@aashari/mcp-server-aws-sso
Version:
Node.js/TypeScript MCP server for AWS Single Sign-On (SSO). Enables AI systems (LLMs) with tools to initiate SSO login (device auth flow), list accounts/roles, and securely execute AWS CLI commands using temporary credentials. Streamlines AI interaction w
79 lines (75 loc) • 3.56 kB
JavaScript
;
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const logger_util_js_1 = require("../utils/logger.util.js");
const error_util_js_1 = require("../utils/error.util.js");
const aws_sso_types_js_1 = require("./aws.sso.types.js");
const aws_sso_accounts_controller_js_1 = __importDefault(require("../controllers/aws.sso.accounts.controller.js"));
/**
* AWS SSO Accounts Tool Module
*
* Provides MCP tools for listing and exploring AWS accounts and roles
* available through AWS SSO. These tools enable AI models to discover and
* access AWS resources with temporary credentials.
*/
// Create a module logger
const toolLogger = logger_util_js_1.Logger.forContext('tools/aws.sso.accounts.tool.ts');
// Log module initialization
toolLogger.debug('AWS SSO accounts tool module initialized');
/**
* Handles the AWS SSO list accounts tool
* Lists all available AWS accounts and their roles
* @param args Tool arguments (empty for this tool)
* @returns MCP response with accounts and roles
*/
async function handleListAccounts(args, _extra) {
const listAccountsLogger = logger_util_js_1.Logger.forContext('tools/aws.sso.accounts.tool.ts', 'handleListAccounts');
listAccountsLogger.debug('Handling list accounts request', args);
try {
// Call controller with no arguments
const response = await aws_sso_accounts_controller_js_1.default.listAccounts();
return {
content: [
{
type: 'text',
text: response.content,
},
],
};
}
catch (error) {
listAccountsLogger.error('List accounts failed', error);
return (0, error_util_js_1.formatErrorForMcpTool)(error);
}
}
/**
* Register AWS SSO accounts tools with the MCP server
* @param server MCP server instance
*/
function registerTools(server) {
const registerLogger = logger_util_js_1.Logger.forContext('tools/aws.sso.accounts.tool.ts', 'registerTools');
registerLogger.debug('Registering AWS SSO accounts tools');
// Register the AWS SSO list accounts tool
server.tool('aws_sso_ls_accounts', `Lists all AWS accounts and roles accessible to you through AWS SSO. This tool provides essential information needed for the \`aws_sso_exec_command\` tool.
The tool handles the following:
- Verifies you have a valid AWS SSO authentication token
- Fetches all accessible accounts with their IDs, names, and email addresses
- Retrieves all available roles for each account that you can assume
- Handles pagination internally to return the complete list in a single call
- Caches account and role information for better performance
Prerequisites:
- You MUST first authenticate successfully using \`aws_sso_login\`
- AWS SSO must be configured with a start URL and region
- Your AWS SSO permissions determine which accounts and roles are visible
Returns Markdown containing:
- Authentication session status and expiration
- Complete list of available accounts with their IDs, names, and emails
- Available roles for each account
- Usage instructions for executing commands with these accounts/roles
- Message if no accounts are found, with troubleshooting guidance`, aws_sso_types_js_1.ListAccountsArgsSchema.shape, handleListAccounts);
registerLogger.debug('AWS SSO accounts tools registered');
}
// Export the register function
exports.default = { registerTools };