Timebound
AWS IAM Permissions
for Claude Code
(or any coding agent)
WHAT IS TIMEBOUND IAM
An MCP server that sits between your AI agent and AWS STS, issuing temporary credentials scoped to specific AWS services and access levels on demand.
Quickstart
1 Install
brew install builder-magic/tap/timebound-iam or via Go: go install github.com/deepmesa/timebound-iam@latest
2 Setup & Register
Run the setup wizard, create the IAM role, then register with your agent.
# Configure AWS credentials and create the broker role
timebound-iam setup aws
# Register as an MCP server with Claude Code
claude mcp add --scope user timebound-iam -- timebound-iam serve 3 Use
Your agent requests credentials through the MCP tool and gets scoped, time-limited AWS access. No long-lived keys in the chat.
# The agent calls the grant_access tool:
grant_access(services=["s3", "dynamodb"], level="read_only", ttl="1h")
# Temporary credentials are written to a secure file
# and auto-cleaned up when they expire