AWS SSO MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add -e "AWS_SSO_START_URL=${AWS_SSO_START_URL}" -e "AWS_REGION=${AWS_REGION}" aws-sso -- npx -y @aashari/mcp-server-aws-sso
Required:AWS_SSO_START_URLAWS_REGION+ 1 optional
README.md

Connect AI assistants to AWS infrastructure through AWS IAM Identity Center

Connect AI to Your AWS Resources

Transform how you manage and access your AWS infrastructure by connecting Claude, Cursor AI, and other AI assistants directly to your AWS accounts through AWS IAM Identity Center (formerly AWS SSO). Get instant access to your cloud resources, execute commands, and manage EC2 instances using natural language.

What You Can Do

Ask AI about your AWS accounts: "Show me all my AWS accounts and available roles"
Execute AWS commands: "List all S3 buckets in my production account"
Manage EC2 instances: "Check the disk usage on server i-123456789"
Access multi-account setups: "Switch to the staging account and describe the VPCs"
Monitor resources: "Get the status of all running EC2 instances"
Run shell commands: "Execute 'df -h' on my web server via SSM"

Perfect For

  • DevOps Engineers managing multi-account AWS environments and infrastructure automation
  • Cloud Architects needing quick access to resource information across AWS accounts
  • Developers who want to check deployments and run AWS CLI commands through AI
  • SRE Teams monitoring and troubleshooting AWS resources using natural language
  • IT Administrators managing EC2 instances and executing remote commands securely
  • Anyone who wants to interact with AWS using conversational AI

Quick Start

Get up and running in 2 minutes:

1. Get Your AWS SSO Setup

Set up AWS IAM Identity Center:

  1. Enable AWS IAM Identity Center in your AWS account
  2. Configure your identity source (AWS directory, Active Directory, or external IdP)
  3. Set up permission sets and assign users to AWS accounts
  4. Note your AWS SSO Start URL (e.g., https://your-company.awsapps.com/start)

2. Try It Instantly

# Set your AWS SSO configuration
export AWS_SSO_START_URL="https://your-company.awsapps.com/start"
export AWS_REGION="us-east-1"

# Start the authentication flow
npx -y @aashari/mcp-server-aws-sso login

# List your accessible accounts and roles
npx -y @aashari/mcp-server-aws-sso ls-accounts

# Execute an AWS command
npx -y @aashari/mcp-server-aws-sso exec-command \
  --account-id 123456789012 \
  --role-name ReadOnly \
  --command "aws s3 ls"

Connect to AI Assistants

For Claude Desktop Users

Add this to your Claude configuration file (~/.claude/claude_desktop_config.json):

{
  "mcpServers": {
    "aws-sso": {
      "command": "npx",
      "args": ["-y", "@aashari/mcp-server-aws-sso"],
      "env": {
        "AWS_SSO_START_URL": "https://your-company.awsapps.com/start",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

Restart Claude Desktop, and you'll see "🔗 aws-sso" in the status bar.

For Other AI Assistants

Most AI assistants support MCP. Install the server globally:

npm install -g @aashari/mcp-server-aws-sso

Then configure your AI assistant to use the MCP server with STDIO transport.

Alternative: Configuration File

Create ~/.mcp/configs.json for system-wide configuration:

{
  "aws-sso": {
    "environments": {
      "AWS_SSO_START_URL": "https://your-company.awsapps.com/start",
      "AWS_REGION": "us-east-1",
      "DEBUG": "false"
    }
  }
}

Alternative config keys: The system also accepts "@aashari/mcp-server-aws-sso" or "mcp-server-aws-sso" instead of "aws-sso".

Real-World Examples

🔐 Authenticate and Explore

Ask your AI assistant:

  • "Log into AWS SSO and show me my authentication status"
  • "List all my AWS accounts and the roles I can assume"
  • "Check if I'm still authenticated to AWS"
  • "Show me which AWS accounts I have access to"

🛠️ Execute AWS Commands

Ask your AI assistant:

  • "List all S3 buckets in my production account using the ReadOnly role"
  • "Show me all running EC2 instances in the us-west-2 region"
  • "Describe the VPCs in my staging AWS account"
  • "Get the status of my RDS databases in account 123456789012"

🖥️ Manage EC2 Instances

Ask your AI assistant:

  • "Check the disk usage on EC2 instance i-1234567890abcdef0"
  • "Run 'uptime' on my web server via Systems Manager"
  • "Execute 'systemctl status nginx' on instance i-abc123 in production"
  • "Get memory usage from all my application servers"

🔍 Infrastructure Monitoring

Ask your AI assistant:

  • "List all Lambda functions in my development account"
  • "Show me the CloudFormation stacks in us-east-1"
  • "Check the health of my load balancers"
  • "Get the latest CloudWatch alarms that are in ALARM state"

🔄 Multi-Account Operations

Ask your AI assistant:

  • "Switch to account 987654321098 with AdminRole and list all security groups"
  • *"Com

Tools (2)

ls-accountsList all accessible AWS accounts and roles
exec-commandExecute AWS CLI commands in a specific account and role

Environment Variables

AWS_SSO_START_URLrequiredThe AWS IAM Identity Center start URL
AWS_REGIONrequiredThe AWS region to operate in
DEBUGEnable debug logging

Configuration

claude_desktop_config.json
{"mcpServers": {"aws-sso": {"command": "npx", "args": ["-y", "@aashari/mcp-server-aws-sso"], "env": {"AWS_SSO_START_URL": "https://your-company.awsapps.com/start", "AWS_REGION": "us-east-1"}}}}

Try it

List all my AWS accounts and the roles I can assume.
List all S3 buckets in my production account using the ReadOnly role.
Check the disk usage on EC2 instance i-1234567890abcdef0.
Run 'uptime' on my web server via Systems Manager.
Show me all running EC2 instances in the us-west-2 region.

Frequently Asked Questions

What are the key features of AWS SSO?

Authenticate and explore AWS accounts via IAM Identity Center. Execute arbitrary AWS CLI commands across multiple accounts. Manage and monitor EC2 instances using natural language. Run remote shell commands on instances via AWS Systems Manager. Support for multi-account AWS environments.

What can I use AWS SSO for?

DevOps engineers managing infrastructure across multiple AWS accounts. Cloud architects querying resource information via conversational AI. SRE teams troubleshooting EC2 instances and checking system health. Developers running deployment checks and AWS CLI commands through AI.

How do I install AWS SSO?

Install AWS SSO by running: npx -y @aashari/mcp-server-aws-sso

What MCP clients work with AWS SSO?

AWS SSO works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep AWS SSO docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all cloud servers →

Related MCP Servers

SSH MCP Server
Execute shell commands on remote Linux and Windows systems via SSH.
cloud346 stars
Hono MCP Server
Expose your Hono API endpoints as MCP tools.
cloud77 stars
n8n Manager for AI Agents
Manage n8n workflow automation instances through AI agent tools.
cloud54 stars
Kilntainers
Give Every Agent an Ephemeral Linux Sandbox — via MCP
cloud36 stars
AWS MCP Server
Manage and provision AWS resources using natural language prompts
cloud27 stars
Dynamics 365 Finance & Operations
Production-ready MCP server for Microsoft Dynamics 365 Finance & Operations
cloud25 stars