S3 MCP Server

List objects in an S3 bucket with optional prefix filtering and pagination. This tool retrieves a list of objects (files) from an S3 bucket. Use it to: - Browse bucket contents - Find specific files by prefix - Paginate through large result sets Args: bucket_name: S3 bucket name (3-63 characters, lowercase, numbers, hyphens, dots) prefix: Filter objects by key prefix (e.g., 'logs/2024/' to find all logs from 2024) limit: Max objects to return per request (1-1000, default: 20) continuation_token: Token from previous response to get next page response_format: Output format - 'markdown' (default) or 'json' Returns: Formatted list of objects with key, size, last modified date, and storage class. If more results exist, includes continuation token for next page. Error Handling: - Bucket not found: Returns error with suggestion to verify bucket name - Access denied: Returns error with IAM permission suggestions - Invalid input: Returns validation error with specific field issues

Generate a time-limited presigned URL for downloading an S3 object. This tool creates a secure URL that allows downloading an object without AWS credentials. The URL is time-limited and automatically expires. Use cases: - Share files with users who don't have AWS access - Download objects in browser or HTTP client - Integrate S3 downloads in applications without AWS SDK Args: bucket_name: S3 bucket name key: Object key (path within bucket, e.g., 'data/report.pdf') expires_in: URL expiration in seconds (1-604800, default: 3600 = 1 hour) response_content_disposition: Override Content-Disposition (e.g., 'attachment; filename=report.pdf') response_content_type: Override Content-Type (e.g., 'application/pdf') response_format: Output format - 'markdown' (default) or 'json' Returns: Presigned URL with expiration details and usage example (curl command). Security Notes: - URLs are time-limited (max 7 days, default 1 hour) - Anyone with the URL can download during validity period - URLs cannot be revoked before expiration - Use shorter expiration for sensitive data Error Handling: - Bucket/object not found: Returns error with verification suggestions - Access denied: Returns error with IAM permission guidance - Invalid parameters: Returns validation error with field details

Generate a time-limited presigned URL for uploading an object to S3. This tool creates a secure URL that allows uploading a file without AWS credentials. The URL is time-limited and enforces specified upload parameters (encryption, ACL, etc.). Use cases: - Allow users to upload files directly to S3 from browsers - Integrate uploads in applications without AWS SDK - Enforce upload policies (encryption, content type, etc.) Args: bucket_name: S3 bucket name key: Destination object key (path, e.g., 'uploads/document.pdf') expires_in: URL expiration in seconds (1-604800, default: 3600 = 1 hour) content_type: MIME type (e.g., 'image/png', 'application/pdf') server_side_encryption: Encryption algorithm ('AES256' or 'aws:kms') metadata: Custom metadata as key-value pairs acl: Access control ('private', 'public-read', 'public-read-write', etc.) response_format: Output format - 'markdown' (default) or 'json' Returns: Presigned URL with required headers and curl usage example. The response includes all headers that must be sent with the PUT request. Security Notes: - URLs are time-limited and scoped to specific object key - Enforce encryption with server_side_encryption parameter - Use 'private' ACL unless public access required - Consider bucket policies that require encryption Error Handling: - Bucket not found: Returns error with bucket verification guidance - Access denied: Returns error with IAM permission details - Invalid parameters: Returns validation errors with corrections

Delete an object from an S3 bucket. ⚠️ WARNING: This is a DESTRUCTIVE operation. Deleted objects cannot be recovered unless versioning is enabled on the bucket. Use this tool to: - Remove unwanted or obsolete files - Clean up temporary uploads - Delete specific versions in versioned buckets Args: bucket_name: S3 bucket name key: Object key to delete (e.g., 'temp/old-file.txt') version_id: Specific version to delete (for versioned buckets only) response_format: Output format - 'markdown' (default) or 'json' Returns: Deletion confirmation with version information if applicable. For versioned buckets, indicates if a delete marker was created. Behavior: - Non-versioned buckets: Object is permanently deleted - Versioned buckets: Delete marker created (object can be recovered) - With version_id: Specific version permanently deleted Security Notes: - Requires s3:DeleteObject IAM permission - For versioned buckets, may need s3:DeleteObjectVersion - Consider enabling MFA Delete for added protection - Operation cannot be undone for non-versioned buckets Error Handling: - Bucket/object not found: Returns error (idempotent - safe to retry) - Access denied: Returns error with IAM permission guidance - Invalid parameters: Returns validation error with corrections