AWS SSO MCP Server

Overview

The @aashari/mcp-server-aws-sso MCP server bridges conversational AI assistants with AWS environments through the AWS IAM Identity Center (SSO). It solves a common pain point for DevOps, cloud architects, and SRE teams: the need to manually authenticate, navigate multiple accounts, and run CLI commands while focusing on higher‑level problem solving. By exposing a simple, natural‑language interface to AWS resources, the server lets users ask an AI assistant to list accounts, assume roles, query EC2 instances, or execute SSM shell commands—all without leaving the chat window.

At its core, the server handles the OAuth‑style SSO flow, retrieves temporary credentials for any enabled account and role, and then forwards those credentials to the AWS SDK or CLI. This eliminates the friction of managing long‑lived IAM keys, reduces credential leakage risk, and keeps access governed by the organization’s central identity policies. The result is a secure, auditable, and short‑lived credential model that aligns with modern cloud security best practices.

Key capabilities include:

• Account and role discovery – the AI can enumerate all accounts and permission sets available to a user, making it easy to switch context or verify access.
• Command execution – by passing an AWS CLI command string, the server runs it under the chosen role and returns output directly in chat.
• EC2 management – queries for instance status, disk usage, or any other metric that can be retrieved via SSM.
• Multi‑account orchestration – the assistant can “switch” to a different account, query VPCs, or list resources across regions in one conversation.
• Shell execution via SSM – any arbitrary shell command can be run on a managed instance, providing instant troubleshooting or deployment validation.

Real‑world scenarios where this MCP shines include: a DevOps engineer needing to verify that a new S3 bucket exists before proceeding with a deployment; an architect asking for a quick inventory of all VPCs across accounts to validate compliance; or an SRE team troubleshooting latency by running on a host via the assistant. In each case, the AI eliminates context switching between IDEs, consoles, and CLI tools, allowing teams to stay in conversation mode while still executing precise cloud operations.

Integration is straightforward for any MCP‑aware assistant. The server exposes a standard command interface, so it can be launched via or installed globally. Once configured in the assistant’s MCP settings, a simple “🔗 aws-sso” badge appears in the status bar, signaling that AWS SSO commands are now available. The assistant’s prompt can then include natural‑language requests, and the server handles authentication, role assumption, command execution, and result formatting automatically. This tight coupling between conversational AI and AWS operations streamlines workflows, reduces error rates, and accelerates time‑to‑value for cloud teams.