Connect AI to Your AWS Resources

1# Connect AI to Your AWS Resources
2 
3Transform how you manage and access your AWS infrastructure by connecting Claude, Cursor AI, and other AI assistants directly to your AWS accounts through AWS IAM Identity Center (formerly AWS SSO). Get instant access to your cloud resources, execute commands, and manage EC2 instances using natural language.
4 
5[![NPM Version](https://img.shields.io/npm/v/@aashari/mcp-server-aws-sso)](https://www.npmjs.com/package/@aashari/mcp-server-aws-sso)
6[![Node Version](https://img.shields.io/node/v/@aashari/mcp-server-aws-sso)](https://www.npmjs.com/package/@aashari/mcp-server-aws-sso)
7 
8## What You Can Do
9 
10✅ **Ask AI about your AWS accounts**: *"Show me all my AWS accounts and available roles"*  
11✅ **Execute AWS commands**: *"List all S3 buckets in my production account"*  
12✅ **Manage EC2 instances**: *"Check the disk usage on server i-123456789"*  
13✅ **Access multi-account setups**: *"Switch to the staging account and describe the VPCs"*  
14✅ **Monitor resources**: *"Get the status of all running EC2 instances"*  
15✅ **Run shell commands**: *"Execute 'df -h' on my web server via SSM"*
16 
17## Perfect For
18 
19- **DevOps Engineers** managing multi-account AWS environments and infrastructure automation
20- **Cloud Architects** needing quick access to resource information across AWS accounts  
21- **Developers** who want to check deployments and run AWS CLI commands through AI
22- **SRE Teams** monitoring and troubleshooting AWS resources using natural language
23- **IT Administrators** managing EC2 instances and executing remote commands securely
24- **Anyone** who wants to interact with AWS using conversational AI
25 
26## Quick Start
27 
28Get up and running in 2 minutes:
29 
30### 1. Get Your AWS SSO Setup
31 
32Set up AWS IAM Identity Center:
331. **Enable AWS IAM Identity Center** in your AWS account
342. **Configure your identity source** (AWS directory, Active Directory, or external IdP)  
353. **Set up permission sets** and assign users to AWS accounts
364. **Note your AWS SSO Start URL** (e.g., `https://your-company.awsapps.com/start`)
37 
38### 2. Try It Instantly
39 
40```bash
41# Set your AWS SSO configuration
42export AWS_SSO_START_URL="https://your-company.awsapps.com/start"
43export AWS_REGION="us-east-1"
44 
45# Start the authentication flow
46npx -y @aashari/mcp-server-aws-sso login
47 
48# List your accessible accounts and roles
49npx -y @aashari/mcp-server-aws-sso ls-accounts
50 
51# Execute an AWS command
52npx -y @aashari/mcp-server-aws-sso exec-command \
53  --account-id 123456789012 \
54  --role-name ReadOnly \
55  --command "aws s3 ls"
56```
57 
58## Connect to AI Assistants
59 
60### For Claude Desktop Users
61 
62Add this to your Claude configuration file (`~/.claude/claude_desktop_config.json`):
63 
64```json
65{
66  "mcpServers": {
67    "aws-sso": {
68      "command": "npx",
69      "args": ["-y", "@aashari/mcp-server-aws-sso"],
70      "env": {
71        "AWS_SSO_START_URL": "https://your-company.awsapps.com/start",
72        "AWS_REGION": "us-east-1"
73      }
74    }
75  }
76}
77```
78 
79Restart Claude Desktop, and you'll see "🔗 aws-sso" in the status bar.
80 
81### For Other AI Assistants
82 
83Most AI assistants support MCP. Install the server globally:
84 
85```bash
86npm install -g @aashari/mcp-server-aws-sso
87```
88 
89Then configure your AI assistant to use the MCP server with STDIO transport.
90 
91### Alternative: Configuration File
92 
93Create `~/.mcp/configs.json` for system-wide configuration:
94 
95```json
96{
97  "aws-sso": {
98    "environments": {
99      "AWS_SSO_START_URL": "https://your-company.awsapps.com/start",
100      "AWS_REGION": "us-east-1",
101      "DEBUG": "false"
102    }
103  }
104}
105```
106 
107**Alternative config keys:** The system also accepts `"@aashari/mcp-server-aws-sso"` or `"mcp-server-aws-sso"` instead of `"aws-sso"`.
