awslabs.ccapi-mcp-server 1.0.4__tar.gz → 1.0.13__tar.gz

{awslabs_ccapi_mcp_server-1.0.4 → awslabs_ccapi_mcp_server-1.0.13}/Dockerfile

@@ -12,8 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-#FROM public.ecr.aws/sam/build-python3.10:1.137.1-20250411084548
-FROM public.ecr.aws/sam/build-python3.10@sha256:d821662474d65f3cf2fc97dba2fa807a3adb580d02895fc4545527812550ea65 AS uv
+# dependabot should continue to update this to the latest hash.
+FROM public.ecr.aws/docker/library/python:3.13-alpine@sha256:e7e041128ffc3e3600509f508e44d34ab08ff432bdb62ec508d01dfc5ca459f7 AS uv
 
 # Install the project into `/app`
 WORKDIR /app
@@ -31,40 +31,50 @@ ENV UV_PYTHON_PREFERENCE=only-system
 ENV UV_FROZEN=true
 
 # Copy the required files first
-COPY pyproject.toml uv.lock ./
+COPY pyproject.toml uv.lock uv-requirements.txt ./
+
+# Python optimization and uv configuration
+ENV PIP_NO_CACHE_DIR=1 \
+    PIP_DISABLE_PIP_VERSION_CHECK=1
+
+# Install system dependencies and Python package manager
+RUN apk update && \
+    apk add --no-cache --virtual .build-deps \
+    build-base \
+    gcc \
+    musl-dev \
+    libffi-dev \
+    openssl-dev \
+    cargo
 
 # Install the project's dependencies using the lockfile and settings
 RUN --mount=type=cache,target=/root/.cache/uv \
-    pip install uv==0.7.11 && \
-    uv sync --frozen --no-install-project --no-dev --no-editable
+    pip install --require-hashes --requirement uv-requirements.txt --no-cache-dir && \
+    uv sync --python 3.13 --frozen --no-install-project --no-dev --no-editable
 
 # Then, add the rest of the project source code and install it
 # Installing separately from its dependencies allows optimal layer caching
 COPY . /app
 RUN --mount=type=cache,target=/root/.cache/uv \
-    uv sync --frozen --no-dev --no-editable
+    uv sync --python 3.13 --frozen --no-dev --no-editable
 
 # Make the directory just in case it doesn't exist
 RUN mkdir -p /root/.local
 
-FROM public.ecr.aws/sam/build-python3.10@sha256:d821662474d65f3cf2fc97dba2fa807a3adb580d02895fc4545527812550ea65
+FROM public.ecr.aws/docker/library/python:3.13-alpine@sha256:e7e041128ffc3e3600509f508e44d34ab08ff432bdb62ec508d01dfc5ca459f7
 
 # Place executables in the environment at the front of the path and include other binaries
-ENV PATH="/app/.venv/bin:$PATH:/usr/sbin"
-
-# Install lsof for the healthcheck
-# Install other tools as needed for the MCP server
-# Add non-root user and ability to change directory into /root
-RUN yum update -y && \
-    yum install -y lsof && \
-    yum clean all -y && \
-    rm -rf /var/cache/yum && \
-    groupadd --force --system app && \
-    useradd app -g app -d /app && \
-    chmod o+x /root
-
-# Get the project from the uv layer
-COPY --from=uv --chown=app:app /root/.local /root/.local
+ENV PATH="/app/.venv/bin:$PATH" \
+    PYTHONUNBUFFERED=1
+
+# Install runtime dependencies and create application user
+RUN apk update && \
+    apk add --no-cache ca-certificates && \
+    update-ca-certificates && \
+    addgroup -S app && \
+    adduser -S app -G app -h /app
+
+# Copy application artifacts from build stage
 COPY --from=uv --chown=app:app /app/.venv /app/.venv
 
