UNPKG

@aashari/mcp-server-aws-sso

Version:

Node.js/TypeScript MCP server for AWS Single Sign-On (SSO). Enables AI systems (LLMs) with tools to initiate SSO login (device auth flow), list accounts/roles, and securely execute AWS CLI commands using temporary credentials. Streamlines AI interaction w

github.com/aashari/mcp-server-aws-sso

aashari/mcp-server-aws-sso

130 lines (122 loc) 5.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const logger_util_js_1 = require("../utils/logger.util.js"); const error_util_js_1 = require("../utils/error.util.js"); const formatter_util_js_1 = require("../utils/formatter.util.js"); const aws_sso_types_js_1 = require("./aws.sso.types.js"); const aws_sso_auth_controller_js_1 = __importDefault(require("../controllers/aws.sso.auth.controller.js")); /** * AWS SSO Authentication Tool Module * * Provides MCP tools for authenticating with AWS SSO and managing authentication state. * These tools enable AI models to initiate the login flow and verify authentication status. */ // Create a module logger const toolLogger = logger_util_js_1.Logger.forContext('tools/aws.sso.auth.tool.ts'); // Log module initialization toolLogger.debug('AWS SSO authentication tool module initialized'); /** * Handles the AWS SSO login tool * @param args Tool arguments * @returns MCP response with login information */ async function handleLogin(args) { const loginLogger = logger_util_js_1.Logger.forContext('tools/aws.sso.auth.tool.ts', 'handleLogin'); loginLogger.debug('Handling login request', args); try { // Pass args directly to the controller without setting defaults here // The controller should handle all defaults const response = await aws_sso_auth_controller_js_1.default.startLogin(args); loginLogger.debug('Login process completed', { responseLength: response.content.length, }); // Return the response in the MCP format return { content: [ { type: 'text', text: (0, formatter_util_js_1.truncateForAI)(response.content, response.rawResponsePath), }, ], }; } catch (error) { // Log the error with full details for diagnostics loginLogger.error('AWS SSO login failed', error); // Format the error for MCP tool response return (0, error_util_js_1.formatErrorForMcpTool)(error); } } /** * Handles the AWS SSO status tool * @returns MCP response with authentication status */ async function handleStatus() { const statusLogger = logger_util_js_1.Logger.forContext('tools/aws.sso.auth.tool.ts', 'handleStatus'); statusLogger.debug('Handling status check request'); try { // Call controller to get auth status const response = await aws_sso_auth_controller_js_1.default.getAuthStatus(); // Return the response in the MCP format without metadata return { content: [ { type: 'text', text: (0, formatter_util_js_1.truncateForAI)(response.content, response.rawResponsePath), }, ], }; } catch (error) { statusLogger.error('Status check failed', error); return (0, error_util_js_1.formatErrorForMcpTool)(error); } } /** * Register AWS SSO auth tools with the MCP server * @param server MCP server instance */ function registerTools(server) { const registerLogger = logger_util_js_1.Logger.forContext('tools/aws.sso.auth.tool.ts', 'registerTools'); registerLogger.debug('Registering AWS SSO auth tools'); // Tool descriptions const LOGIN_DESCRIPTION = `Initiate AWS SSO device authorization flow to obtain temporary credentials. This flow works as follows: 1. Generates a unique user verification code and authentication URL 2. Opens a browser to AWS SSO login page (if \`launchBrowser: true\`) 3. You enter the verification code and complete AWS SSO login 4. Background polling automatically collects and caches the token 5. The cached token is used by other AWS SSO tools **IMPORTANT FOR AI ASSISTANTS**: When the tool returns authentication instructions: - ALWAYS check if a browser window opened automatically - If browser opened: Guide the user to complete authentication - If no browser opened: Instruct user to manually open the URL and enter code - Always provide both the verification code and URL as backup Prerequisites: - AWS SSO must be configured with a start URL and region - Browser access is required for authentication - You must have an AWS SSO account with appropriate permissions Returns: Authentication status, session details, verification code and URL`; // Register the AWS SSO login tool using modern registerTool API server.registerTool('aws_sso_login', { title: 'AWS SSO Login', description: LOGIN_DESCRIPTION, inputSchema: aws_sso_types_js_1.LoginToolArgsSchema, }, handleLogin); const STATUS_DESCRIPTION = `Check current AWS SSO authentication status. Verifies if a valid cached token exists and its expiration time. Does NOT perform authentication - only checks status. If no valid token exists, instructs you to run \`aws_sso_login\`. Use before calling \`aws_sso_ls_accounts\` or \`aws_sso_exec_command\`. Returns: Authentication status, session details, expiration time, next steps`; // Register the AWS SSO status tool using modern registerTool API server.registerTool('aws_sso_status', { title: 'AWS SSO Status', description: STATUS_DESCRIPTION, inputSchema: aws_sso_types_js_1.StatusToolArgsSchema, }, handleStatus); registerLogger.debug('AWS SSO auth tools registered'); } // Export the register function exports.default = { registerTools };