Skip to main content

MCP server for AWS Security Group IP whitelisting with stateless credential handling

Project description

AWS Security Group Management System

PyPI version Python versions License: MIT

A comprehensive solution for managing AWS EC2 Security Group rules with environment variable configuration, Model Context Protocol (MCP) server integration, and secure credential management.

๐Ÿš€ Features

  • Environment-based Configuration: Secure credential management using .env files
  • MCP Server Integration: Compatible with Claude Desktop and other MCP clients
  • Flexible Rule Management: Add, list, and manage security group rules
  • Audit Logging: Track all changes with timestamps and user attribution
  • Description Formatting: Standardized rule descriptions with timestamps
  • Validation: IP address and port validation with configurable rules
  • JSON-based Interface: Easy integration with automation tools

๐Ÿ“ Project Structure

D:\dev2\awswhitelist2\
โ”œโ”€โ”€ .env                      # Environment configuration (create from .env.example)
โ”œโ”€โ”€ .env.example              # Template for environment variables
โ”œโ”€โ”€ .gitignore               # Git ignore rules
โ”œโ”€โ”€ config_manager.py        # Centralized configuration management
โ”œโ”€โ”€ test_environment.py      # Environment setup verification
โ”œโ”€โ”€ setup_env.bat           # Windows setup script
โ”œโ”€โ”€ ENV_README.md           # Environment variables documentation
โ”‚
โ”œโ”€โ”€ simple_test/            # Core scripts
โ”‚   โ”œโ”€โ”€ test_aws_access.py  # Test AWS connectivity
โ”‚   โ”œโ”€โ”€ add_sg_rule_json.py # Original JSON-based script
โ”‚   โ”œโ”€โ”€ add_sg_rule_env.py  # Environment-aware version
โ”‚   โ””โ”€โ”€ ...                 # Other utility scripts
โ”‚
โ””โ”€โ”€ mcp_server/             # MCP server implementation
    โ”œโ”€โ”€ server.py           # Original Python MCP server
    โ”œโ”€โ”€ server_env.py       # Environment-aware MCP server
    โ”œโ”€โ”€ index.ts            # TypeScript MCP server
    โ””โ”€โ”€ claude_desktop_config_env.json  # Claude Desktop config

๐Ÿ”ง Quick Start

Claude Desktop Integration

This MCP server is fully compatible with Claude Desktop. See CLAUDE_DESKTOP_SETUP.md for installation instructions.

๐Ÿ”ง Quick Start

1. Setup Environment

Windows:

setup_env.bat

Manual:

cp .env.example .env
# Edit .env with your AWS credentials

2. Install Dependencies

pip install python-dotenv boto3 mcp

3. Test Configuration

python test_environment.py

4. Test AWS Connection

python simple_test/test_aws_access.py

๐Ÿ” Environment Variables

Key environment variables (see .env.example for full list):

# AWS Credentials
AWS_ACCESS_KEY_ID=your_access_key_here
AWS_SECRET_ACCESS_KEY=your_secret_key_here
AWS_DEFAULT_REGION=us-east-1

# Default Security Group
DEFAULT_SECURITY_GROUP_ID=sg-0f0df629567eb6344
DEFAULT_SECURITY_GROUP_NAME=whm-dev

# Description Format
DESCRIPTION_PREFIX=auto
DESCRIPTION_SEPARATOR=-
DESCRIPTION_TIMESTAMP_FORMAT=%Y%m%d-%H%M

๐Ÿ“ Usage Examples

Command Line Usage

Add a security group rule:

python simple_test/add_sg_rule_env.py '{
  "UserName": "john_doe",
  "UserIP": "203.0.113.45",
  "Port": "8080",
  "SecurityGroupID": "sg-0f0df629567eb6344",
  "ResourceName": "WebApp"
}'

With dry run:

python simple_test/add_sg_rule_env.py --dry-run '{...}'

Using different environment file:

python simple_test/add_sg_rule_env.py --env-file .env.production '{...}'

