@aashari/mcp-server-aws-sso
Version:
Node.js/TypeScript MCP server for AWS Single Sign-On (SSO). Enables AI systems (LLMs) with tools to initiate SSO login (device auth flow), list accounts/roles, and securely execute AWS CLI commands using temporary credentials. Streamlines AI interaction w
95 lines (94 loc) • 4.13 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
Object.defineProperty(exports, "__esModule", { value: true });
exports.getAwsSsoConfig = getAwsSsoConfig;
exports.getCachedSsoToken = getCachedSsoToken;
const logger_util_js_1 = require("../utils/logger.util.js");
const config_util_js_1 = require("../utils/config.util.js");
const error_util_js_1 = require("../utils/error.util.js");
const ssoCache = __importStar(require("../utils/aws.sso.cache.util.js"));
const vendor_aws_sso_types_js_1 = require("./vendor.aws.sso.types.js");
const zod_1 = require("zod");
const logger = logger_util_js_1.Logger.forContext('services/vendor.aws.sso.auth.core.service.ts');
/**
* Get AWS SSO configuration from the environment
*
* Retrieves the AWS SSO start URL and region from the environment variables.
* These are required for SSO authentication.
*
* @returns {AwsSsoConfig} AWS SSO configuration
* @throws {Error} If AWS SSO configuration is missing
*/
async function getAwsSsoConfig() {
const methodLogger = logger.forMethod('getAwsSsoConfig');
methodLogger.debug('Getting AWS SSO configuration');
const startUrl = config_util_js_1.config.get('AWS_SSO_START_URL');
// Check AWS_SSO_REGION first, then fallback to AWS_REGION, then default to us-east-1
const region = config_util_js_1.config.get('AWS_SSO_REGION') || config_util_js_1.config.get('AWS_REGION') || 'us-east-1';
if (!startUrl) {
const error = (0, error_util_js_1.createAuthMissingError)('AWS_SSO_START_URL environment variable is required');
methodLogger.error('Missing AWS SSO configuration', error);
throw error;
}
// Validate config with Zod schema
try {
const validatedConfig = vendor_aws_sso_types_js_1.AwsSsoConfigSchema.parse({ startUrl, region });
methodLogger.debug('AWS SSO configuration retrieved', validatedConfig);
return validatedConfig;
}
catch (error) {
if (error instanceof zod_1.z.ZodError) {
methodLogger.error('Invalid AWS SSO configuration', error);
const issueSummary = error.issues
.map((issue) => {
const path = issue.path.length > 0 ? issue.path.join('.') : '(root)';
return `${path}: ${issue.message}`;
})
.join(', ');
throw (0, error_util_js_1.createApiError)(`Invalid AWS SSO configuration: ${issueSummary}`, undefined, error);
}
throw error;
}
}
/**
* Get cached SSO token from the cache
*
* @returns {Promise<AwsSsoAuthResult | undefined>} The cached token or undefined if not found
*/
async function getCachedSsoToken() {
const methodLogger = logger.forMethod('getCachedSsoToken');
methodLogger.debug('Getting cached token');
return ssoCache.getCachedSsoToken();
}