MCP server for AWS Security Group IP whitelisting with stateless credential handling
Project description
AWS Security Group Management System
A comprehensive solution for managing AWS EC2 Security Group rules with environment variable configuration, Model Context Protocol (MCP) server integration, and secure credential management.
๐ Features
- Environment-based Configuration: Secure credential management using
.envfiles - MCP Server Integration: Compatible with Claude Desktop and other MCP clients
- Flexible Rule Management: Add, list, and manage security group rules
- Audit Logging: Track all changes with timestamps and user attribution
- Description Formatting: Standardized rule descriptions with timestamps
- Validation: IP address and port validation with configurable rules
- JSON-based Interface: Easy integration with automation tools
๐ Project Structure
D:\dev2\awswhitelist2\
โโโ .env # Environment configuration (create from .env.example)
โโโ .env.example # Template for environment variables
โโโ .gitignore # Git ignore rules
โโโ config_manager.py # Centralized configuration management
โโโ test_environment.py # Environment setup verification
โโโ setup_env.bat # Windows setup script
โโโ ENV_README.md # Environment variables documentation
โ
โโโ simple_test/ # Core scripts
โ โโโ test_aws_access.py # Test AWS connectivity
โ โโโ add_sg_rule_json.py # Original JSON-based script
โ โโโ add_sg_rule_env.py # Environment-aware version
โ โโโ ... # Other utility scripts
โ
โโโ mcp_server/ # MCP server implementation
โโโ server.py # Original Python MCP server
โโโ server_env.py # Environment-aware MCP server
โโโ index.ts # TypeScript MCP server
โโโ claude_desktop_config_env.json # Claude Desktop config
๐ง Quick Start
Claude Desktop Integration
This MCP server is fully compatible with Claude Desktop. See CLAUDE_DESKTOP_SETUP.md for installation instructions.
๐ง Quick Start
1. Setup Environment
Windows:
setup_env.bat
Manual:
cp .env.example .env
# Edit .env with your AWS credentials
2. Install Dependencies
pip install python-dotenv boto3 mcp
3. Test Configuration
python test_environment.py
4. Test AWS Connection
python simple_test/test_aws_access.py
๐ Environment Variables
Key environment variables (see .env.example for full list):
# AWS Credentials
AWS_ACCESS_KEY_ID=your_access_key_here
AWS_SECRET_ACCESS_KEY=your_secret_key_here
AWS_DEFAULT_REGION=us-east-1
# Default Security Group
DEFAULT_SECURITY_GROUP_ID=sg-0f0df629567eb6344
DEFAULT_SECURITY_GROUP_NAME=whm-dev
# Description Format
DESCRIPTION_PREFIX=auto
DESCRIPTION_SEPARATOR=-
DESCRIPTION_TIMESTAMP_FORMAT=%Y%m%d-%H%M
๐ Usage Examples
Command Line Usage
Add a security group rule:
python simple_test/add_sg_rule_env.py '{
"UserName": "john_doe",
"UserIP": "203.0.113.45",
"Port": "8080",
"SecurityGroupID": "sg-0f0df629567eb6344",
"ResourceName": "WebApp"
}'
With dry run:
python simple_test/add_sg_rule_env.py --dry-run '{...}'
Using different environment file:
python simple_test/add_sg_rule_env.py --env-file .env.production '{...}'
MCP Server with Claude Desktop
-
Configure Claude Desktop:
- Copy configuration from
mcp_server/claude_desktop_config_env.json - Add to
%APPDATA%\Claude\claude_desktop_config.json
- Copy configuration from
-
Restart Claude Desktop
-
Use in Claude:
Add IP 192.168.1.100 to security group sg-0f0df629567eb6344 on port 8080
๐ก๏ธ Security Best Practices
- Never commit
.envfiles - Use.env.exampleas template - Use IAM roles when running on AWS infrastructure
- Rotate credentials regularly
- Minimal permissions - Only grant required EC2 permissions:
ec2:DescribeSecurityGroupsec2:AuthorizeSecurityGroupIngressec2:RevokeSecurityGroupIngress
๐ Description Format
Rules are created with standardized descriptions:
{ResourceName} - {Port}-auto-{UserName}-YYYYMMDD-HHMM
Example: WebApp - 8080-auto-john_doe-20250711-1430
๐งช Testing
Test environment setup:
python test_environment.py
Test AWS connectivity:
python simple_test/test_aws_access.py
Test MCP server locally:
python mcp_server/server_env.py
๐ Troubleshooting
Common Issues
-
Module not found:
pip install python-dotenv boto3 mcp
-
AWS credentials error:
- Check
.envfile exists and has correct values - Verify no extra spaces or quotes
- Test with AWS CLI:
aws sts get-caller-identity
- Check
-
Permission denied:
- Ensure IAM user has required EC2 permissions
- Check security group exists and is accessible
Debug Mode
Set environment variable:
MCP_LOG_LEVEL=DEBUG
๐ Advanced Usage
Multiple Environments
# Development
ENV_FILE=.env.dev python simple_test/add_sg_rule_env.py ...
# Production
ENV_FILE=.env.prod python simple_test/add_sg_rule_env.py ...
Programmatic Usage
from config_manager import get_config
import boto3
# Load configuration
config = get_config()
aws_config = config.get_aws_client_config()
# Create EC2 client
ec2 = boto3.client('ec2', **aws_config)
# Use configuration values
description = config.format_description("App", "8080", "user")
๐ค Contributing
- Create feature branch
- Make changes
- Test thoroughly
- Submit pull request
๐ License
This project is licensed under the MIT License.
๐ Support
- Check ENV_README.md for environment configuration
- Review TODO.md for roadmap
- See FUTURE.md for enhancement ideas
Note: Remember to keep your AWS credentials secure and never commit them to version control!
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file awswhitelist_mcp-1.1.10.tar.gz.
File metadata
- Download URL: awswhitelist_mcp-1.1.10.tar.gz
- Upload date:
- Size: 23.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
023109351fd9ab21430fadd70cf9723d9c0a5c5e6de921adbc1600036a1bf415
|
|
| MD5 |
0695e34484ae591f681ba7d94810ac74
|
|
| BLAKE2b-256 |
35ade28c56c62f0c542bfa83f01d805dd6eef6d509e556015da64f283aca4d3e
|
File details
Details for the file awswhitelist_mcp-1.1.10-py3-none-any.whl.
File metadata
- Download URL: awswhitelist_mcp-1.1.10-py3-none-any.whl
- Upload date:
- Size: 22.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9a2744c93f90d4e6460adb7c8b00b3f244af7585aa700017c7e65ef50f552d52
|
|
| MD5 |
c1920c4ba9b7f834b3865111fb526dbe
|
|
| BLAKE2b-256 |
79874b2ef612b5ffa262d64ef0c9f58691cdf036c914ee58787231d6fd18b71b
|