Not possible to set IAM --readonly when loading via the Core MCP server? #2482

anentropic · 2026-02-20T15:16:48Z

anentropic
Feb 20, 2026

https://awslabs.github.io/mcp/servers/iam-mcp-server#read-only-mode

Docs say:

Add the --readonly flag when starting the server:

# Using uvx
uvx awslabs.iam-mcp-server@latest --readonly

# Or if installed locally
python -m awslabs.iam_mcp_server.server --readonly

And:

Other MCP Clients

Simply add "--readonly" to the args array in your MCP configuration.

But what if I am just using https://awslabs.github.io/mcp/servers/core-mcp-server with "security-identity": true ?

AFAICT there is no way to pass through that config

https://github.com/awslabs/mcp/blob/main/src/iam-mcp-server/awslabs/iam_mcp_server/server.py#L1576-L1589

https://github.com/awslabs/mcp/blob/main/src/core-mcp-server/awslabs/core_mcp_server/server.py#L441-L451

Maybe it'd be useful if args like --read-only all had an associated env var, e.g. IAM_MCP_SERVER_READ_ONLY, so that arbitrary sub-server config can be passed through from the Core mcp.json ?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Not possible to set IAM --readonly when loading via the Core MCP server? #2482

Uh oh!

{{title}}

Uh oh!

Other MCP Clients

Replies: 0 comments

Select a reply

Uh oh!

Not possible to set IAM --readonly when loading via the Core MCP server? #2482

Uh oh!

anentropic Feb 20, 2026

Other MCP Clients

Replies: 0 comments

anentropic
Feb 20, 2026