This MCP server sample demonstrates deploying an AWS ECS/Fargate architecture that hosts two MCP servers behind an application load balancer. The AI Service communicates with the two MCP servers via Service Connect DNS names and uses a generated AWS Secret as the x-api-key header for requests to the load balancer. You can interact with the system by calling the load balancer URL /chat endpoint and passing a prompt, with the secret retrieved from AWS Secrets Manager. The two MCP servers provide distinct capabilities: one MCP server implements math tools (via the included Python-based MCP server example), and the other MCP server mirrors AWS API access with restricted permissions. The sample also shows how to test the AI assistant by querying for AWS-related tasks or performing simple math through the custom MCP Server.

Prerequisites:

• Node.js (version 20 or later)
• Docker Desktop
• AWS CLI configured with your account
• AWS CDK installed (cdk CLI) or use npm to run the CDK commands

Installation steps:

1. Clone the repository or download the sample code.
2. Install dependencies for the CDK app: npm install
3. Bootstrap your AWS environment (if you haven’t done it yet): npm run cdk bootstrap
4. Deploy the CDK stack to your AWS account: npm run cdk deploy
5. After deployment, note the ALB URL and secret ARN from the CDK outputs. Use the secret value as the x-api-key header when calling the ALB.

Optional validation steps:

• Retrieve the secret value: aws secretsmanager get-secret-value --secret-id [secret-arn]

  or extract the value directly

  aws secretsmanager get-secret-value --secret-id [secret-arn] --output json | jq -r '.SecretString'
• Call the chat endpoint with a prompt: curl --location 'http://[ALB-URL]/chat'
  --header 'x-api-key: [secret-value]'
  --header 'Content-Type: application/json'
  --data '{"prompt": "what's the command to list AWS Buckets"}'

Notes:

• The architecture uses AWS CDK to provision the ECS/Fargate services and an Application Load Balancer.
• Service Connect is used for service-to-service communication between the ECS tasks.
• The two MCP servers have separate responsibilities: one exposes math tools via a Python MCP server; the other corresponds to an AWS API MCP Server with restricted permissions.
• You will receive an AWS Secret in the CDK outputs; this secret value must be used as the x-api-key header when invoking the ALB endpoint.
• If you modify the environment (e.g., DNS names, image names, or permissions), ensure the ALB rules and Security Groups allow the required traffic and that the secret remains accessible by the AI service.
• If you need to re-deploy after changes, re-run npm run cdk deploy.
• This sample assumes you’re using the public ECR registry or prebuilt images named in the docker run commands; replace image names with your own registries if needed.