UNPKG

@aashari/mcp-server-aws-sso

Version:

Node.js/TypeScript MCP server for AWS Single Sign-On (SSO). Enables AI systems (LLMs) with tools to initiate SSO login (device auth flow), list accounts/roles, and securely execute AWS CLI commands using temporary credentials. Streamlines AI interaction w

github.com/aashari/mcp-server-aws-sso

aashari/mcp-server-aws-sso

83 lines (78 loc) 3.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const logger_util_js_1 = require("../utils/logger.util.js"); const error_util_js_1 = require("../utils/error.util.js"); const formatter_util_js_1 = require("../utils/formatter.util.js"); const aws_sso_types_js_1 = require("./aws.sso.types.js"); const aws_sso_exec_controller_js_1 = __importDefault(require("../controllers/aws.sso.exec.controller.js")); /** * AWS SSO Execution Tool Module * * Provides MCP tools for executing AWS CLI commands with temporary credentials * obtained through AWS SSO. These tools enable AI models to interact with AWS * resources using secure, time-limited credentials. */ // Create a module logger const toolLogger = logger_util_js_1.Logger.forContext('tools/aws.sso.exec.tool.ts'); // Log module initialization toolLogger.debug('AWS SSO execution tool module initialized'); /** * Handles the AWS SSO exec tool * Executes AWS CLI commands with credentials from AWS SSO * @param args Tool arguments with account info and command * @returns MCP response with command execution results */ async function handleExecCommand(args) { const execCommandLogger = logger_util_js_1.Logger.forContext('tools/aws.sso.exec.tool.ts', 'handleExecCommand'); execCommandLogger.debug('Handling exec command request', args); try { // Pass args directly to the controller const result = await aws_sso_exec_controller_js_1.default.executeCommand(args); // Return the response in MCP format without metadata return { content: [ { type: 'text', text: (0, formatter_util_js_1.truncateForAI)(result.content, result.rawResponsePath), }, ], }; } catch (error) { execCommandLogger.error('Exec failed', error); return (0, error_util_js_1.formatErrorForMcpTool)(error); } } /** * Register AWS SSO exec tools with the MCP server * @param server MCP server instance */ function registerTools(server) { const registerLogger = logger_util_js_1.Logger.forContext('tools/aws.sso.exec.tool.ts', 'registerTools'); registerLogger.debug('Registering AWS SSO exec tools'); const EXEC_COMMAND_DESCRIPTION = `Execute AWS CLI command using temporary credentials from AWS SSO. Workflow: 1. Verifies valid AWS SSO authentication token 2. Obtains temporary credentials for account and role 3. Executes the AWS CLI command 4. Caches credentials for future use (1 hour) Prerequisites: - MUST first authenticate using \`aws_sso_login\` - AWS CLI MUST be installed on the system - AWS SSO must be configured Required: \`accountId\`, \`roleName\`, \`command\` Optional: \`region\` Returns: Execution context, command output, errors, exit code`; // Register the AWS SSO exec command tool using modern registerTool API server.registerTool('aws_sso_exec_command', { title: 'AWS SSO Execute Command', description: EXEC_COMMAND_DESCRIPTION, inputSchema: aws_sso_types_js_1.ExecCommandToolArgs, }, handleExecCommand); registerLogger.debug('AWS SSO exec tools registered'); } // Export the register function exports.default = { registerTools };