Skip to main content

MCP server for AWS Security Group IP whitelisting with stateless credential handling

Project description

AWS Security Group Management System

PyPI version Python versions License: MIT

A comprehensive solution for managing AWS EC2 Security Group rules with environment variable configuration, Model Context Protocol (MCP) server integration, and secure credential management.

๐Ÿš€ Features

  • Environment-based Configuration: Secure credential management using .env files
  • MCP Server Integration: Compatible with Claude Desktop and other MCP clients
  • Flexible Rule Management: Add, list, and manage security group rules
  • Audit Logging: Track all changes with timestamps and user attribution
  • Description Formatting: Standardized rule descriptions with timestamps
  • Validation: IP address and port validation with configurable rules
  • JSON-based Interface: Easy integration with automation tools

๐Ÿ“ Project Structure

D:\dev2\awswhitelist2\
โ”œโ”€โ”€ .env                      # Environment configuration (create from .env.example)
โ”œโ”€โ”€ .env.example              # Template for environment variables
โ”œโ”€โ”€ .gitignore               # Git ignore rules
โ”œโ”€โ”€ config_manager.py        # Centralized configuration management
โ”œโ”€โ”€ test_environment.py      # Environment setup verification
โ”œโ”€โ”€ setup_env.bat           # Windows setup script
โ”œโ”€โ”€ ENV_README.md           # Environment variables documentation
โ”‚
โ”œโ”€โ”€ simple_test/            # Core scripts
โ”‚   โ”œโ”€โ”€ test_aws_access.py  # Test AWS connectivity
โ”‚   โ”œโ”€โ”€ add_sg_rule_json.py # Original JSON-based script
โ”‚   โ”œโ”€โ”€ add_sg_rule_env.py  # Environment-aware version
โ”‚   โ””โ”€โ”€ ...                 # Other utility scripts
โ”‚
โ””โ”€โ”€ mcp_server/             # MCP server implementation
    โ”œโ”€โ”€ server.py           # Original Python MCP server
    โ”œโ”€โ”€ server_env.py       # Environment-aware MCP server
    โ”œโ”€โ”€ index.ts            # TypeScript MCP server
    โ””โ”€โ”€ claude_desktop_config_env.json  # Claude Desktop config

๐Ÿ”ง Quick Start

Claude Desktop Integration

This MCP server is fully compatible with Claude Desktop. See CLAUDE_DESKTOP_SETUP.md for installation instructions.

๐Ÿ”ง Quick Start

1. Setup Environment

Windows:

setup_env.bat

Manual:

cp .env.example .env
# Edit .env with your AWS credentials

2. Install Dependencies

pip install python-dotenv boto3 mcp

3. Test Configuration

python test_environment.py

4. Test AWS Connection

python simple_test/test_aws_access.py

๐Ÿ” Environment Variables

Key environment variables (see .env.example for full list):

# AWS Credentials
AWS_ACCESS_KEY_ID=your_access_key_here
AWS_SECRET_ACCESS_KEY=your_secret_key_here
AWS_DEFAULT_REGION=us-east-1

# Default Security Group
DEFAULT_SECURITY_GROUP_ID=sg-0f0df629567eb6344
DEFAULT_SECURITY_GROUP_NAME=whm-dev

# Description Format
DESCRIPTION_PREFIX=auto
DESCRIPTION_SEPARATOR=-
DESCRIPTION_TIMESTAMP_FORMAT=%Y%m%d-%H%M

๐Ÿ“ Usage Examples

Command Line Usage

Add a security group rule:

python simple_test/add_sg_rule_env.py '{
  "UserName": "john_doe",
  "UserIP": "203.0.113.45",
  "Port": "8080",
  "SecurityGroupID": "sg-0f0df629567eb6344",
  "ResourceName": "WebApp"
}'

With dry run:

python simple_test/add_sg_rule_env.py --dry-run '{...}'

