mcp-server-aws-sso

aashari/mcp-server-aws-sso

3.4
cloud_platformsai_chatbotos_automation

If you are the rightful owner of mcp-server-aws-sso and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

A Node.js/TypeScript Model Context Protocol (MCP) server for AWS Single Sign-On (SSO).

Tools

Functions exposed to the LLM to take actions

aws_sso_login

Initiates the AWS SSO device authorization flow to obtain temporary credentials. This flow works as follows:

  1. The tool generates a unique user verification code and authentication URL
  2. A browser is opened to the AWS SSO login page (if launchBrowser: true)
  3. You enter the verification code in the browser and complete the AWS SSO login
  4. The tool receives and caches the token, valid for typically 8-12 hours
  5. The cached token is then used by other AWS SSO tools without requiring repeated login

Browser launch behavior can be controlled with launchBrowser (default: true). When set to false, you must manually open the URL and enter the code.

Automatic polling for completion can be controlled with autoPoll (default: true). When set to false, the tool returns immediately after starting the flow, and you must use aws_sso_status to check completion.

Prerequisites:

  • AWS SSO must be configured with a start URL and region (via AWS config file or environment variables)
  • Browser access is required to complete the authentication flow
  • You must have an AWS SSO account with appropriate permissions

Returns Markdown containing:

  • Authentication status (already logged in, authentication started, or success)
  • Session details (expiration time and duration if authenticated)
  • Verification code and URL (if authentication is started)
  • Browser launch status (if authentication is started)
  • Next steps and usage guidance

aws_sso_status

Checks the current AWS SSO authentication status by verifying if a valid cached token exists and its expiration time.

This tool does NOT perform authentication itself - it only checks if you're already authenticated. If no valid token exists, it will instruct you to run aws_sso_login.

A valid cached token is required for all other AWS SSO commands to work. Use this tool to verify authentication status before using commands like aws_sso_ls_accounts or aws_sso_exec_command.

The tool checks:

  • If a token exists in the cache
  • If the token is still valid (not expired)
  • When the token will expire (if valid)

Prerequisites:

  • AWS SSO must be configured with a start URL and region (via AWS config file or environment variables)

Returns Markdown containing:

  • Authentication status (authenticated or not)
  • Session details (expiration time and duration if authenticated)
  • Instructions for next steps based on the status

aws_sso_ls_accounts

Lists all AWS accounts and roles accessible to you through AWS SSO. This tool provides essential information needed for the aws_sso_exec_command tool.

The tool handles the following:

  • Verifies you have a valid AWS SSO authentication token
  • Fetches all accessible accounts with their IDs, names, and email addresses
  • Retrieves all available roles for each account that you can assume
  • Handles pagination internally to return the complete list in a single call
  • Caches account and role information for better performance

Prerequisites:

  • You MUST first authenticate successfully using aws_sso_login
  • AWS SSO must be configured with a start URL and region
  • Your AWS SSO permissions determine which accounts and roles are visible

Returns Markdown containing:

  • Authentication session status and expiration
  • Complete list of available accounts with their IDs, names, and emails
  • Available roles for each account
  • Usage instructions for executing commands with these accounts/roles
  • Message if no accounts are found, with troubleshooting guidance

aws_sso_exec_command

Executes an AWS CLI command using temporary credentials obtained through AWS SSO. This tool enables you to run AWS CLI commands without manually configuring credentials.

How it works:

  1. Verifies you have a valid AWS SSO authentication token
  2. Obtains temporary credentials for the specified account and role
  3. Sets up the environment with those credentials
  4. Executes the AWS CLI command you specified
  5. Caches credentials for the account/role combination for future use (typically valid for 1 hour)

Critical prerequisites:

  • You MUST first authenticate using aws_sso_login to obtain a valid token
  • AWS CLI MUST be installed on the system where the MCP server is running
  • AWS SSO must be configured with a start URL and region
  • You must have permissions to assume the specified role in the specified account

Required parameters:

  • accountId: The 12-digit AWS account ID (get from aws_sso_ls_accounts)
  • roleName: The IAM role name to assume (get from aws_sso_ls_accounts)
  • command: The full AWS CLI command to execute (e.g., "aws s3 ls")

Optional parameters:

  • region: AWS region to use for the command (defaults to configured region)

For complex commands with quoting, ensure proper escaping (e.g., "aws ec2 describe-instances --filters 'Name=tag:Name,Values=MyInstance'").

Returns comprehensive Markdown output that includes:

  • Execution context (account, role, region)
  • Command output (stdout)
  • Error messages if any (stderr)
  • Exit code (0 for success, non-zero for failure)
  • Suggested alternative roles if permission errors occur

aws_sso_ec2_exec_command

Executes a shell command on an EC2 instance via AWS Systems Manager (SSM) using temporary credentials obtained through AWS SSO. This tool enables running commands on EC2 instances without requiring SSH access or opening inbound ports.

How it works:

  1. Verifies you have a valid AWS SSO authentication token
  2. Obtains temporary credentials for the specified account and role
  3. Sends the command to the EC2 instance via SSM's RunShellScript document
  4. Polls for command completion (up to 20 seconds)
  5. Returns the command output and execution status

Critical prerequisites:

  • You MUST first authenticate using aws_sso_login to obtain a valid token
  • The EC2 instance MUST have the SSM Agent installed and running
  • The instance MUST have an IAM role with the AmazonSSMManagedInstanceCore policy
  • Your AWS role MUST have permissions for ssm:SendCommand and ssm:GetCommandInvocation
  • AWS SSO must be configured with a start URL and region

Required parameters:

  • instanceId: The EC2 instance ID (e.g., "i-1234567890abcdef0")
  • accountId: The 12-digit AWS account ID (get from aws_sso_ls_accounts)
  • roleName: The IAM role name to assume (get from aws_sso_ls_accounts)
  • command: The shell command to execute (e.g., "ls -l", "whoami", "df -h")

Optional parameters:

  • region: AWS region where the EC2 instance is located (defaults to configured region)

For complex commands with quoting, ensure proper escaping.

Returns comprehensive Markdown output that includes:

  • Execution context (instance ID, account, role, region)
  • Command that was executed
  • Command output
  • Error messages if any
  • Troubleshooting guidance if SSM connection fails
  • Suggested alternative roles if permission errors occur

Prompts

Interactive templates invoked by user choice

No prompts

Resources

Contextual data attached and managed by the client

No resources

Related MCP Servers

View all cloud_platforms servers →
terraform-mcp-server

terraform-mcp-server

4.5

by hashicorp

The Terraform MCP Server is a Model Context Protocol server that integrates with Terraform Registry APIs for advanced automation in Infrastructure as Code development.

cloud_platforms
graphlit-mcp-server

graphlit-mcp-server

4.5

by graphlit

The Model Context Protocol (MCP) Server for the Graphlit Platform facilitates integration between MCP clients and the Graphlit service, enabling seamless ingestion, search, and retrieval of knowledge across various platforms.

knowledge_and_memory
Nx MCP Server

Nx MCP Server

4.3

by nrwl

A Model Context Protocol server implementation for Nx, providing LLMs with deep access to monorepo structures.

cloud_platforms
dev-mcp

dev-mcp

4.3

by Shopify

This project implements a Model Context Protocol (MCP) server that interacts with Shopify Dev, supporting various tools to interact with different Shopify APIs.

developer_tools
firecrawl-mcp-server

firecrawl-mcp-server

4.2

by firecrawl

Firecrawl MCP Server is a Model Context Protocol server that integrates with Firecrawl for web scraping capabilities.

browser_automation
mcp-replicate

mcp-replicate

4.0

by deepfates

A Model Context Protocol server implementation for Replicate, allowing users to run Replicate models through a simple tool-based interface.

cloud_platforms
supabase-mcp-server

supabase-mcp-server

4.0

by alexander-zuev

Query MCP is an open-source MCP server that lets your IDE safely run SQL, manage schema changes, call the Supabase Management API, and use Auth Admin SDK — all with built-in safety controls.

