Back to blog

Engineering · Jun 10, 2026

MCP Spotlight: IONOS CLOUD MCP — 100+ Read-Only Tools for Compute, DNS, Object Storage, Billing & Audit Logs

IONOS CLOUD's official MCP server gives AI agents 100+ read-only tools across compute, DNS, object storage, billing, certificates, and activity logs — running as a local binary that calls IONOS directly with no third-party relay.

MCP ServerIONOSCloud InfrastructureFinOpsEU CloudAI Agents

MCP Spotlight: IONOS CLOUD MCP — 100+ Read-Only Tools for Compute, DNS, Object Storage, Billing & Audit Logs

Server: ionoscloud-mcp by IONOS License: Open source · Tools: 100+ · Mode: Read-only · Transport: Local binary, stdio MCP Tracker: glama.ai/mcp/servers/ionos-cloud/ionoscloud-mcp Docs: docs.ionos.com/cloud/ai/mcp-server Source: github.com/ionos-cloud/ionoscloud-mcp

Most cloud provider MCPs either expose a single product (just S3, just DNS) or operate as a write-capable shadow admin. IONOS CLOUD MCP takes a different position: 100+ read-only tools across six products, all in a local binary that calls IONOS directly, never through Anthropic, Microsoft, or any third-party relay.

This is a major European cloud provider publishing first-party MCP tooling — and the architecture is built around the constraints that matter for production: read-only by design, local binary, selective tool loading, and a sibling documentation MCP that gives your agent live product docs in the same session.

The Tool Distribution

ProductToolsCoverage
Compute Engine50Data centers, servers, volumes, NICs, LANs, load balancers, NAT gateways, security groups
Object Storage23Buckets, objects, CORS, encryption, lifecycle, replication, access keys
Cloud DNS14Zones, records, reverse records, secondary zones, DNSSEC keys
Billing15Invoices, usage, traffic, the product pricing catalog, FOCUS v1.3 mapping
Certificate Manager6Certificates, auto-certificates, providers
Activity Log2Full audit trail — who did what, when, on which resource

The activity log tool alone is significant: your agent can query "show me every API call in the last 24 hours" without writing a custom integration. Pair that with the billing tools and you have a complete FinOps and compliance surface in MCP.

The Architecture: Local Binary, Direct API

IONOS CLOUD MCP runs as a local binary on your machine. API calls go from the MCP server directly to IONOS CLOUD — not through Anthropic, Microsoft, or any third-party relay. This is a deliberate architectural choice that addresses a real concern:

"The AI client sends tool outputs to its model backend for inference; review your AI client's privacy policy for details."

IONOS owns the transport between MCP server and cloud. The model provider only sees the tool outputs your client sends to it for inference. This means:

  • IONOS credentials never leave your machine to reach the cloud — they only go from the local binary to IONOS
  • Tool results are not proxied through a third party before they reach your agent
  • The relay trust surface is exactly zero, not "we trust the relay"

For DACH and EU-regulated teams, this matters: the architecture supports GDPR-compliant operations without a separate "private cloud" deployment.

Read-Only by Design

Every tool in the IONOS CLOUD MCP server is inspection-only. The server cannot create, update, or delete any resource. This makes it safe to:

  • Connect to production accounts
  • Share access across teams
  • Let agents run autonomous audits, security checks, and FinOps pipelines

When you need to actually change something — spin up a server, update a DNS record, rotate a certificate — the agent surfaces the right API call, generates the code or CLI invocation, and you execute it. The MCP server is the read-side; humans stay on the write-side.

Selective Tool Loading

Some AI clients cap the number of tools per session (Claude Desktop's limit is a common bottleneck). IONOS CLOUD MCP ships with selective tool loading — pick which product groups load at startup:

{
  "mcpServers": {
    "ionos": {
      "command": "ionoscloud-mcp",
      "args": ["--tools=compute,dns,activitylog"],
      "env": {
        "IONOS_API_TOKEN": "${credentials.IONOS_API_TOKEN}"
      }
    }
  }
}

A common pattern: load only compute + dns for a deployment-audit session, then reload with billing for a FinOps pass. Same server, different tool sets, no reinstallation.

The Documentation MCP Pair

Alongside the cloud-control MCP, IONOS ships a Documentation MCP at https://docs.ionos.com/cloud/~gitbook/mcp. Add it to the same config and your agent gets live account data + full product documentation in one session:

{
  "mcpServers": {
    "ionos": {
      "command": "ionoscloud-mcp"
    },
    "ionos-docs": {
      "url": "https://docs.ionos.com/cloud/~gitbook/mcp"
    }
  }
}

The agent now does the loop: queries a server via ionos, gets a config value it doesn't understand, calls ionos-docs for the parameter reference, and proceeds. No copy-paste from web pages, no context loss.

