Skip to main content
Glama

KYC MCP Server

by CTD-Techs
OverviewInspectNewSchemaRelated ServersScore
Python
Remote
README.md14.1 kB
# KYC MCP Server - EC2 Deployment Guide Complete guide for deploying the KYC MCP Server on AWS EC2 with production-ready configuration. ## Table of Contents - [Prerequisites](#prerequisites) - [Quick Start](#quick-start) - [Deployment Methods](#deployment-methods) - [Method 1: Terraform (Recommended)](#method-1-terraform-recommended) - [Method 2: Manual Setup](#method-2-manual-setup) - [Configuration](#configuration) - [Post-Deployment](#post-deployment) - [Monitoring and Logging](#monitoring-and-logging) - [Backup and Recovery](#backup-and-recovery) - [Scaling](#scaling) - [Security Best Practices](#security-best-practices) - [Troubleshooting](#troubleshooting) - [Cost Optimization](#cost-optimization) - [Maintenance](#maintenance) --- ## Prerequisites ### Required - AWS Account with appropriate permissions - AWS CLI installed and configured - SSH key pair for EC2 access - Domain name (optional, for SSL) - KYC API credentials ### Recommended Tools - Terraform >= 1.0 (for infrastructure as code) - Git - Docker knowledge - Basic Linux administration skills ### AWS Permissions Required Your IAM user/role needs permissions for: - EC2 (instances, security groups, EIPs) - VPC (if creating new VPC) - IAM (roles, policies, instance profiles) - CloudWatch (logs, metrics, alarms) - S3 (for backups) - SSM (for parameter store) --- ## Quick Start ### 1. Clone Repository ```bash git clone <your-repo-url> cd kyc-mcp-server ``` ### 2. Configure Environment ```bash cp .env.example .env nano .env # Edit with your credentials ``` ### 3. Deploy with Terraform ```bash cd deploy/terraform cp terraform.tfvars.example terraform.tfvars nano terraform.tfvars # Configure your settings terraform init terraform plan terraform apply ``` ### 4. Connect and Deploy Application ```bash # SSH into instance (use output from Terraform) ssh -i ~/.ssh/your-key.pem ubuntu@<instance-ip> # Clone repository cd /opt sudo git clone <your-repo-url> kyc-mcp-server sudo chown -R $USER:$USER kyc-mcp-server # Run setup cd kyc-mcp-server chmod +x deploy/ec2-setup.sh ./deploy/ec2-setup.sh # Deploy application chmod +x deploy/deploy.sh ./deploy/deploy.sh ``` --- ## Deployment Methods ### Method 1: Terraform (Recommended) Terraform provides infrastructure as code for reproducible deployments. #### Step 1: Configure Terraform Variables ```bash cd deploy/terraform cp terraform.tfvars.example terraform.tfvars ``` Edit `terraform.tfvars`: ```hcl # Basic Configuration aws_region = "us-east-1" project_name = "kyc-mcp-server" environment = "production" # Instance Configuration instance_type = "t3.medium" # Adjust based on load os_type = "ubuntu" # Security allowed_ssh_cidrs = ["YOUR_IP/32"] existing_key_name = "your-key-name" # Networking use_elastic_ip = true # Backups enable_s3_backup = true backup_retention_days = 30 ``` #### Step 2: Initialize and Apply ```bash terraform init terraform plan terraform apply ``` #### Step 3: Note Outputs Terraform will output important information: - Instance IP address - SSH connection command - CloudWatch log group - S3 backup bucket #### Step 4: Deploy Application Follow the SSH connection command from Terraform output, then: ```bash cd /opt sudo git clone <your-repo-url> kyc-mcp-server sudo chown -R $USER:$USER kyc-mcp-server cd kyc-mcp-server # Configure environment cp .env.example .env nano .env # Run setup chmod +x deploy/ec2-setup.sh ./deploy/ec2-setup.sh # Deploy chmod +x deploy/deploy.sh ./deploy/deploy.sh ``` ### Method 2: Manual Setup #### Step 1: Launch EC2 Instance 1. Go to AWS Console → EC2 2. Launch Instance: - AMI: Ubuntu 22.04 LTS or Amazon Linux 2 - Instance Type: t3.medium (minimum) - Storage: 30GB gp3 - Security Group: Allow ports 22, 80, 443, 9090 - Key Pair: Select or create #### Step 2: Allocate Elastic IP (Optional) 1. EC2 → Elastic IPs → Allocate 2. Associate with your instance #### Step 3: Connect and Setup ```bash ssh -i your-key.pem ubuntu@<instance-ip> # Clone repository cd /opt sudo git clone <your-repo-url> kyc-mcp-server sudo chown -R $USER:$USER kyc-mcp-server cd kyc-mcp-server # Run setup script chmod +x deploy/ec2-setup.sh ./deploy/ec2-setup.sh ``` #### Step 4: Configure Application ```bash cd /opt/kyc-mcp-server cp .env.example .env nano .env ``` Edit with your credentials: ```env KYC_API_BASE_URL=https://api.sandbox.co.in KYC_API_KEY=your_api_key KYC_JWT_SECRET=your_secret ``` #### Step 5: Deploy ```bash chmod +x deploy/deploy.sh ./deploy/deploy.sh ``` --- ## Configuration ### Environment Variables Key configuration in `.env`: ```env # API Configuration KYC_API_BASE_URL=https://api.sandbox.co.in KYC_API_KEY=your_api_key_here KYC_JWT_SECRET=your_jwt_secret_here # Redis Configuration REDIS_HOST=redis REDIS_PORT=6379 # Cache Settings CACHE_ENABLED=true CACHE_DEFAULT_TTL=3600 # Rate Limiting RATE_LIMIT_ENABLED=true RATE_LIMIT_PER_MINUTE=60 RATE_LIMIT_PER_HOUR=1000 # Logging LOG_LEVEL=INFO ``` ### Nginx Configuration Configure reverse proxy: ```bash cd deploy/nginx chmod +x install-nginx.sh sudo ./install-nginx.sh ``` For SSL with Let's Encrypt: ```bash sudo certbot --nginx -d your-domain.com ``` ### Systemd Service Enable auto-start on boot: ```bash cd deploy/systemd chmod +x install-service.sh sudo ./install-service.sh sudo systemctl start kyc-mcp.service ``` --- ## Post-Deployment ### 1. Verify Deployment ```bash # Check containers docker ps # Check logs docker-compose logs -f kyc-mcp-server # Test health endpoint curl http://localhost/health ``` ### 2. Configure Monitoring ```bash # Setup CloudWatch agent sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl \ -a fetch-config \ -m ec2 \ -s \ -c file:/opt/kyc-mcp-server/deploy/monitoring/cloudwatch-config.json ``` ### 3. Setup Automated Backups ```bash cd deploy/backup chmod +x setup-cron.sh sudo ./setup-cron.sh ``` ### 4. Configure DNS (if using domain) Point your domain A record to the Elastic IP: ``` A @ <elastic-ip> 300 ``` ### 5. Test SSL Certificate ```bash sudo certbot renew --dry-run ``` --- ## Monitoring and Logging ### CloudWatch Logs View logs in AWS Console: - Log Group: `/aws/ec2/kyc-mcp-server` - Streams: - `{instance-id}/application` - `{instance-id}/nginx-access` - `{instance-id}/nginx-error` - `{instance-id}/syslog` ### CloudWatch Metrics Custom metrics namespace: `KYC-MCP-Server` Key metrics: - CPU Usage - Memory Usage - Disk Usage - Network I/O ### CloudWatch Alarms Pre-configured alarms: - High CPU (>80%) - High Memory (>80%) - High Disk (>85%) - Status Check Failed ### Prometheus Metrics Access metrics at: `http://<instance-ip>:9090/metrics` ### Application Logs ```bash # View application logs docker-compose logs -f kyc-mcp-server # View nginx logs sudo tail -f /var/log/nginx/kyc-mcp-access.log sudo tail -f /var/log/nginx/kyc-mcp-error.log # View system logs sudo journalctl -u kyc-mcp.service -f ``` --- ## Backup and Recovery ### Automated Backups Backups run automatically via cron (configured during setup). Components backed up: - Redis data - Configuration files - Application logs - Docker images ### Manual Backup ```bash cd /opt/kyc-mcp-server/deploy/backup chmod +x backup.sh sudo ./backup.sh ``` Backups are stored: - Locally: `/opt/kyc-mcp-server-backups/` - S3: `s3://<bucket>/kyc-mcp-server/backups/` ### Restore from Backup List available backups: ```bash cd /opt/kyc-mcp-server/deploy/backup chmod +x restore.sh sudo ./restore.sh --list ``` Restore from local backup: ```bash sudo ./restore.sh --file /path/to/backup.tar.gz ``` Restore from S3: ```bash sudo ./restore.sh --s3 kyc-mcp-server/backups/backup_20240120_120000.tar.gz ``` Restore specific components: ```bash sudo ./restore.sh --file backup.tar.gz --components redis,config ``` --- ## Scaling ### Vertical Scaling (Increase Instance Size) 1. Stop the application: ```bash cd /opt/kyc-mcp-server docker-compose down ``` 2. Stop the instance (AWS Console or CLI) 3. Change instance type 4. Start instance 5. Start application: ```bash docker-compose up -d ``` ### Horizontal Scaling (Multiple Instances) For high availability: 1. **Setup Load Balancer** - Create Application Load Balancer - Configure target group - Add health checks 2. **Deploy Multiple Instances** - Use Terraform with count parameter - Or manually launch additional instances 3. **Shared Redis** - Use Amazon ElastiCache for Redis - Update `REDIS_HOST` in `.env` 4. **Update Nginx Configuration** - Configure upstream with multiple servers - Enable session persistence if needed --- ## Security Best Practices ### 1. SSH Access - Use key-based authentication only - Disable password authentication - Restrict SSH to specific IPs - Use SSH bastion host for production ### 2. Network Security - Use security groups to restrict access - Only expose necessary ports (80, 443) - Use VPC with private subnets for production - Enable VPC Flow Logs ### 3. Application Security - Keep API keys in environment variables - Use AWS Secrets Manager for sensitive data - Enable rate limiting - Implement request validation - Regular security updates ### 4. SSL/TLS - Use Let's Encrypt for free SSL certificates - Enable HTTPS only - Configure strong cipher suites - Enable HSTS headers ### 5. Monitoring - Enable CloudWatch detailed