Timebound
AWS IAM Permissions
for Claude Code
(or any coding agent)
WHAT IS TIMEBOUND IAM
An MCP server that sits between your AI agent and AWS STS, issuing temporary credentials scoped to specific AWS services and access levels on demand.
Quickstart
brew install builder-magic/tap/timebound-iam
or via Go: go install github.com/deepmesa/timebound-iam@latest
Run the setup wizard, create the IAM role, then register with your agent.
# Register as an MCP server with Claude Code# Configure AWS credentials and create the broker role
timebound-iam setup aws
claude mcp add --scope user timebound-iam -- timebound-iam serve
Your agent requests credentials through the MCP tool and gets scoped, time-limited AWS access. No long-lived keys in the chat.
# Temporary credentials are written to a secure file# The agent calls the grant_access tool:
grant_access(services=["s3", "dynamodb"], level="read_only", ttl="1h")
# and auto-cleaned up when they expire