MCP Server with Claude Desktop

  1. Configure Claude Desktop:

    • Copy configuration from mcp_server/claude_desktop_config_env.json
    • Add to %APPDATA%\Claude\claude_desktop_config.json
  2. Restart Claude Desktop

  3. Use in Claude:

    Add IP 192.168.1.100 to security group sg-0f0df629567eb6344 on port 8080
    

๐Ÿ›ก๏ธ Security Best Practices

  1. Never commit .env files - Use .env.example as template
  2. Use IAM roles when running on AWS infrastructure
  3. Rotate credentials regularly
  4. Minimal permissions - Only grant required EC2 permissions:
    • ec2:DescribeSecurityGroups
    • ec2:AuthorizeSecurityGroupIngress
    • ec2:RevokeSecurityGroupIngress

๐Ÿ“Š Description Format

Rules are created with standardized descriptions:

{ResourceName} - {Port}-auto-{UserName}-YYYYMMDD-HHMM

Example: WebApp - 8080-auto-john_doe-20250711-1430

๐Ÿงช Testing

Test environment setup:

python test_environment.py

Test AWS connectivity:

python simple_test/test_aws_access.py

Test MCP server locally:

python mcp_server/server_env.py

๐Ÿ” Troubleshooting

Common Issues

  1. Module not found:

    pip install python-dotenv boto3 mcp
    
  2. AWS credentials error:

    • Check .env file exists and has correct values
    • Verify no extra spaces or quotes
    • Test with AWS CLI: aws sts get-caller-identity
  3. Permission denied:

    • Ensure IAM user has required EC2 permissions
    • Check security group exists and is accessible

Debug Mode

Set environment variable:

MCP_LOG_LEVEL=DEBUG

๐Ÿ“š Advanced Usage

Multiple Environments

# Development
ENV_FILE=.env.dev python simple_test/add_sg_rule_env.py ...

# Production  
ENV_FILE=.env.prod python simple_test/add_sg_rule_env.py ...

Programmatic Usage

from config_manager import get_config
import boto3

# Load configuration
config = get_config()
aws_config = config.get_aws_client_config()

# Create EC2 client
ec2 = boto3.client('ec2', **aws_config)

# Use configuration values
description = config.format_description("App", "8080", "user")

๐Ÿค Contributing

  1. Create feature branch
  2. Make changes
  3. Test thoroughly
  4. Submit pull request

๐Ÿ“„ License

This project is licensed under the MIT License.

๐Ÿ†˜ Support


Note: Remember to keep your AWS credentials secure and never commit them to version control!

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

awswhitelist_mcp-1.1.10.tar.gz (23.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

awswhitelist_mcp-1.1.10-py3-none-any.whl (22.9 kB view details)

Uploaded Python 3

File details

Details for the file awswhitelist_mcp-1.1.10.tar.gz.

File metadata

  • Download URL: awswhitelist_mcp-1.1.10.tar.gz
  • Upload date:
  • Size: 23.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for awswhitelist_mcp-1.1.10.tar.gz
Algorithm Hash digest
SHA256 023109351fd9ab21430fadd70cf9723d9c0a5c5e6de921adbc1600036a1bf415
MD5 0695e34484ae591f681ba7d94810ac74
BLAKE2b-256 35ade28c56c62f0c542bfa83f01d805dd6eef6d509e556015da64f283aca4d3e

See more details on using hashes here.

File details

Details for the file awswhitelist_mcp-1.1.10-py3-none-any.whl.

File metadata

File hashes

Hashes for awswhitelist_mcp-1.1.10-py3-none-any.whl
Algorithm Hash digest
SHA256 9a2744c93f90d4e6460adb7c8b00b3f244af7585aa700017c7e65ef50f552d52
MD5 c1920c4ba9b7f834b3865111fb526dbe
BLAKE2b-256 79874b2ef612b5ffa262d64ef0c9f58691cdf036c914ee58787231d6fd18b71b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page