Leveraging AWS Lambda and Amazon EC2 to Deploy Agent MCP for AI Integration

Introduction

Modern AI agents need interoperability. AWS Strands Agents provide a flexible framework for agentic workflows, while Agent-MCP (Model Context Protocol) ensures open and standardized communication between agents and external systems.

Organizations can build scalable, serverless, and interoperable AI solutions by deploying an MCP server on Amazon EC2 and invoking it through Strands Agents in AWS Lambda.

Pioneers in Cloud Consulting & Migration Services

Reduced infrastructural costs
Accelerated application deployment

Get Started

Summary

Strands Agents → Lightweight AI agents running in AWS, designed for extensibility.
Agent-MCP → An open protocol to connect agents with external tools and services.
Integration Pattern → MCP server hosted on Amazon EC2, invoked securely by AWS Lambda-based Strands Agents.
Result → A modular, scalable architecture where agents in AWS Lambda interact seamlessly with MCP-enabled services.

Key Benefits

Standardized Interoperability – MCP enables uniform communication between agents and systems.
Scalability – AWS Lambda ensures serverless execution of Strands Agents.
Flexibility – An Amazon EC2-hosted MCP server can integrate with any system.
Security – AWS IAM + Amazon VPC ensures secure access between AWS Lambda and Amazon EC2.
Maintainability – Clear compute (AWS Lambda) and protocol server (Amazon EC2) separation.

Step-by-Step Implementation

Set Up MCP Server on Amazon EC2

Launch an Ubuntu EC2 Instance

To host the MCP server, you first need an Amazon EC2 instance that is publicly accessible. Follow these steps:

Go to the Amazon EC2 Console → Click Launch Instance.
Choose AMI: Select Ubuntu Server 22.04 LTS (64-bit x86) from the Amazon Machine Image (AMI) list. Ubuntu 22.04 is stable, widely supported, and works well with the MCP server dependencies.
Instance Type: For testing, select a lightweight instance type like t3.micro or t3.small. For production, choose a larger instance depending on the expected load.
Network Settings:
- Select your Amazon VPC.
- Choose a public subnet (this subnet must have a route to an Internet Gateway so the instance can reach the internet and be reached from outside).
- Under Auto-assign Public IP, select Enable. This ensures your instance gets a public IPv4 address at launch.
Security Group Configuration:
- Create a new Security Group (e.g., MCP-Server-SG).
- Add inbound rules to allow:
  - SSH (22) from your own IP (for secure access).
  - Custom TCP (8080) for MCP server access. During testing, you can allow 0.0.0.0/0, but restrict it to your AWS Lambda’s outbound IPs or trusted IP ranges only for production.
- Outbound rules can remain the default (allow all).
Storage: Leave the default 8–10 GB root volume unless your workload requires more.
Key Pair: Select an existing key pair or create a new one for SSH access. Make sure you download the .pem file if you create a new key.
Launch: Click Launch Instance. Wait until the instance state changes to running.

Once the instance is up, note down the Public IPv4 address (or allocate and associate an Elastic IP if you want a permanent address).

Install Prerequisites

SSH into your instance (using its public IP):

ssh -i my-key.pem ubuntu@<EC2-PUBLIC-IP>

1	ssh -i my-key.pem ubuntu@<EC2-PUBLIC-IP>

Then install dependencies:

sudo apt update -y
sudo apt install -y git python3 python3-pip curl

1 2	sudo apt update -y sudo apt install -y git python3 python3-pip curl

Clone and Run MCP Server

Clone the Draw.io MCP server repo:

git clone https://github.com/lgazo/drawio-mcp-server.git
cd drawio-mcp-server
pip3 install -r requirements.txt   # If requirements.txt exists

git clone https://github.com/lgazo/drawio-mcp-server.git

cd drawio-mcp-server

pip3 install -r requirements.txt # If requirements.txt exists

Run the MCP server on port 8080:

python3 server.py --host 0.0.0.0 --port 8080

1	python3 server.py --host 0.0.0.0 --port 8080

Now the MCP server is listening on all interfaces.

Configure Security Group for Public Access

Go to Amazon EC2 → Security Groups.
For your MCP EC2 SG, add an Inbound Rule:
- Type: Custom TCP
- Port: 8080
- Source: Your AWS Lambda’s public egress range (or 0.0.0.0/0 if testing, but not recommended for production).

