๐ MCP Cloud Services Server
Comprehensive MCP (Model Context Protocol) server for cloud services management. Supports AWS, Azure, and GCP with resource management, cost analysis, monitoring, and security features.
๐ Quick Start
The MCP Cloud Services Server is a comprehensive MCP server that enables AI assistants (such as Cursor and Claude Desktop) to manage cloud resources, analyze costs, perform monitoring, and conduct security checks.
Key Features
- โ๏ธ Multi-Cloud Support: Supports AWS, Azure, and GCP.
- ๐ Resource Management: Allows list, create, delete, start, and stop operations.
- ๐ฐ Cost Analysis: Provides cost breakdown, trends, and billing analysis.
- ๐ Monitoring: Offers metrics, alarms, and health checks.
- ๐ Security: Performs security scanning, compliance checks, and encryption analysis.
- ๐ Credential Management: Ensures secure credential storage and management.
โจ Features
The MCP Cloud Services Server uses the Model Context Protocol (MCP) standard to provide cloud management capabilities to AI assistants. The server exposes tools via the MCP protocol, allowing AI assistants to perform cloud operations using these tools.
Architecture
AI Assistant (Cursor/Claude)
โ (MCP Protocol)
MCP Cloud Services Server
โ (SDK Calls)
Cloud Provider APIs (AWS/Azure/GCP)
The server manages SDK calls using the adapter pattern for each cloud provider. Credentials are securely stored and managed.
๐ฆ Installation
Requirements
- Node.js 18 or higher
- npm or yarn
- TypeScript (dev dependency)
- Cloud provider credentials (AWS, Azure, or GCP)
Steps
- Clone the repository:
git clone https://github.com/code-alchemist01/Cloud-mcp_server.git
cd Cloud-mcp_server
- Install dependencies:
npm install
- Build the project:
npm run build
-
Configure Cloud Credentials (see the following section)
-
Test the installation:
npm start
๐ง Technical Details
Credential Configuration
Why are Credentials Needed?
Cloud providers (AWS, Azure, GCP) require authentication for all API calls for security reasons. These credentials are used for authentication and authorization. The server uses these credentials to securely connect to cloud APIs.
AWS Credentials
AWS requires an Access Key ID and a Secret Access Key. These credentials are created in AWS IAM and must have the necessary permissions.
Method 1: Environment Variables (Recommended)
export AWS_ACCESS_KEY_ID=your_access_key_id
export AWS_SECRET_ACCESS_KEY=your_secret_access_key
export AWS_REGION=us-east-1
Method 2: AWS Credentials File
~/.aws/credentials (Linux/Mac)
C:\Users\YourUsername\.aws\credentials (Windows)
[default]
aws_access_key_id = your_access_key_id
aws_secret_access_key = your_secret_access_key
Method 3: In MCP Config
{
"mcpServers": {
"cloud-services": {
"command": "node",
"args": ["..."],
"env": {
"AWS_ACCESS_KEY_ID": "your_access_key_id",
"AWS_SECRET_ACCESS_KEY": "your_secret_access_key",
"AWS_REGION": "us-east-1"
}
}
}
}
Required IAM Permissions:
ec2:DescribeInstances, ec2:StartInstances, ec2:StopInstancess3:ListBuckets, s3:GetBucketLocationlambda:ListFunctions, lambda:GetFunctionrds:DescribeDBInstancescloudwatch:GetMetricStatisticsce:GetCostAndUsage
Azure Credentials
Azure requires a Service Principal (Client ID, Client Secret, Tenant ID) or an Azure CLI login. A Subscription ID is also required.