108 
109## Real-World Examples
110 
111### 🔐 Authenticate and Explore
112 
113Ask your AI assistant:
114- *"Log into AWS SSO and show me my authentication status"*
115- *"List all my AWS accounts and the roles I can assume"*
116- *"Check if I'm still authenticated to AWS"*
117- *"Show me which AWS accounts I have access to"*
118 
119### 🛠️ Execute AWS Commands
120 
121Ask your AI assistant:
122- *"List all S3 buckets in my production account using the ReadOnly role"*
123- *"Show me all running EC2 instances in the us-west-2 region"*
124- *"Describe the VPCs in my staging AWS account"*
125- *"Get the status of my RDS databases in account 123456789012"*
126 
127### 🖥️ Manage EC2 Instances
128 
129Ask your AI assistant:
130- *"Check the disk usage on EC2 instance i-1234567890abcdef0"*
131- *"Run 'uptime' on my web server via Systems Manager"*
132- *"Execute 'systemctl status nginx' on instance i-abc123 in production"*
133- *"Get memory usage from all my application servers"*
134 
135### 🔍 Infrastructure Monitoring
136 
137Ask your AI assistant:
138- *"List all Lambda functions in my development account"*
139- *"Show me the CloudFormation stacks in us-east-1"*
140- *"Check the health of my load balancers"*
141- *"Get the latest CloudWatch alarms that are in ALARM state"*
142 
143### 🔄 Multi-Account Operations
144 
145Ask your AI assistant:
146- *"Switch to account 987654321098 with AdminRole and list all security groups"*
147- *"Compare the running instances between staging and production accounts"*
148- *"Check backup policies across all my AWS accounts"*
149- *"Audit IAM users in the security account"*
150 
151<details>
152<summary><b>MCP Tool Examples (Click to expand)</b></summary>
153 
154### `aws_sso_login`
155 
156**Basic Login:**
157```json
158{}
159```
160 
161**Custom Login Options:**
162```json
163{
164  "launchBrowser": false
165}
166```
167 
168### `aws_sso_status`
169 
170**Check Authentication Status:**
171```json
172{}
173```
174 
175### `aws_sso_ls_accounts`
176 
177**List All Accounts and Roles:**
178```json
179{}
180```
181 
182### `aws_sso_exec_command`
183 
184**List S3 Buckets:**
185```json
186{
187  "accountId": "123456789012", 
188  "roleName": "ReadOnly",
189  "command": "aws s3 ls"
190}
191```
192 
193**Describe EC2 Instances in a Specific Region:**
194```json
195{
196  "accountId": "123456789012",
197  "roleName": "AdminRole",
198  "command": "aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId,State.Name,InstanceType]' --output table",
199  "region": "us-west-2"
200}
201```
202 
203### `aws_sso_ec2_exec_command`
204 
205**Check System Resources:**
206```json
207{
208  "instanceId": "i-0a69e80761897dcce",
209  "accountId": "123456789012",
210  "roleName": "InfraOps",
211  "command": "uptime && df -h && free -m"
212}
213```
214 
215</details>
216 
217## Transport Modes
218 
219This server supports two transport modes for different integration scenarios:
220 
221### STDIO Transport (Default for MCP Clients)
222- Traditional subprocess communication via stdin/stdout
223- Ideal for local AI assistant integrations (Claude Desktop, Cursor AI)
224- Uses pipe-based communication for direct MCP protocol exchange
225 
226```bash
227# Run with STDIO transport (default for AI assistants)
228TRANSPORT_MODE=stdio npx @aashari/mcp-server-aws-sso
229 
230# Using npm scripts (after installation)
231npm run mcp:stdio
232```
233 
234### HTTP Transport (Default for Server Mode)
235- Modern HTTP-based transport with Server-Sent Events (SSE)
236- Supports multiple concurrent connections
237- Better for web-based integrations and development
238- Runs on port 3000 by default (configurable via PORT env var)
239- Endpoint: http://localhost:3000/mcp
240- Health check: http://localhost:3000/
241 
242```bash
243# Run with HTTP transport (default when no CLI args)
244TRANSPORT_MODE=http npx @aashari/mcp-server-aws-sso
245 
246# Using npm scripts (after installation)
247npm run mcp:http
248 
249# Test with MCP Inspector
250npm run mcp:inspect
251```
252 
253### Environment Variables
254 
255**Transport Configuration:**
256- `TRANSPORT_MODE`: Set to `stdio` or `http` (default: `http` for server mode, `stdio` for MCP clients)
257- `PORT`: HTTP server port (default: 3000)
258- `DEBUG`: Enable debug logging (default: false)
259 
260**AWS Configuration:**
