A comprehensive, production-ready Model Context Protocol (MCP) server for IBM Cloud Object Storage. This server provides complete S3-compatible API access to IBM COS with 37 comprehensive tools covering all aspects of object storage management.
- GitHub: https://github.ibm.com/kirtijha/ibm-cos-mcp-server
- NPM: https://www.npmjs.com/package/@kirtijha/ibm-cos-mcp-server
- Bucket Operations: Create, list, delete, and manage buckets with full configuration
- Object Operations: Upload, download, copy, delete single and multiple objects
- Multipart Uploads: Efficient handling of large files with parallel uploads
- Lifecycle Management: Automate object transitions and expiration
- Versioning: Track and manage object versions
- CORS Configuration: Enable cross-origin resource sharing
- Access Control: Manage bucket and object ACLs
- Tagging: Organize resources with key-value tags
- Website Hosting: Configure static website hosting
- Encryption: Server-side encryption with IBM Key Protect
- IAM API Key: Recommended for production use
- HMAC Credentials: S3-compatible access key and secret
- Automatic credential refresh and token management
- Public endpoints for internet access
- Private endpoints for VPC/internal networks
- Direct endpoints for high-performance applications
- Comprehensive error handling and validation
- Detailed logging and debugging support
- Streaming support for large objects
- Automatic pagination for list operations
- Full TypeScript type safety
- Dual mode: stdio + HTTP for orchestration platforms
The easiest way to use the server is with npx:
{
"mcpServers": {
"ibm-cos": {
"command": "npx",
"args": ["-y", "@kirtijha/ibm-cos-mcp-server"],
"env": {
"IBM_COS_API_KEY": "your-api-key",
"IBM_COS_SERVICE_INSTANCE_ID": "your-instance-id",
"IBM_COS_ENDPOINT": "s3.us-south.cloud-object-storage.appdomain.cloud",
"IBM_COS_REGION": "us-south"
}
}
}
}npm install -g @kirtijha/ibm-cos-mcp-serverThen configure:
{
"mcpServers": {
"ibm-cos": {
"command": "ibm-cos-mcp-server",
"env": {
"IBM_COS_API_KEY": "your-api-key",
"IBM_COS_SERVICE_INSTANCE_ID": "your-instance-id",
"IBM_COS_ENDPOINT": "s3.us-south.cloud-object-storage.appdomain.cloud",
"IBM_COS_REGION": "us-south"
}
}
}
}Run as a standalone HTTP server for remote access or orchestration platforms:
# Set environment variables
export IBM_COS_API_KEY="your-api-key"
export IBM_COS_SERVICE_INSTANCE_ID="your-instance-id"
export IBM_COS_ENDPOINT="s3.us-south.cloud-object-storage.appdomain.cloud"
export IBM_COS_REGION="us-south"
export MCP_API_KEY="your-secure-api-key"
export PORT=3000
# Using npx
npx -y @kirtijha/ibm-cos-mcp-server --http
# Or if installed globally
ibm-cos-mcp-httpThe server will be available at:
- MCP endpoint:
http://localhost:3000/mcp - Tools list:
http://localhost:3000/tools - Health check:
http://localhost:3000/health
For contributing or local development:
# Clone the repository
git clone https://github.ibm.com/kirtijha/ibm-cos-mcp-server.git
cd ibm-cos-mcp-server
# Install dependencies
npm install
# Build the project
npm run build- Service Instance ID: Found in your COS instance details in IBM Cloud Console
- IAM API Key: Create in IBM Cloud Console → Manage → Access (IAM) → API Keys
- HMAC Credentials (alternative): Create in COS instance → Service Credentials → New Credential (with HMAC enabled)
Create a .env file in your project root:
# Required: Service Instance ID
IBM_COS_SERVICE_INSTANCE_ID=your-service-instance-id
# Authentication Option 1: IAM API Key (Recommended)
IBM_COS_API_KEY=your-ibm-cloud-api-key
# Authentication Option 2: HMAC Credentials
# IBM_COS_ACCESS_KEY_ID=your-access-key-id
# IBM_COS_SECRET_ACCESS_KEY=your-secret-access-key
# Endpoint Configuration
IBM_COS_ENDPOINT=s3.us-south.cloud-object-storage.appdomain.cloud
IBM_COS_REGION=us-southAdd to your Claude Desktop config:
MacOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%/Claude/claude_desktop_config.json
{
"mcpServers": {
"ibm-cos": {
"command": "node",
"args": ["/path/to/ibm-cos-mcp-server/dist/index.js"],
"env": {
"IBM_COS_API_KEY": "your-api-key",
"IBM_COS_SERVICE_INSTANCE_ID": "your-instance-id",
"IBM_COS_ENDPOINT": "s3.us-south.cloud-object-storage.appdomain.cloud",
"IBM_COS_REGION": "us-south"
}
}
}
}# Start the HTTP server
npm run start:http
# or
ibm-cos-http-serverThe server will be available at http://localhost:3000 (or your configured PORT).