 # Get healthcheck script
@@ -74,5 +84,5 @@ COPY ./docker-healthcheck.sh /usr/local/bin/docker-healthcheck.sh
 USER app
 
 # When running the container, add --db-path and a bind mount to the host's db file
-HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "docker-healthcheck.sh" ]
+HEALTHCHECK --interval=60s --timeout=10s --start-period=10s --retries=3 CMD ["docker-healthcheck.sh"]
 ENTRYPOINT ["awslabs.ccapi-mcp-server"]

{awslabs_ccapi_mcp_server-1.0.4 → awslabs_ccapi_mcp_server-1.0.13}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: awslabs.ccapi-mcp-server
-Version: 1.0.4
+Version: 1.0.13
 Summary: An AWS Labs Model Context Protocol (MCP) server for managing AWS resources via Cloud Control API
 Project-URL: homepage, https://awslabs.github.io/mcp/
 Project-URL: docs, https://awslabs.github.io/mcp/servers/ccapi-mcp-server/
@@ -25,7 +25,7 @@ Requires-Dist: boto3>=1.34.0
 Requires-Dist: botocore>=1.34.0
 Requires-Dist: checkov>=3.0.0
 Requires-Dist: loguru>=0.7.0
-Requires-Dist: mcp[cli]>=1.6.0
+Requires-Dist: mcp[cli]>=1.23.0
 Requires-Dist: pydantic>=2.10.6
 Description-Content-Type: text/markdown
 
@@ -194,9 +194,9 @@ This ensures you always know which AWS account and region will be affected by op
 
 ## Installation
 
-| Cursor | VS Code |
-|:------:|:-------:|
-| [![Install MCP Server](https://cursor.com/deeplink/mcp-install-light.svg)](https://cursor.com/en/install-mcp?name=awslabs.ccapi-mcp-server&config=eyJjb21tYW5kIjoidXZ4IGF3c2xhYnMuY2NhcGktbWNwLXNlcnZlckBsYXRlc3QiLCJlbnYiOnsiQVdTX1BST0ZJTEUiOiJ5b3VyLWF3cy1wcm9maWxlIiwiQVdTX1JFR0lPTiI6InVzLWVhc3QtMSIsIkZBU1RNQ1BfTE9HX0xFVkVMIjoiRVJST1IifSwiZGlzYWJsZWQiOmZhbHNlLCJhdXRvQXBwcm92ZSI6W119) | [![Install on VS Code](https://img.shields.io/badge/Install_on-VS_Code-FF9900?style=flat-square&logo=visualstudiocode&logoColor=white)](https://insiders.vscode.dev/redirect/mcp/install?name=AWS%20Cloud%20Control%20API%20MCP%20Server&config=%7B%22command%22%3A%22uvx%22%2C%22args%22%3A%5B%22awslabs.ccapi-mcp-server%40latest%22%5D%2C%22env%22%3A%7B%22AWS_PROFILE%22%3A%22your-aws-profile%22%2C%22AWS_REGION%22%3A%22us-east-1%22%2C%22FASTMCP_LOG_LEVEL%22%3A%22ERROR%22%7D%2C%22disabled%22%3Afalse%2C%22autoApprove%22%3A%5B%5D%7D) |
+| Kiro | Cursor | VS Code |
+|:----:|:------:|:-------:|
+| [![Add to Kiro](https://kiro.dev/images/add-to-kiro.svg)](https://kiro.dev/launch/mcp/add?name=awslabs.ccapi-mcp-server&config=%7B%22command%22%3A%22uvx%22%2C%22args%22%3A%5B%22awslabs.ccapi-mcp-server%40latest%22%5D%2C%22env%22%3A%7B%22AWS_PROFILE%22%3A%22your-aws-profile%22%2C%22AWS_REGION%22%3A%22us-east-1%22%2C%22FASTMCP_LOG_LEVEL%22%3A%22ERROR%22%7D%7D) | [![Install MCP Server](https://cursor.com/deeplink/mcp-install-light.svg)](https://cursor.com/en/install-mcp?name=awslabs.ccapi-mcp-server&config=eyJjb21tYW5kIjoidXZ4IGF3c2xhYnMuY2NhcGktbWNwLXNlcnZlckBsYXRlc3QiLCJlbnYiOnsiQVdTX1BST0ZJTEUiOiJ5b3VyLWF3cy1wcm9maWxlIiwiQVdTX1JFR0lPTiI6InVzLWVhc3QtMSIsIkZBU1RNQ1BfTE9HX0xFVkVMIjoiRVJST1IifSwiZGlzYWJsZWQiOmZhbHNlLCJhdXRvQXBwcm92ZSI6W119) | [![Install on VS Code](https://img.shields.io/badge/Install_on-VS_Code-FF9900?style=flat-square&logo=visualstudiocode&logoColor=white)](https://insiders.vscode.dev/redirect/mcp/install?name=AWS%20Cloud%20Control%20API%20MCP%20Server&config=%7B%22command%22%3A%22uvx%22%2C%22args%22%3A%5B%22awslabs.ccapi-mcp-server%40latest%22%5D%2C%22env%22%3A%7B%22AWS_PROFILE%22%3A%22your-aws-profile%22%2C%22AWS_REGION%22%3A%22us-east-1%22%2C%22FASTMCP_LOG_LEVEL%22%3A%22ERROR%22%7D%2C%22disabled%22%3Afalse%2C%22autoApprove%22%3A%5B%5D%7D) |
 
