@getcordon/core vs AWS MCP Servers

Intercepts tool calls from MCP clients before execution, applies configurable security policies (allowlists, denylists, parameter validation rules), and either permits or blocks execution based on policy evaluation. Implements a proxy pattern that sits between the MCP client and server, inspecting the tool name, parameters, and context to enforce organizational security boundaries without modifying the underlying MCP protocol.

Unique: Implements MCP-native tool-call interception at the protocol level rather than wrapping individual tool implementations, allowing centralized policy enforcement across heterogeneous MCP servers without modifying server code

vs alternatives: Provides MCP-specific security enforcement that works across any MCP server without code changes, whereas generic API gateways require per-endpoint configuration and lack MCP protocol semantics

Routes tool calls flagged by policy rules to a human reviewer queue, pausing execution until explicit approval or rejection is provided. Implements a callback-based workflow where blocked or high-risk calls are held in a state machine, allowing async human review via API or UI integration, then resuming or aborting the original MCP request based on the decision.

Unique: Integrates human approval as a first-class workflow primitive in the MCP proxy layer, allowing approval gates to be defined declaratively in policy without custom application code

vs alternatives: Provides MCP-native approval workflows that pause execution at the protocol level, whereas custom approval systems typically require wrapping individual tool implementations or building separate orchestration layers

Validates MCP tool call requests and responses against schema definitions, ensuring type correctness and structural integrity. Implements schema-based validation where tool definitions include parameter schemas and response schemas, and the proxy validates incoming requests and outgoing responses against these schemas. Supports JSON Schema or similar schema formats and provides detailed validation error messages.

Unique: Provides MCP-level schema validation that works across all tools without requiring per-tool implementation, enabling centralized type safety enforcement

vs alternatives: Validates schemas at the protocol level before tool execution, whereas per-tool validation requires implementing validation in each tool and may miss edge cases

Routes tool calls to appropriate MCP servers based on tool availability, load, or custom routing rules, implementing a load balancing strategy that distributes calls across multiple server instances. Supports round-robin, least-connections, and custom routing algorithms. Maintains health checks on server instances and automatically removes unhealthy servers from the routing pool.

Unique: Provides MCP-level load balancing that works across heterogeneous tool servers without requiring per-tool routing logic, enabling transparent scaling and failover

vs alternatives: Routes at the MCP protocol level before tool execution, whereas generic load balancers (nginx, HAProxy) lack MCP semantics and cannot make tool-aware routing decisions

Logs all tool call attempts, policy evaluations, approval decisions, and execution results to a structured audit trail with timestamps, actor information, and decision rationale. Implements a logging pipeline that captures both successful and blocked calls, enabling forensic analysis, compliance reporting, and security investigations. Logs are structured (JSON) for easy querying and integration with SIEM systems.

Unique: Provides MCP-level audit logging that captures the full lifecycle of tool calls (request, policy evaluation, approval, execution, result) in a single structured log, enabling end-to-end traceability without instrumenting individual tools

vs alternatives: Captures MCP protocol-level events that generic API logging cannot see, providing visibility into policy decisions and approval workflows that are invisible to downstream tool implementations

Allows security policies to be defined declaratively (likely JSON or YAML) with support for composing multiple rules (allowlists, denylists, parameter constraints, rate limits) into a cohesive policy. Policies are evaluated against tool call metadata at runtime, supporting logical operators (AND, OR) and context-aware conditions (e.g., 'allow only if user role is admin'). Policies are loaded at proxy startup and can be versioned for audit purposes.

Unique: Provides a declarative policy language tailored to MCP tool calls, allowing non-developers to define security rules without understanding the underlying proxy architecture

vs alternatives: Offers MCP-specific policy syntax that understands tool call semantics (tool name, parameters, context), whereas generic API gateway policies require manual mapping of tool calls to API endpoints

Evaluates tool call requests in the context of the requesting agent or user identity, applying identity-based access control rules. Extracts identity information from MCP request metadata (e.g., client ID, user ID, role) and uses it to make allow/block decisions, enabling fine-grained access control where different agents have different tool permissions. Supports role-based access control (RBAC) and attribute-based access control (ABAC) patterns.

Unique: Integrates identity-based access control directly into the MCP proxy, allowing identity to be a first-class dimension of tool call filtering without requiring custom authorization logic in each tool

vs alternatives: Provides MCP-native identity-based filtering that works across heterogeneous tools, whereas per-tool authorization requires implementing access control in each tool implementation

Validates and optionally sanitizes parameters in tool calls before execution, enforcing constraints like type checking, value ranges, string length limits, and regex patterns. Implements a schema-based validation approach where tool parameters are validated against a schema definition, rejecting calls with invalid parameters and optionally logging violations. Supports both strict validation (reject invalid calls) and lenient modes (log and allow).