261- `AWS_SSO_START_URL`: Your AWS IAM Identity Center start URL (e.g., `https://your-org.awsapps.com/start`)
262- `AWS_SSO_REGION` or `AWS_REGION`: AWS region for SSO authentication (e.g., `us-east-1`)
263- `AWS_PROFILE`: AWS profile name (optional, for CLI compatibility)
264 
265## Available Tools
266 
267When integrated with AI assistants via MCP, the following tools are available:
268 
269### Authentication Tools
270 
271- **`aws_sso_login`**: Initiates AWS SSO device authorization flow
272  - Parameters: `launchBrowser` (optional, boolean, default: true)
273  - Opens browser automatically for authentication
274  - Handles device authorization code flow
275  - Caches tokens for subsequent operations
276 
277- **`aws_sso_status`**: Checks current authentication status
278  - No parameters required
279  - Returns session details and expiration time
280  - Verifies cached token validity
281 
282### Account Management Tools
283 
284- **`aws_sso_ls_accounts`**: Lists all accessible AWS accounts and roles
285  - No parameters required
286  - Shows account IDs, names, emails, and available roles
287  - Essential for discovering which accounts/roles you can use
288 
289### Command Execution Tools
290 
291- **`aws_sso_exec_command`**: Executes AWS CLI commands with SSO credentials
292  - Required: `accountId`, `roleName`, `command`
293  - Optional: `region`
294  - Automatically obtains and caches temporary credentials
295  - Supports any AWS CLI command
296 
297- **`aws_sso_ec2_exec_command`**: Executes shell commands on EC2 instances via SSM
298  - Required: `instanceId`, `accountId`, `roleName`, `command`
299  - Optional: `region`
300  - No SSH access required (uses AWS Systems Manager)
301  - Instance must have SSM Agent installed
302 
303## CLI Commands
304 
305All tools are also available as CLI commands using `kebab-case`. Run `--help` for details (e.g., `mcp-aws-sso login --help`).
306 
307- **login**: Authenticates via AWS SSO (`--no-launch-browser`). Ex: `mcp-aws-sso login`.
308- **status**: Checks authentication status (no options). Ex: `mcp-aws-sso status`.
309- **ls-accounts**: Lists accounts/roles (no options). Ex: `mcp-aws-sso ls-accounts`.
310- **exec-command**: Runs AWS CLI command (`--account-id`, `--role-name`, `--command`, `--region`). Ex: `mcp-aws-sso exec-command --account-id 123456789012 --role-name ReadOnly --command "aws s3 ls"`.
311- **ec2-exec-command**: Runs shell command on EC2 (`--instance-id`, `--account-id`, `--role-name`, `--command`, `--region`). Ex: `mcp-aws-sso ec2-exec-command --instance-id i-0a69e80761897dcce --account-id 123456789012 --role-name InfraOps --command "uptime"`.
312 
313<details>
314<summary><b>CLI Command Examples (Click to expand)</b></summary>
315 
316### Login
317 
318**Standard Login (launches browser and polls automatically):**
319```bash
320mcp-aws-sso login
321```
322 
323**Login without Browser Launch:**
324```bash
325mcp-aws-sso login --no-launch-browser
326```
327 
328### Execute AWS Commands
329 
330**List S3 Buckets:**
331```bash
332mcp-aws-sso exec-command \
333  --account-id 123456789012 \
334  --role-name ReadOnly \
335  --command "aws s3 ls"
336```
337 
338**List EC2 Instances with Specific Region:**
339```bash
340mcp-aws-sso exec-command \
341  --account-id 123456789012 \
342  --role-name AdminRole \
343  --region us-west-2 \
344  --command "aws ec2 describe-instances --output table"
345```
346 
347### Execute EC2 Commands
348 
349**Check System Resources:**
350```bash
351mcp-aws-sso ec2-exec-command \
352  --instance-id i-0a69e80761897dcce \
353  --account-id 123456789012 \
354  --role-name InfraOps \
355  --command "uptime && df -h && free -m"
356```
357 
358</details>
359 
360## Troubleshooting
361 
362### "Authentication failed" or "Token expired"
363 
3641. **Re-authenticate with AWS SSO**:
365   ```bash
366   # Test your SSO configuration
367   npx -y @aashari/mcp-server-aws-sso login
368   ```
369 
3702. **Check your AWS SSO configuration**:
371   - Verify your `AWS_SSO_START_URL` is correct (should be your organization's SSO portal)
372   - Ensure your `AWS_REGION` matches your SSO region configuration
373 
3743. **Verify your SSO setup**:
375   - Make sure you can access the SSO portal in your browser
376   - Check that your AWS account assignments are active
377 
378### "Account not found" or "Role not found"