 **Before installation, configure AWS credentials using one of these methods:**
 
@@ -209,7 +209,7 @@ Ensure your IAM role or user has the necessary permissions (see [Security Consid
 
 ### Configuration
 
-Configure the MCP server in your MCP client configuration (e.g., for Amazon Q Developer CLI, edit `~/.aws/amazonq/mcp.json`):
+Configure the MCP server in your MCP client configuration (e.g., for Kiro, edit `~/.kiro/settings/mcp.json`):
 
 ```json
 {
@@ -555,7 +555,7 @@ Creates CloudFormation templates from existing AWS resources using AWS CloudForm
 
 - **Multiple Infrastructure MCP Servers**: Using CCAPI MCP server alongside other MCP servers that perform similar functions (such as Terraform MCP, CDK MCP, CFN MCP) may cause LLMs to randomly choose between them
 - **Built-in Tools**: LLMs may choose built-in tools instead of this MCP server's tools:
-  - Amazon Q Developer CLI: `use_aws`, `execute_bash`, `fs_read`, `fs_write`
+  - Kiro CLI: `aws`, `shell`, `read`, `write`
   - Other tools may have similar built-in AWS or system capabilities
 
 ## Basic Usage

{awslabs_ccapi_mcp_server-1.0.4 → awslabs_ccapi_mcp_server-1.0.13}/README.md

@@ -163,9 +163,9 @@ This ensures you always know which AWS account and region will be affected by op
 
 ## Installation
 
-| Cursor | VS Code |
-|:------:|:-------:|
-| [![Install MCP Server](https://cursor.com/deeplink/mcp-install-light.svg)](https://cursor.com/en/install-mcp?name=awslabs.ccapi-mcp-server&config=eyJjb21tYW5kIjoidXZ4IGF3c2xhYnMuY2NhcGktbWNwLXNlcnZlckBsYXRlc3QiLCJlbnYiOnsiQVdTX1BST0ZJTEUiOiJ5b3VyLWF3cy1wcm9maWxlIiwiQVdTX1JFR0lPTiI6InVzLWVhc3QtMSIsIkZBU1RNQ1BfTE9HX0xFVkVMIjoiRVJST1IifSwiZGlzYWJsZWQiOmZhbHNlLCJhdXRvQXBwcm92ZSI6W119) | [![Install on VS Code](https://img.shields.io/badge/Install_on-VS_Code-FF9900?style=flat-square&logo=visualstudiocode&logoColor=white)](https://insiders.vscode.dev/redirect/mcp/install?name=AWS%20Cloud%20Control%20API%20MCP%20Server&config=%7B%22command%22%3A%22uvx%22%2C%22args%22%3A%5B%22awslabs.ccapi-mcp-server%40latest%22%5D%2C%22env%22%3A%7B%22AWS_PROFILE%22%3A%22your-aws-profile%22%2C%22AWS_REGION%22%3A%22us-east-1%22%2C%22FASTMCP_LOG_LEVEL%22%3A%22ERROR%22%7D%2C%22disabled%22%3Afalse%2C%22autoApprove%22%3A%5B%5D%7D) |
+| Kiro | Cursor | VS Code |
+|:----:|:------:|:-------:|
