tool.aws-ops
Verified Safeby DepStacks
Overview
Provides multi-account AWS operations for SRE teams, managing services like Secrets Manager, Route53, and S3, with secure cross-account authentication.
Installation
docker-compose up --build -dEnvironment Variables
- AWS_REGION
- MCP_AUTH_TOKEN
- ACCOUNT_PRODUCTION_ROLE_ARN
- ACCOUNT_STAGING_ROLE_ARN
- ACCOUNT_PRODUCTION_PROFILE
- ACCOUNT_STAGING_PROFILE
- ACCOUNT_DEVELOPMENT_PROFILE
Security Notes
The server implements robust multi-account authentication using AWS AssumeRole (IRSA in production) and AWS Profiles (for local development), with credentials provided per-request and no stored credentials. It enforces API authentication via a Bearer token. Explicit security best practices are documented, including least privilege and audit trails. The code does not use dangerous functions like 'eval' or contain hardcoded AWS secrets. The default 'dev-token' for MCP_AUTH_TOKEN is a setup risk in production if not changed.
Similar Servers
ggmcp
A focused MCP server for developers, providing remediation tools for secrets detected in code and honeytoken management capabilities.
mcp-server-aws-sso
Connects AI assistants to AWS accounts via IAM Identity Center (AWS SSO) enabling natural language interaction, secure AWS CLI command execution, and EC2 instance management.
fluidmcp
Orchestrates Model Context Protocol (MCP) servers and LLM inference engines (like vLLM) via a unified FastAPI gateway, enabling dynamic management, tool invocation, and multi-model LLM serving.
mcp-safe-run
Securely launches Model Context Protocol (MCP) servers by dynamically resolving and injecting sensitive credentials (secrets) from various sources (environment, files, OS keychain) into the server's environment.