Method 1: Environment Variables
export AZURE_CLIENT_ID=your_client_id
export AZURE_CLIENT_SECRET=your_client_secret
export AZURE_TENANT_ID=your_tenant_id
export AZURE_SUBSCRIPTION_ID=your_subscription_id
Method 2: Azure CLI Login (Easiest)
az login
export AZURE_SUBSCRIPTION_ID=your_subscription_id
Method 3: In MCP Config
{
"mcpServers": {
"cloud-services": {
"command": "node",
"args": ["..."],
"env": {
"AZURE_CLIENT_ID": "your_client_id",
"AZURE_CLIENT_SECRET": "your_secret",
"AZURE_TENANT_ID": "your_tenant_id",
"AZURE_SUBSCRIPTION_ID": "your_subscription_id"
}
}
}
}
Creating a Service Principal:
az ad sp create-for-rbac --name "mcp-cloud-services" --role contributor
Required RBAC Permissions:
Reader (for listing resources)Virtual Machine Contributor (for VM management)Storage Account Contributor (for storage management)
GCP Credentials
GCP requires a Service Account JSON file or the gcloud CLI. A Project ID is also required.
Method 1: Service Account JSON (Recommended)
export GCP_PROJECT_ID=your_project_id
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account-key.json
Method 2: gcloud CLI
gcloud auth application-default login
gcloud config set project YOUR_PROJECT_ID
export GCP_PROJECT_ID=$(gcloud config get-value project)
Method 3: In MCP Config
{
"mcpServers": {
"cloud-services": {
"command": "node",
"args": ["..."],
"env": {
"GCP_PROJECT_ID": "your_project_id",
"GOOGLE_APPLICATION_CREDENTIALS": "C:\\path\\to\\service-account-key.json"
}
}
}
}
Creating a Service Account:
- GCP Console โ IAM & Admin โ Service Accounts
- Create Service Account
- Grant roles:
Compute Viewer, Storage Viewer, Cloud Functions Viewer
- Create JSON key and download
Required IAM Roles:
Compute Viewer (for viewing compute instances)Storage Viewer (for viewing storage buckets)Cloud Functions Viewer (for viewing functions)Monitoring Viewer (for metrics)Billing Account Viewer (for cost analysis)
Installation for MCP Clients
Cursor IDE
- Create/Edit the MCP Config File
Windows:
%APPDATA%\Cursor\User\globalStorage\mcp.json
macOS/Linux:
~/.config/Cursor/User/globalStorage/mcp.json
Workspace-specific (Recommended):
<project-root>/.cursor/mcp.json
- Config Content
{
"mcpServers": {
"cloud-services": {
"command": "node",
"args": [
"C:\\Users\\YourUsername\\path\\to\\Cloud-mcp_server\\dist\\index.js"
],
"env": {
"AWS_ACCESS_KEY_ID": "your_key",
"AWS_SECRET_ACCESS_KEY": "your_secret",
"AWS_REGION": "us-east-1"
}
}
}
}
- Restart Cursor
Claude Desktop
- Create/Edit the MCP Config File
Windows:
%APPDATA%\Claude\claude_desktop_config.json
macOS:
~/Library/Application Support/Claude/claude_desktop_config.json
Linux:
~/.config/Claude/claude_desktop_config.json
- Config Content
{
"mcpServers": {
"cloud-services": {
"command": "node",
"args": [
"/absolute/path/to/Cloud-mcp_server/dist/index.js"
],
"env": {
"AWS_ACCESS_KEY_ID": "your_key",
"AWS_SECRET_ACCESS_KEY": "your_secret"
}
}
}
}
Other MCP Clients
For any client that supports the MCP protocol, start the server using stdio transport:
{
"mcpServers": {
"cloud-services": {
"command": "node",
"args": ["/path/to/dist/index.js"],
"env": {
"AWS_ACCESS_KEY_ID": "...",
"AWS_SECRET_ACCESS_KEY": "..."
}
}
}
}
๐ป Usage Examples
Basic Usage
After installing the MCP server, you can perform cloud operations using natural language commands in your client's chat interface.
