An AWS Labs Model Context Protocol (MCP) server for managing AWS EC2 instances, AMIs, security groups, volumes, snapshots, and related infrastructure
Project description
AWS EC2 MCP Server
A Model Context Protocol (MCP) server for managing AWS EC2 instances, AMIs, security groups, volumes, and related infrastructure.
Overview
This server provides comprehensive EC2 management capabilities through the MCP protocol, allowing you to:
- EC2 Instances: Launch, terminate, start, stop, and reboot instances
- Security Groups: Create, modify, and delete security groups and rules
- Key Pairs: Create, import, and delete SSH key pairs
- EBS Volumes: Create, attach, detach, and delete volumes
- EBS Snapshots: Create and manage volume snapshots
- AMIs: Create custom AMIs from instances and manage their lifecycle
- VPC Management: Create and manage VPCs, subnets, and networking components
Features
Core Functionality
- Full EC2 instance lifecycle management
- Security group and network ACL management
- EBS volume and snapshot operations
- AMI creation and management
- VPC and subnet operations
- Key pair management for SSH access
Security Features
- Input validation for all AWS resource IDs
- Permission-based access control
- Response sanitization to prevent sensitive data leakage
- Configurable write operation protection
- AWS credentials validation
Operational Features
- Comprehensive error handling
- Detailed logging and monitoring
- Support for AWS profiles and regions
- Tag-based resource management
- Batch operations where applicable
Installation
# Clone the repository
git clone https://github.com/awslabs/mcp.git
cd mcp/src/ec2-mcp-server
# Install dependencies
pip install -e .
# Or install from PyPI (when available)
pip install awslabs.ec2-mcp-server
Configuration
AWS Credentials
Configure your AWS credentials using one of these methods:
-
AWS CLI:
aws configure -
Environment Variables:
export AWS_ACCESS_KEY_ID=your_access_key export AWS_SECRET_ACCESS_KEY=your_secret_key export AWS_REGION=us-east-1
-
IAM Roles (recommended for EC2 instances)
Environment Variables
AWS_REGION: AWS region (default: us-east-1)AWS_PROFILE: AWS profile name (optional)ALLOW_WRITE: Enable write operations (default: false)ALLOW_SENSITIVE_DATA: Enable access to sensitive data (default: false)FASTMCP_LOG_LEVEL: Log level (default: INFO)FASTMCP_LOG_FILE: Log file path (optional)
Security Settings
For security, write operations are disabled by default. To enable:
export ALLOW_WRITE=true
export ALLOW_SENSITIVE_DATA=true
Usage
Starting the Server
# Start the MCP server
ec2-mcp-server
Available Tools
Instance Management
list_instances: List EC2 instances with optional filteringget_instance_details: Get detailed information about a specific instancelaunch_instance: Launch new EC2 instancesterminate_instance: Terminate running instancesstart_instance: Start stopped instancesstop_instance: Stop running instancesreboot_instance: Reboot instances
Security Groups
list_security_groups: List security groupsget_security_group_details: Get detailed security group informationcreate_security_group: Create new security groupsdelete_security_group: Delete security groupsmodify_security_group_rules: Add or remove security group rules
Key Pairs
list_key_pairs: List SSH key pairscreate_key_pair: Create new key pairsdelete_key_pair: Delete key pairs
EBS Volumes
list_volumes: List EBS volumescreate_volume: Create new volumesdelete_volume: Delete volumesattach_volume: Attach volumes to instancesdetach_volume: Detach volumes from instances
EBS Snapshots
list_snapshots: List EBS snapshotscreate_snapshot: Create volume snapshots
AMIs
list_amis: List Amazon Machine Imagescreate_image: Create AMIs from instancesderegister_image: Deregister AMIs
VPC Management
list_vpcs: List VPCscreate_vpc: Create new VPCsdelete_vpc: Delete VPCslist_subnets: List subnets
Examples
Launch an Instance
# Launch a new t2.micro instance
response = await launch_instance(
ami_id="ami-12345678",
instance_type="t2.micro",
key_name="my-key-pair",
security_group_ids=["sg-12345678"],
tags={"Name": "MyInstance", "Environment": "Dev"}
)
Create a Security Group
# Create a new security group
response = await create_security_group(
group_name="web-server-sg",
description="Security group for web servers",
vpc_id="vpc-12345678"
)
# Add HTTP rule
await modify_security_group_rules(
group_id=response["group_id"],
action="add",
rule_type="inbound",
ip_protocol="tcp",
from_port=80,
to_port=80,
cidr_blocks=["0.0.0.0/0"]
)
Create and Attach an EBS Volume
# Create a new volume
volume_response = await create_volume(
availability_zone="us-east-1a",
size=20,
volume_type="gp3"
)
# Attach to an instance
await attach_volume(
volume_id=volume_response["volume_id"],
instance_id="i-12345678",
device="/dev/sdf"
)
Required AWS Permissions
The server requires the following AWS permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:*",
"sts:GetCallerIdentity"
],
"Resource": "*"
}
]
}
For production use, consider implementing more restrictive permissions based on your specific needs.
Error Handling
The server provides comprehensive error handling for common scenarios:
- Authentication Errors: Invalid or missing AWS credentials
- Permission Errors: Insufficient AWS permissions
- Resource Not Found: When specified resources don't exist
- Validation Errors: Invalid input parameters or resource IDs
- Rate Limiting: AWS API rate limit exceeded
Logging
The server uses Python's logging module. Configure logging level:
export FASTMCP_LOG_LEVEL=DEBUG
Development
Running Tests
# Install development dependencies
pip install -e ".[dev]"
# Run tests
pytest tests/
# Run with coverage
pytest --cov=awslabs.ec2_mcp_server tests/
Code Quality
The project uses several tools for code quality:
- Black: Code formatting
- isort: Import sorting
- Mypy: Type checking
- Ruff: Linting
# Format code
black awslabs/
isort awslabs/
# Type checking
mypy awslabs/
# Linting
ruff check awslabs/
Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
License
This project is licensed under the Apache License, Version 2.0. See the LICENSE file for details.
Support
For issues and questions:
- GitHub Issues: https://github.com/awslabs/mcp/issues
- Documentation: https://awslabs.github.io/mcp/servers/ec2-mcp-server/
Changelog
v0.1.0
- Initial release
- Basic EC2 instance management
- Security group operations
- EBS volume management
- AMI operations
- VPC management
- Key pair management
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
awslabs_ec2_mcp_server-0.1.0.tar.gz
(142.5 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file awslabs_ec2_mcp_server-0.1.0.tar.gz.
File metadata
- Download URL: awslabs_ec2_mcp_server-0.1.0.tar.gz
- Upload date:
- Size: 142.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
250db570807385f81d9293bd4562ea283125eeb083b7806ddc47763dbe7640e3
|
|
| MD5 |
0c9bdf0a910f62f9f45ab343b58e3572
|
|
| BLAKE2b-256 |
40bbec0fb0e49c0393477689fa84a6d2ff24fe9a74d81ed7145170a8cea59d5a
|
File details
Details for the file awslabs_ec2_mcp_server-0.1.0-py3-none-any.whl.
File metadata
- Download URL: awslabs_ec2_mcp_server-0.1.0-py3-none-any.whl
- Upload date:
- Size: 51.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
89234b30a976c33fd5ea14c15377e48b7bbd8981affc5119acb11641e7691821
|
|
| MD5 |
03f6fc1634cc41ba34176e25aa4c1f93
|
|
| BLAKE2b-256 |
065d65a76d5cc34909f570745eeb77072d775e4a54dca608675bc45f9d9b0ba3
|
