mcp -aws-sso

This MCP server enables AI assistants to connect to AWS accounts via AWS IAM Identity Center (AWS SSO). It exposes tools and workflows that let you authenticate to AWS, list accounts and roles, and run AWS CLI commands across multiple accounts and regions. When integrated, you can ask your AI to switch accounts, describe VPCs, list S3 buckets, manage EC2 instances, or run remote commands via Systems Manager, all through natural language prompts. The server supports both STDIO transport for local AI assistants and HTTP transport for web-based integrations, making it flexible for various assistant environments.

To use it with an AI assistant, you typically start the MCP server (via npx or a global install) and then configure the assistant to communicate through the MCP protocol. Common tasks include authenticating with aws_sso_login, listing accessible accounts with aws_sso_ls_accounts, and executing commands with aws_sso_exec_command. The mix of authentication, account/role discovery, and command execution lets you manage multi-account AWS environments with conversational ease.

Prerequisites:

• Node.js and npm installed on your machine
• Access to AWS IAM Identity Center (AWS SSO) setup and permissions to use start URL and roles

Installation steps:

1. Install or run via npx (no global install required):

   • Authenticate and connect: npx -y @aashari/mcp-server-aws-sso login
   • List accounts: npx -y @aashari/mcp-server-aws-sso ls-accounts
   • Execute a command: npx -y @aashari/mcp-server-aws-sso exec-command --account-id <id> --role-name <Role> --command "aws s3 ls"

2. Optional: install globally for easier access (if you prefer):

   • npm install -g @aashari/mcp-server-aws-sso
   • login: aws-sso-login (via MCP tool set) or equivalent
   • start CLI-based MCP server usage as described in the README

3. Configure integration with your AI assistant (examples in README):

   • For Claude Desktop: create or modify ~/.claude/claude_desktop_config.json to point to the MCP server with the appropriate env vars
   • For other assistants: install the MCP package globally and configure STDIO transport to connect to the server

4. Transport mode options (server mode): if you run as a server, you can use HTTP transport and connect via /mcp, with PORT defaulting to 3000. Example: TRANSPORT_MODE=http npx @aashari/mcp-server-aws-sso

Tips and tips:

• Ensure AWS_SSO_START_URL and AWS_REGION are correctly set in the environment where the MCP server runs. These values are required for authentication and regional scoping.
• When running in HTTP transport, port conflicts can occur; adjust PORT as needed with an environment variable (PORT=4000).
• The MCP tools support multi-account workflows; use aws_sso_login to authenticate, then aws_sso_ls_accounts to discover accounts and roles before executing commands.
• If you encounter authentication expiration, re-run the login flow (aws_sso_login) to refresh tokens.
• If integrating with an AI assistant, use the standard MCP protocol via STDIO or HTTP transport depending on the assistant’s capabilities.
• The npm package name is @aashari/mcp-server-aws-sso; you can reference it in tooling or documentation as the source of the MCP server.