Agentic_AI_AWS_S3_JIT_Access_Custom_MCP_Server

netJoints/Agentic_AI_AWS_S3_JIT_Access_Custom_MCP_Server

3.2

If you are the rightful owner of Agentic_AI_AWS_S3_JIT_Access_Custom_MCP_Server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The Model Context Protocol (MCP) server is a custom-built solution using Fast MCP 2.0, designed to integrate with Claude Desktop for dynamic AWS S3 access through PAM JIT access.

Tools
2
Resources
0
Prompts
0

AWS S3 Dynamic Access using MCP Server and PAM JIT Access

This homw grown, from the scracte created Model Context Protocol (MCP) server using Fast MCP 2.0 integrates with Claude Desktop to list and interact with AWS S3 buckets using PAM.

Prerequisites

  1. Python 3.13+ installed

    • Check: python3 --version
    • On macOS: You may want to use a virtual environment (details below)

  2. Claude Desktop installed

    • Download from: https://claude.ai
    • Open the app and go to Settings → Developer Mode
image
  1. PAM API Token
    • Generate a token for your service identity and add it to a PAM policy that has at least s3:ListAllMyBuckets permission.

Required Python Packages

Install dependencies:

pip install boto3 requests fastmcp

If using a virtual environment:

python3 -m venv venv

source venv/bin/activate

pip install boto3 requests fastmcp

Copy the included MCP server python file to your machine. Try running the python file and it should run.

python mcp-s3-buckets.py

or

python3.13 mcp-s3-buckets.py (for Mac)




╭─ FastMCP 2.0 ──────────────────────────────────────────────────────────────╮
│                                                                            │
│        _ __ ___ ______           __  __  _____________    ____    ____     │
│       _ __ ___ / ____/___ ______/ /_/  |/  / ____/ __ \  |___ \  / __ \    │
│      _ __ ___ / /_  / __ `/ ___/ __/ /|_/ / /   / /_/ /  ___/ / / / / /    │
│     _ __ ___ / __/ / /_/ (__  ) /_/ /  / / /___/ ____/  /  __/_/ /_/ /     │
│    _ __ ___ /_/    \__,_/____/\__/_/  /_/\____/_/      /_____(_)____/      │
│                                                                            │
│                                                                            │
│                                                                            │
│    🖥️  Server name:     BR PAM API MCP                                     │
│    📦 Transport:       STDIO                                               │
│                                                                            │
│    📚 Docs:            https://gofastmcp.com                               │
│    🚀 Deploy:          https://fastmcp.cloud                               │
│                                                                            │
│    🏎️  FastMCP version: 2.10.5                                              │
│    🤝 MCP version:     1.11.0                                              │
│                                                                            │
╰────────────────────────────────────────────────────────────────────────────╯


[07/14/25 13:16:42] INFO     Starting MCP server 'BR PAM API MCP' with transport 'stdio'

Open Claude, go to developer settings, edit config, and then open the claude_desktop_config.json file.

Use the provided example, and customize file paths for Mac or PC.

Restart Claude, and ask it "What s3 buckets do I have"

Reference to use Python Virtual Environment


Create a virtual environment for your project:
# Navigate to your project directory (Mac Example)
cd "/Users/shahzadali/Library/CloudStorage/Agentic AI MCP S3 Access Tool"

# Create a virtual environment
python3.13 -m venv venv

# Activate it
source venv/bin/activate

# Install your dependencies
pip install fastmcp requests boto3

# Run your script
python mcp-s3-buckets.py

	or 
	
	python3.13 mcp-s3-buckets.py (depending on how the virtual env was setup)


When you're done working, you can deactivate the virtual environment:
deactivate

Open Claude, go to developer settings, edit config, and then open the claude_desktop_config.json file. You should see following

{
  "mcpServers": {
    "s3agent9": {
      "command": "/Users/shahzadali/Library/Agentic AI MCP S3 Access Tool/venv/bin/python",
      "args": ["/Users/shahzadali/Library/Agentic AI MCP S3 Access Tool/mcp-s3-buckets.py"],
      "env": {
        "BR_API_KEY": "Your Key"
      }
    }
  }
}

Use the provided example, and customize file paths for Mac or PC.

Restart Claude, and ask it "What s3 buckets do I have"


   🔍 What the Code Does
	1.	We deployed a FastMCP-based server (mcp_s3_agent.py) locally. Then added a Claude JSON config (as part of Claude Desktop).
	2.	This MCP server exposes multiple tools (@mcp.tool) that:
	•	Call BR PAM API to list and check out programmatic S3 access profiles.
	•	Fetch temporary AWS credentials.
	•	Use boto3 to list S3 buckets.
	•	Check the profile back in.


   🧠 What Happens When You Type the Prompt:
	1.	You type: “Show me list of S3 buckets.”
	2.	Claude (or any AI ChatBot/tool using FastMCP) sends the intent to your local MCP server.
	3.	The MCP server:
	•	Uses the BR PAM API key to authorize and fetch the appropriate S3 access profiles.
	•	Checks out a profile → fetches short lived AWS tokens → lists S3 buckets via boto3.
	•	Sends the response back (bucket list, count).
	•	Optionally checks the profile back in after use.

Architecture

BR PAM MCP Server with JIT

Logical Flow

image

Reference to use Python Virtual Environment


Create a virtual environment for your project:
# Navigate to your project directory (Mac Example)
cd "/Users/shahzadali/Library/CloudStorage/Agentic AI MCP S3 Access Tool"

# Create a virtual environment
python3.13 -m venv venv

# Activate it
source venv/bin/activate

# Install your dependencies
pip install fastmcp requests boto3

# Run your script
python mcp-s3-buckets.py

When you're done working, you can deactivate the virtual environment:
deactivate