- list_buckets - List all buckets in your service instance
- create_bucket - Create a new bucket with storage class and location
- delete_bucket - Delete an empty bucket
- head_bucket - Check bucket existence and get metadata
- get_bucket_location - Get bucket's location constraint
- get_bucket_versioning - Check versioning status
- put_bucket_versioning - Enable/suspend versioning
- list_objects - List objects in a bucket (v1)
- list_objects_v2 - List objects with continuation tokens (v2)
- put_object - Upload an object
- get_object - Download an object
- head_object - Get object metadata
- delete_object - Delete a single object
- delete_objects - Delete multiple objects in one request
- copy_object - Copy objects between buckets
- get_object_tagging - Get object tags
- put_object_tagging - Set object tags
- delete_object_tagging - Remove object tags
- create_multipart_upload - Initiate multipart upload
- upload_part - Upload a part
- complete_multipart_upload - Complete upload
- abort_multipart_upload - Cancel upload
- list_multipart_uploads - List active uploads
- list_parts - List uploaded parts
- get_bucket_acl - Get bucket ACL
- put_bucket_acl - Set bucket ACL
- get_object_acl - Get object ACL
- put_object_acl - Set object ACL
- get_public_access_block - Get public access settings
- put_public_access_block - Configure public access
- get_bucket_cors - Get CORS configuration
- put_bucket_cors - Set CORS rules
- delete_bucket_cors - Remove CORS configuration
- get_bucket_website - Get website configuration
- put_bucket_website - Configure static website
- delete_bucket_website - Remove website configuration
- get_bucket_replication - Get replication configuration
- put_bucket_replication - Configure replication
- delete_bucket_replication - Remove replication
- get_bucket_protection - Get immutable object storage config
// The MCP server handles this automatically when you use:
// "Upload file.txt to my-bucket in IBM COS"// 1. Create the bucket first
// "Create a bucket named 'archive-bucket' in us-south"
// 2. Then configure lifecycle rules
// "Set lifecycle rules for 'archive-bucket' to expire objects after 90 days"// "Configure CORS for 'my-app-bucket' to allow requests from https://myapp.com"// "List all PDF files in 'documents' bucket and download the latest one"s3.us-south.cloud-object-storage.appdomain.cloud(Dallas)s3.us-east.cloud-object-storage.appdomain.cloud(Washington DC)
s3.eu-de.cloud-object-storage.appdomain.cloud(Frankfurt)s3.eu-gb.cloud-object-storage.appdomain.cloud(London)
s3.ap-south.cloud-object-storage.appdomain.cloud(Tokyo)s3.ap-north.cloud-object-storage.appdomain.cloud(Seoul)
For private endpoints, replace s3 with s3.private.
For direct endpoints, replace s3 with s3.direct.
ibm-cos-mcp-server/
├── src/
│ ├── index.ts # Main MCP server entry
│ ├── http-server.ts # HTTP server entry
│ ├── server/
│ │ ├── http-server-base.ts
│ │ └── ibm-cos-http.ts
│ ├── tools/ # 37 tool implementations
│ │ ├── listBuckets.ts
│ │ ├── createBucket.ts
│ │ ├── putObject.ts
│ │ ├── getObject.ts
│ │ ├── ... (33 more tools)
│ ├── types/ # TypeScript type definitions
│ └── utils/ # Shared utilities
└── dist/ # Compiled JavaScript
The server provides detailed error messages and handles:
- Authentication failures
- Invalid credentials
- Bucket/object not found
- Permission denied
- Network errors
- Malformed requests
- Never commit credentials - Use environment variables
- Use IAM API Keys - Recommended over HMAC credentials
- Enable versioning - Protect against accidental deletions
- Configure lifecycle rules - Automatically manage storage costs
- Use private endpoints - For internal applications
- Enable encryption - Use IBM Key Protect for sensitive data
- Implement least privilege - Grant minimum required permissions
- Use multipart upload - For files larger than 100MB
- Enable parallel uploads - Upload parts concurrently
- Use direct endpoints - For high-throughput applications
- Implement retry logic - Handle transient failures
- Cache bucket locations - Reduce API calls
- Use streaming - For large object downloads
- Verify endpoint is correct for your region
- Check network connectivity
- Ensure firewall allows HTTPS traffic
- Verify API key is valid and not expired
- Check service instance ID is correct
- Ensure credentials have required permissions
- Verify IAM policies grant required access
- Check bucket policies and ACLs
- Ensure service instance is accessible
# Install dependencies
npm install
# Build the project
npm run build
# Watch for changes
npm run watch
# Start HTTP server in dev mode
npm run dev:httpContributions are welcome! Please feel free to submit a Pull Request.
MIT License - see LICENSE file for details
For issues and questions:
- GitHub Issues: Report a bug
- IBM Cloud Docs: Object Storage Documentation
- API Reference: S3 API Compatibility
Built with:
- Model Context Protocol SDK
- IBM COS SDK
- TypeScript and Node.js
Made with ❤️ for the IBM Cloud community