Configuration Reference
This page provides the complete reference for connecting to and configuring the Partner Central Agent MCP Server.
Endpoint
| Property | Value |
|---|---|
| URL | https://partnercentral-agents-mcp.us-east-1.api.aws/mcp |
| Region | us-east-1 (N. Virginia) only |
| Protocol | JSON-RPC 2.0 over HTTPS |
| Streaming | Server-Sent Events (SSE) |
| Authentication | AWS Signature Version 4 |
| SigV4 service name | partnercentral-agents-mcp |
| TLS requirement | TLS 1.2 or higher |
IAM permissions
All IAM actions use the partnercentral: prefix unless otherwise
noted.
MCP protocol access
The simplest way to grant MCP protocol access is to attach the
AWSMcpServiceActionsFullAccess managed policy to your IAM identity. This
policy includes all permissions needed to interact with the MCP server. For fine-grained
control, you can use the aws:IsMcpServiceAction condition key in your IAM
policies to scope permissions specifically to MCP service actions.
| Action | Description |
|---|---|
partnercentral:UseSession |
Create, update, and retrieve conversation sessions |
Opportunity management
| Action | Description |
|---|---|
partnercentral:List* |
List opportunities, solutions, and other Partner Central resources |
partnercentral:Get* |
Retrieve details for individual opportunities and other resources |
partnercentral:UpdateOpportunity |
Modify opportunity fields (stage, close date, revenue, etc.) |
partnercentral:SubmitOpportunity |
Submit an opportunity for AWS review |
partnercentral:AssignOpportunity |
Assign an opportunity to a partner representative |
partnercentral:AssociateOpportunity |
Link an opportunity to another resource (solution, etc.) |
partnercentral:DisassociateOpportunity |
Remove a link between an opportunity and another resource |
partnercentral:StartEngagementFromOpportunityTask |
Submit opportunities to start an engagement from an opportunity |
Funding programs
| Action | Description |
|---|---|
partnercentral:ListBenefitAllocations |
List available benefit allocations for your account |
partnercentral:ListBenefitApplications |
List submitted benefit applications |
partnercentral:CreateBenefitApplication |
Create a new benefit application (MAP, POC, WMP) |
partnercentral:GetBenefitApplication |
Retrieve details of a specific benefit application |
partnercentral:UpdateBenefitApplication |
Update a pending benefit application |
partnercentral:AssociateBenefitApplicationResource |
Link a resource to a benefit application |
partnercentral:DisassociateBenefitApplicationResource |
Remove a resource link from a benefit application |
Marketplace access
| Action | Description |
|---|---|
aws-marketplace:DescribeEntity |
Retrieve details of a marketplace entity |
aws-marketplace:SearchAgreements |
Search marketplace agreements |
aws-marketplace:ListEntities |
List marketplace entities |
Catalog environments
| Catalog | Description |
|---|---|
"AWS" |
Production environment. All operations affect live partner data. |
"Sandbox" |
Isolated testing environment. No impact on production data. Use for development and validation. |
Session management
| Property | Value |
|---|---|
| Session ID format | UUID v4 with session- prefix (e.g.,
session-550e8400-e29b-41d4-a716-446655440000) |
| Session creation | Automatic on first sendMessage call without a
sessionId |
| Session expiry | 48 hours from session creation (absolute expiry, not inactivity-based) |
File upload
| Property | Value |
|---|---|
| Max files per message | 3 |
| Image size limit | 3.75 MB |
| Document size limit | 4.5 MB |
| Allowed extensions | doc, docx, pdf, png,
jpeg, xlsx, csv,
txt |
| S3 bucket (production) | aws-partner-central-marketplace-ephemeral-writeonly-files |
| Upload path | s3://{bucket}/{aws-account-id}/ |
| S3 URI requirement | Must include versionId query parameter |
Upload workflow
Upload your file to the appropriate S3 bucket under your AWS account ID prefix.
Note the S3 URI including the
versionIdreturned by the upload.Include the file as a
documentcontent block in yoursendMessagecall.
Example S3 URI format:
s3://aws-partner-central-marketplace-ephemeral-writeonly-files/123456789012/my-document.pdf?versionId=abc123
Error codes
| Code | Name | Description |
|---|---|---|
-32001 |
AUTHENTICATION_FAILURE |
SigV4 signature is invalid or credentials have expired |
-31004 |
TOOL_PERMISSION_DENIED |
IAM identity lacks the required partnercentral: action for this
operation |
-32002 |
ACCESS_DENIED |
General access denied (account not enrolled, region mismatch, etc.) |
-32004 |
LIMIT_EXCEEDED |
Rate limit or quota exceeded. Retry with exponential backoff. |
-30001 |
RESOURCE_NOT_FOUND |
Requested resource (session, opportunity, etc.) does not exist |
-32600 |
INVALID_REQUEST |
Malformed JSON-RPC request or invalid parameters |
-32603 |
INTERNAL_ERROR |
Server-side error. Retry the request. |
Rate limits
The server enforces per-account rate limits:
| Operation | Sustained rate | Burst |
|---|---|---|
sendMessage |
2 requests per minute | 10 |
| All other operations | 10 requests per minute | 20 |
If you exceed these limits, the server returns error code -32004
(LIMIT_EXCEEDED). Implement exponential backoff with jitter in your client to handle rate
limiting gracefully.
Streaming (SSE) event types
When stream is set to true in a sendMessage
call, the server returns Server-Sent Events with these event types:
| Event Type | Description |
|---|---|
stream_start |
Stream connection established |
assistant-response.start |
Agent has begun generating a response |
assistant-response.delta |
Incremental text chunk of the agent's response |
assistant-response.completed |
Agent has finished generating the response |
server-tool-use |
Agent is invoking an internal tool (read operation) |
server-tool-response |
Result of an internal tool invocation |
tool_approval_request |
Agent is requesting human approval for a write operation |
stream_end |
Stream connection closing |
done |
Final event indicating the SSE stream is complete |
Next steps
Tools Reference — Detailed documentation for
sendMessageandgetSessiontools
