{"id":7398,"library":"mcp-proxy-for-aws","title":"MCP Proxy for AWS","description":"The MCP Proxy for AWS is a Python library that serves as a lightweight, client-side bridge between Model Context Protocol (MCP) clients (such as AI assistants and developer tools) and IAM-secured MCP servers on AWS. It handles SigV4 authentication using local AWS credentials and provides dynamic tool discovery. The library is currently at version 1.3.0 and is actively maintained, with updates released as needed to support AWS services and the MCP specification.","status":"active","version":"1.3.0","language":"en","source_language":"en","source_url":"https://github.com/aws/mcp-proxy-for-aws","tags":["aws","mcp","proxy","ai-agents","iam","sigv4"],"install":[{"cmd":"pip install mcp-proxy-for-aws","lang":"bash","label":"Install with pip"},{"cmd":"uvx mcp-proxy-for-aws@latest <SigV4 MCP endpoint URL>","lang":"bash","label":"Run as a proxy with uvx"}],"dependencies":[{"reason":"Core MCP server framework.","package":"fastmcp","optional":false},{"reason":"AWS SDK for Python, used for credential handling and AWS service interaction.","package":"boto3","optional":false},{"reason":"Low-level interface to AWS, a dependency of boto3.","package":"botocore","optional":false}],"imports":[{"note":"For programmatic use as a library to interact with MCP servers.","symbol":"McpProxy","correct":"from mcp_proxy_for_aws.mcp_proxy import McpProxy"},{"note":"For running the proxy server programmatically.","symbol":"run_server","correct":"from mcp_proxy_for_aws.server import run_server"}],"quickstart":{"code":"import os\nfrom mcp_proxy_for_aws.mcp_proxy import McpProxy\n\n# Ensure AWS credentials and region are configured (e.g., via environment variables or ~/.aws/credentials)\n# For programmatic use, you might explicitly pass them, but for quickstart, rely on boto3's default chain.\naws_region = os.environ.get('AWS_REGION', 'us-east-1')\nmcp_endpoint_url = os.environ.get('MCP_ENDPOINT_URL', 'https://your-mcp-server.amazonaws.com/mcp')\n\ntry:\n    # Initialize the MCP Proxy client\n    proxy_client = McpProxy(endpoint=mcp_endpoint_url, region=aws_region)\n    print(f\"Initialized MCP Proxy for endpoint: {mcp_endpoint_url}\")\n\n    # Example: Discover tools (this would typically involve calling a method that hits the MCP server)\n    # Note: The actual method for tool discovery might vary based on the MCP server implementation.\n    # This is a placeholder for demonstrating client initialization.\n    print(\"Attempting to discover tools (requires a live MCP server)...\")\n    # In a real scenario, you'd call methods like proxy_client.discover_tools() if available\n    # or integrate with an AI agent framework.\n    print(\"MCP Proxy client initialized successfully. Ready for agent integration.\")\n\nexcept Exception as e:\n    print(f\"Error initializing MCP Proxy: {e}\")\n    print(\"Please ensure 'MCP_ENDPOINT_URL' and AWS credentials/region are correctly configured.\")\n","lang":"python","description":"This quickstart demonstrates how to programmatically initialize the `McpProxy` client. It assumes AWS credentials (e.g., `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_REGION`) and the `MCP_ENDPOINT_URL` environment variable are set. The client handles SigV4 authentication automatically using the default boto3 credential chain."},"warnings":[{"fix":"Ensure `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_REGION` environment variables are set, or an AWS CLI profile is configured. For programmatic use with explicit credentials, ensure `aws_region` is always provided.","message":"AWS credentials and region must be correctly configured. The proxy uses the standard boto3 credential chain (environment variables, shared credentials file, EC2 instance profiles, etc.). If not found, authentication will fail.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always explicitly specify the `--region` parameter or ensure the `AWS_REGION` environment variable is set to match your MCP server's region when running the proxy via `uvx` or `python -m`.","message":"When using `mcp-proxy-for-aws` as a command-line tool, the `--region` argument defaults to `us-east-1` if not explicitly specified or inferred from environment variables. This can lead to connection issues if your MCP server is in a different region and `--region` is not set.","severity":"gotcha","affected_versions":"All versions"},{"fix":"If you were using `awslabs.core-mcp-server`, migrate to configuring individual MCP servers directly within your client. `mcp-proxy-for-aws` remains active for its specific purpose of SigV4 authentication.","message":"The `awslabs.core-mcp-server` is deprecated. Its proxy/orchestration pattern is no longer necessary as modern MCP clients support multi-server configurations natively. This is distinct from `mcp-proxy-for-aws` but related in the MCP ecosystem, and users might confuse them.","severity":"deprecated","affected_versions":"awslabs.core-mcp-server versions <= March 27, 2026"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Check the debug logs for more details on the malformed request. Ensure your MCP client is compatible with the `mcp-proxy-for-aws` version and the target MCP server's API. Consult the `mcp-proxy-for-aws` GitHub repository for known compatibility issues or updates.","cause":"This error often indicates a protocol mismatch or incorrect parameter formatting between the MCP client (e.g., an AI assistant) and the `mcp-proxy-for-aws` during tool or resource fetching. It can be due to a client expecting a different API version or a malformed request body.","error":"Error -32602: Invalid request parameters"},{"fix":"Verify the `MCP_ENDPOINT_URL` is correct and the server is running. Check network connectivity (e.g., firewall rules, VPC configurations). Ensure that the proxy has the necessary permissions to access the network.","cause":"The proxy cannot reach the specified MCP endpoint URL. This could be due to network issues, an incorrect URL, or the MCP server not being active or accessible from where the proxy is running.","error":"Failed to connect to MCP server: Could not connect to the endpoint URL: \"https://your-mcp-server.amazonaws.com/mcp\""},{"fix":"Refresh your AWS credentials. Verify that `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` (if using temporary credentials) are correctly set, or that your AWS CLI profile is valid and has the necessary permissions.","cause":"The AWS credentials configured for the proxy are invalid or expired, preventing successful SigV4 authentication with AWS.","error":"botocore.exceptions.ClientError: An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid."}]}