UNPKG

@mseep/mcp-server-aws-sso

Version:

Node.js/TypeScript MCP server for AWS Single Sign-On (SSO). Enables AI systems (LLMs) with tools to initiate SSO login (device auth flow), list accounts/roles, and securely execute AWS CLI commands using temporary credentials. Streamlines AI interaction w

github.com/aashari/mcp-server-aws-sso

aashari/mcp-server-aws-sso

156 lines (155 loc) 4.71 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
import { AwsCredentials, SsoToken } from '../services/vendor.aws.sso.types.js'; import { AwsSsoAccount, AwsSsoAccountRole } from '../services/aws.sso.types.js'; /** * Device authorization information */ interface DeviceAuthorizationInfo { /** * The client ID for SSO */ clientId: string; /** * The client secret for SSO */ clientSecret: string; /** * The device code for SSO */ deviceCode: string; /** * The expiration time in seconds */ expiresIn: number; /** * The polling interval in seconds */ interval?: number; /** * The AWS region for SSO */ region: string; } /** * Interface for AWS SSO cache file structure */ interface AwsSsoCacheFile { ssoToken?: { accessToken: string; expiresAt: number; region: string; startUrl: string; }; lastAuth?: number; credentials?: Record<string, unknown>; accountRoles?: Array<{ account: { accountId: string; accountName: string; emailAddress: string; }; roles: Array<{ accountId: string; roleName: string; roleArn: string; }>; }>; } /** * Get cached SSO token * @returns Cached SSO token or undefined if not found or expired */ export declare function getCachedSsoToken(): Promise<SsoToken | undefined>; /** * Save SSO token to cache * @param token SSO token to save */ export declare function saveSsoToken(token: SsoToken): Promise<void>; /** * Get cached AWS credentials for account and role * @param accountId AWS account ID * @param roleName AWS role name * @returns AWS credentials or undefined if not found */ export declare function getCachedCredentials(accountId: string, roleName: string): Promise<AwsCredentials | undefined>; /** * Save AWS credentials to cache * @param accountId AWS account ID * @param roleName AWS role name * @param credentials AWS credentials to save */ export declare function saveCachedCredentials(accountId: string, roleName: string, credentials: AwsCredentials): Promise<void>; /** * Cache device authorization info * @param info Device authorization info to cache */ export declare function cacheDeviceAuthorizationInfo(info: DeviceAuthorizationInfo): Promise<void>; /** * Get cached device authorization info * @returns Device authorization info from cache or undefined if not found */ export declare function getCachedDeviceAuthorizationInfo(): Promise<DeviceAuthorizationInfo | undefined>; /** * Clear device authorization info from cache * @returns Promise that resolves when the operation completes */ export declare function clearDeviceAuthorizationInfo(): Promise<void>; /** * Clear all cached data (tokens, credentials, etc.) * @returns Promise that resolves when the operation completes */ export declare function clearAllCachedData(): Promise<void>; /** * Get cached AWS accounts * @returns List of AWS accounts or empty array if none found */ export declare function getCachedAccounts(): Promise<AwsSsoAccount[]>; /** * Save AWS accounts to cache * @param accounts List of AWS accounts to save */ export declare function saveAccounts(accounts: AwsSsoAccount[]): Promise<void>; /** * Get cached roles for an AWS account * @param accountId AWS account ID * @returns List of roles or empty array if none found */ export declare function getCachedAccountRoles(accountId: string): Promise<AwsSsoAccountRole[]>; /** * Save roles for an AWS account to cache * @param account AWS account * @param roles List of roles to save */ export declare function saveAccountRoles(account: AwsSsoAccount, roles: AwsSsoAccountRole[]): Promise<void>; /** * Alias for saveCachedCredentials to maintain backward compatibility */ export declare const saveCredentials: typeof saveCachedCredentials; /** * Clear the cached SSO token */ export declare function clearSsoToken(): Promise<void>; /** * Gets account roles from the cache file * @returns Array of account roles data */ export declare function getAccountRolesFromCache(): Promise<AwsSsoCacheFile['accountRoles']>; /** * Save data to the MCP AWS SSO cache file * @param data The data to save */ export declare function saveMcpAwsSsoCache(data: AwsSsoCacheFile): Promise<void>; /** * Save account roles to the MCP cache file * @param accountsWithRoles Array of accounts with roles */ export declare function saveAccountRolesToCache(accountsWithRoles: Array<{ accountId: string; accountName: string; emailAddress?: string; roles: Array<{ accountId: string; roleName: string; roleArn: string; }>; }>): Promise<void>; export {};