379 
3801. **Check available accounts and roles**:
381   ```bash
382   # List all accessible accounts
383   npx -y @aashari/mcp-server-aws-sso ls-accounts
384   ```
385 
3862. **Verify account ID format**:
387   - Account ID should be exactly 12 digits
388   - Use the exact account ID from the `ls-accounts` output
389 
3903. **Check role permissions**:
391   - Make sure you have permission to assume the specified role
392   - Use the exact role name from your permission sets
393 
394### "AWS CLI not found" or Command execution errors
395 
3961. **Install AWS CLI v2**:
397   - Download from [AWS CLI Installation Guide](https://aws.amazon.com/cli/)
398   - Ensure `aws` command is in your system PATH
399 
4002. **Test AWS CLI independently**:
401   ```bash
402   aws --version
403   aws sts get-caller-identity
404   ```
405 
406### "EC2 command failed" or "SSM connection issues"
407 
4081. **Verify EC2 instance setup**:
409   - Instance must have SSM Agent installed and running
410   - Instance needs an IAM role with `AmazonSSMManagedInstanceCore` policy
411 
4122. **Check your role permissions**:
413   - Your assumed role needs `ssm:SendCommand` and `ssm:GetCommandInvocation` permissions
414   - Verify the instance is in a running state
415 
4163. **Test SSM connectivity**:
417   ```bash
418   # Test if instance is reachable via SSM
419   npx -y @aashari/mcp-server-aws-sso exec-command \
420     --account-id YOUR_ACCOUNT \
421     --role-name YOUR_ROLE \
422     --command "aws ssm describe-instance-information"
423   ```
424 
425### Claude Desktop Integration Issues
426 
4271. **Restart Claude Desktop** after updating the config file
4282. **Check the status bar** for the "🔗 aws-sso" indicator
4293. **Verify config file location**:
430   - macOS: `~/.claude/claude_desktop_config.json`
431   - Windows: `%APPDATA%\Claude\claude_desktop_config.json`
432 
433### Getting Help
434 
435If you're still having issues:
4361. Run a simple test command to verify everything works
4372. Check the [GitHub Issues](https://github.com/aashari/mcp-server-aws-sso/issues) for similar problems
4383. Create a new issue with your error message and setup details
439 
440## Frequently Asked Questions
441 
442### What permissions do I need?
443 
444**For AWS IAM Identity Center (SSO) Setup:**
445- Access to AWS IAM Identity Center with a configured identity source
446- Permission sets assigned to you by your AWS administrator
447- Access to the specific AWS accounts you want to manage
448 
449**For EC2 Commands via SSM:**
450- Your assumed role needs `ssm:SendCommand` and `ssm:GetCommandInvocation` permissions
451- EC2 instances need an IAM role with `AmazonSSMManagedInstanceCore` policy
452- SSM Agent must be installed and running on target instances
453 
454### Can I use this with multiple AWS organizations?
455 
456Currently, each installation supports one AWS SSO start URL at a time. For multiple organizations, you can:
457- Switch the `AWS_SSO_START_URL` environment variable between sessions
458- Run separate instances with different configurations
459- Use multiple Claude Desktop configurations for different organizations
460 
461### How long do the SSO credentials last?
462 
463- **SSO tokens**: Typically 8-12 hours (managed by AWS IAM Identity Center)
464- **Temporary credentials**: Approximately 1 hour per account/role
465- The tool automatically handles token refresh and credential caching
466- You'll be prompted to re-authenticate when tokens expire
467 
468### What AI assistants does this work with?
469 
470Any AI assistant that supports the Model Context Protocol (MCP):
471- **Claude Desktop** (most popular and well-tested)
472- **Cursor AI** (code editor with AI)
473- **Continue.dev** (VS Code extension)
474- Any other MCP-compatible client
475 
476### Is my data secure?
477 
478Yes! This tool prioritizes security:
479- Runs entirely on your local machine (no external servers)
480- Uses your own AWS SSO credentials (no third-party authentication)
481- Never sends your data to third parties
482- Only accesses what you explicitly grant permission to
483- Uses AWS temporary credentials that automatically expire
484- Follows AWS best practices for credential management
485- Credentials are stored in standard AWS locations (`~/.aws/`)
486 
487### Do I need AWS CLI installed?
