Ask about your AWS environment in plain language, read-only by design
An MCP server that exposes your AWS operations to your AI assistant, alerts, backups, costs, deployments and compliance, so your team asks Cursor or Claude Desktop instead of digging through consoles. It reads, it never changes anything.
Stop digging through consoles to answer a simple question
Whether a backup ran, what is driving this month's bill, which deployment went out, whether an account is compliant, the answer is in AWS somewhere, across consoles and accounts. The AI Access Layer puts that operational data behind a Model Context Protocol server, so your team asks their AI assistant and gets an answer from the live environment, read-only.
It is the layer your AWS capabilities plug into, monitoring, cost, backup status and compliance, so an AI agent, or a conversational assistant in Slack or Teams, can reach them. A capability is only answerable once it is exposed here.
From a question to an answer, safely
Connect your AI client
Add the MCP to Cursor or Claude Desktop. It discovers the login automatically through the MCP authorization spec.
Log in as yourself
You sign in through your own account with OAuth 2.1 and PKCE. No shared keys and no tokens to manage by hand.
Ask in plain language
Ask about alerts, backups, costs, deployments, resources or compliance, in the tools your team already works in.
It reads, never writes
The server is read-only. The agent can see your operations, it cannot change anything in your AWS accounts.
Answers from live operations
Responses come from your real operational data through your APIs rather than a stale export someone ran last week.
Hosted on AWS
The server runs on AWS, on Fargate behind API Gateway, proxying read-only to your operations APIs.
Ask about your operations in plain language
A dashboard answers the question someone built it for. Your AI assistant answers the question you actually have. The server exposes your operational data so the agent can read it and answer in plain language.
- Alerts, backups, costs and deployments
- Resources, Inspector findings and support tickets
- Compliance, stacks, executions and SCPs
- Answered in Cursor or Claude Desktop, where your team works
Read-only and signed in as you
Giving an AI agent access to AWS is only safe if it cannot break anything and you know who asked. Each person signs in as themselves over OAuth, and the server only ever reads. The agent never holds a standing key or a way to make a change.
- OAuth 2.1 with PKCE, each person logs in as themselves
- Read-only by design, the agent reads and never changes
- Machine-to-machine tokens for server-to-server access
- Auto-discovery through the MCP authorization spec
The questions you would otherwise raise a ticket for
Most questions to a managed provider are not incidents. They are is this alert real, what just changed, is this account compliant. Your team asks the agent and gets the answer from your live operations, so they self-serve in the moment instead of raising a ticket and waiting on a reply.
- Alerts and incidents, what is firing and where it stands
- What just deployed or changed across your accounts
- Whether an account is compliant, right now
- Answered in plain language, no ticket and no waiting
Built by base2Services
The access layer we are building so AI agents can work with AWS operations the safe way, read-only, signed in as a person, answering from live data.
base2Services is an AWS Advanced Consulting Partner specialising in platform engineering and managed AWS operations. The AI Access Layer is how we are bringing AI to the way we run AWS. If you would rather not run it yourself, the team that built it can stand it up in front of your operations.
