AWS S3
The AWS S3 connector lets AI agents list buckets, read and upload objects, generate pre-signed URLs, and inspect bucket policies through the AWS SDK. Authentication uses an AWS Access Key ID and Secret Access Key stored encrypted in MCPGate's vault — your credentials are never exposed to the AI client.
Authentication#
AWS S3 uses dual API key authentication. To connect:
- Sign in to the AWS IAM Console
- Create a dedicated IAM user with the minimum required S3 permissions (never use root account keys)
- Generate an access key for the user under Security credentials → Access keys
- Paste the Access Key ID into the first field and the Secret Access Key into the second field in MCPGate's connector setup form
- Enter the AWS region (e.g.
us-east-1) where your buckets are located
Note
Tool reference#
The S3 connector exposes 10 tools: 7 read, 2 write, and 1 delete. Use the MCP Apps page to enable or disable individual tools per app.
| Tool | Category | Description |
|---|---|---|
| s3_list_buckets | read | List all S3 buckets in the AWS account |
| s3_list_objects | read | List objects in an S3 bucket with optional prefix filter |
| s3_get_object | read | Get metadata for an S3 object (ETag, size, content type, last modified) |
| s3_read_object | read | Read the text content of an S3 object (UTF-8 text only, max 1 MB) |
| s3_head_object | read | Retrieve metadata for an S3 object without downloading its body |
| s3_get_bucket_policy | read | Get the bucket policy JSON for an S3 bucket |
| s3_presign_url | read | Generate a pre-signed GET URL for an S3 object, valid for a specified duration |
| s3_put_object | write | Upload an object to an S3 bucket |
| s3_copy_object | write | Copy an object within or between S3 buckets |
| s3_delete_object | delete | Delete an object from an S3 bucket |
Protect against accidental deletion
s3_delete_object permanently removes an object from S3. If versioning is not enabled on the bucket, the object cannot be recovered. Always deny this tool in apps that do not explicitly require it.Common guardrail recipes#
Read-only access#
Enable only the seven read tools and deny s3_put_object, s3_copy_object, and s3_delete_object. Use this for agents that audit bucket contents, inspect policies, or generate temporary access links without modifying any data.
Contribute preset#
Use the built-in contribute preset to allow all read tools plus s3_put_object and s3_copy_object, while keeping s3_delete_object denied. Agents can upload and reorganise objects but cannot destroy them.
Restrict to specific buckets#
Apply the allow_values guardrail template to write tools, targeting the bucket field. Provide a list of bucket names the agent is permitted to write to. Any attempt to write to a bucket outside the list is denied before the AWS API call.
Troubleshooting#
- AccessDenied errors — The IAM user associated with your credentials may lack the necessary S3 permissions. Attach the
AmazonS3ReadOnlyAccessmanaged policy for read-only use, or craft a custom policy for write access. - NoSuchBucket— Bucket names are globally unique and region-specific. Ensure you are specifying the correct bucket name and that the IAM user has access to the bucket's region.
- Pre-signed URL returns 403— Pre-signed URLs inherit the permissions of the signing credentials. If the IAM user's permissions have changed since the URL was generated, the URL may be invalidated. Regenerate it with
s3_presign_url.