mcp-proxy-for-aws
Verified Safeby aws
Overview
Facilitates secure communication between Model Context Protocol (MCP) clients and AWS-hosted MCP servers by handling AWS IAM (SigV4) authentication.
Installation
uvx mcp-proxy-for-aws@latest <SigV4 MCP endpoint URL>Environment Variables
- AWS_PROFILE
- AWS_REGION
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_SESSION_TOKEN
Security Notes
The project leverages standard AWS SDKs (boto3, botocore) for secure SigV4 authentication, reducing common credential-handling risks. It includes a `ToolFilteringMiddleware` to disable tools requiring write permissions, enhancing security. Input validation is performed for CLI arguments. A monkey patch to `fastmcp` exists to fix a specific error propagation issue, which is a controlled modification for protocol correctness. No direct `eval` or `exec` usage was found. Potential network risks could arise if configured with an untrusted upstream MCP endpoint that exploits `httpx`'s default `follow_redirects` or sends excessively large/malformed error responses, though these are standard HTTP client behaviors. Overall, security is well-considered, but proper AWS IAM configuration and trusted upstream services are critical.
Similar Servers
mcp
Connect IBM products and other enterprise systems to AI agents via the Model Context Protocol (MCP) to enable AI models to interact with various local and remote resources.
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
agentor
Build and deploy scalable AI agents that can interact with various tools and communicate via A2A and MCP protocols.
mcp-servers
An MCP server for managing files in Google Cloud Storage, supporting CRUD operations (save, get, search, delete) and exposing files as resources.