Test MCP Server

From your local machine or AWS Lambda, run:

curl http://<EC2-PUBLIC-IP>:8080

1	curl http://<EC2-PUBLIC-IP>:8080

The MCP server is working if you see a response (JSON or server info).

Create a Strands Agent in AWS Lambda

Deploy an AWS Lambda function with Python runtime.

Example function:

from mcp.client.streamable_http import streamablehttp_client
from strands.tools.mcp.mcp_client import MCPClient
from strands import Agent

MCP_SERVER_URL = "http://<EC2-PUBLIC-IP>:8080"

def call_strands_agent(user_query: str, speaker_name: str, context: str = None) -> str:
    try:
        # System instructions only (don’t include user query here)
        system_prompt = f"""
You are {speaker_name},
Respond directly in Hinglish, acting like a solution architect.
"""

        # Connect to MCP server running on EC2:8080
        mcp_client = MCPClient(lambda: streamablehttp_client(MCP_SERVER_URL))

        with mcp_client:
            # Discover tools from MCP server
            tools = mcp_client.list_tools_sync()

            # Create a Strands Agent with these tools
            agent = Agent(
                model="anthropic.claude-3-haiku-20240307-v1:0",
                system_prompt=system_prompt,
                tools=tools
            )

            # Invoke the agent with the user query
            response = agent(user_query)
            return str(response)

    except Exception as e:
        return f"Error: {e}"

from mcp.client.streamable_http import streamablehttp_client

from strands.tools.mcp.mcp_client import MCPClient

from strands import Agent

MCP_SERVER_URL = "http://<EC2-PUBLIC-IP>:8080"

def call_strands_agent(user_query: str, speaker_name: str, context: str = None) -> str:

try:

# System instructions only (don’t include user query here)

system_prompt = f"""

You are {speaker_name},

Respond directly in Hinglish, acting like a solution architect.

"""

# Connect to MCP server running on EC2:8080

mcp_client = MCPClient(lambda: streamablehttp_client(MCP_SERVER_URL))

with mcp_client:

# Discover tools from MCP server

tools = mcp_client.list_tools_sync()

# Create a Strands Agent with these tools

agent = Agent(

model="anthropic.claude-3-haiku-20240307-v1:0",

system_prompt=system_prompt,

tools=tools

)

# Invoke the agent with the user query

response = agent(user_query)

return str(response)

except Exception as e:

return f"Error: {e}"

Networking & Security

Place Lambda in the same VPC as Amazon EC2 or use VPC Peering / PrivateLink.
Use AWS IAM Roles for secure AWS Lambda execution.
Restrict the Amazon EC2 security group to allow requests only from AWS Lambda subnets.

Deploy & Test

Deploy AWS Lambda with required dependencies.
Trigger AWS Lambda via Amazon API Gateway or Amazon EventBridge.
Confirm the AWS Lambda agent response includes MCP server data.

strands

Conclusion

By hosting the MCP server on Amazon EC2 and invoking it from AWS Lambda-based Strands Agents, organizations achieve a clean separation of responsibilities:

Amazon EC2 handles protocol & system interoperability (MCP).
AWS Lambda handles agentic intelligence and scalability.

This design pattern ensures flexibility, security, and scalability for building next-generation interoperable AI applications on AWS.

Drop a query if you have any questions regarding MCP server and we will get back to you quickly.

Empowering organizations to become ‘data driven’ enterprises with our Cloud experts.

Reduced infrastructure costs
Timely data-driven decisions

Get Started

About CloudThat

CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.

FAQs

1. Why run the MCP server on Amazon EC2?

ANS: – Amazon EC2 offers full control over the MCP server environment, allowing you to install and configure dependencies freely.

2. Can multiple Strands Agents in AWS Lambda talk to the same MCP server?

ANS: – Yes, multiple AWS Lambda agents can connect to the same Amazon EC2 MCP server, making the architecture multi-tenant.

3. Is communication secure?

ANS: – Yes. Use HTTPS (TLS) on Amazon EC2 and secure traffic with AWS IAM + Amazon VPC security controls.

WRITTEN BY Shantanu Singh

Shantanu Singh is a Research Associate at CloudThat with expertise in Data Analytics and Generative AI applications. Driven by a passion for technology, he has chosen data science as his career path and is committed to continuous learning. Shantanu enjoys exploring emerging technologies to enhance both his technical knowledge and interpersonal skills. His dedication to work, eagerness to embrace new advancements, and love for innovation make him a valuable asset to any team.