Summary

This package addresses the challenge of connecting AI applications and clients to AWS-hosted Message Communication Protocol (MCP) servers that require AWS Identity and Access Management (IAM) SigV4 authentication. It offers both a standalone proxy server and a Python library, enabling developers to seamlessly integrate these secured services without building custom authentication logic. The primary benefit is simplifying access to AWS-native AI services for a wide range of AI clients and agent frameworks.

How It Works

The project provides two distinct modes of operation. As a proxy, it acts as a client-side bridge, intercepting requests from MCP clients (like Claude Desktop or Kiro CLI) and automatically signing them using local AWS credentials (via SigV4) before forwarding them to the AWS MCP endpoint. In library mode, it offers authenticated transport layers for Python AI agent frameworks such as LangChain and LlamaIndex, allowing programmatic integration. This approach abstracts the complexity of SigV4 signing, a common hurdle when interacting with AWS IAM-secured endpoints.

Quick Start & Requirements

Installation can be done via pip (pip install mcp-proxy-for-aws) for library usage, or by running the proxy using uvx mcp-proxy-for-aws@latest. Docker images are available on ECR (docker pull public.ecr.aws/mcp-proxy-for-aws/mcp-proxy-for-aws:latest). Prerequisites include Python 3.10+, configured AWS credentials (CLI, environment variables, or IAM roles), and optionally Docker Desktop. Comprehensive examples for integrating with LangChain, LlamaIndex, and other frameworks are provided in the ./examples/mcp-client/ directory.

Highlighted Details

• Dual functionality: operates as a standalone proxy or an embeddable Python library.
• Automates AWS IAM SigV4 authentication for MCP requests using local credentials.
• Direct integration support for popular AI agent frameworks including LangChain, LlamaIndex, Strands Agents, and Microsoft Agent Framework.
• Features dynamic tool discovery when used as a proxy.

Maintenance & Community

Development and contribution guidelines are available via DEVELOPMENT.md and CONTRIBUTING.md. The project appears to be actively maintained by AWS, though specific community channels or contributor details are not detailed in the provided README.

Licensing & Compatibility

The project is licensed under the Apache License, Version 2.0. This permissive license generally allows for commercial use and integration into closed-source applications, with standard attribution requirements.

Limitations & Caveats

Authentication errors may arise if the AWS service name (--service parameter) is incorrectly specified or if AWS credentials are not properly configured. A general disclaimer notes that LLMs are non-deterministic and users are responsible for implementing robust security controls and IAM configurations, as any resulting vulnerabilities are solely their responsibility. Cline users should avoid the --log-level argument.