mcp-server-aws-sso
by aashari
Overview
Connects AI assistants like Claude to AWS resources via AWS IAM Identity Center (SSO) for managing cloud infrastructure using natural language commands.
Installation
TRANSPORT_MODE=stdio npx @aashari/mcp-server-aws-ssoEnvironment Variables
- AWS_SSO_START_URL
- AWS_REGION
- AWS_SSO_REGION
- DEBUG
- PORT
- AWS_PROFILE
- TRANSPORT_MODE
Security Notes
The server uses `child_process.exec` in `src/services/vendor.aws.sso.exec.service.ts` to execute AWS CLI commands (`aws_sso_exec_command` tool). The `command` argument is passed directly to the shell without sanitization, leading to an OS Command Injection vulnerability. A malicious or compromised AI model could craft input (e.g., 'aws s3 ls; rm -rf /') to execute arbitrary commands on the host system where the server is running. While the intent is to execute AWS CLI commands, the implementation using `exec` is inherently unsafe for arbitrary string input that originates from an external source (AI/user).
Similar Servers
mcp
Enables AI assistants to interact with AWS DocumentDB databases by providing tools to connect to, query, and manage DocumentDB resources safely and efficiently through the Model Context Protocol (MCP).
terraform-mcp-server
The Terraform MCP Server provides seamless integration with Terraform Registry APIs and HCP Terraform/Terraform Enterprise, enabling AI assistants (LLMs) to generate high-quality Terraform code and automate IaC workflows.
tfmcp
A CLI tool enabling LLMs to interact with and manage Terraform infrastructure through the Model Context Protocol (MCP), offering advanced analysis and security features.
mcp-proxy-for-aws
The MCP Proxy for AWS enables AI applications to securely connect to Model Context Protocol (MCP) servers hosted on AWS by automatically handling AWS IAM (SigV4) authentication.