Ask about your AWS environment over MCP

Get answers that know what runs, what it is for, what broke and how it recovers. The MCP reads AWS state, infrastructure code, architecture designs and captured intent, then routes approved changes through the control path your environment already trusts.

your AWS environment
you what backups failed last night?
lens reading backups, read-only
14 completed, 0 failed. latest rds-prod 02:14
you any critical Inspector findings?
lens 0 critical, 2 medium on web-uat
read-only Your AI assistant, your AWS environment, over OAuth.

Stop digging through consoles to answer a simple question

Whether a backup ran, what is driving this month's bill, which deployment went out, whether an account is compliant, the answer is in AWS somewhere, across consoles and accounts. The Infrastructure Lens MCP puts that operational data behind a Model Context Protocol server, so your team asks their AI assistant and gets an answer from the live environment, read-only.

It goes beyond raw data. This is the MCP interface to Infrastructure Lens, the engine that connects AWS state with infrastructure code, architecture designs, captured intent, support history, recovery paths and operational playbooks.

When action is needed, the MCP does not bypass your controls. It prepares or recommends the change, then hands it to the approved path: base2 tools, your internal tools, CloudFormation, pull requests or deployment pipelines.

From a question to an answer, safely

Connect your AI client

Add the MCP to Cursor or Claude Desktop. It discovers the login automatically through the MCP authorization spec.

Log in as yourself

You sign in through your own account with OAuth 2.1 and PKCE. No shared keys and no tokens to manage by hand.

Ask in plain language

Ask about alerts, backups, costs, deployments, resources, compliance, infrastructure code or architecture intent, in the tools your team already works in.

Reads AWS, routes approved actions

The server is read-only against your AWS accounts and context sources. When something should change, it prepares the recommendation and hands it to the approved control path: pull request, pipeline, CloudFormation, base2 tools or one of your own tools.

Answers from live operations

Responses come from your real operational data through your APIs rather than a stale export someone ran last week.

Hosted on AWS

The server runs on AWS, on Fargate behind API Gateway, proxying read-only to your operations APIs.

Ask about your operations in plain language

A dashboard answers the question someone built it for. Your AI assistant answers the question you actually have. The server exposes AWS state, infrastructure code, architecture context and operational data so the agent can answer in plain language.

  • Alerts, backups, costs and deployments
  • Infrastructure code, architecture context and captured intent
  • Resources, Inspector findings and support tickets
  • Compliance, stacks, executions and SCPs
  • What things are for, recovery paths and playbooks
  • Answered in Cursor or Claude Desktop, where your team works
your AWS environment
By hand Ask the agent
backups open the console
all completed
cost export a report
top drivers, ranked
compliance chase evidence
current posture
One question, an answer from your live operations.

Read-only, signed in as you, actions through approved paths

Giving an AI agent access to AWS is only safe if it cannot act behind your back and you know who asked. Each person signs in as themselves over OAuth, and the server only ever reads from AWS. When something should change, the recommendation is routed through the control path your team already approves.

  • OAuth 2.1 with PKCE, each person logs in as themselves
  • Read-only against AWS, no standing keys, no direct writes
  • Recommendations routed through pull requests, CloudFormation, pipelines, base2 tools or your internal tools
  • Auto-discovery through the MCP authorization spec
access
Risky This
login shared key
you, via OAuth
access read and write
read-only
change applied directly
tied to identity
The agent reads. Change follows your approved path.

It knows what your infrastructure is for

Any tool can list what is running. This is Infrastructure Lens asked over MCP, so the agent also knows the infrastructure code, architecture designs, captured intent, what each resource is for and what depends on it. When your team asks "can we remove this" or "why is it built this way", the answer comes from your context, not a guess.

  • Infrastructure code and architecture designs, not just live AWS configuration
  • The purpose behind each resource and the intent captured with it
  • Dependencies, ownership and what breaks if this changes
  • Infrastructure Lens, the context and intent engine, asked in plain language
intent
Raw AWS Lens context
resource config only
what it is for
change guess impact
dependencies known
owner chase someone
ownership captured
Answers from the way your AWS is actually run.

The questions you would otherwise raise a ticket for

Most questions to a managed provider are not incidents. They are is this alert real, what just changed, is this account compliant. Your team asks the agent and gets the answer from your live operations, so they self-serve in the moment instead of raising a ticket and waiting on a reply.

  • Alerts and incidents, what is firing and where it stands
  • What just deployed or changed across your accounts
  • Whether an account is compliant, right now
  • Answered in plain language, no ticket and no waiting
your team asks
Raise a ticket Ask the agent
alert is this real?
answered in context
incident what is the status?
live status
change what deployed?
from your accounts
Self-service from your live operations instead of a ticket and a wait.

Support, recovery and your playbooks

When something breaks at 2am, the answer you need is not generic AWS advice, it is how this environment recovers. The agent reaches your support issues and history, and answers recovery questions from the playbooks and runbooks your environment is actually operated with.

  • Support issues and their history, what happened and what fixed it
  • Recovery paths, how this service fails over and restores
  • Your playbooks and runbooks, answered step by step
  • The same procedures our engineers run, readable by your agent
recovery
Generic Yours
incident AWS advice
your runbook
history unknown
what fixed it
restore manual search
recovery path
Recovery answers from your own operating model.

Built by base2Services

The MCP we are building so AI agents can work with AWS operations the safe way, read-only against AWS, signed in as a person and answering from live data.

base2Services is an AWS Advanced Consulting Partner specialising in platform engineering and managed AWS operations. Infrastructure Lens is the engine our engineers run your AWS operations with, and this MCP is its interface. If you would rather not run it yourself, the team that built it can stand it up in front of your operations.

AWS Advanced Consulting Partner
Explore Infrastructure Lens, the engine behind it → See how base2 manages AWS → Explore Infrastructure Lens, the engine behind it →