{"id":8867,"library":"awslabs-mysql-mcp-server","title":"AWS Labs MySQL MCP Server","description":"The AWS Labs MySQL Model Context Protocol (MCP) server enables AI agents and LLM applications to interact with MySQL databases, converting natural language questions into MySQL-compatible SQL queries. It's an active project by AWS Labs, with frequent updates, and currently at version 1.0.17. It integrates with various MCP-compatible AI clients/IDEs like Kiro, Cursor, and VS Code, extending their capabilities to manage and query MySQL databases securely.","status":"active","version":"1.0.17","language":"en","source_language":"en","source_url":"https://github.com/awslabs/mcp/tree/main/src/mysql-mcp-server","tags":["aws","mysql","mcp","llm","ai","database","aurora"],"install":[{"cmd":"pip install awslabs.mysql-mcp-server","lang":"bash","label":"Install with pip"},{"cmd":"uvx awslabs.mysql-mcp-server@latest","lang":"bash","label":"Run via uvx (recommended by AWS Labs)"}],"dependencies":[{"reason":"Requires Python 3.10 or newer.","package":"python","optional":false},{"reason":"Recommended for installation and running MCP servers.","package":"uv","optional":true},{"reason":"Target database for natural language queries.","package":"Aurora MySQL Cluster","optional":false},{"reason":"Required for storing database credentials.","package":"AWS Secrets Manager","optional":false},{"reason":"Required if using RDS Data API connection method.","package":"AWS RDS Data API","optional":true},{"reason":"Recommended for running the MCP server locally in a container.","package":"Docker","optional":true}],"imports":[{"note":"The interaction is typically via an MCP client executing the server, not direct Python imports.","symbol":"awslabs.mysql-mcp-server","correct":"This library is primarily run as a server executable, not typically imported directly into Python applications by end-users. MCP clients (e.g., AI IDEs) invoke it."}],"quickstart":{"code":"# The awslabs.mysql-mcp-server is intended to be run as an executable, often managed by an MCP client or 'uvx'.\n# This command starts the server, which an MCP client can then connect to.\n# Ensure your AWS credentials (e.g., via AWS_PROFILE) are configured and Secrets Manager\n# contains your MySQL credentials.\n\n# Example for RDS Data API connection (replace with your actual ARN and secret name):\n# export AWS_PROFILE=\"your-aws-profile\"\n# export AWS_REGION=\"your-aws-region\"\n# uvx awslabs.mysql-mcp-server@latest \\\n# --resource_arn \"arn:aws:rds:your-aws-region:123456789012:cluster:your-db-cluster\" \\\n# --secret_arn \"arn:aws:secretsmanager:your-aws-region:123456789012:secret:your-db-credentials-XXXXXX\"\n\n# Example for Direct MySQL connection (replace with your actual host, port, user, and secret name):\n# export AWS_PROFILE=\"your-aws-profile\"\n# export AWS_REGION=\"your-aws-region\"\n# uvx awslabs.mysql-mcp-server@latest \\\n# --hostname \"your-mysql-host.com\" \\\n# --port 3306 \\\n# --database \"your_database_name\" \\\n# --secret_arn \"arn:aws:secretsmanager:your-aws-region:123456789012:secret:your-db-credentials-XXXXXX\"","lang":"bash","description":"The AWS Labs MySQL MCP Server is designed to be executed as a server, which MCP-compatible AI clients connect to. The `uvx` command, as shown above, is the recommended way to run it, optionally specifying connection details for either RDS Data API or direct MySQL. Prior to running, ensure AWS credentials are configured (e.g., via `AWS_PROFILE` environment variable or `aws configure`), and your database credentials are securely stored in AWS Secrets Manager."},"warnings":[{"fix":"Clients should update to use new transport mechanisms as they become available. Review MCP client documentation for compatibility with post-SSE versions.","message":"Server Sent Events (SSE) support was removed from all MCP servers in their latest major versions, effective May 26th, 2025. This change aligns with the Model Context Protocol specification. Streamable HTTP is planned as a replacement for improved transport capabilities.","severity":"breaking","affected_versions":">=1.0.0 (from May 26, 2025)"},{"fix":"Always configure the underlying MySQL database user with minimal necessary permissions (e.g., `SELECT` only if read-only operations are intended). Regularly review database access policies and use the latest MCP server version which includes enhanced client-side checks.","message":"Potential for SQL injection if proper security practices are not followed. Although the MySQL MCP server includes a `mutable_sql_detector.py` for client-side checks, it is crucial to also enforce least-privilege access via server-side IAM/RBAC.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Refer to the MCP client's documentation (e.g., Kiro, Cursor, VS Code) on how to directly configure `awslabs.mysql-mcp-server` without relying on the deprecated core server.","message":"The `awslabs.core-mcp-server` is deprecated. If your setup used this for proxying, you must now configure individual MCP servers (like `awslabs.mysql-mcp-server`) directly in your client application.","severity":"gotcha","affected_versions":"All versions (migration from `awslabs.core-mcp-server`)"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Ensure your MCP client is updated to its latest version. Verify your MCP client's configuration for the MySQL MCP server matches the expected input format for connection parameters (resource_arn/secret_arn or hostname/port/database/secret_arn). This issue has been noted and appears to have received fixes or workarounds in newer versions.","cause":"MCP clients (e.g., Amazon Q) might incorrectly pass `db_connection` parameters as strings rather than the expected object, or there's a mismatch in how the client expects to provide connection details versus how the server expects to receive them.","error":"Error: 'db_connection' object has no attribute 'readonly_query' or similar database connection attribute error."},{"fix":"Review the IAM policy attached to the AWS profile or role being used by the MCP server. Ensure it has explicit `Allow` permissions for actions like `rds-data:*` on the Aurora cluster, `secretsmanager:GetSecretValue` on the secret, and potentially `iam:PassRole` if the service passes a role.","cause":"The AWS credentials used by the MCP server lack the necessary IAM permissions to access the specified AWS resources (e.g., RDS Data API, Secrets Manager, or the Aurora MySQL cluster itself).","error":"AccessDeniedException: User is not authorized to perform on resource "}]}