### Installing Node.js Project Dependencies Source: https://github.com/aws-solutions-library-samples/guidance-for-deploying-model-context-protocol-servers-on-aws/blob/main/README.md This command installs all required Node.js dependencies for the project, as defined in the 'package.json' file. It must be run from within the project's source directory before deploying the application. ```bash npm install ``` -------------------------------- ### Installing AWS CDK Globally using npm Source: https://github.com/aws-solutions-library-samples/guidance-for-deploying-model-context-protocol-servers-on-aws/blob/main/README.md This command installs the AWS Cloud Development Kit (CDK) globally on your system using npm. AWS CDK is a framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. It requires Node.js to be installed. ```bash npm install -g aws-cdk ``` -------------------------------- ### Installing mcp-remote Utility (npm) Source: https://github.com/aws-solutions-library-samples/guidance-for-deploying-model-context-protocol-servers-on-aws/blob/main/README.md This command globally installs the `mcp-remote` utility using npm. `mcp-remote` is an experimental tool that enables local MCP clients to connect to remote MCP servers with authentication support, bridging the gap for stdio-only clients. ```bash npm install -g mcp-remote ``` -------------------------------- ### Bootstrapping AWS Account for CDK Deployment Source: https://github.com/aws-solutions-library-samples/guidance-for-deploying-model-context-protocol-servers-on-aws/blob/main/README.md This command bootstraps your AWS account for AWS CDK deployments. Bootstrapping provisions necessary resources, such as an S3 bucket and IAM roles, that CDK uses to deploy your applications. It's a one-time setup per account/region. ```bash cdk bootstrap ``` -------------------------------- ### Cloning Repository and Navigating to Source Directory Source: https://github.com/aws-solutions-library-samples/guidance-for-deploying-model-context-protocol-servers-on-aws/blob/main/README.md These commands clone the guidance repository from the specified URL and then navigate into the 'source' directory. This is the initial step to obtain the project files required for deployment. ```bash git clone cd guidance-for-remote-mcp-servers-on-aws cd source ``` -------------------------------- ### Deploying All AWS CDK Stacks Source: https://github.com/aws-solutions-library-samples/guidance-for-deploying-model-context-protocol-servers-on-aws/blob/main/README.md This command deploys all AWS CDK stacks defined in the project to your AWS account. It provisions the necessary AWS resources, including the MCP servers, Cognito, and other infrastructure components, as per the CDK application's configuration. ```bash cdk deploy --all ``` -------------------------------- ### Testing mcp-remote Connection to a Specific Server (Bash) Source: https://github.com/aws-solutions-library-samples/guidance-for-deploying-model-context-protocol-servers-on-aws/blob/main/README.md This command uses `npx` to execute the `mcp-remote` utility and test a direct connection to a specific remote MCP server endpoint. This verifies that `mcp-remote` can successfully establish communication with the deployed server. Replace `` with your actual CloudFront distribution endpoint. ```bash npx mcp-remote@latest https:///weather-python/sse ``` -------------------------------- ### Configuring mcp-remote for Multiple MCP Servers (JSON) Source: https://github.com/aws-solutions-library-samples/guidance-for-deploying-model-context-protocol-servers-on-aws/blob/main/README.md This JSON configuration file (`config.json`) defines multiple remote MCP servers that `mcp-remote` can connect to. Each entry specifies a server name, the `npx` command, and the URL of the remote MCP endpoint. Replace `` with your actual CloudFront distribution endpoint. ```json { "mcpServers": { "weather-sse-python": { "command": "npx", "args": [ "mcp-remote@latest", "https:///weather-python/sse" ] }, "weather-streamable-nodejs": { "command": "npx", "args": [ "mcp-remote@latest", "https:///weather-nodejs/mcp" ] }, "weather-streamable-nodejs-lambda": { "command": "npx", "args": [ "mcp-remote@latest", "https:///weather-nodejs-lambda/mcp" ] } } } ``` -------------------------------- ### Deploying AWS CDK Stacks with Custom Domain Configuration Source: https://github.com/aws-solutions-library-samples/guidance-for-deploying-model-context-protocol-servers-on-aws/blob/main/README.md This optional command deploys all AWS CDK stacks while configuring a custom domain. It requires providing the ARN of an existing ACM certificate and the desired custom domain name as context parameters for the deployment. ```bash cdk deploy --all --context certificateArn=arn:aws:acm:... --context customDomain=mcp-server.example.com ``` -------------------------------- ### Destroying All Deployed AWS CDK Resources (Bash) Source: https://github.com/aws-solutions-library-samples/guidance-for-deploying-model-context-protocol-servers-on-aws/blob/main/README.md This command uses the AWS Cloud Development Kit (CDK) to destroy all resources deployed by the current CDK application. It is a crucial step for cleaning up your AWS environment after testing or when the resources are no longer needed, helping to avoid unnecessary costs. ```bash cdk destroy --all ``` -------------------------------- ### OAuth 2.0 Authorization Code Flow with AWS Cognito - Mermaid Diagram Source: https://github.com/aws-solutions-library-samples/guidance-for-deploying-model-context-protocol-servers-on-aws/blob/main/assets/mcp-cognito-oauth-flow.md This Mermaid sequence diagram visualizes the OAuth 2.0 authorization code flow involving a User-Agent (Browser), MCP Client, MCP Server, and AWS Cognito. It details the steps from initial authorization request