gcp-mcp

pogao/gcp-mcp

3.2

If you are the rightful owner of gcp-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

This project is a Python-based server built with `fastmcp` that enables a Large Language Model (LLM) to query and analyze a Google Cloud Platform (GCP) environment.

Tools
6
Resources
0
Prompts
0

GCP MCP Server

Status: Work in Progress

This project is a Python-based server built with fastmcp that exposes a set of tools to a Large Language Model (LLM). The primary goal is to enable an LLM to safely query and analyze a Google Cloud Platform (GCP) environment, turning natural language questions into actionable cloud insights.

This project is under active development and serves as a living demonstration of cloud integration, API design, and professional coding practices for my portfolio.

Key Features

The server currently provides the following tools to an LLM:

☁️ Google Cloud Platform Tools

Compute Engine
  • List Instances: List all VM instances within a specific project and zone.
  • Describe Instance: Get detailed information about a specific VM instance.
VPC Networking & Firewalls
  • List All Firewall Rules: Retrieve every firewall rule within a given project.
  • List Firewall Rules per VPC: Filter firewall rules for a specific VPC network.
  • Describe Firewall Rule: Get detailed information about a single, named firewall rule.
  • 🛡️ Unsafe SSH Exposure Analysis: A security-focused tool that actively scans for firewall rules that dangerously expose SSH (port 22) to the entire internet (0.0.0.0/0).
Cloud IAM
  • List Project IAM Policy: Retrieves the full Identity and Access Management (IAM) policy for a specified project.
  • 🛡️ Find Project Owners: A security-focused tool that finds principals with the highly-privileged roles/owner basic role assigned to them.
Cloud Storage
  • List GCS Buckets: Retrieve a list of all Google Cloud Storage buckets in a project.
  • Describe GCS Bucket: Get detailed metadata for a specific storage bucket.
  • Check UBLA: Verify if a bucket has Uniform Bucket-Level Access (UBLA) enabled.
  • 🛡️ Public Bucket Analysis: A security-focused tool that checks if a bucket is publicly accessible to the internet.

Technology Stack

  • Backend: Python 3
  • Framework: FastAPI & fastmcp
  • Cloud SDK: google-cloud-compute, google-cloud-storage and google-cloud-resource-manager for interacting with the GCP API.
  • Logging: Structured JSON logging implemented with structlog.
  • Code Quality:
    • Centralized exception handling using Python decorators.

Getting Started

Prerequisites

  • Python 3.10+
  • uv (or pip) for package management.
  • Google Cloud SDK installed and configured on your local machine.

Installation & Running

  1. Clone the repository:

    git clone <repository-url>
cd gcp-mcp

  2. Set up the virtual environment and install dependencies:

    uv sync

  3. Authenticate with GCP: This is crucial. The application uses Application Default Credentials (ADC) to authenticate with Google Cloud.

    gcloud auth application-default login

  4. Run the server:

    Development Mode (with MCP Inspector):

    uv run fastmcp dev main.py:mcp

    Production / Stdio Mode:

    uv run fastmcp run main.py:mcp