Using different environment file:

python simple_test/add_sg_rule_env.py --env-file .env.production '{...}'

MCP Server with Claude Desktop

  1. Configure Claude Desktop:

    • Copy configuration from mcp_server/claude_desktop_config_env.json
    • Add to %APPDATA%\Claude\claude_desktop_config.json
  2. Restart Claude Desktop

  3. Use in Claude:

    Add IP 192.168.1.100 to security group sg-0f0df629567eb6344 on port 8080
    

๐Ÿ›ก๏ธ Security Best Practices

  1. Never commit .env files - Use .env.example as template
  2. Use IAM roles when running on AWS infrastructure
  3. Rotate credentials regularly
  4. Minimal permissions - Only grant required EC2 permissions:
    • ec2:DescribeSecurityGroups
    • ec2:AuthorizeSecurityGroupIngress
    • ec2:RevokeSecurityGroupIngress

๐Ÿ“Š Description Format

Rules are created with standardized descriptions:

{ResourceName} - {Port}-auto-{UserName}-YYYYMMDD-HHMM

Example: WebApp - 8080-auto-john_doe-20250711-1430

๐Ÿงช Testing

Test environment setup:

python test_environment.py

Test AWS connectivity:

python simple_test/test_aws_access.py

Test MCP server locally:

python mcp_server/server_env.py

๐Ÿ” Troubleshooting

Common Issues

  1. Module not found:

    pip install python-dotenv boto3 mcp
    
  2. AWS credentials error:

    • Check .env file exists and has correct values
    • Verify no extra spaces or quotes
    • Test with AWS CLI: aws sts get-caller-identity
  3. Permission denied:

    • Ensure IAM user has required EC2 permissions
    • Check security group exists and is accessible

Debug Mode

Set environment variable:

MCP_LOG_LEVEL=DEBUG

๐Ÿ“š Advanced Usage

Multiple Environments

# Development
ENV_FILE=.env.dev python simple_test/add_sg_rule_env.py ...

# Production  
ENV_FILE=.env.prod python simple_test/add_sg_rule_env.py ...

Programmatic Usage

from config_manager import get_config
import boto3

# Load configuration
config = get_config()
aws_config = config.get_aws_client_config()

# Create EC2 client
ec2 = boto3.client('ec2', **aws_config)

# Use configuration values
description = config.format_description("App", "8080", "user")

๐Ÿค Contributing

  1. Create feature branch
  2. Make changes
  3. Test thoroughly
  4. Submit pull request

๐Ÿ“„ License

This project is licensed under the MIT License.

๐Ÿ†˜ Support


Note: Remember to keep your AWS credentials secure and never commit them to version control!

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

awswhitelist-mcp-1.1.2.tar.gz (21.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

awswhitelist_mcp-1.1.2-py3-none-any.whl (21.6 kB view details)

Uploaded Python 3

File details

Details for the file awswhitelist-mcp-1.1.2.tar.gz.

File metadata

  • Download URL: awswhitelist-mcp-1.1.2.tar.gz
  • Upload date:
  • Size: 21.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for awswhitelist-mcp-1.1.2.tar.gz
Algorithm Hash digest
SHA256 655ad36d5c34c3f7df08c2d41a30c5e4c57f5a4b92c0a0cbc267527c2ccb7d84
MD5 7ff021bedcc16fdcc93d62d9989490b2
BLAKE2b-256 0428fe1cba4b22e7a93eb0acd0550b9852fdb9581ed530446286b661ace531c7

See more details on using hashes here.

File details

Details for the file awswhitelist_mcp-1.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for awswhitelist_mcp-1.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 ac1e571e6e0cc89f43938285c834e33961fba0ace0d89f288af27a118d9b5528
MD5 4cd2af7205b9370442417d1deab6a0e1
BLAKE2b-256 cbb0644a16568b696ecce4b857048b32ca96dc81fdcd981236a056220b470cf9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page