mcp-server-aws-sso
Verified Safeby aashari
Overview
Connects AI assistants to AWS accounts via IAM Identity Center (AWS SSO) enabling natural language interaction, secure AWS CLI command execution, and EC2 instance management.
Installation
TRANSPORT_MODE=stdio npx @aashari/mcp-server-aws-ssoEnvironment Variables
- AWS_SSO_START_URL
- AWS_REGION
- AWS_SSO_REGION
- DEBUG
- PORT
- AWS_PROFILE
Security Notes
The server's core functionality involves executing arbitrary AWS CLI commands and shell commands on EC2 instances (via SSM) based on AI input. While the codebase does not contain obvious malicious patterns, hardcoded secrets, or direct 'eval' on arbitrary external input, the 'child_process.exec' is used to run commands directly. This design gives AI agents powerful, high-privilege access to AWS resources. The primary security risk arises from the potential for a large language model (LLM) to generate and execute unintended or destructive commands if not constrained by robust AI safety guardrails, strict input validation, and human oversight. Implementers must ensure that AI interactions are carefully managed and reviewed before command execution. Credentials are managed via standard AWS SSO mechanisms and caching practices.
Similar Servers
mcp
Enables AI assistants to interact with AWS DocumentDB databases, providing tools for connection management, database/collection operations, document querying, aggregation pipelines, query planning, and schema analysis. It acts as a bridge for safe and efficient database operations through the Model Context Protocol (MCP).
terraform-mcp-server
Provides seamless integration with Terraform Registry APIs and HCP Terraform/Terraform Enterprise APIs, enabling AI assistants/LLMs to generate high-quality Terraform code and automate IaC workflows.
mcp-proxy-for-aws
Facilitates secure communication between Model Context Protocol (MCP) clients and AWS-hosted MCP servers by handling AWS IAM (SigV4) authentication.
aws-mcp-server
The AWS MCP Server allows AI assistants to execute AWS CLI commands and access AWS environment context, providing a powerful interface for cloud management and automation.