UNPKG

@aashari/mcp-server-aws-sso

Version:

Node.js/TypeScript MCP server for AWS Single Sign-On (SSO). Enables AI systems (LLMs) with tools to initiate SSO login (device auth flow), list accounts/roles, and securely execute AWS CLI commands using temporary credentials. Streamlines AI interaction w

github.com/aashari/mcp-server-aws-sso

aashari/mcp-server-aws-sso

96 lines (95 loc) 2.26 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
/** * AWS SSO service types * Defines the interfaces used for AWS SSO authentication and credential management */ /** * AWS SSO Credentials * Contains the temporary AWS credentials retrieved after SSO authentication */ export interface AwsSsoCredentials { accessKeyId: string; secretAccessKey: string; sessionToken: string; expiration: number; region?: string; } /** * AWS SSO Auth Result * Result of a successful AWS SSO authentication */ export interface AwsSsoAuthResult { accessToken: string; expiresAt: number; region?: string; startUrl?: string; } /** * AWS SSO Configuration * Settings used to configure AWS SSO login */ export interface AwsSsoConfig { region: string; startUrl?: string; profileName?: string; } /** * AWS SSO Account * Represents an AWS account accessible via SSO */ export interface AwsSsoAccount { accountId: string; accountName: string; emailAddress?: string; } /** * AWS SSO Account Role * Role within an AWS account that can be assumed via SSO */ export interface AwsSsoAccountRole { accountId: string; roleName: string; roleArn?: string; } /** * AWS SSO Account with Roles * Account with its assigned roles */ export interface AwsSsoAccountWithRoles { account: AwsSsoAccount; roles: AwsSsoAccountRole[]; timestamp: number; } /** * AWS SSO Device Authorization Details * Details returned from the SSO OIDC device authorization flow */ export interface AwsSsoDeviceAuth { deviceCode: string; userCode: string; verificationUri: string; verificationUriComplete?: string; expiresIn: number; interval: number; clientId: string; clientSecret: string; } /** * AWS SSO Cache Entry * Structure for storing SSO data in cache file */ export interface AwsSsoCache { ssoToken?: AwsSsoAuthResult; credentials?: Record<string, AwsSsoCredentialsCacheEntry>; lastAuth?: number; accountRoles?: AwsSsoAccountWithRoles[]; accountsTimestamp?: number; } /** * AWS SSO Credentials Cache Entry * Structure for storing credentials in cache file */ export interface AwsSsoCredentialsCacheEntry extends AwsSsoCredentials { timestamp: number; accountId: string; roleName: string; }