databases
mcp-server

mcp-server

4.0

by browserstack

BrowserStack MCP Server enables developers and testers to use BrowserStack's Test Platform directly from AI tools, facilitating manual and automated testing on real devices and browsers.

cloud_platforms
notion-server

notion-server

3.9

by v-3

A Model Context Protocol (MCP) server that provides seamless integration with Notion, enabling Language Models to interact with your Notion workspace through standardized tools.

cloud_platforms
ms-365-mcp-server

ms-365-mcp-server

3.9

by Softeria

A Model Context Protocol (MCP) server for interacting with Microsoft 365 services through the Graph API.

cloud_platforms
NASA-MCP-server

NASA-MCP-server

3.9

by ProgramComputer

A Model Context Protocol (MCP) server for NASA APIs, providing a standardized interface for AI models to interact with NASA's vast array of data sources.

research_and_data
hyper-mcp

hyper-mcp

3.9

by tuananh

hyper-mcp is a fast, secure MCP server that extends its capabilities through WebAssembly plugins.

ai_chatbot
MCP-Doc

MCP-Doc

3.9

by MeterLong

A Docx document processing service based on the FastMCP library, supporting the creation, editing, and management of Word documents using AI assistants in Cursor.

cloud_platforms
azure-mcp

azure-mcp

3.8

by Azure

The Azure MCP Server implements the MCP specification to create a seamless connection between AI agents and Azure services.

cloud_platforms
Aspire.MCP.Sample

Aspire.MCP.Sample

3.8

by elbruno

Sample MCP Server and MCP client using Aspire.

communication
HubSpot

HubSpot

3.7

by PipedreamHQ

Pipedream MCP Server is a reference implementation that allows you to run your own MCP server for over 2,500 apps and APIs, powered by Pipedream Connect.

cloud_platforms
Notte Browser

Notte Browser

3.7

by nottelabs

The Notte MCP Server is a Model Context Protocol server designed to manage sessions, run agents, and perform actions such as observing, scraping, and authenticating within the agentic ecosystem.

cloud_platforms
mcp-jetbrains

mcp-jetbrains

3.7

by JetBrains

The JetBrains MCP Proxy Server facilitates communication between client applications and JetBrains IDEs by acting as a proxy server.

developer_tools
qgis_mcp

qgis_mcp

3.7

by jjsantos01

QGISMCP connects QGIS to Claude AI through the Model Context Protocol, enabling direct interaction and control over QGIS.

cloud_platforms
kubernetes-mcp-server

kubernetes-mcp-server

3.7

by containers

The Kubernetes MCP Server is a powerful and flexible implementation of the Model Context Protocol (MCP) server, designed to interact directly with Kubernetes and OpenShift environments.

cloud_platforms
cos-mcp

cos-mcp

3.7

by Tencent

Tencent Cloud COS MCP Server allows large models to quickly access Tencent Cloud Storage (COS) and Data Processing (CI) capabilities without coding.

cloud_platforms
mcp-google-sheets

mcp-google-sheets

3.7

by xing5

mcp-google-sheets is a Python-based MCP server that connects MCP-compatible clients to Google Sheets API for automation and data manipulation.

cloud_platforms
cloud-run-mcp

cloud-run-mcp

3.7

by GoogleCloudPlatform

This is the repository of an MCP server to deploy code to Cloud Run, enabling MCP-compatible AI agents to deploy apps to Cloud Run.

cloud_platforms
win-cli-mcp-server

win-cli-mcp-server

3.7

by simon-ami

The Windows CLI MCP Server is a deprecated project designed for secure command-line interactions on Windows systems, providing controlled access to various shells and remote systems via SSH.

os_automation
mcp-gsuite

mcp-gsuite

3.7

by MarkusPfundstein

MCP server to interact with Google products, specifically Gmail and Calendar.

communication
mcp-k8s-go

mcp-k8s-go

3.6

by strowk

Golang-based MCP server connecting to Kubernetes, providing a range of functionalities to interact with Kubernetes resources.

cloud_platforms
codehooks-mcp-server

codehooks-mcp-server

3.6

by RestDB

This MCP server provides tools for interacting with codehooks.io projects through AI agents like Claude.

developer_tools