IONOS Cloud MCP Server – Infrastructure Insights
The official IONOS CLOUD MCP Server gives AI assistants read-only access to supported IONOS CLOUD infrastructure and account data. Use it for inventory, cost review, security audits, troubleshooting, and infrastructure analysis without allowing the agent to create, modify, or delete resources.
Overview
The official IONOS CLOUD MCP Server connects compatible AI assistants and
autonomous agents to an IONOS CLOUD account. It runs locally and calls IONOS
CLOUD APIs directly over HTTPS, giving the client structured access to current
infrastructure data without routing account API traffic through a third-party
MCP proxy.
What the MCP server enables
The server exposes 112 read-only tools across six IONOS CLOUD product areas.
All product tools follow list_*, get_*, or head_* patterns, so the server
can inspect resources but cannot create, update, or delete them. Depending on
configured credentials, an AI agent can:
- Inspect Compute Engine resources such as data centers, servers, volumes,
NICs, LANs, firewall rules, IP blocks, load balancers, NAT gateways,
security groups, snapshots, images, and requests. - Review Object Storage buckets, policies, encryption, lifecycle settings,
replication, versioning, Object Lock, objects, regions, and access keys. - Inspect DNS zones, records, reverse records, secondary zones, DNSSEC, and quota.
- Analyze billing profiles, invoices, traffic, utilization, provisioning
intervals, product pricing, and FOCUS-formatted cost data. - Review certificates, certificate providers, contracts, and activity events.
When to use it
Use IONOS CLOUD MCP when an agent needs live infrastructure context for audit,
inventory, optimization, or troubleshooting tasks. Typical workflows include
finding unattached volumes, identifying unused IP blocks, reviewing public
storage exposure, summarizing failed API requests, comparing resource usage,
preparing a cost report, or onboarding a new engineer to an existing account.
Connection and authentication
The server is distributed as a local binary, Homebrew package, Go module, and
multi-architecture Docker image. The documented Docker configuration runs the
official ghcr.io/ionos-cloud/ionoscloud-mcp image over stdio.
IONOS_TOKEN is required for the IONOS CLOUD control-plane APIs. Object Storage
data-plane tools additionally require IONOS_S3_ACCESS_KEY and
IONOS_S3_SECRET_KEY. These S3 credentials can be omitted when Object Storage
data-plane access is not needed.
Key considerations
The server is read-only by design, which makes it appropriate for production
inventory and unattended audit loops, but credentials should still follow least
privilege. The default eager mode exposes all 112 tools; clients with tool-count
limits can set IONOS_MCP_LOAD_MODE=lazy so Compute and Object Storage tools
load on demand. Keep tokens and S3 keys in a secret manager or protected
environment, connect only trusted AI clients, and review sensitive billing,
network, or storage data before sharing tool output externally.
Supported Transports
stdio
Command: docker
Args:
run-i--rm-eIONOS_TOKEN-eIONOS_S3_ACCESS_KEY-eIONOS_S3_SECRET_KEY-eIONOS_MCP_LOAD_MODEghcr.io/ionos-cloud/ionoscloud-mcp:latest
Frequently Asked Questions
- When should an AI agent use the IONOS CLOUD MCP Server?
- Use it when a workflow needs current IONOS CLOUD infrastructure context for read-only auditing, inventory, cost analysis, security review, troubleshooting, or onboarding without allowing the agent to modify resources.
- What does the IONOS CLOUD MCP Server add to an AI agent's capabilities?
- It gives the agent structured access to live IONOS CLOUD compute, storage, DNS, billing, certificate, and activity-log data instead of relying only on static model knowledge or manually copied control-panel information.
- What can an AI agent access through the IONOS CLOUD MCP Server?
- The agent can inspect supported Compute Engine, Object Storage, DNS, Billing, Certificate Manager, and Activity Log resources. The official server exposes read-only list, get, and head operations and cannot create, modify, or delete resources.
- How is authentication configured for the IONOS CLOUD MCP Server?
- Set IONOS_TOKEN to an IONOS CLOUD API token. Add IONOS_S3_ACCESS_KEY and IONOS_S3_SECRET_KEY only when Object Storage data-plane tools are required. Store all credentials in a protected environment or secret manager and apply least privilege.
- Which transport should be used for the IONOS CLOUD MCP Server?
- Use stdio with the official local binary or Docker image. The documented configuration runs the official container locally, while API calls travel directly from that process to IONOS CLOUD over HTTPS.