monitoring - Set up CloudWatch alarms - Monitor failed login attempts - Review logs regularly ### 6. Backups - Automated daily backups - Store backups in S3 with encryption - Test restore procedures regularly - Implement backup retention policy ### 7. IAM - Use IAM roles instead of access keys - Follow principle of least privilege - Enable MFA for AWS console access - Rotate credentials regularly --- ## Troubleshooting ### Application Won't Start ```bash # Check Docker status sudo systemctl status docker # Check container logs docker-compose logs kyc-mcp-server # Check Redis connection docker exec kyc-redis redis-cli ping # Verify environment variables cat .env ``` ### High CPU Usage ```bash # Check processes htop # Check Docker stats docker stats # Review application logs docker-compose logs --tail 100 kyc-mcp-server ``` ### Redis Connection Issues ```bash # Check Redis container docker ps | grep redis # Test Redis connection docker exec kyc-redis redis-cli ping # Check Redis logs docker-compose logs redis ``` ### SSL Certificate Issues ```bash # Test certificate sudo certbot certificates # Renew certificate sudo certbot renew # Check nginx configuration sudo nginx -t ``` ### Disk Space Issues ```bash # Check disk usage df -h # Clean Docker resources docker system prune -a # Clean old logs sudo journalctl --vacuum-time=7d ``` ### Network Issues ```bash # Check security group rules aws ec2 describe-security-groups --group-ids <sg-id> # Test connectivity curl -v http://localhost:8080 # Check nginx status sudo systemctl status nginx ``` --- ## Cost Optimization ### Instance Sizing **Development/Testing:** - t3.micro: ~$7.50/month - t3.small: ~$15/month **Production (Low Traffic):** - t3.medium: ~$30/month - t3.large: ~$60/month **Production (High Traffic):** - t3.xlarge: ~$120/month - t3.2xlarge: ~$240/month ### Cost Breakdown **Monthly Costs (t3.medium example):** - EC2 Instance (t3.medium): ~$30 - EBS Storage (30GB gp3): ~$2.40 - Elastic IP: ~$3.60 (if not attached) - Data Transfer: ~$9/100GB - CloudWatch Logs: ~$0.50/GB - S3 Backups: ~$0.023/GB - **Total: ~$45-60/month** ### Optimization Tips 1. **Use Reserved Instances** - Save up to 72% for 1-3 year commitments 2. **Right-Size Instances** - Monitor usage and adjust instance type - Use CloudWatch metrics 3. **Optimize Storage** - Use gp3 instead of gp2 - Clean up old snapshots - Implement log rotation 4. **Data Transfer** - Use CloudFront for static content - Compress responses - Minimize cross-region transfers 5. **Backups** - Use S3 lifecycle policies - Implement retention policies - Use S3 Intelligent-Tiering 6. **Monitoring** - Use CloudWatch Logs Insights - Set appropriate log retention - Use metric filters --- ## Maintenance ### Regular Tasks **Daily:** - Monitor CloudWatch alarms - Review error logs - Check backup status **Weekly:** - Review CloudWatch metrics - Check disk space - Review security group rules - Update application if needed **Monthly:** - Review and optimize costs - Update system packages - Review and rotate logs - Test backup restoration - Review access logs **Quarterly:** - Security audit - Performance review - Capacity planning - Update documentation ### Update Procedures #### Application Updates ```bash cd /opt/kyc-mcp-server git pull origin main chmod +x deploy/deploy.sh ./deploy/deploy.sh ``` #### Zero-Downtime Updates ```bash cd /opt/kyc-mcp-server chmod +x deploy/update.sh ./deploy/update.sh ``` #### System Updates ```bash # Ubuntu sudo apt-get update sudo apt-get upgrade -y # Amazon Linux sudo yum update -y # Reboot if kernel updated sudo reboot ``` --- ## Support and Resources ### Documentation - [Main README](../README.md) - [Architecture Document](../MCP_KYC_SERVER_ARCHITECTURE.md) - [API Documentation](../KYC.postman_collection.json) ### Useful Commands ```bash # Service management sudo systemctl status kyc-mcp.service sudo systemctl restart kyc-mcp.service # Docker management docker-compose ps docker-compose logs -f docker-compose restart # Nginx management sudo systemctl status nginx sudo nginx -t sudo systemctl reload nginx # View logs sudo journalctl -u kyc-mcp.service -f docker-compose logs -f kyc-mcp-server sudo tail -f /var/log/nginx/kyc-mcp-access.log ``` ### Getting Help For issues and questions: - Check troubleshooting section above - Review application logs - Check CloudWatch metrics and alarms - Contact support team --- ## License [Add your license here] ## Contributors [Add contributors here] --- **Last Updated:** 2024-01-20 **Version:** 1.0.0

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/CTD-Techs/CTD-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server