Skip to main content

MCP server for AWS Security Group IP whitelisting with stateless credential handling

Project description

AWS Security Group Management System

PyPI version Python versions License: MIT

A comprehensive solution for managing AWS EC2 Security Group rules with environment variable configuration, Model Context Protocol (MCP) server integration, and secure credential management.

๐Ÿš€ Features

  • Environment-based Configuration: Secure credential management using .env files
  • MCP Server Integration: Compatible with Claude Desktop and other MCP clients
  • Flexible Rule Management: Add, list, and manage security group rules
  • Audit Logging: Track all changes with timestamps and user attribution
  • Description Formatting: Standardized rule descriptions with timestamps
  • Validation: IP address and port validation with configurable rules
  • JSON-based Interface: Easy integration with automation tools

๐Ÿ“ Project Structure

D:\dev2\awswhitelist2\
โ”œโ”€โ”€ .env                      # Environment configuration (create from .env.example)
โ”œโ”€โ”€ .env.example              # Template for environment variables
โ”œโ”€โ”€ .gitignore               # Git ignore rules
โ”œโ”€โ”€ config_manager.py        # Centralized configuration management
โ”œโ”€โ”€ test_environment.py      # Environment setup verification
โ”œโ”€โ”€ setup_env.bat           # Windows setup script
โ”œโ”€โ”€ ENV_README.md           # Environment variables documentation
โ”‚
โ”œโ”€โ”€ simple_test/            # Core scripts
โ”‚   โ”œโ”€โ”€ test_aws_access.py  # Test AWS connectivity
โ”‚   โ”œโ”€โ”€ add_sg_rule_json.py # Original JSON-based script
โ”‚   โ”œโ”€โ”€ add_sg_rule_env.py  # Environment-aware version
โ”‚   โ””โ”€โ”€ ...                 # Other utility scripts
โ”‚
โ””โ”€โ”€ mcp_server/             # MCP server implementation
    โ”œโ”€โ”€ server.py           # Original Python MCP server
    โ”œโ”€โ”€ server_env.py       # Environment-aware MCP server
    โ”œโ”€โ”€ index.ts            # TypeScript MCP server
    โ””โ”€โ”€ claude_desktop_config_env.json  # Claude Desktop config

๐Ÿ”ง Quick Start

Claude Desktop Integration

This MCP server is fully compatible with Claude Desktop. See CLAUDE_DESKTOP_SETUP.md for installation instructions.

๐Ÿ”ง Quick Start

1. Setup Environment

Windows:

setup_env.bat

Manual:

cp .env.example .env
# Edit .env with your AWS credentials

2. Install Dependencies

pip install python-dotenv boto3 mcp

3. Test Configuration

python test_environment.py

4. Test AWS Connection

python simple_test/test_aws_access.py

๐Ÿ” Environment Variables

Key environment variables (see .env.example for full list):

# AWS Credentials
AWS_ACCESS_KEY_ID=your_access_key_here
AWS_SECRET_ACCESS_KEY=your_secret_key_here
AWS_DEFAULT_REGION=us-east-1

# Default Security Group
DEFAULT_SECURITY_GROUP_ID=sg-0f0df629567eb6344
DEFAULT_SECURITY_GROUP_NAME=whm-dev

# Description Format
DESCRIPTION_PREFIX=auto
DESCRIPTION_SEPARATOR=-
DESCRIPTION_TIMESTAMP_FORMAT=%Y%m%d-%H%M

๐Ÿ“ Usage Examples

Command Line Usage

Add a security group rule:

python simple_test/add_sg_rule_env.py '{
  "UserName": "john_doe",
  "UserIP": "203.0.113.45",
  "Port": "8080",
  "SecurityGroupID": "sg-0f0df629567eb6344",
  "ResourceName": "WebApp"
}'

With dry run:

python simple_test/add_sg_rule_env.py --dry-run '{...}'

Using different environment file:

python simple_test/add_sg_rule_env.py --env-file .env.production '{...}'

