideMarch 23, 20264 min read


AWS MCP Server Setup for Cursor IDE (2026)

The AWS MCP server lets Cursor's AI assistant query your AWS infrastructure directly — check S3 buckets, read CloudWatch logs, list Lambda functions, and more without leaving your editor.

This guide covers setup from scratch, including IAM permissions and the most useful queries once it's running.

What the AWS MCP Server Can Do

Once connected, you can ask Cursor things like:

  • "List all S3 buckets in my account"

  • "Show me CloudWatch errors from the last hour for my production Lambda"

  • "What EC2 instances are running right now?"

  • "Find all unencrypted S3 buckets"

  • "What's the current cost breakdown by service this month?"

    • The server uses your local AWS credentials, so it works with whatever account and region you're already authenticated against.

    Prerequisites


  • Cursor IDE v0.40+

  • AWS CLI installed and configured (aws configure)

  • Node.js 18+

  • An AWS account with appropriate permissions

    • Step 1: Set Up AWS Credentials

    The AWS MCP server uses your local AWS credential chain. If you already use the AWS CLI, you're set. If not:

    aws configure

    Enter your Access Key ID, Secret Access Key, region, and output format. The server will pick up these credentials automatically.

    Tip: Use a dedicated IAM user or role with read-only permissions for MCP — you don't want your AI assistant to accidentally mutate production resources.

    Step 2: Add to Your Cursor MCP Config

    Open ~/.cursor/mcp.json (or Cmd/Ctrl + Shift + P → "Open MCP Settings") and add:

    {
      "mcpServers": {
        "aws": {
          "command": "npx",
          "args": ["-y", "@aws/mcp-server-aws"],
          "env": {
            "AWS_PROFILE": "default",
            "AWS_REGION": "us-east-1"
          }
        }
      }
    }

    Replace default with your AWS CLI profile name if you use named profiles (e.g., production, staging). Replace us-east-1 with your primary region.

    Using AWS SSO? The server respects AWS SSO sessions. Just make sure you've run aws sso login before starting Cursor.

    Step 3: Restart Cursor

    Quit Cursor completely and reopen it. The AWS MCP server will start automatically.

    Check that it loaded: View → Output → MCP — you should see the server listed without errors.

    Step 4: Test It

    Open Cursor chat (Cmd/Ctrl + L) and try:

    List my S3 buckets

    Or more specifically:

    What Lambda functions are deployed in us-east-1?

    Recommended IAM Permissions

    For read-only access (recommended for most development workflows):

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "s3:ListAllMyBuckets",
            "s3:GetBucketLocation",
            "s3:ListBucket",
            "s3:GetObject",
            "cloudwatch:GetMetricData",
            "cloudwatch:ListMetrics",
            "logs:DescribeLogGroups",
            "logs:GetLogEvents",
            "logs:FilterLogEvents",
            "lambda:ListFunctions",
            "lambda:GetFunction",
            "ec2:DescribeInstances",
            "ec2:DescribeSecurityGroups",
            "ecs:ListClusters",
            "ecs:ListServices",
            "rds:DescribeDBInstances",
            "ce:GetCostAndUsage"
          ],
          "Resource": "*"
        }
      ]
    }

    Scope this down further if you only need specific services.

    Practical Workflows

    Debugging Lambda Errors

    Show me the last 50 error logs from the process-orders Lambda function

    Cursor will pull CloudWatch logs and help you diagnose the issue in context with your code.

    Infrastructure Audit

    Check all my S3 buckets and tell me which ones have public access enabled

    Cost Investigation

    Which AWS services are costing the most this month, and how does it compare to last month?

    Deployment Check

    List all ECS services in the production cluster and tell me which ones have tasks running below their desired count

    Switching Between AWS Profiles

    If you manage multiple AWS accounts, you can have separate MCP server entries for each:

    {
      "mcpServers": {
        "aws-production": {
          "command": "npx",
          "args": ["-y", "@aws/mcp-server-aws"],
          "env": {
            "AWS_PROFILE": "production",
            "AWS_REGION": "us-east-1"
          }
        },
        "aws-staging": {
          "command": "npx",
          "args": ["-y", "@aws/mcp-server-aws"],
          "env": {
            "AWS_PROFILE": "staging",
            "AWS_REGION": "us-west-2"
          }
        }
      }
    }

    Then specify which one to use in your prompt: "Using aws-staging, list the running EC2 instances"

    Troubleshooting

    "No credentials found"
    Run aws sts get-caller-identity in your terminal. If that fails, your credentials aren't configured. Run aws configure or check your AWS SSO session.

    "Access denied" errors
    Your IAM user/role is missing permissions. Check the policy attached to the credentials and add the required actions from the list above.

    Server starts but no tools appear
    Fully restart Cursor (quit and reopen). If still not working, check the MCP output panel for startup errors.

    Server is slow
    AWS API calls have inherent latency. For faster responses, specify the region explicitly in your prompts: "in us-east-1, list..."

    ---

    Related Guides


  • Cursor IDE MCP Setup: Complete Guide (2026)

  • GitHub MCP Server: Cursor IDE Setup (2026)

  • Atlassian MCP Server: Cursor IDE Setup (2026)

  • Best MCP Servers for Developers (2026)