Skip to main content

MCP server for AWS Security Group IP whitelisting with stateless credential handling

Project description

AWS Security Group Management System

PyPI version Python versions License: MIT

A comprehensive solution for managing AWS EC2 Security Group rules with environment variable configuration, Model Context Protocol (MCP) server integration, and secure credential management.

๐Ÿš€ Features

  • Environment-based Configuration: Secure credential management using .env files
  • MCP Server Integration: Compatible with Claude Desktop and other MCP clients
  • Flexible Rule Management: Add, list, and manage security group rules
  • Audit Logging: Track all changes with timestamps and user attribution
  • Description Formatting: Standardized rule descriptions with timestamps
  • Validation: IP address and port validation with configurable rules
  • JSON-based Interface: Easy integration with automation tools

๐Ÿ“ Project Structure

D:\dev2\awswhitelist2\
โ”œโ”€โ”€ .env                      # Environment configuration (create from .env.example)
โ”œโ”€โ”€ .env.example              # Template for environment variables
โ”œโ”€โ”€ .gitignore               # Git ignore rules
โ”œโ”€โ”€ config_manager.py        # Centralized configuration management
โ”œโ”€โ”€ test_environment.py      # Environment setup verification
โ”œโ”€โ”€ setup_env.bat           # Windows setup script
โ”œโ”€โ”€ ENV_README.md           # Environment variables documentation
โ”‚
โ”œโ”€โ”€ simple_test/            # Core scripts
โ”‚   โ”œโ”€โ”€ test_aws_access.py  # Test AWS connectivity
โ”‚   โ”œโ”€โ”€ add_sg_rule_json.py # Original JSON-based script
โ”‚   โ”œโ”€โ”€ add_sg_rule_env.py  # Environment-aware version
โ”‚   โ””โ”€โ”€ ...                 # Other utility scripts
โ”‚
โ””โ”€โ”€ mcp_server/             # MCP server implementation
    โ”œโ”€โ”€ server.py           # Original Python MCP server
    โ”œโ”€โ”€ server_env.py       # Environment-aware MCP server
    โ”œโ”€โ”€ index.ts            # TypeScript MCP server
    โ””โ”€โ”€ claude_desktop_config_env.json  # Claude Desktop config

๐Ÿ”ง Quick Start

Claude Desktop Integration

This MCP server is fully compatible with Claude Desktop. See CLAUDE_DESKTOP_SETUP.md for installation instructions.

๐Ÿ”ง Quick Start

1. Setup Environment

Windows:

setup_env.bat

Manual:

cp .env.example .env
# Edit .env with your AWS credentials

2. Install Dependencies

pip install python-dotenv boto3 mcp

3. Test Configuration

python test_environment.py

4. Test AWS Connection

python simple_test/test_aws_access.py

๐Ÿ” Environment Variables

Key environment variables (see .env.example for full list):

# AWS Credentials
AWS_ACCESS_KEY_ID=your_access_key_here
AWS_SECRET_ACCESS_KEY=your_secret_key_here
AWS_DEFAULT_REGION=us-east-1

# Default Security Group
DEFAULT_SECURITY_GROUP_ID=sg-0f0df629567eb6344
DEFAULT_SECURITY_GROUP_NAME=whm-dev

# Description Format
DESCRIPTION_PREFIX=auto
DESCRIPTION_SEPARATOR=-
DESCRIPTION_TIMESTAMP_FORMAT=%Y%m%d-%H%M

๐Ÿ“ Usage Examples

Command Line Usage

Add a security group rule:

python simple_test/add_sg_rule_env.py '{
  "UserName": "john_doe",
  "UserIP": "203.0.113.45",
  "Port": "8080",
  "SecurityGroupID": "sg-0f0df629567eb6344",
  "ResourceName": "WebApp"
}'

With dry run:

python simple_test/add_sg_rule_env.py --dry-run '{...}'

