Amazon S3 Bucket

Amazon S3 Bucket MCP Connector for Claude

F

Single-bucket object storage for AI agents — scoped access to one S3 bucket for secure, focused data operations.

7 tools Official Updated Jun 28, 2026 Official Vinkius Partner

Grant your AI agent precise, scoped access to a single Amazon S3 bucket — no more, no less. Unlike full S3 access, this integration enforces the principle of least privilege: your agent can read, write, and manage objects exclusively within one pre-configured bucket.

What you can do

  • Browse Objects — List and navigate files within the bucket using prefix and delimiter filters
  • Read Data — Retrieve object contents or inspect metadata (headers, content type, size) without downloading
  • Write Data — Upload string or JSON content as objects directly into the bucket
  • Clean Up — Delete specific objects to maintain storage hygiene
  • Audit Security — Inspect the bucket's access policy and ACL to ensure compliance

How it works

  1. Subscribe to this server
  2. Enter your AWS Access Key, Secret Key, Region, and the target Bucket Name
  3. Your agent operates exclusively within that bucket — no access to other buckets or account-level operations

Why single-bucket?

AI agents should follow the principle of least privilege. Granting full S3 access to an autonomous agent creates unnecessary blast radius. This server confines the agent to a single bucket, which means:

  • No accidental bucket creation or deletion
  • No cross-bucket data exposure
  • Clearer audit trail for compliance
  • Safer agent-to-agent delegation

Who is this for?

  • AI Engineers — give each agent a dedicated data workspace without exposing your entire cloud storage
  • Data Teams — let agents process, query, and write results to a specific data lake partition
  • Platform Engineers — enforce tenant isolation by assigning one bucket per agent or workflow
  • Security-Conscious Teams — minimize attack surface by scoping storage access to exactly what's needed
object-storageawsdata-managementfile-storagesecurity-scopingcloud-data

7 tools expose this connector's capabilities to your AI agent.

delete_object

Delete an object

get_bucket_acl

Get bucket ACL

get_bucket_policy

Get bucket policy

get_object_data

Get object content

get_object_metadata

Get object metadata

list_objects

Can be filtered by prefix and delimiter. List objects in the bucket

put_object

Upload an object

See how to talk to your AI agent using Amazon S3 Bucket.

List all files in this bucket.

I've listed the contents of your bucket. You have 12 objects, including 3 CSV files in the 'reports/' prefix and 5 JSON logs under 'events/2026/'. The largest file is 'reports/annual-summary.csv' at 18 MB. Would you like me to retrieve the content of a specific file?

Upload this JSON config to 'settings/app-config.json'.

Done! I've uploaded the JSON configuration to 'settings/app-config.json' in your bucket. The object is now available at that key. Would you like me to verify the upload by retrieving the metadata?

Check the access policy on this bucket.

I've retrieved the bucket policy. The current configuration allows read access from a specific IAM role and denies all public access. The bucket also has server-side encryption (AES-256) enforced on all PUT operations. Your setup looks secure. Would you like me to also check the ACL?

The full Amazon S3 server gives the agent access to all buckets in your AWS account — it can list, create, and delete buckets. This server scopes the agent to a single, pre-configured bucket. The agent can only read, write, and manage objects within that bucket. This follows the principle of least privilege, which is critical for secure agent deployments.

Related Connectors