Unique: Provides schema-based parameter validation at the MCP proxy layer, catching invalid parameters before they reach tool implementations and enabling centralized validation logic

vs alternatives: Validates parameters at the protocol level before tool execution, whereas per-tool validation requires implementing validation in each tool and may miss edge cases

awslabs/mcp | DeepWiki Loading... Index your code with Devin DeepWiki DeepWiki awslabs/mcp Index your code with Devin Edit Wiki Share Loading... Last indexed: 8 January 2026 ( 49d158 ) Overview What is Model Context Protocol? Available MCP Servers Server Workflow Classifications Architecture System Design Client-Server Interaction Package Structure & Dependencies Security & Permission Model Documentation System Core Infrastructure Core MCP Server AWS API MCP Server Lambda Handler & Remote Servers Infrastructure as Code Servers AWS IaC MCP Server Terraform MCP Server CDK MCP Server CloudFormation & Cloud Control Servers Container & Compute Servers ECS MCP Server EKS & Kubernetes Servers Lambda Tool MCP Server Serverless & Container Tools AI & Machine Learning Servers Bedrock KB Retrieval MCP Server Nova Canvas MCP Server SageMaker AI MCP Server AWS HealthOmics MCP Server Bedrock AgentCore & Other AI Servers Data & Analytics Servers DynamoDB MCP Server PostgreSQL MCP Server Other Database Servers S3 Tables & Storage Servers Analytics & Data Processing Servers Operations & Monitoring Servers Cost Analysis & Explorer Servers AWS Diagram MCP Server CloudWatch & Monitoring Servers IAM & Security Servers Support & CloudTrail Servers Messaging & Integration Servers SNS/SQS & Messaging Servers Step Functions & Workflow Servers Developer Tools & Documentation AWS Docume

What is Model Context Protocol? | awslabs/mcp | DeepWiki Loading... Index your code with Devin DeepWiki DeepWiki awslabs/mcp Index your code with Devin Edit Wiki Share Loading... Last indexed: 8 January 2026 ( 49d158 ) Overview What is Model Context Protocol? Available MCP Servers Server Workflow Classifications Architecture System Design Client-Server Interaction Package Structure & Dependencies Security & Permission Model Documentation System Core Infrastructure Core MCP Server AWS API MCP Server Lambda Handler & Remote Servers Infrastructure as Code Servers AWS IaC MCP Server Terraform MCP Server CDK MCP Server CloudFormation & Cloud Control Servers Container & Compute Servers ECS MCP Server EKS & Kubernetes Servers Lambda Tool MCP Server Serverless & Container Tools AI & Machine Learning Servers Bedrock KB Retrieval MCP Server Nova Canvas MCP Server SageMaker AI MCP Server AWS HealthOmics MCP Server Bedrock AgentCore & Other AI Servers Data & Analytics Servers DynamoDB MCP Server PostgreSQL MCP Server Other Database Servers S3 Tables & Storage Servers Analytics & Data Processing Servers Operations & Monitoring Servers Cost Analysis & Explorer Servers AWS Diagram MCP Server CloudWatch & Monitoring Servers IAM & Security Servers Support & CloudTrail Servers Messaging & Integration Servers SNS/SQS & Messaging Servers Step Functions & Workflow Servers Developer

Architecture | awslabs/mcp | DeepWiki Loading... Index your code with Devin DeepWiki DeepWiki awslabs/mcp Index your code with Devin Edit Wiki Share Loading... Last indexed: 8 January 2026 ( 49d158 ) Overview What is Model Context Protocol? Available MCP Servers Server Workflow Classifications Architecture System Design Client-Server Interaction Package Structure & Dependencies Security & Permission Model Documentation System Core Infrastructure Core MCP Server AWS API MCP Server Lambda Handler & Remote Servers Infrastructure as Code Servers AWS IaC MCP Server Terraform MCP Server CDK MCP Server CloudFormation & Cloud Control Servers Container & Compute Servers ECS MCP Server EKS & Kubernetes Servers Lambda Tool MCP Server Serverless & Container Tools AI & Machine Learning Servers Bedrock KB Retrieval MCP Server Nova Canvas MCP Server SageMaker AI MCP Server AWS HealthOmics MCP Server Bedrock AgentCore & Other AI Servers Data & Analytics Servers DynamoDB MCP Server PostgreSQL MCP Server Other Database Servers S3 Tables & Storage Servers Analytics & Data Processing Servers Operations & Monitoring Servers Cost Analysis & Explorer Servers AWS Diagram MCP Server CloudWatch & Monitoring Servers IAM & Security Servers Support & CloudTrail Servers Messaging & Integration Servers SNS/SQS & Messaging Servers Step Functions & Workflow Servers Developer Tools & Documentati

awslabs/mcp | DeepWiki Loading... Index your code with Devin DeepWiki DeepWiki awslabs/mcp Index your code with Devin Edit Wiki Share Loading... Last indexed: 8 January 2026 ( 49d158 ) Overview What is Model Context Protocol? Available MCP Servers Server Workflow Classifications Architecture System Design Client-Server Interaction Package Structure & Dependencies Security & Permission Model Documentation System Core Infrastructure Core MCP Server AWS API MCP Server Lambda Handler & Remote Servers Infrastructure as Code Servers AWS IaC MCP Server Terraform MCP Server CDK MCP Server CloudFormation & Cloud Control Servers Container & Compute Servers ECS MCP Server EKS & Kubernetes Servers Lambda Tool MCP Server Serverless & Container Tools AI & Machine Learning Servers Bedrock KB Retrieval MCP Server Nova Canvas MCP Server SageMaker AI MCP Server AWS HealthOmics MCP Server Bedrock AgentCore & Other AI Servers Data & Analytics Servers DynamoDB MCP Server PostgreSQL MCP Server Other Database Servers S3 Tables & Storage Servers Analytics & Data Processing Servers Operations & Monitoring Serv