+| [![Add to Kiro](https://kiro.dev/images/add-to-kiro.svg)](https://kiro.dev/launch/mcp/add?name=awslabs.ccapi-mcp-server&config=%7B%22command%22%3A%22uvx%22%2C%22args%22%3A%5B%22awslabs.ccapi-mcp-server%40latest%22%5D%2C%22env%22%3A%7B%22AWS_PROFILE%22%3A%22your-aws-profile%22%2C%22AWS_REGION%22%3A%22us-east-1%22%2C%22FASTMCP_LOG_LEVEL%22%3A%22ERROR%22%7D%7D) | [![Install MCP Server](https://cursor.com/deeplink/mcp-install-light.svg)](https://cursor.com/en/install-mcp?name=awslabs.ccapi-mcp-server&config=eyJjb21tYW5kIjoidXZ4IGF3c2xhYnMuY2NhcGktbWNwLXNlcnZlckBsYXRlc3QiLCJlbnYiOnsiQVdTX1BST0ZJTEUiOiJ5b3VyLWF3cy1wcm9maWxlIiwiQVdTX1JFR0lPTiI6InVzLWVhc3QtMSIsIkZBU1RNQ1BfTE9HX0xFVkVMIjoiRVJST1IifSwiZGlzYWJsZWQiOmZhbHNlLCJhdXRvQXBwcm92ZSI6W119) | [![Install on VS Code](https://img.shields.io/badge/Install_on-VS_Code-FF9900?style=flat-square&logo=visualstudiocode&logoColor=white)](https://insiders.vscode.dev/redirect/mcp/install?name=AWS%20Cloud%20Control%20API%20MCP%20Server&config=%7B%22command%22%3A%22uvx%22%2C%22args%22%3A%5B%22awslabs.ccapi-mcp-server%40latest%22%5D%2C%22env%22%3A%7B%22AWS_PROFILE%22%3A%22your-aws-profile%22%2C%22AWS_REGION%22%3A%22us-east-1%22%2C%22FASTMCP_LOG_LEVEL%22%3A%22ERROR%22%7D%2C%22disabled%22%3Afalse%2C%22autoApprove%22%3A%5B%5D%7D) |
 
 **Before installation, configure AWS credentials using one of these methods:**
 
@@ -178,7 +178,7 @@ Ensure your IAM role or user has the necessary permissions (see [Security Consid
 
 ### Configuration
 
-Configure the MCP server in your MCP client configuration (e.g., for Amazon Q Developer CLI, edit `~/.aws/amazonq/mcp.json`):
+Configure the MCP server in your MCP client configuration (e.g., for Kiro, edit `~/.kiro/settings/mcp.json`):
 
 ```json
 {
@@ -524,7 +524,7 @@ Creates CloudFormation templates from existing AWS resources using AWS CloudForm
 
 - **Multiple Infrastructure MCP Servers**: Using CCAPI MCP server alongside other MCP servers that perform similar functions (such as Terraform MCP, CDK MCP, CFN MCP) may cause LLMs to randomly choose between them
 - **Built-in Tools**: LLMs may choose built-in tools instead of this MCP server's tools:
-  - Amazon Q Developer CLI: `use_aws`, `execute_bash`, `fs_read`, `fs_write`
+  - Kiro CLI: `aws`, `shell`, `read`, `write`
   - Other tools may have similar built-in AWS or system capabilities
 
 ## Basic Usage

{awslabs_ccapi_mcp_server-1.0.4 → awslabs_ccapi_mcp_server-1.0.13}/awslabs/__init__.py