MCP Server with Claude Desktop

  1. Configure Claude Desktop:

    • Copy configuration from mcp_server/claude_desktop_config_env.json
    • Add to %APPDATA%\Claude\claude_desktop_config.json
  2. Restart Claude Desktop

  3. Use in Claude:

    Add IP 192.168.1.100 to security group sg-0f0df629567eb6344 on port 8080
    

๐Ÿ›ก๏ธ Security Best Practices

  1. Never commit .env files - Use .env.example as template
  2. Use IAM roles when running on AWS infrastructure
  3. Rotate credentials regularly
  4. Minimal permissions - Only grant required EC2 permissions:
    • ec2:DescribeSecurityGroups
    • ec2:AuthorizeSecurityGroupIngress
    • ec2:RevokeSecurityGroupIngress

๐Ÿ“Š Description Format

Rules are created with standardized descriptions:

{ResourceName} - {Port}-auto-{UserName}-YYYYMMDD-HHMM

Example: WebApp - 8080-auto-john_doe-20250711-1430

๐Ÿงช Testing

Test environment setup:

python test_environment.py

Test AWS connectivity:

python simple_test/test_aws_access.py

Test MCP server locally:

python mcp_server/server_env.py

๐Ÿ” Troubleshooting

Common Issues

  1. Module not found:

    pip install python-dotenv boto3 mcp
    
  2. AWS credentials error:

    • Check .env file exists and has correct values
    • Verify no extra spaces or quotes
    • Test with AWS CLI: aws sts get-caller-identity
  3. Permission denied:

    • Ensure IAM user has required EC2 permissions
    • Check security group exists and is accessible

Debug Mode

Set environment variable:

MCP_LOG_LEVEL=DEBUG

๐Ÿ“š Advanced Usage

Multiple Environments

# Development
ENV_FILE=.env.dev python simple_test/add_sg_rule_env.py ...

# Production  
ENV_FILE=.env.prod python simple_test/add_sg_rule_env.py ...

Programmatic Usage

from config_manager import get_config
import boto3

# Load configuration
config = get_config()
aws_config = config.get_aws_client_config()

# Create EC2 client
ec2 = boto3.client('ec2', **aws_config)

# Use configuration values
description = config.format_description("App", "8080", "user")

๐Ÿค Contributing

  1. Create feature branch
  2. Make changes
  3. Test thoroughly
  4. Submit pull request

๐Ÿ“„ License

This project is licensed under the MIT License.

๐Ÿ†˜ Support


Note: Remember to keep your AWS credentials secure and never commit them to version control!

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

awswhitelist_mcp-1.1.9.tar.gz (23.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

awswhitelist_mcp-1.1.9-py3-none-any.whl (22.2 kB view details)

Uploaded Python 3

File details

Details for the file awswhitelist_mcp-1.1.9.tar.gz.

File metadata

  • Download URL: awswhitelist_mcp-1.1.9.tar.gz
  • Upload date:
  • Size: 23.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for awswhitelist_mcp-1.1.9.tar.gz
Algorithm Hash digest
SHA256 0563bdb2a2e73112fc79c410a318c708029d654b767d26a52ec03c3e6bfe25c7
MD5 9175372bfed73cfd6dec59df739137fa
BLAKE2b-256 ccacda8a2b85e116ceca6ac8e9b0eeadd5962231fd29e26f1a4ca1d9d0e70a1b

See more details on using hashes here.

File details

Details for the file awswhitelist_mcp-1.1.9-py3-none-any.whl.

File metadata

File hashes

Hashes for awswhitelist_mcp-1.1.9-py3-none-any.whl
Algorithm Hash digest
SHA256 5dd0a89bb37d4511837492e4a72d34277e59a7f7489a0492ef73efadde6a0e19
MD5 d4b7fdbac686b4aedff5b2c3ec4dce21
BLAKE2b-256 423d62740d0bd89d114a0e51e50b8c66292ab7936493474ab2dd19e83887246b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page