Introducing the fully managed Amazon EKS MCP Server (preview)

Learn how to manage your Amazon Elastic Kubernetes Service (Amazon EKS) clusters through simple conversations instead of complex kubectl commands or deep Kubernetes expertise. This post shows you how to use the new fully managed EKS Model Context Protocol (MCP) Server in Preview to deploy applications, troubleshoot issues, and upgrade clusters using natural language with no deep Kubernetes expertise required. We’ll walk through real scenarios showing how conversational AI turns multi-step manual tasks into simple natural language requests.

Teams managing Kubernetes workloads require expertise across container orchestration, infrastructure, networking, and security. While Large Language Models (LLMs) help developers write code and manage workloads, they’re limited without real-time cluster access. Generic recommendations based on outdated training data don’t meet real-world needs. Model Context Protocol (MCP) solves this by giving AI models secure access to live cluster data.

MCP is an open-source standard that lets AI models securely access external tools and data sources for better context. It provides a standardized interface that enriches AI applications with real-time, contextual knowledge of EKS clusters, enabling more accurate and tailored guidance throughout the application lifecycle, from development through operations. Earlier this year, AWS was one of the first managed Kubernetes service providers to announce an MCP server, within a few months of the release of MCP protocol. Customers could install this EKS MCP Server on their machines for EKS and Kubernetes resource management. This initial, locally installable version of EKS MCP Server enabled us to rapidly validate our approach and gather valuable customer feedback, which has directly shaped today’s announcement.

The most consistent feedback we received was on the need for a cloud-hosted, fully managed EKS MCP Server. Today, AWS has released a fully managed Amazon EKS MCP Server (preview). The new hosted EKS MCP Server improves upon our earlier release with essential features for production environments:

• Eliminate installation and maintenance: No need to manage version updates or troubleshoot local server issues. Receive new tools, features, and bug fixes automatically by configuring your AI assistant to connect to the hosted EKS MCP Server endpoint through a lightweight proxy.
• Centralized access management: Deep integration with AWS Identity and Access Management (IAM) provides a centralized, secure way to control access to the server. All requests are signed using AWS Signature Version 4 (SigV4), enabling seamless integration with your existing AWS credentials and IAM policies.
• Enhanced troubleshooting: Access to a knowledge base build from operational experience managing millions of Kubernetes clusters at scale.
• Enhanced monitoring and visibility: AWS CloudTrail integration captures all tool calls made through the hosted service, enabling detailed audit trails and compliance reporting for your AI-assisted operations.

Our goal with the fully managed EKS MCP Server is to enable agentic experiences whether you’re using AI-powered development tools like Kiro (IDE and CLI), Cursor, or Cline – or building your own agents that need to interface with EKS clusters. With this standardized interface, any MCP-compatible AI tool can now deliver powerful EKS guidance and automation out of the box.

In addition to the hosted MCP server, we’re also significantly improving the troubleshooting experience in the Amazon EKS console through deeper integration with Amazon Q. With the enhanced console, you’ll see AI-powered troubleshooting options right next to error messages in your observability dashboard. One click lets you diagnose root causes and see steps to fix them. Whether you’re investigating cluster, control plane, or node health issues, you can click “Inspect with Amazon Q” directly from issue tables or detail views to begin your investigation. The console integration reveals critical details about your cluster’s health and upcoming upgrades, spotting problems before they affect your production workloads.

Amazon EKS MCP Server tools

The EKS MCP Server offers specialized tools for diagnosing problems and controlling both EKS clusters and their Kubernetes components. These tools are organized into the following categories:

• Cluster management tools – Create and manage EKS clusters
• Kubernetes resource management – Interact and manage Kubernetes resources in an EKS cluster without relying on Kubernetes commands.
• Application Deployment – Generates Kubernetes manifests for deploying applications.
• Troubleshooting – Offers troubleshooting guides derived from AWS’s operational knowledge of running Kubernetes clusters at scale.
• Documentation and knowledge base – Search AWS documentation and knowledge base for up-to-date information and best practices.

You can visit the EKS MCP Server user guide for the full list of tools.