@@ -14,3 +14,4 @@
 
 # This file is part of the awslabs namespace.
 # It is intentionally minimal to support PEP 420 namespace packages.
+__path__ = __import__('pkgutil').extend_path(__path__, __name__)

{awslabs_ccapi_mcp_server-1.0.4 → awslabs_ccapi_mcp_server-1.0.13}/awslabs/ccapi_mcp_server/__init__.py

@@ -14,4 +14,4 @@
 
 """awslabs.ccapi-mcp-server"""
 
-__version__ = '1.0.4'
+__version__ = '1.0.13'

{awslabs_ccapi_mcp_server-1.0.4 → awslabs_ccapi_mcp_server-1.0.13}/awslabs/ccapi_mcp_server/cloud_control_utils.py

@@ -13,19 +13,43 @@
 # limitations under the License.
 
 from awslabs.ccapi_mcp_server.errors import ClientError
+from os import environ
 from typing import Any, Dict
 
 
-def add_default_tags(properties: Dict, schema: Dict) -> Dict:
-    """Add default tags to resource properties. Always tries to add tags - let AWS reject if unsupported."""
+def supports_tagging(resource_type: str, schema: Dict) -> bool:
+    """Check if a resource type supports tagging based on schema."""
+    # Trust the schema - if it has Tags property, resource supports tagging
+    # If schema doesn't show Tags, assume resource doesn't support tagging
+    return 'Tags' in schema.get('properties', {})
+
+
+def add_default_tags(
+    properties: Dict,
+    schema: Dict,
+    resource_type: str = '',
+    environment_variables: Dict | None = None,
+) -> Dict:
+    """Add default tags to resource properties if DEFAULT_TAGS is enabled and resource supports tagging."""
     # Return empty dict when properties is None or empty dict {}
-    # This prevents processing invalid/missing resource properties
     if not properties:
         return {}
 
+    # FIRST: Check DEFAULT_TAGS setting - if disabled, return immediately without any tagging logic
+    if environment_variables:
+        default_tags_setting = environment_variables.get('DEFAULT_TAGS', 'enabled').lower()
+    else:
+        default_tags_setting = environ.get('DEFAULT_TAGS', 'enabled').lower()
+
+    if default_tags_setting == 'disabled':
+        return properties.copy()
+
+    # SECOND: Only if DEFAULT_TAGS is enabled, check if resource supports tagging
+    if resource_type and not supports_tagging(resource_type, schema):
+        return properties.copy()
+
     properties_with_tags = properties.copy()
 
-    # Always try to add tags - don't check schema since it can be unreliable
     # Ensure Tags array exists
     if 'Tags' not in properties_with_tags:
         properties_with_tags['Tags'] = []

{awslabs_ccapi_mcp_server-1.0.4 → awslabs_ccapi_mcp_server-1.0.13}/awslabs/ccapi_mcp_server/impl/tools/explanation.py

@@ -19,6 +19,7 @@ import uuid
 from awslabs.ccapi_mcp_server.errors import ClientError
 from awslabs.ccapi_mcp_server.impl.utils.validation import ensure_string
 from awslabs.ccapi_mcp_server.models.models import ExplainRequest
+from os import environ
 from typing import Any
 
 
@@ -37,7 +38,12 @@ def _format_value(value: Any) -> str:
 
 
 def _generate_explanation(
-    content: Any, context: str, operation: str, format: str, user_intent: str
+    content: Any,
+    context: str,
+    operation: str,
+    format: str,
+    user_intent: str,
+    environment_variables: dict | None = None,
 ) -> str:
     """Generate comprehensive explanation for any type of content."""
     content_type = type(content).__name__
@@ -77,7 +83,18 @@ def _generate_explanation(
     if operation in ['create', 'update', 'delete']:
         explanation += '\n\n**Infrastructure Operation Notes:**'
         explanation += '\n• This operation will modify AWS resources'
-        explanation += '\n• Default management tags will be applied for tracking'
+
+        # Check DEFAULT_TAGS setting
+        if environment_variables:
+            default_tags_setting = environment_variables.get('DEFAULT_TAGS', 'enabled').lower()
+        else:
+            default_tags_setting = environ.get('DEFAULT_TAGS', 'enabled').lower()
+
+        if default_tags_setting == 'disabled':
+            explanation += '\n• Default management tags are disabled and will not be applied'
+        else:
+            explanation += '\n• Default management tags will be applied for tracking'
+
         explanation += '\n• Changes will be applied to the specified AWS region'
 