488 
489**For `aws_sso_exec_command`:** Yes, AWS CLI v2 is required to execute AWS commands.
490 
491**For other tools:** No, authentication (`aws_sso_login`), status checking (`aws_sso_status`), and account listing (`aws_sso_ls_accounts`) work without AWS CLI.
492 
493**For `aws_sso_ec2_exec_command`:** No, this uses the AWS SDK directly via Systems Manager.
494 
495### Can I use this with AWS CLI profiles?
496 
497This tool uses AWS IAM Identity Center directly and manages its own credential cache. It doesn't require AWS CLI profiles but is compatible with them:
498- The tool stores credentials in `~/.aws/sso/cache/` (standard AWS location)
499- You can optionally set `AWS_PROFILE` for compatibility with other AWS tools
500- The tool works independently of AWS CLI profile configuration
501 
502### What's the difference between AWS SSO and AWS IAM Identity Center?
503 
504They're the same service! AWS SSO was rebranded to **AWS IAM Identity Center** in 2022. This tool works with both names:
505- References to "AWS SSO" in the code and documentation refer to AWS IAM Identity Center
506- Your start URL format remains the same: `https://your-org.awsapps.com/start`
507- All functionality is identical regardless of the naming
508 
509### What is TOON format?
510 
511TOON (Token-Oriented Object Notation) is an output format optimized for Large Language Models:
512- More compact than JSON (saves tokens when sending data to AI)
513- Still human-readable
514- Automatically used when available, falls back to JSON if needed
515- Learn more: [@toon-format/toon](https://www.npmjs.com/package/@toon-format/toon)
516 
517### Where are logs stored?
518 
519Debug logs are written to: `~/.mcp/data/@aashari.mcp-server-aws-sso.[session-id].log`
520 
521Each session gets a unique log file. Enable debug logging with `DEBUG=true`.
522 
523<details>
524<summary><b>Response Format Examples (Click to expand)</b></summary>
525 
526### Output Format (TOON)
527 
528Responses are formatted using **TOON (Token-Oriented Object Notation)** format, which is optimized for LLM token efficiency. TOON provides a more compact representation than JSON while maintaining readability.
529 
530**Key Features:**
531- Automatically converts responses to TOON format when available
532- Falls back to JSON if TOON conversion fails
533- Truncates large responses (>10KB) with a note about the full response location
534- Logs full responses to `~/.mcp/data/@aashari.mcp-server-aws-sso.[session-id].log`
535 
536### MCP Tool Response Example (`aws_sso_exec_command`)
537 
538```markdown
539# AWS SSO: Command Result
540 
541**Account/Role:** 123456789012/ReadOnly
542**Region:** us-east-1 (Default: ap-southeast-1)
543 
544## Command
545 
546	aws s3 ls
547 
548## Output
549 
550	2023-01-15 08:42:53 my-bucket-1
551	2023-05-22 14:18:19 my-bucket-2
552	2024-02-10 11:05:37 my-logs-bucket
553 
554*Executed: 2025-05-19 06:21:49 UTC*
555```
556 
557### Error Response Example
558 
559```markdown
560# ❌ AWS SSO: Command Error
561 
562**Account/Role:** 123456789012/ReadOnly
563**Region:** us-east-1 (Default: ap-southeast-1)
564 
565## Command
566 
567	aws s3api get-object --bucket restricted-bucket --key secret.txt output.txt
568 
569## Error: Permission Denied
570The role `ReadOnly` does not have permission to execute this command.
571 
572## Error Details
573 
574	An error occurred (AccessDenied) when calling the GetObject operation: Access Denied
575 
576### Troubleshooting
577 
578#### Available Roles
579- AdminAccess
580- PowerUserAccess
581- S3FullAccess
582 
583Try executing the command again using one of the roles listed above that has appropriate permissions.
584 
585*Executed: 2025-05-19 06:17:49 UTC*
586```
587 
588### Large Response Handling
589 
590When API responses exceed 10KB, the output is truncated with a message:
591 
592```
593[Response truncated for AI consumption. Full response logged to: /path/to/log/file.log]
594```
595 
596This ensures AI assistants receive manageable response sizes while developers can access full output in log files.