to token exchange and subsequent API usage, highlighting redirects, user authentication, and token generation. ```mermaid sequenceDiagram participant User as User-Agent (Browser) participant Client as MCP Client participant Server as MCP Server participant Cognito as AWS Cognito %% Initial OAuth Request Client->>Server: Initial OAuth Request Note right of Server: Client requests authorization %% Redirect to Cognito Server->>User: Redirect to AWS Cognito /authorize Note right of User: Server stores session state %% User Authentication with Cognito User->>Cognito: Authorization Request Note right of Cognito: User authenticates with Cognito %% User Authorizes rect rgb(100, 100, 100, 0.4) Note over Cognito: User authorizes application end %% Callback to MCP Server Cognito->>User: Redirect to MCP Server callback User->>Server: Authorization code %% Exchange code for Cognito tokens Server->>Cognito: Exchange code for token Cognito->>Server: Cognito access/refresh/ID tokens %% Generate MCP bound token rect rgb(100, 100, 100, 0.4) Note over Server: Generate bound MCP token end %% Send MCP code to client Server->>User: Redirect to MCP Client callback User->>Client: MCP authorization code %% Client exchanges code for token Client->>Server: Exchange code for MCP token Server->>Client: MCP access token %% Token Usage Note over Client,Server: Client uses MCP token for API calls ``` -------------------------------- ### Creating and Setting Password for Cognito Test User (AWS CLI) Source: https://github.com/aws-solutions-library-samples/guidance-for-deploying-model-context-protocol-servers-on-aws/blob/main/README.md This snippet demonstrates how to create a new test user and set a permanent password in an Amazon Cognito User Pool using the AWS CLI. This is intended for development and testing environments only. Replace `YOUR_USER_POOL_ID` with your actual User Pool ID. ```bash aws cognito-idp admin-create-user --user-pool-id YOUR_USER_POOL_ID --username test@example.com aws cognito-idp admin-set-user-password --user-pool-id YOUR_USER_POOL_ID --username test@example.com --password "TestPass123!" --permanent ``` -------------------------------- ### OAuth 2.0 Authorization Code Flow with AWS Cognito and MCP Server (Mermaid) Source: https://github.com/aws-solutions-library-samples/guidance-for-deploying-model-context-protocol-servers-on-aws/blob/main/assets/detailed-mcp-cognito-oauth-flow.md This Mermaid sequence diagram illustrates the complete OAuth 2.0 authorization code flow, including client registration, user authentication via AWS Cognito, token exchange, and token refresh, for an MCP Server. It details the interactions between the User-Agent, MCP Client, MCP Server, and AWS Cognito, highlighting key steps like redirects, token requests, and validation. ```Mermaid sequenceDiagram participant User as User-Agent (Browser) participant Client as MCP Client participant Server as MCP Server participant Cognito as AWS Cognito %% Client registration (one-time setup) Note over Client,Server: Client registration (one-time setup) Client->>Server: POST /register
{redirect_uris, client_name, etc.} Server->>Client: {client_id, client_secret} %% Start of OAuth flow Client->>Server: GET /authorize
?client_id=client_id
&redirect_uri=callback_url
&response_type=code
&state=state
&code_challenge=challenge Note right of Server: Server generates session_id
and stores original request %% Redirect to Cognito Server->>User: HTTP 302 to Cognito
/oauth2/authorize
?client_id=cognito_client_id
&response_type=code
&redirect_uri=server_callback
&state=session_id %% User authentication with Cognito User->>Cognito: Authorization Request Note right of Cognito: User enters credentials
and authenticates %% User authorizes rect rgb(100, 100, 100, 0.4) Note over User,Cognito: User authorizes application access end %% Callback to MCP Server with Cognito code Cognito->>User: HTTP 302 to MCP Server
/callback?code=cognito_code
&state=session_id User->>Server: GET /callback?code=cognito_code&state=session_id %% Server exchanges Cognito code for tokens Server->>Cognito: POST /oauth2/token
grant_type=authorization_code
code=cognito_code
client_id=cognito_client_id
redirect_uri=server_callback Cognito->>Server: {access_token, refresh_token, id_token} %% Server generates MCP code rect rgb(100, 100, 100, 0.4) Note over Server: Generate MCP authorization code
Store mapping between MCP code
and Cognito tokens end %% Redirect back to client with MCP code Server->>User: HTTP 302 to Client
redirect_uri?code=mcp_code&state=state User->>Client: GET redirect_uri?code=mcp_code&state=state %% Client exchanges MCP code for token Client->>Server: POST /token
grant_type=authorization_code
code=mcp_code
client_id=client_id
redirect_uri=callback_url
code_verifier=verifier %% Server validates and returns MCP token rect rgb(100, 100, 100, 0.4) Note over Server: Validate code and code_verifier
Generate JWT with embedded Cognito token
{"iss": "mcp-server", "sub": client_id,
"cognito_token": cognito_token, ...} end Server->>Client: {access_token, token_type: "Bearer",
expires_in, refresh_token, scope} %% API calls with token Client->>Server: API Request
Authorization: Bearer mcp_token rect rgb(100, 100, 100, 0.4) Note over Server: Validate MCP token
Extract and validate Cognito token end Server->>Client: API Response %% Token refresh flow Note over Client,Server: When token expires Client->>Server: POST /token
grant_type=refresh_token
refresh_token=mcp_refresh_token
client_id=client_id Server->>Cognito: POST /oauth2/token
grant_type=refresh_token
refresh_token=cognito_refresh_token
client_id=cognito_client_id Cognito->>Server: {access_token, refresh_token} rect rgb(100, 100, 100, 0.4) Note over Server: Generate new MCP access token
with new Cognito token end ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.