     return explanation
@@ -253,6 +270,7 @@ async def explain_impl(request: ExplainRequest, workflow_store: dict) -> dict:
         raise ClientError("Either 'content' or 'generated_code_token' must be provided")
 
     # Handle infrastructure operations with token workflow
+    workflow_data = None
     if has_generated_code_token:
         # Infrastructure operation - consume generated_code_token
         if request.generated_code_token not in workflow_store:
@@ -296,6 +314,11 @@ async def explain_impl(request: ExplainRequest, workflow_store: dict) -> dict:
                 'operation': ensure_string(request.operation),
             }
 
+    # Get environment variables from workflow store if available
+    environment_variables = None
+    if workflow_data:
+        environment_variables = workflow_data.get('data', {}).get('environment_variables')
+
     # Generate comprehensive explanation based on content type and format
     explanation = _generate_explanation(
         explanation_content,
@@ -303,6 +326,7 @@ async def explain_impl(request: ExplainRequest, workflow_store: dict) -> dict:
         ensure_string(request.operation, 'analyze'),
         ensure_string(request.format, 'detailed'),
         ensure_string(request.user_intent),
+        environment_variables or {},
     )
 
     # Force the LLM to see the response by making it very explicit

{awslabs_ccapi_mcp_server-1.0.4 → awslabs_ccapi_mcp_server-1.0.13}/awslabs/ccapi_mcp_server/impl/tools/infrastructure_generation.py

@@ -34,8 +34,12 @@ async def generate_infrastructure_code_impl_wrapper(
     if not aws_session_data.get('credentials_valid'):
         raise ClientError('Invalid AWS credentials')
 
-    # V1: Always add required MCP server identification tags
-    # Inform user about default tags and ask if they want additional ones
+    # Get environment variables from the parent environment token
+    env_token = cred_data.get('parent_token')
+    environment_variables = None
+    if env_token and env_token in workflow_store:
+        env_data = workflow_store[env_token]['data']
+        environment_variables = env_data.get('environment_variables', {})
 
     # Generate infrastructure code using the existing implementation
     result = await generate_infrastructure_code_impl(
@@ -43,7 +47,8 @@ async def generate_infrastructure_code_impl_wrapper(
         properties=request.properties,
         identifier=request.identifier,
         patch_document=request.patch_document,
-        region=request.region or aws_session_data.get('region') or 'us-east-1',
+        region=request.region or aws_session_data.get('region'),
+        environment_variables=environment_variables or {},
     )
 
     # Generate a generated code token that enforces using the exact properties and template

{awslabs_ccapi_mcp_server-1.0.4 → awslabs_ccapi_mcp_server-1.0.13}/awslabs/ccapi_mcp_server/impl/tools/resource_operations.py

@@ -21,7 +21,6 @@ from awslabs.ccapi_mcp_server.context import Context
 from awslabs.ccapi_mcp_server.errors import ClientError, handle_aws_api_error
 from awslabs.ccapi_mcp_server.impl.utils.validation import (
     cleanup_workflow_tokens,
-    ensure_region_string,
     validate_identifier,
     validate_resource_type,
     validate_workflow_token,
@@ -115,8 +114,11 @@ async def create_resource_impl(request: CreateResourceRequest, workflow_store: d
     # Use ONLY the properties that were explained - no manual override possible
     properties = workflow_data['data']['properties']
 
