MCP proxy server with AWS SigV4 authentication support
Project description
MCP Proxy SigV4
A Model Context Protocol (MCP) proxy server with AWS SigV4 and OAuth JWT authentication support, allowing you to connect to remote MCP servers.
Example MCP configuration
Add to your MCP configuration:
{
"mcpServers": {
"remote-sigv4-mcp-server": {
"command": "uvx",
"args": [
"mcp-proxy-sigv4",
"--endpoint",
"https://sigv4-mcp.example.com/mcp",
"--aws-service",
"bedrock-agentcore",
"--aws-region",
"us-east-1"
]
},
"oauth-mcp-server": {
"command": "uvx",
"args": [
"mcp-proxy-sigv4",
"--endpoint",
"https://oauth-mcp.example.com/mcp",
"--bearer-token",
"your-token-here"
]
}
}
}
Architecture
MCP Client (e.g., Claude Desktop)
↓ (stdio)
mcp-proxy-sigv4 (Local Proxy)
↓ (HTTPS + SigV4 / OAuth)
Remote MCP Server (Bedrock AgentCore, Lambda, etc.)
Installation
Using uvx (Recommended)
uvx mcp-proxy-sigv4 --endpoint https://api.example.com/mcp
Using pip
pip install mcp-proxy-sigv4
mcp-proxy-sigv4 --endpoint https://api.example.com/mcp
Development Installation
# Create venv and install dependencies
git clone https://github.com/jiapingzeng/mcp-proxy-sigv4
uv venv
source .venv/bin/activate
uv sync
# Run proxy
cd src
uv run python -m src.mcp_proxy_sigv4 --help
Usage
Basic Usage
Connect to a remote MCP server with default AWS SigV4 authentication (using Bedrock AgentCore as an example):
uvx mcp-proxy-sigv4 \\
--endpoint https://api.example.com/mcp \\
--aws-region us-east-1 \\
--aws-service bedrock-agentcore
OAuth JWT Bearer Token Authentication
Connect using a JWT bearer token via CLI option:
uvx mcp-proxy-sigv4 \\
--endpoint https://api.example.com/mcp \\
--bearer-token "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Or use the BEARER_TOKEN environment variable:
export BEARER_TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
uvx mcp-proxy-sigv4 --endpoint https://api.example.com/mcp
Without Authentication
For testing with servers that don't require authentication:
uvx mcp-proxy-sigv4 \\
--endpoint http://localhost:8000/mcp \\
--no-auth
Verbose Logging
Enable detailed logging for debugging:
uvx mcp-proxy-sigv4 \\
--endpoint https://api.example.com/mcp \\
--verbose
Command Line Options
--endpoint(required): Remote MCP server endpoint URL--bearer-token: OAuth JWT bearer token for authentication (alternative to AWS SigV4)--aws-region: AWS region for SigV4 authentication (default: us-east-1)--aws-service: AWS service name for SigV4 authentication (default: execute-api)--aws-profile: AWS profile to use for credentials (optional)--no-auth: Disable authentication (no signing or bearer token)--timeout: Request timeout in seconds (default: 30.0)--verbose: Enable verbose logging
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcp_proxy_sigv4-0.1.0.tar.gz.
File metadata
- Download URL: mcp_proxy_sigv4-0.1.0.tar.gz
- Upload date:
- Size: 5.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fea7efa005c55a963a5c90678a5e065b044e356a13650b6e549abd33de2a2d50
|
|
| MD5 |
37ab44f2282f1b5a32f41aa482f4c3aa
|
|
| BLAKE2b-256 |
2600fbc368fed4375b76e7d3ec25a7056dc42458586e52b4e377decdb0e97c48
|
Provenance
The following attestation bundles were made for mcp_proxy_sigv4-0.1.0.tar.gz:
Publisher:
publish.yml on jiapingzeng/mcp-proxy-sigv4
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mcp_proxy_sigv4-0.1.0.tar.gz -
Subject digest:
fea7efa005c55a963a5c90678a5e065b044e356a13650b6e549abd33de2a2d50 - Sigstore transparency entry: 586871459
- Sigstore integration time:
-
Permalink:
jiapingzeng/mcp-proxy-sigv4@53ef33b6e4c5df173d1fedf4395c0710388c7c93 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/jiapingzeng
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@53ef33b6e4c5df173d1fedf4395c0710388c7c93 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file mcp_proxy_sigv4-0.1.0-py3-none-any.whl.
File metadata
- Download URL: mcp_proxy_sigv4-0.1.0-py3-none-any.whl
- Upload date:
- Size: 7.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d5e4b3866d2d65d8fe369da3c339bfea2d619cdd62080c190a1b3844246b7282
|
|
| MD5 |
f6529b733672f132a1c4373811dbbc14
|
|
| BLAKE2b-256 |
5913efd10085321dffd41dab7edf272bf5c60d1eda532da1dd773fdd734f85e9
|
Provenance
The following attestation bundles were made for mcp_proxy_sigv4-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on jiapingzeng/mcp-proxy-sigv4
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mcp_proxy_sigv4-0.1.0-py3-none-any.whl -
Subject digest:
d5e4b3866d2d65d8fe369da3c339bfea2d619cdd62080c190a1b3844246b7282 - Sigstore transparency entry: 586871462
- Sigstore integration time:
-
Permalink:
jiapingzeng/mcp-proxy-sigv4@53ef33b6e4c5df173d1fedf4395c0710388c7c93 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/jiapingzeng
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@53ef33b6e4c5df173d1fedf4395c0710388c7c93 -
Trigger Event:
workflow_dispatch
-
Statement type: