UNPKG

@aashari/mcp-server-aws-sso

Version:

Node.js/TypeScript MCP server for AWS Single Sign-On (SSO). Enables AI systems (LLMs) with tools to initiate SSO login (device auth flow), list accounts/roles, and securely execute AWS CLI commands using temporary credentials. Streamlines AI interaction w

github.com/aashari/mcp-server-aws-sso

aashari/mcp-server-aws-sso

58 lines (57 loc) 3.09 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
import { getCachedCredentials } from '../utils/aws.sso.cache.util.js'; import { AwsSsoAccountWithRoles, AwsCredentials, GetCredentialsParams, ListAccountsParams, ListAccountsResponse, ListAccountRolesParams, ListAccountRolesResponse } from './vendor.aws.sso.types.js'; /** * List AWS SSO accounts for the authenticated user * * Retrieves the list of AWS accounts that the user has access to via SSO. * Requires an active SSO token. * * @param {ListAccountsParams} [params={}] - Optional parameters for customizing the request * @param {number} [params.maxResults] - Maximum number of accounts to return * @param {string} [params.nextToken] - Pagination token for subsequent requests * @returns {Promise<ListAccountsResponse>} List of AWS SSO accounts and pagination token if available * @throws {Error} If SSO token is missing or API request fails */ declare function listSsoAccounts(params?: ListAccountsParams): Promise<ListAccountsResponse>; /** * List roles for a specific AWS SSO account * * Retrieves the list of roles that the user can assume in the specified AWS account. * Requires an active SSO token. * * @param {ListAccountRolesParams} params - Parameters for the request * @param {string} params.accountId - AWS account ID to list roles for * @param {number} [params.maxResults] - Maximum number of roles to return * @param {string} [params.nextToken] - Pagination token for subsequent requests * @returns {Promise<ListAccountRolesResponse>} List of AWS SSO roles and pagination token if available * @throws {Error} If SSO token is missing or API request fails */ declare function listAccountRoles(params: ListAccountRolesParams): Promise<ListAccountRolesResponse>; /** * Get temporary AWS credentials for a role via SSO * * Retrieves temporary AWS credentials for the specified account and role. * Requires an active SSO token. * * @param {GetCredentialsParams} params - Parameters for the request * @param {string} params.accountId - AWS account ID * @param {string} params.roleName - Role name to assume * @param {string} [params.region] - Optional AWS region override * @param {boolean} [params.forceRefresh] - Force refresh credentials even if cached * @returns {Promise<AwsCredentials>} Temporary AWS credentials * @throws {Error} If SSO token is missing or API request fails */ declare function getAwsCredentials(params: GetCredentialsParams & { forceRefresh?: boolean; }): Promise<AwsCredentials>; /** * Get ALL AWS accounts with their available roles, handling pagination internally. * * Retrieves a combined view of all accounts and their roles that the user has access to. * This function loops through all pages of accounts and roles, utilizing caching for roles. * * @returns {Promise<AwsSsoAccountWithRoles[]>} Complete list of AWS accounts with their roles * @throws {Error} If SSO token is missing or API request fails */ declare function getAllAccountsWithRoles(): Promise<AwsSsoAccountWithRoles[]>; export { listSsoAccounts, listAccountRoles, getAwsCredentials, getAllAccountsWithRoles, getCachedCredentials, };