Facio Integration

{
  "mcpServers": {
    "ionos": {
      "command": "ionoscloud-mcp",
      "env": {
        "IONOS_API_TOKEN": "${credentials.IONOS_API_TOKEN}"
      }
    }
  }
}

Facio's audit trail captures every read tool call: which resource was inspected, what parameters, what came back. Combined with the read-only enforcement, this creates a complete inspection-grade record: the agent cannot have written anything to IONOS, and Facio can prove it. For teams operating under DORA, NIS2, or BAIT, this audit log is the evidence auditors ask for.

For HITL workflows, the write-side is explicitly separated. The agent sees the current state, proposes a change, the human reviews and executes via the IONOS Cloud Console or CLI. The MCP is the read-side, the human is the write-side, Facio captures both.

Quickstart

# 1. Generate an API token at the IONOS Cloud Console
#    https://my.ionos.com → API → Tokens → Create
#    Minimum-privilege scoping is documented in the auth guide

# 2. Install the local binary
# macOS
brew install ionos-cloud/tap/ionoscloud-mcp

# Linux
curl -fsSL https://github.com/ionos-cloud/ionoscloud-mcp/releases/latest/download/ionoscloud-mcp-linux-amd64 \
  -o /usr/local/bin/ionoscloud-mcp
chmod +x /usr/local/bin/ionoscloud-mcp

# 3. Add to your MCP client
# Per-client setup guides for Claude Desktop, Claude Code, Cline, Continue,
# Cursor, Gemini CLI, JetBrains, Kiro, OpenCode, VS Code, Windsurf, Zed

# 4. First prompts
# "List all my running servers and their resource utilization"
# "Show me the DNS records for example.com, including DNSSEC status"
# "What's our IONOS spend this month, broken down by product?"
# "Pull the activity log for the last 24 hours"
# "Audit my security groups for rules that expose 0.0.0.0/0"

Use Cases

Infrastructure audits: "List every server, every security group, every load balancer. Flag any rule exposing ports to 0.0.0.0/0." Agent calls the right combination of compute + activity log tools, surfaces violations, produces a report.

FinOps pipelines: Billing tool + activity log = "Show me cost-per-resource for the last 90 days. Which servers have been running but unused for 30+ days? What's the savings if I downsize?"

DNS verification before launch: "List all DNS records for these three domains. Verify TTLs are short enough for cutover, and DNSSEC is enabled where required." Output: a structured DNS audit.

Pre-deploy compliance check: "Before we promote this build, verify the target environment: certificate validity, security group rules, load balancer health checks, and the last 50 activity log entries."

Security investigations: Activity log tool surfaces the audit trail: which user made which change to which resource at which time. The agent correlates events and builds a timeline.

Cost optimization reviews: FOCUS v1.3-mapped billing data means your agent can produce reports in the standard FinOps format — directly from the billing tools, no manual normalization.

Bottom Line

IONOS CLOUD MCP gives your agent 100+ read-only tools across compute, object storage, DNS, billing, certificates, and activity logs — running as a local binary that calls IONOS directly with no third-party relay in the path. For DACH and EU-regulated teams, this is the first major European cloud provider to ship first-party MCP tooling, and the architecture is built for the constraints that matter: privacy, auditability, and the hard separation between read and write.

For teams already on IONOS, or evaluating European cloud alternatives to AWS and Azure, this is the missing agent integration layer. For FinOps, security, and compliance teams, the activity log + billing combination is the killer feature.

brew install ionos-cloud/tap/ionoscloud-mcp and your agent sees your cloud.

MCP Spotlight is a series covering servers that give AI agents real capabilities. Every server is evaluated for tool quality, architectural integrity, and integration fit with Facio's HITL-first agent runtime.

Keep reading

More on Engineering

View category
Jun 9, 2026Engineering

MCP Spotlight: AI Design Blueprint — The 10 Principles Your Agent Should Refuse to Ship Without

AI Design Blueprint exposes 13 read-only MCP tools covering 10 production-tested principles for safe, observable, and steerable agent UX — with 96+ implementation examples and a paid Blueprint Readiness Score for repo-level governance review.

Jun 8, 2026Engineering

MCP Spotlight: ThinAir Data — Read-Only PostgreSQL, MySQL & SQL Server for Your Agent, 23 Tools, 3 Safety Layers

ThinAir Data gives AI agents 23 read-only MCP tools across PostgreSQL, MySQL, and SQL Server — with three independent safety layers (SQL guard, session READ ONLY, per-connection firewall) and runtime connection management.

Jun 7, 2026Engineering

MCP Spotlight: ComparEdge — Give Your Agent Instant SaaS Pricing, Alternatives & Side-by-Side Comparisons

ComparEdge gives AI agents 9 MCP tools to search, compare, and price 508+ SaaS and AI products across 45 categories — with verified vendor pricing, G2/Capterra ratings, and per-token LLM costs. Zero config, no API key required.