Manage MCP servers

Model Context Protocol (MCP) servers enable your AI applications to connect with databases, calendars, productivity tools, and APIs. This guide explains how to list MCP servers, authenticate your AI applications to MCP servers, and configure optional security and safety settings for MCP usage.

Google and Google Cloud services are available as remote MCP servers that run on our infrastructure, not your machine. For supported services, MCP endpoints are available once you enable the API. For more information, see Google Cloud MCP servers overview.

This guide is for developers who want to use Google and Google Cloud MCP servers in their AI applications, and for users of AI assistance applications such as Claude Code, Gemini Code Assist, Gemini CLI, or Google AI Studio who want to use Google and Google Cloud MCP servers to streamline their workflow.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. Install the Google Cloud CLI.

  3. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  4. To initialize the gcloud CLI, run the following command: 

    gcloud init

  5. Create or select a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  6. If you're using an existing project for this guide, verify that you have the permissions required to complete this guide. If you created a new project, then you already have the required permissions.

  7. Verify that billing is enabled for your Google Cloud project.

  8. Install the Google Cloud CLI.

  9. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  10. To initialize the gcloud CLI, run the following command: 

    gcloud init

  11. Create or select a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  12. If you're using an existing project for this guide, verify that you have the permissions required to complete this guide. If you created a new project, then you already have the required permissions.

  13. Verify that billing is enabled for your Google Cloud project.

Required roles

To get the permissions that you need to use MCP servers, ask your administrator to grant you the Make MCP tool calls to Google and Google Cloud MCP tools IAM role on the Google Cloud project. For more information about granting roles, see Manage access to projects, folders, and organizations.

This predefined role contains the permissions required to use MCP servers. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to use MCP servers:

  • Make MCP tool calls to Google and Google Cloud MCP tools:
    • mcp.tools.call
    • resourcemanager.projects.get
    • resourcemanager.projects.list

You might also be able to get these permissions with custom roles or other predefined roles.

Available MCP servers

Available Google and Google Cloud remote MCP servers are listed in Supported products and are registered in Agent Registry when you enable the product or service.

Manage MCP with Agent Registry

To list your available MCP servers and get updated tool descriptions, see Manage MCP tools in Agent Registry.

List available tools, prompts, and resources

Most MCP clients automatically list available tools, prompts, and resources. The following tabs describe how to manually list them using HTTP requests:

Tools

To get a list of available tools and their descriptions, MCP clients use the MCP tools/list method in an HTTP request to the MCP server endpoint. Authentication isn't required for the tools/list method.

POST /mcp HTTP/1.1
Host: SERVICE_NAME
Content-Type: application/json

{
  "jsonrpc": "2.0",
  "method": "tools/list",
}

Replace SERVICE_NAME with the service name—for example, the BigQuery service name is bigquery.googleapis.com. For information about listing service names for available MCP servers, see List available MCP servers. To see a list of Google and Google Cloud services that have remote MCP servers without running commands, see Supported products.

You can send an HTTP request to list tools directly to a Google remote MCP server with the following command:

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc": "2.0", "id":0, "method": "tools/list"}' \
  "https://SERVICE_NAME/mcp"

Replace SERVICE_NAME with the service name—for example, the BigQuery service name is bigquery.googleapis.com.

The response resembles the following:

{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "tools": [
      {
        "name": "list_topics",
        "title": "List Topics",
        "description": "Get list of available topics.",
        "input_schema": {...}
        "output_schema": {...}
      },
      {
        "name": "get_topic",
        "title": "Get Topic",
        "description": "Get messages in a Topic.",
        "input_schema": {...}
        "output_schema": {...}
      },
      ...
    ]
  }
}

Prompts

To get a list of available prompts and their descriptions, MCP clients use the MCP prompts/list method in an HTTP request to the MCP server endpoint. Authentication isn't required for the prompts/list method.