Using different environment file:

python simple_test/add_sg_rule_env.py --env-file .env.production '{...}'

MCP Server with Claude Desktop

  1. Configure Claude Desktop:

    • Copy configuration from mcp_server/claude_desktop_config_env.json
    • Add to %APPDATA%\Claude\claude_desktop_config.json
  2. Restart Claude Desktop

  3. Use in Claude:

    Add IP 192.168.1.100 to security group sg-0f0df629567eb6344 on port 8080
    

๐Ÿ›ก๏ธ Security Best Practices

  1. Never commit .env files - Use .env.example as template
  2. Use IAM roles when running on AWS infrastructure
  3. Rotate credentials regularly
  4. Minimal permissions - Only grant required EC2 permissions:
    • ec2:DescribeSecurityGroups
    • ec2:AuthorizeSecurityGroupIngress
    • ec2:RevokeSecurityGroupIngress

๐Ÿ“Š Description Format

Rules are created with standardized descriptions:

{ResourceName} - {Port}-auto-{UserName}-YYYYMMDD-HHMM

Example: WebApp - 8080-auto-john_doe-20250711-1430

๐Ÿงช Testing

Test environment setup:

python test_environment.py

Test AWS connectivity:

python simple_test/test_aws_access.py

Test MCP server locally:

python mcp_server/server_env.py

๐Ÿ” Troubleshooting

Common Issues

  1. Module not found:

    pip install python-dotenv boto3 mcp
    
  2. AWS credentials error:

    • Check .env file exists and has correct values
    • Verify no extra spaces or quotes
    • Test with AWS CLI: aws sts get-caller-identity
  3. Permission denied:

    • Ensure IAM user has required EC2 permissions
    • Check security group exists and is accessible

Debug Mode

Set environment variable:

MCP_LOG_LEVEL=DEBUG

๐Ÿ“š Advanced Usage

Multiple Environments

# Development
ENV_FILE=.env.dev python simple_test/add_sg_rule_env.py ...

# Production  
ENV_FILE=.env.prod python simple_test/add_sg_rule_env.py ...

Programmatic Usage

from config_manager import get_config
import boto3

# Load configuration
config = get_config()
aws_config = config.get_aws_client_config()

# Create EC2 client
ec2 = boto3.client('ec2', **aws_config)

# Use configuration values
description = config.format_description("App", "8080", "user")

๐Ÿค Contributing

  1. Create feature branch
  2. Make changes
  3. Test thoroughly
  4. Submit pull request

๐Ÿ“„ License

This project is licensed under the MIT License.

๐Ÿ†˜ Support


Note: Remember to keep your AWS credentials secure and never commit them to version control!

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

awswhitelist_mcp-1.1.1.tar.gz (21.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

awswhitelist_mcp-1.1.1-py3-none-any.whl (20.9 kB view details)

Uploaded Python 3

File details

Details for the file awswhitelist_mcp-1.1.1.tar.gz.

File metadata

  • Download URL: awswhitelist_mcp-1.1.1.tar.gz
  • Upload date:
  • Size: 21.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for awswhitelist_mcp-1.1.1.tar.gz
Algorithm Hash digest
SHA256 8f302c95f207afe1f33ba0b5c1eae8d75d9912f48871dbad59d2054544d2d7aa
MD5 816cd1e3523a30c65d83eb45bef900c6
BLAKE2b-256 3674ffdc109607afd5f8ae209ef2384708fd1a18f848cf3d34fe55270f90994c

See more details on using hashes here.

File details

Details for the file awswhitelist_mcp-1.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for awswhitelist_mcp-1.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 f392280aad66903205e08338fb14d03420c840050ac787ef65bb69ddf17d9e61
MD5 49a11ecdc79884ab02b8a15e38ead4cc
BLAKE2b-256 a2afd379981106531518bbdec5fe5dce3400a7b7704d9d49a67c5f29cbab77a4

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page