Deploy AWS S3 MCP
Deploy and AWS S3 MCP with Railway
AWS S3 MCP Gateway
Just deployed
AWS S3 MCP
Just deployed
Deploy and Host AWS S3 MCP on Railway
AWS S3 MCP is a Model Context Protocol server that exposes S3 buckets to LLM clients as tools — list-buckets, list-objects, and get-object. This template deploys the MCP server behind an nginx bearer-token auth gateway, so an LLM can safely read objects from a publicly reachable endpoint.
About Hosting AWS S3 MCP
The upstream project has no built-in authentication, so this template places an nginx service in front that validates every request against a comma-separated list of bearer tokens before proxying to the MCP over Railway's private network. The MCP can be pointed at any S3-compatible storage — AWS S3, a Railway bucket, MinIO, Cloudflare R2, or Backblaze B2.
Common Use Cases
- Give Claude, Cursor, or other MCP clients read access to files in S3
- Retrieval-Augmented Generation (RAG) over documents stored in a bucket
- Agent workflows that need to inspect build artifacts, logs, or exports
- Secure sharing of an S3 tool endpoint with teammates via a bearer token
Dependencies for AWS S3 MCP Hosting
The template ships the nginx auth gateway and the AWS S3 MCP server. You bring the storage: attach a Railway bucket after deploy, or point the MCP at an external S3-compatible provider.
Deployment Dependencies
- Credentials for the target S3-compatible storage (access key, secret, endpoint, region, bucket name).
Implementation Details
Architecture Components
This template deploys two services:
- Gateway:
nginx:alpinewith a public Railway domain. ValidatesAuthorization: BeareragainstAPI_KEYSand proxies the rest to the MCP over Railway's private network with SSE-friendly settings. - AWS S3 MCP: the samuraikun/aws-s3-mcp server (pinned to
v0.4.0) running in HTTP transport mode. No public domain — reachable only viamcp.railway.internal:3000.
Authentication
Clients must send Authorization: Bearer where ``is one of the comma-separated entries in API_KEYS. Generate keys with openssl rand -hex 32; rotating is a variable update + gateway redeploy.
Service Configuration
- MCP endpoint:
https:///mcp. - Storage: set
AWS_ACCESS_KEY_ID,AWS_REGION, andS3_BUCKETSon the MCP service. For a Railway bucket, use reference variables against the bucket's credentials.
License Information
MIT (aws-s3-mcp) + BSD-2-Clause (nginx).
Why Deploy AWS S3 MCP on Railway?
The auth gateway, private-network wiring, and SSE passthrough are all pre-configured — giving an MCP client secure read access to S3 is a one-click deploy instead of a custom nginx + reverse-proxy project.
Notes
- Source repo: https://github.com/FournyP/aws-s3-mcp-railway-template
- Upstream MCP server: https://github.com/samuraikun/aws-s3-mcp
- Model Context Protocol: https://modelcontextprotocol.io
Template Content
AWS S3 MCP Gateway
FournyP/aws-s3-mcp-railway-templateAPI_KEYS
Comma-separated list of bearer tokens allowed to call the MCP.
AWS S3 MCP
FournyP/aws-s3-mcp-railway-templateAWS_REGION
Region of the target buckets. For Railway's built-in bucket, reference the bucket's AWS_DEFAULT_REGION (auto). For real AWS, use us-east-1/eu-west-3/etc.
S3_BUCKETS
Comma-separated allowlist of bucket names the MCP is permitted to touch. For Railway's built-in bucket, reference the bucket's AWS_S3_BUCKET_NAME. If empty, no buckets are exposed.
AWS_ENDPOINT
S3 endpoint URL. For Railway's built-in bucket, reference the bucket's AWS_ENDPOINT_URL. For real AWS, leave empty. For other S3-compatible services (MinIO, R2, B2), set the provider's endpoint URL.
S3_MAX_BUCKETS
Maximum number of buckets the list-buckets tool will return. Defaults to 5. Raise if you need the LLM to see more.
AWS_ACCESS_KEY_ID
Access key for your S3-compatible storage. For Railway's built-in bucket, reference the bucket's 'AWS_ACCESS_KEY_ID'.
AWS_SECRET_ACCESS_KEY
Secret for your S3-compatible storage. For Railway's built-in bucket, reference the bucket's AWS_SECRET_ACCESS_KEY. For real AWS, use an IAM user scoped to read-only on the target buckets.