POST /mcp HTTP/1.1
Host: SERVICE_NAME
Content-Type: application/json

{
  "jsonrpc": "2.0",
  "method": "prompts/list",
}

Replace SERVICE_NAME with the service name—for example, the BigQuery service name is bigquery.googleapis.com.

For information about listing service names for available MCP servers, see List available MCP servers. To see a list of Google and Google Cloud services that have remote MCP servers without running commands, see Supported products.

You can send an HTTP request to list prompts directly to a Google remote MCP server with the following command:

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc": "2.0", "id":0, "method": "prompts/list"}' \
  "https://SERVICE_NAME/mcp"

Replace SERVICE_NAME with the service name—for example, the BigQuery service name is bigquery.googleapis.com.

The response resembles the following:

{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "prompts": [
      {
        "name": "deploy",
        "description": "Deploys the current working directory to Cloud Run.",
        "arguments": [
          {
            "name": "name",
            "description": "Name of the Cloud Run service to deploy to.",
            "required": false
          }
        ]
      },
      ...
    ]
  }
}

Resources

To get a list of available resources and their descriptions, MCP clients use the MCP resources/list method in an HTTP request to the MCP server endpoint. Authentication isn't required for the resources/list method.

POST /mcp HTTP/1.1
Host: SERVICE_NAME
Content-Type: application/json

{
  "jsonrpc": "2.0",
  "method": "resources/list",
}

Replace SERVICE_NAME with the service name—for example, the BigQuery service name is bigquery.googleapis.com.

For information about listing service names for available MCP servers, see List available MCP servers. To see a list of Google and Google Cloud services that have remote MCP servers without running commands, see Supported products.

You can send an HTTP request to list resources directly to a Google remote MCP server with the following command:

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc": "2.0", "id":0, "method": "resources/list"}' \
  "https://SERVICE_NAME/mcp"

Replace SERVICE_NAME with the service name—for example, the BigQuery service name is bigquery.googleapis.com.

The response resembles the following:

{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "resources": [
      {
        "uri": "file:///project/src/main.rs",
        "name": "main.rs",
        "title": "Rust Software Application Main File",
        "description": "Primary application entry point",
        "mime_type": "text/x-rust"
      },
      ...
    ]
  }
}

Authenticate your AI application

Once you have enabled a product or service that supports MCP in your project, you can use your Google credentials to authenticate and use its tools through your AI application. For safety and observability, you might want to create a separate identity with specific permissions for your application instead of using your own permissions if you are working with production resources. For more information, see Authenticate to MCP servers.

Optional security and safety configurations

MCP tools can take a wide variety of actions on behalf of AI applications, introducing security risks and considerations. To help you minimize and manage these risks, Google Cloud provides default and customizable policies that control how MCP tools are used within your Google Cloud organization or project. For more information about MCP security and governance, see AI security and safety.

Enable Model Armor

Model Armor is a Google Cloud service designed to enhance the security and safety of your AI applications. It works by proactively screening LLM prompts and responses, protecting against various risks and supporting responsible AI practices. Whether you are deploying AI in your cloud environment, or on external cloud providers, Model Armor can help you prevent malicious input, verify content safety, protect sensitive data, maintain compliance, and enforce your AI safety and security policies consistently across your diverse AI landscape.

When Model Armor is enabled with logging enabled, Model Armor logs the entire payload. This might expose sensitive information in your logs.

To enable Model Armor, complete the steps in Configure Model Armor protection for Google and Google Cloud MCP servers.

Model Armor logging

For information about Model Armor audit and platform logs, see Model Armor audit logging.

Use MCP servers

To use Google and Google Cloud remote MCP servers, AI applications must have the MCP Tool User role (roles/mcp.toolUser) and the necessary service permissions for the tool's Google Cloud service.

To grant the MCP Tool User role, run the following command:

gcloud projects add-iam-policy-binding PROJECT_ID \
    --member="PRINCIPAL" \
    --role="roles/mcp.toolUser"

Replace the following:

What's next