597 
598</details>
599 
600## Technical Details
601 
602### Architecture
603 
604This server follows a clean 5-layer architecture:
605 
6061. **CLI Layer** (`src/cli/`): Command-line interface using Commander.js
6072. **Tools Layer** (`src/tools/`): MCP tool definitions with Zod validation schemas
6083. **Controllers Layer** (`src/controllers/`): Business logic and orchestration
6094. **Services Layer** (`src/services/`): External API interactions (AWS SDK)
6105. **Utils Layer** (`src/utils/`): Shared utilities (logging, config, caching, formatting)
611 
612### Key Dependencies
613 
614- **@modelcontextprotocol/sdk** v1.23.0: MCP protocol implementation
615- **@aws-sdk/client-sso** v3.893.0: AWS SSO API client
616- **@aws-sdk/client-ssm** v3.893.0: AWS Systems Manager for EC2 commands
617- **@toon-format/toon** v2.0.1: Token-efficient output formatting
618- **zod** v4.1.13: Runtime type validation
619- **commander** v14.0.2: CLI framework
620 
621### Logging
622 
623Debug logs are written to: `~/.mcp/data/@aashari.mcp-server-aws-sso.[session-id].log`
624 
625Enable debug logging by setting `DEBUG=true` in your environment.
626 
627### Caching
628 
629- **SSO tokens**: Cached in `~/.aws/sso/cache/` (standard AWS location)
630- **Temporary credentials**: Cached for 1 hour per account/role combination
631- **Account information**: Fetched fresh on each request (no persistent cache)
632 
633## Development
634 
635```bash
636# Clone repository
637git clone https://github.com/aashari/mcp-server-aws-sso.git
638cd mcp-server-aws-sso
639 
640# Install dependencies
641npm install
642 
643# Build the project
644npm run build
645 
646# Run in development mode with HTTP transport
647npm run dev:http
648 
649# Run with STDIO transport (for MCP client testing)
650npm run dev:stdio
651 
652# Run with MCP Inspector (visual debugging)
653npm run mcp:inspect
654 
655# Run tests
656npm test
657 
658# Run tests with coverage
659npm test:coverage
660 
661# Lint code
662npm run lint
663 
664# Format code
665npm run format
666```
667 
668### Available npm Scripts
669 
670- `npm run build` - Compile TypeScript to JavaScript
671- `npm run mcp:stdio` - Run with STDIO transport
672- `npm run mcp:http` - Run with HTTP transport
673- `npm run mcp:inspect` - Run with MCP Inspector for debugging
674- `npm test` - Run Jest tests
675- `npm run lint` - Run ESLint
676- `npm run format` - Format code with Prettier
677 
678## Requirements
679 
680- **Node.js**: Version 18.0.0 or higher
681- **AWS CLI**: Version 2.x (required only for `aws_sso_exec_command`)
682- **AWS IAM Identity Center**: Configured and accessible
683- **Operating System**: macOS, Linux, or Windows
684 
685## Version History
686 
687### v3.0.1 (Current)
688- Fixed picomatch dependency conflict for npm ci
689- Enhanced raw response logging with truncation for large API responses
690- Improved AI guidance for AWS SSO login instructions
691 
692### v3.0.0
693- **BREAKING**: Modernized to @modelcontextprotocol/sdk v1.23.0 with registerTool API
694- Added Node.js version specification (Node 22.14.0 compatibility)
695- Enhanced logging and error handling
696 
697### v2.0.0
698- **BREAKING**: Fixed AWS CLI execution and credential region mismatch issues
699- Improved cross-region authentication handling
700- Prevented dotenv from outputting to STDIO in MCP mode
701 
702See [CHANGELOG.md](./CHANGELOG.md) for complete version history.
703 
704## Contributing
705 
706Contributions are welcome! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change.
707 
708## License
709 
710ISC License - See LICENSE file for details
711 
712## Support
713 
714Need help? Here's how to get assistance:
715 
7161. **Check the troubleshooting section above** - most common issues are covered there
7172. **Visit our GitHub repository** for documentation and examples: [github.com/aashari/mcp-server-aws-sso](https://github.com/aashari/mcp-server-aws-sso)
7183. **Report issues** at [GitHub Issues](https://github.com/aashari/mcp-server-aws-sso/issues)
7194. **Start a discussion** for feature requests or general questions
7205. **Check debug logs** at `~/.mcp/data/@aashari.mcp-server-aws-sso.[session-id].log` for detailed error information
721 
722---
723 
724**Built with:** TypeScript, MCP SDK, AWS SDK for JavaScript v3, TOON Format
725 
726*Made with care for DevOps teams who want to bring AI into their AWS workflow.*
727 
728