@aashari/mcp-server-aws-sso
Version:
Node.js/TypeScript MCP server for AWS Single Sign-On (SSO). Enables AI systems (LLMs) with tools to initiate SSO login (device auth flow), list accounts/roles, and securely execute AWS CLI commands using temporary credentials. Streamlines AI interaction w
141 lines (140 loc) • 6.23 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
Object.defineProperty(exports, "__esModule", { value: true });
exports.executeEc2Command = executeEc2Command;
const logger_util_js_1 = require("../utils/logger.util.js");
const error_handler_util_js_1 = require("../utils/error-handler.util.js");
const error_types_util_js_1 = require("../utils/error-types.util.js");
const vendor_aws_sso_auth_service_js_1 = require("../services/vendor.aws.sso.auth.service.js");
const aws_sso_auth_formatter_js_1 = require("./aws.sso.auth.formatter.js");
const ec2Service = __importStar(require("../services/vendor.aws.sso.ec2.service.js"));
const vendor_aws_sso_accounts_service_js_1 = require("../services/vendor.aws.sso.accounts.service.js");
const aws_sso_ec2_formatter_js_1 = require("./aws.sso.ec2.formatter.js");
/**
* AWS SSO EC2 Execution Controller Module
*
* Provides functionality for executing shell commands on EC2 instances via SSM
* using temporary credentials obtained via AWS SSO. Handles authentication verification,
* command execution, and result formatting.
*/
// Create a module logger
const logger = logger_util_js_1.Logger.forContext('controllers/aws.sso.ec2.controller.ts');
// Log module initialization
logger.debug('AWS SSO EC2 execution controller initialized');
/**
* Execute a shell command on an EC2 instance via SSM
*
* @param options Command execution options
* @returns Controller response containing the formatted command output
* @throws Error if the command execution fails
*/
async function executeEc2Command(options) {
const methodLogger = logger.forMethod('executeEc2Command');
methodLogger.debug('Executing EC2 command via SSM', options);
try {
// Check authentication status first
const authStatus = await (0, vendor_aws_sso_auth_service_js_1.checkSsoAuthStatus)();
if (!authStatus.isAuthenticated) {
return {
content: (0, aws_sso_auth_formatter_js_1.formatAuthRequired)(),
};
}
// Determine region to use
let region = options.region;
if (!region) {
// Use AWS_REGION environment variable if set, otherwise default to ap-southeast-1
region = process.env.AWS_REGION || 'ap-southeast-1';
}
methodLogger.debug(options.region
? 'Using explicitly provided region'
: 'Using default region', { region });
// Execute the command on the EC2 instance
methodLogger.debug('Executing command on EC2 instance', {
instanceId: options.instanceId,
command: options.command,
env: { AWS_REGION: region },
});
// Call the service to execute the command
const commandResult = await ec2Service.executeEc2Command({
instanceId: options.instanceId,
accountId: options.accountId,
roleName: options.roleName,
command: options.command,
region: region,
});
// Get available roles for this account to suggest context
let suggestedRoles = [];
try {
const rolesResult = await (0, vendor_aws_sso_accounts_service_js_1.listAccountRoles)({
accountId: options.accountId,
});
// Map role list to the expected format for suggestedRoles
suggestedRoles = rolesResult.roleList
.map((role) => ({
roleName: role.roleName || '',
}))
.filter((role) => role.roleName);
}
catch (error) {
// Just log the error but continue
methodLogger.warn('Could not retrieve suggested roles for context', error);
}
// Create context for formatter
const context = {
instanceId: options.instanceId,
instanceName: commandResult.instanceName,
accountId: options.accountId,
roleName: options.roleName,
region: region,
suggestedRoles,
};
// Log the full context for debugging
methodLogger.debug('Created formatter context', context);
// Format the result
const formattedOutput = (0, aws_sso_ec2_formatter_js_1.formatEc2CommandResult)(options.command, commandResult, context);
return {
content: formattedOutput,
};
}
catch (error) {
methodLogger.error('Error during command execution service call', error);
// Build error context for standardized error handling
const errorContext = (0, error_types_util_js_1.buildErrorContext)('EC2 Command', 'executing', 'controllers/aws.sso.ec2.controller.ts@executeEc2Command', `${options.instanceId}/${options.accountId}/${options.roleName}`, options);
throw (0, error_handler_util_js_1.handleControllerError)(error, errorContext);
}
}
exports.default = {
executeEc2Command,
};