mcp-trustedadvisor

This MCP server exposes access to AWS Trusted Advisor through both the legacy Support API and the modern Trusted Advisor API endpoints, with enterprise-oriented organization features and resource lifecycle management. Clients can discover available checks, fetch detailed information for individual checks and recommendations, and manage resource lifecycles across accounts and organizations. The server supports language localization for check information and recommendations, and includes resources for both legacy and modern API surfaces. Use the MCP interface to query checks, pull recommendations, and perform batch operations on resource exclusions as needed across accounts or organizations.

To use, start the server with your preferred Node.js runtime and ensure AWS credentials are available via environment variables or an AWS profile. Then interact with the MCP endpoints exposed by the server to list checks, get recommendations, and manage lifecycle states. The documentation outlines the specific URIs and parameters for legacy and modern resources, including organization-scoped operations for Enterprise Support.

• Prerequisites:

  • Node.js (LTS version) installed on your machine
  • npm or yarn for package management
  • AWS credentials with appropriate permissions for Trusted Advisor (support:DescribeTrustedAdvisorChecks, support:DescribeTrustedAdvisorCheckResult, trustedadvisor actions, etc.)

• Install dependencies (example for a typical Node.js setup):

# Clone or download the repository
git clone https://github.com/tomtapia-mcp-trustedadvisor-server.git
cd tomtapia-mcp-trustedadvisor-server

# Install dependencies
npm install
# or
yarn install

• Configure environment variables (example):

export AWS_ACCESS_KEY_ID=your_access_key
export AWS_SECRET_ACCESS_KEY=your_secret_key
export AWS_SESSION_TOKEN=your_session_token  # if using temporary credentials
export AWS_REGION=us-east-1
export AWS_PROFILE=your_profile
export AWS_SUPPORT_REGION=us-east-1

• Run the server (Node.js):

node path/to/server.js

• Verify endpoint availability and MCP readiness via your MCP client or tooling that consumes the MCP API.

• The server relies on AWS credentials with the necessary Trusted Advisor permissions. Ensure AWS_SUPPORT_REGION is set if you rely on the legacy Support API.
• For enterprise use, Organization-level endpoints require Enterprise Support and appropriate IAM permissions.
• If you encounter rate limits or pagination-related responses, use nextToken-based pagination parameters as described in the resources section of the README.
• Monitor logs for errors related to AWS API calls (e.g., throttling, invalid parameters) and apply appropriate retry/backoff strategies in your client.
• The environment variable AWS_REGION and AWS_PROFILE control the region and profile used for AWS calls; adjust as needed for your deployment.
• If you plan to run in containers or orchestration platforms, consider mapping AWS credentials securely (e.g., via IAM roles for nodes or secret management).