Example Usages
AWS:
List all EC2 instances in AWS
Show S3 buckets
Start instance i-1234567890abcdef0
List Lambda functions
Azure:
List all virtual machines in Azure
Show storage accounts
GCP:
List all compute instances in GCP
Show storage buckets
List cloud functions
Cost Analysis:
Analyze AWS costs from 2024-01-01 to 2024-01-31
Show cost breakdown by service
Monitoring:
Show the CPU usage of instance i-1234567890abcdef0
List AWS alarms
Security:
Scan for security vulnerabilities in AWS resources
Perform CIS compliance checks
Check the encryption status
๐ MCP Tools (26 Tools)
AWS Tools (6)
aws_list_ec2_instances - List EC2 instancesaws_list_s3_buckets - List S3 bucketsaws_list_lambda_functions - List Lambda functionsaws_list_rds_instances - List RDS instancesaws_start_ec2_instance - Start an EC2 instanceaws_stop_ec2_instance - Stop an EC2 instance
Azure Tools (2)
azure_list_virtual_machines - List virtual machinesazure_list_storage_accounts - List storage accounts
GCP Tools (3)
gcp_list_compute_instances - List compute instancesgcp_list_storage_buckets - List storage bucketsgcp_list_cloud_functions - List cloud functions
Resource Management Tools (5)
list_resources - List all cloud resourcesget_resource - Get resource detailsstart_resource - Start a resourcestop_resource - Stop a resourcedelete_resource - Delete a resource (use with caution)
Cost Analysis Tools (3)
analyze_costs - Analyze costsget_cost_by_service - Get cost breakdown by serviceestimate_monthly_cost - Estimate monthly costs
Monitoring Tools (3)
get_metrics - Get resource metricslist_alarms - List monitoring alarmsget_resource_health - Check resource health status
Security Tools (4)
scan_security_issues - Scan for security vulnerabilitiescheck_compliance - Perform compliance checksanalyze_permissions - Analyze IAM permissionscheck_encryption - Check the encryption status
๐ Project Structure
Cloud-mcp_server/
โโโ src/
โ โโโ index.ts # Main entry point of the MCP server
โ โโโ server.ts # MCP server implementation
โ โโโ tools/ # MCP tools
โ โ โโโ aws-tools.ts # AWS specific tools
โ โ โโโ azure-tools.ts # Azure specific tools
โ โ โโโ gcp-tools.ts # GCP specific tools
โ โ โโโ resource-management.ts # Resource management tools
โ โ โโโ cost-analysis.ts # Cost analysis tools
โ โ โโโ monitoring.ts # Monitoring tools
โ โ โโโ security.ts # Security tools
โ โโโ adapters/ # Cloud provider adapters
โ โ โโโ aws-adapter.ts # AWS SDK adapter
โ โ โโโ azure-adapter.ts # Azure SDK adapter
โ โ โโโ gcp-adapter.ts # GCP SDK adapter
โ โโโ utils/ # Helper functions
โ โ โโโ credential-manager.ts
โ โ โโโ formatters.ts
โ โ โโโ validators.ts
โ โโโ types/ # TypeScript type definitions
โ โโโ index.ts
โโโ dist/ # Compiled JavaScript files
โโโ package.json
โโโ tsconfig.json
โโโ README.md
๐ง Development
Development Mode
npm run dev
Build
npm run build
Test
npm test
๐ Security
- Credentials are securely stored (~/.cloud-services-mcp/credentials.json)
- Supports environment variables
- Input validation and sanitization
- Error handling
- Secure credential management
Important: Never hardcode credentials in your code. Always use environment variables or a secure credential store.
๐ Output Formats
- JSON - Structured data responses
- Markdown - Reports and documentation
- Text - Plain text output
๐ค Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature)
- Commit your changes (
git commit -m 'Add amazing feature')
- Push to the branch (
git push origin feature/amazing-feature)
- Open a Pull Request
๐ License
This project is licensed under the MIT License. See the LICENSE file for details.
๐ MCP Client Support
This MCP server is compatible with the following clients:
- โ
Cursor IDE - Full support
- โ
Claude Desktop - Full support
- โ
Anthropic API - Via the MCP protocol
- โ
Other MCP Clients - All clients that support the standard MCP protocol
๐ Thanks
๐ Contact
If you have any questions or suggestions, please open an issue.
โญ If you like this project, don't forget to give it a star!
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