Getting started with Amazon EKS MCP Server

Prerequisites

AWS Configuration: To use the feature, AWS CLI should be installed and configured in the machine. Follow the documentation configuration and credential file settings in the AWS CLI to setup a profile to be use with the MCP configuration. For the scenarios in this blog post, the AWS profile should be configured with access to the us-west-2 region.

MCP Client: You can use one of the many Agentic tools that support MCP. This blog post uses Kiro CLI as the client. Follow the MCP configuration file specification for Kiro CLI setup the MCP client configuration.

Python Environment: You need Python’s uv package manager installed. The package manager automatically downloads and runs the mcp-proxy-for-aws package, so you don’t need to install that separately. The MCP proxy allows clients to connect to remote, AWS-hosted MCP servers using AWS SigV4 authentication.

AWS Identity and Access Management (IAM) Permission: The AWS profile needs EKS-related IAM permissions for reading EKS clusters, accessing CloudWatch logs, and viewing Kubernetes resources. Following principle of least privilege policy while granting access to AWS profiles. The role used for connecting to the MCP Server requires the IAM eks-mcp:InvokeMcp permission for initialization and retrieving information about available tools. eks-mcp:CallReadOnlyTool is required for usage of read only tools and eks-mcp:CallPrivilegedTool is required for usage of full access (write) tools.

Configuration

The fully managed EKS MCP Server architecture uses AWS SigV4 authentication to securely connect MCP clients to AWS services. The following diagram illustrates the communication flow:

Figure 1: Architecture diagram showing MCP communication flow between AI clients and AWS services

Here is an example of the configuration for Kiro CLI:

{
  "mcpServers": {
    "eks-mcp": {
      "disabled": false,
      "type": "stdio",
      "command": "uvx",
      "args": [
        "mcp-proxy-for-aws@latest",
        "https://eks-mcp.us-west-2.api.aws/mcp",
        "--service",
        "eks-mcp",
        "--profile",
        "default",
        "--region",
        "us-west-2"
      ]
    }
  }
}

Notice the us-west-2 region in the endpoint url https://eks-mcp.{AWS_REGION}.api.aws/mcp . This is the region where the MCP Server is hosted. The flag --profile refers to the local AWS profile used to connect to the MCP Server, this flag is optional as you can use the environment variable AWS_PROFILE. The flag --region refers to the region to scope the EKS clusters being worked on, this flag is optional as you can use the environment variable AWS_REGION. You can use the --read-only flag to indicate that solely read-only tools are allowed.

Tool access levels

The EKS MCP Server supports two access levels:

• Read-only mode (--read-only flag): Provides access to all read operations and documentation tools
• Full access mode: Includes all read-only tools plus write operations like cluster creation, resource management, and policy modifications

Each tool is designed to replace specific aws eks or kubectl CLI commands, providing a more integrated experience for EKS management through the MCP protocol.

Scenario 1: Upgrading an EKS cluster with conversational AI

The EKS MCP Server’s ability to assess cluster upgrade readiness using EKS Insights is a key feature. This section demonstrates how to check if your EKS cluster is ready for a Kubernetes version upgrade.

Checking upgrade readiness

The process involves three simple steps:

1. List available clusters to identify which cluster to check
2. Get upgrade readiness insights to assess compatibility
3. Search EKS documentation to identify timelines

Let’s walk through a real example:

1. List EKS clusters

First, we start with a prompt:

Assess my EKS Auto cluster's upgrade readiness, including support status, upgrade timeline, and any blocking issues

The agent discovers available clusters using the list_eks_resources and get the configuration via describe_eks_resource:

Figure 2: Screenshot of terminal output displaying available EKS cluster “my-auto-cluster”

This shows we have one cluster named “my-auto-cluster” available for assessment.

2. Check upgrade readiness insights

Next, the agent uses the get_eks_insights tool with the UPGRADE_READINESS category to assess the cluster’s readiness for upgrade:

Figure 3: Terminal output showing upgrade readiness insights for the EKS cluster

3. Search EKS documentation

Finally, the agent searches the EKS documentation for upgrade timelines and pricing:

Figure 4: Terminal output displaying EKS documentation search results for upgrade timelines

Upgrade readiness report

Based on the insights analysis, here’s the comprehensive upgrade readiness report:

Figure 5: Comprehensive upgrade readiness report showing all compatibility checks passing

The cluster “my-auto-cluster” is fully ready for upgrade to Kubernetes 1.33. All critical compatibility checks are passing, and no blocking issues were identified.