-    # Ensure region is a string, not a FieldInfo object
-    region_str = ensure_region_string(request.region) or 'us-east-1'
+    # Use MCP env region or session region, no hardcoded fallback
+    env_vars = aws_session_data.get('environment_variables', {})
+    region_str = env_vars.get('AWS_REGION') or aws_session_data.get('region')
+    if not region_str:
+        raise ClientError('No region configured in MCP environment or AWS session')
     cloudcontrol_client = get_aws_client('cloudcontrol', region_str)
     try:
         response = cloudcontrol_client.create_resource(
@@ -176,8 +178,11 @@ async def update_resource_impl(request: UpdateResourceRequest, workflow_store: d
         pass
 
     validate_patch(request.patch_document)
-    # Ensure region is a string, not a FieldInfo object
-    region_str = ensure_region_string(request.region) or 'us-east-1'
+    # Use MCP env region or session region, no hardcoded fallback
+    env_vars = aws_session_data.get('environment_variables', {})
+    region_str = env_vars.get('AWS_REGION') or aws_session_data.get('region')
+    if not region_str:
+        raise ClientError('No region configured in MCP environment or AWS session')
     cloudcontrol_client = get_aws_client('cloudcontrol', region_str)
 
     # Convert patch document to JSON string for the API
@@ -239,7 +244,11 @@ async def delete_resource_impl(request: DeleteResourceRequest, workflow_store: d
             'You have configured this tool in readonly mode. To make this change you will have to update your configuration.'
         )
 
-    cloudcontrol_client = get_aws_client('cloudcontrol', request.region or 'us-east-1')
+    env_vars = aws_session_data.get('environment_variables', {})
+    region_str = env_vars.get('AWS_REGION') or aws_session_data.get('region')
+    if not region_str:
+        raise ClientError('No region configured in MCP environment or AWS session')
+    cloudcontrol_client = get_aws_client('cloudcontrol', region_str)
     try:
         response = cloudcontrol_client.delete_resource(
             TypeName=request.resource_type, Identifier=request.identifier
@@ -260,7 +269,11 @@ async def get_resource_impl(
     validate_resource_type(request.resource_type)
     validate_identifier(request.identifier)
 
-    cloudcontrol = get_aws_client('cloudcontrol', request.region or 'us-east-1')
+    # Use environment variables for get operations (no session data available)
+    region_str = request.region or environ.get('AWS_REGION') or environ.get('AWS_DEFAULT_REGION')
+    if not region_str:
+        raise ClientError('No region specified and no default region configured')
+    cloudcontrol = get_aws_client('cloudcontrol', region_str)
     try:
         result = cloudcontrol.get_resource(
             TypeName=request.resource_type, Identifier=request.identifier
@@ -356,7 +369,11 @@ async def get_resource_request_status_impl(request_token: str, region: str | Non
     if not request_token:
         raise ClientError('Please provide a request token to track the request')
 
-    cloudcontrol_client = get_aws_client('cloudcontrol', region or 'us-east-1')
+    # Use environment variables for status operations (no session data available)
+    region_str = region or environ.get('AWS_REGION') or environ.get('AWS_DEFAULT_REGION')
+    if not region_str:
+        raise ClientError('No region specified and no default region configured')
+    cloudcontrol_client = get_aws_client('cloudcontrol', region_str)
     try:
         response = cloudcontrol_client.get_resource_request_status(
             RequestToken=request_token,

{awslabs_ccapi_mcp_server-1.0.4 → awslabs_ccapi_mcp_server-1.0.13}/awslabs/ccapi_mcp_server/impl/tools/session_management.py

@@ -46,6 +46,7 @@ def check_aws_credentials() -> dict:
                 'AWS_PROFILE': environ.get('AWS_PROFILE', ''),
                 'AWS_REGION': environ.get('AWS_REGION', ''),
                 'SECURITY_SCANNING': environ.get('SECURITY_SCANNING', 'enabled'),
+                'DEFAULT_TAGS': environ.get('DEFAULT_TAGS', 'enabled'),
             },
         }
     except Exception as e:
@@ -59,6 +60,7 @@ def check_aws_credentials() -> dict:
                 'AWS_PROFILE': environ.get('AWS_PROFILE', ''),
                 'AWS_REGION': environ.get('AWS_REGION', ''),
                 'SECURITY_SCANNING': environ.get('SECURITY_SCANNING', 'enabled'),
+                'DEFAULT_TAGS': environ.get('DEFAULT_TAGS', 'enabled'),
             },
         }
 

