Skip to main content
Glama
ihatesea69

AWS MCP Server

by ihatesea69
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

select-profile

Selects an AWS profile for Claude AI to manage AWS resources, handling SSO authentication when required.

Instructions

Selects AWS profile to use for subsequent interactions. If needed, does SSO authentication

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
profileYesName of the AWS profile to select
regionNoRegion to use (if not provided, us-east-1 is used)

Implementation Reference

  • index.ts:168-175 (handler)
    Executes the select-profile tool: validates input with SelectProfileSchema, fetches credentials via getCredentials helper, updates global state variables for the selected profile and region, returns success message.
    } else if (name === "select-profile") {
  const { profile, region } = SelectProfileSchema.parse(args);
  const credentials = await getCredentials(profiles[profile], profile);
  selectedProfile = profile;
  selectedProfileCredentials = credentials;
  selectedProfileRegion = region || "us-east-1";
  return createTextResponse("Authenticated!");
} else {
  • index.ts:90-108 (schema)
    Input schema and metadata for the 'select-profile' tool, returned by ListToolsRequestSchema handler.
    {
  name: "select-profile",
  description:
    "Selects AWS profile to use for subsequent interactions. If needed, does SSO authentication",
  inputSchema: {
    type: "object",
    properties: {
      profile: {
        type: "string",
        description: "Name of the AWS profile to select",
      },
      region: {
        type: "string",
        description: "Region to use (if not provided, us-east-1 is used)",
      },
    },
    required: ["profile"],
  },
},
  • index.ts:120-123 (schema)
    Zod schema used for input validation in the select-profile handler.
    const SelectProfileSchema = z.object({
  profile: z.string(),
  region: z.string().optional(),
});
  • index.ts:51-111 (registration)
    Registers the select-profile tool by including it in the tools list response of ListToolsRequestSchema handler.
    server.setRequestHandler(ListToolsRequestSchema, async () => {
  return {
    tools: [
      {
        name: "run-aws-code",
        description: "Run AWS code",
        inputSchema: {
          type: "object",
          properties: {
            reasoning: {
              type: "string",
              description: "The reasoning behind the code",
            },
            code: {
              type: "string",
              description: codePrompt,
            },
            profileName: {
              type: "string",
              description: "Name of the AWS profile to use",
            },
            region: {
              type: "string",
              description: "Region to use (if not provided, us-east-1 is used)",
            },
          },
          required: ["reasoning", "code"],
        },
      },
      {
        name: "list-credentials",
        description:
          "List all AWS credentials/configs/profiles that are configured/usable on this machine",
        inputSchema: {
          type: "object",
          properties: {},
          required: [],
        },
      },
      {
        name: "select-profile",
        description:
          "Selects AWS profile to use for subsequent interactions. If needed, does SSO authentication",
        inputSchema: {
          type: "object",
          properties: {
            profile: {
              type: "string",
              description: "Name of the AWS profile to select",
            },
            region: {
              type: "string",
              description: "Region to use (if not provided, us-east-1 is used)",
            },
          },
          required: ["profile"],
        },
      },
    ],
  };
});
  • index.ts:234-296 (helper)
    Helper function to retrieve AWS credentials for a given profile, handling SSO authentication via device flow if applicable, or standard provider.
    async function getCredentials(
  creds: any,
  profileName: string
): Promise<AWS.Credentials | AWS.SSO.RoleCredentials | any> {
  if (creds.sso_start_url) {
    const region = creds.region || "us-east-1";
    const ssoStartUrl = creds.sso_start_url;
    const oidc = new AWS.SSOOIDC({ region });

    const registration = await oidc
      .registerClient({ clientName: "chatwithcloud", clientType: "public" })
      .promise();

    const auth = await oidc
      .startDeviceAuthorization({
        clientId: registration.clientId!,
        clientSecret: registration.clientSecret!,
        startUrl: ssoStartUrl,
      })
      .promise();

    // open this in URL browser
    if (auth.verificationUriComplete) {
      open(auth.verificationUriComplete);
    }

    let handleId: NodeJS.Timeout;
    return new Promise((resolve) => {
      handleId = setInterval(async () => {
        try {
          const createTokenReponse = await oidc
            .createToken({
              clientId: registration.clientId!,
              clientSecret: registration.clientSecret!,
              grantType: "urn:ietf:params:oauth:grant-type:device_code",
              deviceCode: auth.deviceCode,
            })
            .promise();

          const sso = new AWS.SSO({ region });

          const credentials = await sso
            .getRoleCredentials({
              accessToken: createTokenReponse.accessToken!,
              accountId: creds.sso_account_id,
              roleName: creds.sso_role_name,
            })
            .promise();

          clearInterval(handleId);

          return resolve(credentials.roleCredentials!);
        } catch (error) {
          if ((error as Error).message !== null) {
            // terminal.error(error);
          }
        }
      }, 2500);
    });
  } else {
    return useAWSCredentialsProvider(profileName);
  }
}

Tool Definition Quality

A4/5.0
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden. It discloses the tool's stateful nature (affects subsequent interactions) and conditional SSO authentication, which are valuable behavioral traits. However, it doesn't mention potential side effects, error conditions, or what happens if authentication fails.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is perfectly concise with two sentences that each earn their place. The first sentence states the core function, and the second adds important conditional behavior. There's zero wasted language or redundancy.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a tool with 2 parameters, 100% schema coverage, and no output schema, the description provides adequate context about the tool's purpose and behavioral characteristics. The main gap is the lack of information about return values or what constitutes successful execution.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, providing complete parameter documentation. The description adds no additional parameter semantics beyond what's in the schema, so it meets the baseline score of 3 where the schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose with specific verbs ('selects', 'does SSO authentication') and identifies the resource ('AWS profile'). It distinguishes from sibling tools by focusing on profile selection rather than credential listing or code execution.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides clear context about when to use this tool ('for subsequent interactions') and mentions SSO authentication as a conditional behavior. However, it doesn't explicitly state when NOT to use it or name specific alternatives among the sibling tools.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/ihatesea69/AWS-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server