Key benefits of using EKS MCP for upgrades

• Automated assessment: No need to manually check multiple components
• Comprehensive coverage: Evaluates add-ons, node compatibility, and cluster health
• Clear guidance: Provides specific reasons for each check result
• Proactive warnings: Identifies potential issues before they become blockers
• EKS Auto Mode awareness: Understands modern EKS deployment patterns

By automatically checking compatibility before upgrades, you’ll spend less time preparing and face fewer failed deployments.

Scenario 2: Deploying applications through natural language

The EKS MCP Server enables high-level workflows through natural language prompts. For example, a user can request:

I want to deploy a simple web app to my EKS cluster named my-auto-cluster that shows 'Hello EKS!' on the page. 
Use the image from public.ecr.aws/docker/library/httpd:2 as the base, customize it with my message, push it to 
ECR as linux amd64, and make it accessible from the internet using a load balancer

The agent (Kiro CLI) orchestrates multiple EKS MCP tools to complete this workflow:

Key EKS MCP tools in action

1. Application manifest generation The generate_app_manifest tool creates production-ready Kubernetes manifests with minimal input, automatically configuring deployments, services, and load balancers:

Figure 6: Terminal output showing application manifest generation for web deployment

2. Streamlined deployment The apply_yaml tool deploys multi-resource YAML configurations in a single operation, replacing complex kubectl workflows:

Figure 7: Terminal output showing YAML deployment to Kubernetes cluster

3. Resource discovery and status Combined list_k8s_resources and read_k8s_resource tools discover deployed resources with intelligent filtering and retrieve detailed configurations:

Figure 8: Terminal output showing resource discovery and status of deployed application

4. Application logs and events Combined get_pod_logs and get_k8s_events tools provide comprehensive debugging capabilities, showing both container logs and Kubernetes events:

Figure 9: Terminal output displaying application logs and Kubernetes events

5. CloudWatch observability Combined get_eks_metrics_guidance, get_cloudwatch_metrics, and get_cloudwatch_logs tools provide complete observability setup and monitoring:

Figure 10: Terminal output showing CloudWatch observability metrics and logs setup

Deployment summary

The complete deployment workflow demonstrates the power of EKS MCP tools working together seamlessly:

Figure 11: Deployment summary showing complete workflow from manifest to monitoring

The EKS MCP Server transforms multi-step deployments into single conversational requests, handling orchestration, errors, and monitoring while keeping you informed at each stage.

The result is a fully functional web application accessible via an AWS Network Load Balancer, demonstrating how the EKS MCP Server simplifies complex deployment workflows into simple conversational requests.

Scenario 3: Troubleshooting infrastructure issues

When problems cross between Kubernetes and AWS infrastructure boundaries, the EKS MCP Server diagnoses them effectively:

My LoadBalancer service hello-eks-app in the default namespace on my EKS cluster my-auto-cluster is stuck 
in pending state and not getting an external IP. Can you help me troubleshoot what's wrong and fix it?

The agent orchestrated multiple EKS MCP tools to diagnose and resolve the issue:

Key EKS MCP tools in action

1. Service status analysis The read_k8s_resource tool retrieved the LoadBalancer service configuration and status, revealing that no external IP was assigned despite the service being created:

Figure 12: Terminal output showing LoadBalancer service status analysis

2. Event investigation The get_k8s_events tool examined Kubernetes events for the service, discovering the critical error message indicating subnets were missing the required kubernetes.io/role/elb tag:

Figure 13: Terminal output displaying Kubernetes events revealing subnet tagging issue

3. Troubleshooting knowledge base The search_eks_troubleshooting_guide tool searched the specialized EKS troubleshooting knowledge base for guidance on LoadBalancer service issues and subnet tagging requirements:

Figure 14: Terminal output showing EKS troubleshooting guide search results

4. Infrastructure analysis The get_eks_vpc_config tool retrieved comprehensive VPC and subnet configuration details, identifying which specific public subnets needed the missing tags:

Figure 15: Terminal output displaying VPC and subnet configuration details

Troubleshooting summary

The complete troubleshooting workflow demonstrates how EKS MCP tools bridge Kubernetes and AWS domains:

Figure 16: Troubleshooting workflow summary showing diagnostic steps and resolution

This demonstrates how the EKS MCP Server enables comprehensive troubleshooting that would typically require expertise in both Kubernetes and AWS infrastructure, consolidating complex diagnostic workflows into a single conversational interface.

Enhanced EKS console experience with Amazon Q

Amazon EKS now brings agentic experiences beyond CLI and IDE directly into the console through Amazon Q integration. The “Inspect with Amazon Q” feature appears throughout the observability dashboard, providing contextual AI assistance for troubleshooting and analysis.

Integrated AI assistance

The “Inspect with Amazon Q” button is strategically placed across multiple console sections:

Cluster health issues: When health issues are detected, you can click “Inspect” to get AI-powered analysis and remediation suggestions for problems like disabled KMS keys or configuration issues.

Figure 17: EKS console screenshot showing “Inspect with Amazon Q” button for cluster health issues

Upgrade insights: For upgrade readiness checks, the inspect feature provides detailed explanations of compatibility issues, version skew problems, and recommended actions.

Figure 18: EKS console screenshot showing “Inspect with Amazon Q” button for upgrade insights warning

Node health monitoring: Individual node issues can be analyzed through the inspect feature, which correlates node status with underlying infrastructure problems.

Figure 19: EKS console screenshot showing “Inspect with Amazon Q” button for node health status

Observability data: Complex observability data like broken webhooks, HTTP error patterns, and API server issues become more accessible through AI-powered explanations.

Figure 20: EKS console screenshot showing “Inspect with Amazon Q” broken Kubernetes Webhooks

Contextual intelligence

The inspect functionality leverages Amazon Q capabilities and presents insights directly within the console context. This removes the need to switch between tools or manually correlate information across different AWS services. You can seamlessly transition from visual dashboards to conversational troubleshooting, making EKS management more intuitive for teams with varying levels of Kubernetes expertise.

Conclusion

The Amazon EKS MCP Server in Preview transforms how teams interact with Kubernetes by making complex operations accessible through natural language. EKS MCP Server in Preview is available in all AWS Commercial regions excluding US GovCloud and China regions. Instead of requiring deep expertise across multiple domains, teams can now manage EKS clusters through conversational interfaces that bridge Kubernetes and AWS services seamlessly.

Ready to experience conversational EKS management? Start by configuring the EKS MCP Server in your environment using the setup instructions in this post. Begin with read-only operations to explore cluster insights, then gradually expand to full management capabilities as your team becomes comfortable with the conversational interface. To learn more about Amazon EKS MCP Server, visit Amazon EKS user guide.

About the authors

George John is a Senior Product Manager for Amazon Elastic Kubernetes Service (EKS) at AWS, where he drives product strategy and innovation for one of the industry’s leading managed Kubernetes platforms. In his role, George works closely with customers, partners, and the broader cloud-native community to shape the future of container orchestration on AWS. When he is not building products, he loves to explore the Pacific Northwest with his family.

Carlos Santana is a Senior Worldwide Specialist Solutions Architect at AWS, where he focuses on cloud-native technologies, Kubernetes, and AI/ML systems. As a CNCF Ambassador, he bridges AWS-specific solutions with the broader open-source ecosystem, specializing in Amazon EKS, container orchestration, and emerging technologies like the Model Context Protocol (MCP) and agentic AI systems. Carlos is a regular speaker at major industry conferences including AWS re:Invent and KubeCon, where he shares his expertise on modernizing containerized workloads for AI agents, enterprise-scale ArgoCD deployments, and Kubernetes best practices. He is passionate about helping organizations navigate the intersection of cloud infrastructure, AI/ML orchestration, and developer tooling to build scalable, production-ready systems.