{awslabs_ccapi_mcp_server-1.0.4 → awslabs_ccapi_mcp_server-1.0.13}/awslabs/ccapi_mcp_server/infrastructure_generator.py

@@ -28,6 +28,7 @@ async def generate_infrastructure_code(
     identifier: str = '',
     patch_document: List = [],
     region: str = '',
+    environment_variables: Dict | None = None,
 ) -> Dict:
     """Generate infrastructure code for security scanning before resource creation or update."""
     if not resource_type:
@@ -43,17 +44,6 @@ async def generate_infrastructure_code(
     # Check if resource supports tagging
     supports_tagging = 'Tags' in schema.get('properties', {})
 
-    # Fallback: Known AWS resources that support tagging even if schema doesn't show it
-    if not supports_tagging and resource_type in [
-        'AWS::S3::Bucket',
-        'AWS::EC2::Instance',
-        'AWS::RDS::DBInstance',
-    ]:
-        supports_tagging = True
-        print(
-            f"Schema for {resource_type} doesn't show Tags property, but we know it supports tagging"
-        )
-
     if is_update:
         # This is an update operation
         if not identifier:
@@ -119,7 +109,9 @@ async def generate_infrastructure_code(
             update_properties = current_properties
 
         # V1: Always add required MCP server identification tags for updates too
-        properties_with_tags = add_default_tags(update_properties, schema)
+        properties_with_tags = add_default_tags(
+            update_properties, schema, resource_type, environment_variables
+        )
 
         operation = 'update'
     else:
@@ -128,7 +120,9 @@ async def generate_infrastructure_code(
             raise ClientError('Please provide the properties for the desired resource')
 
         # V1: Always add required MCP server identification tags
-        properties_with_tags = add_default_tags(properties, schema)
+        properties_with_tags = add_default_tags(
+            properties, schema, resource_type, environment_variables
+        )
 
         operation = 'create'
 

{awslabs_ccapi_mcp_server-1.0.4 → awslabs_ccapi_mcp_server-1.0.13}/awslabs/ccapi_mcp_server/server.py

@@ -718,7 +718,7 @@ def main():
 
     # Display read-only mode status
     if args.readonly:
-        print('\n⚠️ READ-ONLY MODE ACTIVE ⚠️')
+        print('\n[WARNING] READ-ONLY MODE ACTIVE [WARNING]')
         print('The server will not perform any create, update, or delete operations.')
 
     mcp.run()

awslabs_ccapi_mcp_server-1.0.13/docker-healthcheck.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+SERVER="ccapi-mcp-server"
+
+# Check if the server process is running
+if pgrep -P 0 -a -l -x -f "/app/.venv/bin/python3 /app/.venv/bin/awslabs.$SERVER" > /dev/null; then
+  echo -n "$SERVER is running";
+  exit 0;
+fi;
+
+# Unhealthy
+exit 1;

{awslabs_ccapi_mcp_server-1.0.4 → awslabs_ccapi_mcp_server-1.0.13}/pyproject.toml

@@ -1,13 +1,13 @@
 [project]
 name = "awslabs.ccapi-mcp-server"
-version = "1.0.4"
+version = "1.0.13"
 description = "An AWS Labs Model Context Protocol (MCP) server for managing AWS resources via Cloud Control API"
 readme = "README.md"
 requires-python = ">=3.10"
 dependencies = [
     "loguru>=0.7.0",
     "pydantic>=2.10.6",
-    "mcp[cli]>=1.6.0",
+    "mcp[cli]>=1.23.0",
     "boto3>=1.34.0",
     "botocore>=1.34.0",
     "checkov>=3.0.0",