Skip to main content

MCP server for AWS Security Group IP whitelisting with stateless credential handling

Project description

AWS Security Group Management System

A comprehensive solution for managing AWS EC2 Security Group rules with environment variable configuration, Model Context Protocol (MCP) server integration, and secure credential management.

๐Ÿš€ Features

  • Environment-based Configuration: Secure credential management using .env files
  • MCP Server Integration: Compatible with Claude Desktop and other MCP clients
  • Flexible Rule Management: Add, list, and manage security group rules
  • Audit Logging: Track all changes with timestamps and user attribution
  • Description Formatting: Standardized rule descriptions with timestamps
  • Validation: IP address and port validation with configurable rules
  • JSON-based Interface: Easy integration with automation tools

๐Ÿ“ Project Structure

D:\dev2\awswhitelist2\
โ”œโ”€โ”€ .env                      # Environment configuration (create from .env.example)
โ”œโ”€โ”€ .env.example              # Template for environment variables
โ”œโ”€โ”€ .gitignore               # Git ignore rules
โ”œโ”€โ”€ config_manager.py        # Centralized configuration management
โ”œโ”€โ”€ test_environment.py      # Environment setup verification
โ”œโ”€โ”€ setup_env.bat           # Windows setup script
โ”œโ”€โ”€ ENV_README.md           # Environment variables documentation
โ”‚
โ”œโ”€โ”€ simple_test/            # Core scripts
โ”‚   โ”œโ”€โ”€ test_aws_access.py  # Test AWS connectivity
โ”‚   โ”œโ”€โ”€ add_sg_rule_json.py # Original JSON-based script
โ”‚   โ”œโ”€โ”€ add_sg_rule_env.py  # Environment-aware version
โ”‚   โ””โ”€โ”€ ...                 # Other utility scripts
โ”‚
โ””โ”€โ”€ mcp_server/             # MCP server implementation
    โ”œโ”€โ”€ server.py           # Original Python MCP server
    โ”œโ”€โ”€ server_env.py       # Environment-aware MCP server
    โ”œโ”€โ”€ index.ts            # TypeScript MCP server
    โ””โ”€โ”€ claude_desktop_config_env.json  # Claude Desktop config

๐Ÿ”ง Quick Start

Claude Desktop Integration

This MCP server is fully compatible with Claude Desktop. See CLAUDE_DESKTOP_SETUP.md for installation instructions.

๐Ÿ”ง Quick Start

1. Setup Environment

Windows:

setup_env.bat

Manual:

cp .env.example .env
# Edit .env with your AWS credentials

2. Install Dependencies

pip install python-dotenv boto3 mcp

3. Test Configuration

python test_environment.py

4. Test AWS Connection

python simple_test/test_aws_access.py

๐Ÿ” Environment Variables

Key environment variables (see .env.example for full list):

# AWS Credentials
AWS_ACCESS_KEY_ID=your_access_key_here
AWS_SECRET_ACCESS_KEY=your_secret_key_here
AWS_DEFAULT_REGION=us-east-1

# Default Security Group
DEFAULT_SECURITY_GROUP_ID=sg-0f0df629567eb6344
DEFAULT_SECURITY_GROUP_NAME=whm-dev

# Description Format
DESCRIPTION_PREFIX=auto
DESCRIPTION_SEPARATOR=-
DESCRIPTION_TIMESTAMP_FORMAT=%Y%m%d-%H%M

๐Ÿ“ Usage Examples

Command Line Usage

Add a security group rule:

python simple_test/add_sg_rule_env.py '{
  "UserName": "john_doe",
  "UserIP": "203.0.113.45",
  "Port": "8080",
  "SecurityGroupID": "sg-0f0df629567eb6344",
  "ResourceName": "WebApp"
}'

With dry run:

python simple_test/add_sg_rule_env.py --dry-run '{...}'

Using different environment file:

python simple_test/add_sg_rule_env.py --env-file .env.production '{...}'

MCP Server with Claude Desktop

  1. Configure Claude Desktop:

    • Copy configuration from mcp_server/claude_desktop_config_env.json
    • Add to %APPDATA%\Claude\claude_desktop_config.json
  2. Restart Claude Desktop

  3. Use in Claude:

    Add IP 192.168.1.100 to security group sg-0f0df629567eb6344 on port 8080
    

๐Ÿ›ก๏ธ Security Best Practices

  1. Never commit .env files - Use .env.example as template
  2. Use IAM roles when running on AWS infrastructure
  3. Rotate credentials regularly
  4. Minimal permissions - Only grant required EC2 permissions:
    • ec2:DescribeSecurityGroups
    • ec2:AuthorizeSecurityGroupIngress
    • ec2:RevokeSecurityGroupIngress

๐Ÿ“Š Description Format

Rules are created with standardized descriptions:

{ResourceName} - {Port}-auto-{UserName}-YYYYMMDD-HHMM

Example: WebApp - 8080-auto-john_doe-20250711-1430

๐Ÿงช Testing

Test environment setup:

python test_environment.py

Test AWS connectivity:

python simple_test/test_aws_access.py

Test MCP server locally:

python mcp_server/server_env.py

๐Ÿ” Troubleshooting

Common Issues

  1. Module not found:

    pip install python-dotenv boto3 mcp
    
  2. AWS credentials error:

    • Check .env file exists and has correct values
    • Verify no extra spaces or quotes
    • Test with AWS CLI: aws sts get-caller-identity
  3. Permission denied:

    • Ensure IAM user has required EC2 permissions
    • Check security group exists and is accessible

Debug Mode

Set environment variable:

MCP_LOG_LEVEL=DEBUG

๐Ÿ“š Advanced Usage

Multiple Environments

# Development
ENV_FILE=.env.dev python simple_test/add_sg_rule_env.py ...

# Production  
ENV_FILE=.env.prod python simple_test/add_sg_rule_env.py ...

Programmatic Usage

from config_manager import get_config
import boto3

# Load configuration
config = get_config()
aws_config = config.get_aws_client_config()

# Create EC2 client
ec2 = boto3.client('ec2', **aws_config)

# Use configuration values
description = config.format_description("App", "8080", "user")

๐Ÿค Contributing

  1. Create feature branch
  2. Make changes
  3. Test thoroughly
  4. Submit pull request

๐Ÿ“„ License

This project is licensed under the MIT License.

๐Ÿ†˜ Support


Note: Remember to keep your AWS credentials secure and never commit them to version control!

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

awswhitelist_mcp-1.0.0.tar.gz (20.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

awswhitelist_mcp-1.0.0-py3-none-any.whl (19.9 kB view details)

Uploaded Python 3

File details

Details for the file awswhitelist_mcp-1.0.0.tar.gz.

File metadata

  • Download URL: awswhitelist_mcp-1.0.0.tar.gz
  • Upload date:
  • Size: 20.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for awswhitelist_mcp-1.0.0.tar.gz
Algorithm Hash digest
SHA256 ee2a1e39d4ea5358186592e1116b657feb6ed48fce54c59b0a63b98fd2827d52
MD5 675302fb35cfa5e17910ad733be841ca
BLAKE2b-256 0181cf80ad618be7fcaeae9361b5c5190ae68f4a1c19c2563e3c52b96c4d0a5b

See more details on using hashes here.

File details

Details for the file awswhitelist_mcp-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for awswhitelist_mcp-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f9afc1055c05f2430c412ea8c2ef186ffc5d9aa1d0f7983a9d66be3d96aa5d3e
MD5 a500481f23e8adb3bf5b21002518ffed
BLAKE2b-256 09a9c817dfc526d52c2ac642c56716958ff113947e5d7f20d29bef7825472da5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page