awslabs.cfn-mcp-server 0.0.1__py3-none-any.whl

awslabs/__init__.py

@@ -0,0 +1,13 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+# with the License. A copy of the License is located at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
+
+# This file is part of the awslabs namespace.
+# It is intentionally minimal to support PEP 420 namespace packages.

awslabs/cfn_mcp_server/__init__.py

@@ -0,0 +1,14 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+# with the License. A copy of the License is located at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
+
+"""awslabs.cfn-mcp-server"""
+
+__version__ = '0.0.0'

awslabs/cfn_mcp_server/aws_client.py

@@ -0,0 +1,64 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+# with the License. A copy of the License is located at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
+
+import sys
+from awslabs.cfn_mcp_server.errors import ClientError
+from boto3 import Session
+from os import environ
+
+
+session = Session(profile_name=environ.get('AWS_PROFILE'))
+
+
+def get_aws_client(service_name, region_name=None):
+    """Create and return an AWS service client with dynamically detected credentials.
+
+    This function implements a credential provider chain that tries different
+    credential sources in the following order:
+    1. Environment variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY)
+    2. Shared credential file (~/.aws/credentials)
+    3. IAM role for Amazon EC2 / ECS task role / EKS pod identity
+    4. AWS SSO or Web Identity token
+
+    The function caches clients based on the compound key of service_name and region_name
+    to avoid creating duplicate clients for the same service and region.
+
+    Args:
+        service_name: AWS service name (e.g., 'cloudcontrol', 'logs', 'marketplace-catalog')
+        region_name: AWS region name (defaults to environment variable or 'us-east-1')
+
+    Returns:
+        Boto3 client for the specified service
+    """
+    # Default region handling
+    if not region_name:
+        region_name = environ.get('AWS_REGION', 'us-east-1')
+
+    # Credential detection and client creation
+    try:
+        print(
+            f'Creating new {service_name} client for region {region_name} with auto-detected credentials'
+        )
+        client = session.client(service_name, region_name=region_name)
+
+        print('Created client for service with credentials')
+        return client
+
+    except Exception as e:
+        print(f'Error creating {service_name} client: {str(e)}', file=sys.stderr)
+        if 'ExpiredToken' in str(e):
+            raise ClientError('Your AWS credentials have expired. Please refresh them.')
+        elif 'NoCredentialProviders' in str(e):
+            raise ClientError(
+                'No AWS credentials found. Please configure credentials using environment variables or AWS configuration.'
+            )
+        else:
+            raise ClientError('Got an error when loading your client.')

awslabs/cfn_mcp_server/cloud_control_utils.py

@@ -0,0 +1,58 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+# with the License. A copy of the License is located at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
+
+from awslabs.cfn_mcp_server.errors import ClientError
+
+
+def validate_patch(patch_document: list):
+    """A best effort check that makes sure that the format of a patch document is valid before sending it to CloudControl."""
+    for patch_op in patch_document:
+        if not isinstance(patch_op, dict):
+            raise ClientError('Each patch operation must be a dictionary')
+        if 'op' not in patch_op:
+            raise ClientError("Each patch operation must include an 'op' field")
+        if patch_op['op'] not in ['add', 'remove', 'replace', 'move', 'copy', 'test']:
+            raise ClientError(
+                f"Operation '{patch_op['op']}' is not supported. Must be one of: add, remove, replace, move, copy, test"
+            )
+        if 'path' not in patch_op:
+            raise ClientError("Each patch operation must include a 'path' field")
+        # Value is required for add, replace, and test operations
+        if patch_op['op'] in ['add', 'replace', 'test'] and 'value' not in patch_op:
+            raise ClientError(f"The '{patch_op['op']}' operation requires a 'value' field")
+        # From is required for move and copy operations
+        if patch_op['op'] in ['move', 'copy'] and 'from' not in patch_op:
+            raise ClientError(f"The '{patch_op['op']}' operation requires a 'from' field")
+
+
+def progress_event(response_event) -> dict[str, str]:
+    """Map a CloudControl API response to a standard output format for the MCP."""
+    response = {
+        'status': response_event['OperationStatus'],
+        'resource_type': response_event['TypeName'],
+        'is_complete': response_event['OperationStatus'] == 'SUCCESS',
+        'request_token': response_event['RequestToken'],
+    }
+
+    if response_event.get('Identifier', None):
+        response['identifier'] = response_event['Identifier']
+    if response_event.get('StatusMessage', None):
+        response['status_message'] = response_event['StatusMessage']
+    if response_event.get('ResourceModel', None):
+        response['resource_info'] = response_event['ResourceModel']
+    if response_event.get('ErrorCode', None):
+        response['error_code'] = response_event['ErrorCode']
+    if response_event.get('EventTime', None):
+        response['event_time'] = response_event['EventTime']
+    if response_event.get('RetryAfter', None):
+        response['retry_after'] = response_event['RetryAfter']
+
+    return response

awslabs/cfn_mcp_server/context.py

@@ -0,0 +1,23 @@
+from awslabs.cfn_mcp_server.errors import ServerError
+
+
+class Context:
+    """A singleton which includes context for the MCP server such as startup parameters."""
+
+    _instance = None
+
+    def __init__(self, readonly_mode: bool):
+        """Initializes the context."""
+        self._readonly_mode = readonly_mode
+
+    @classmethod
+    def readonly_mode(cls) -> bool:
+        """If a the server was started up with the argument --readonly True, this will be set to True."""
+        if cls._instance is None:
+            raise ServerError('Context was not initialized')
+        return cls._instance._readonly_mode
+
+    @classmethod
+    def initialize(cls, readonly_mode: bool):
+        """Create the singleton instance of the type."""
+        cls._instance = cls(readonly_mode)

awslabs/cfn_mcp_server/errors.py

@@ -0,0 +1,91 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+# with the License. A copy of the License is located at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
+
+
+def handle_aws_api_error(e: Exception) -> Exception:
+    """Handle common AWS API errors and return standardized error responses.
+
+    Args:
+        e: The exception that was raised
+        resource_type: Optional resource type related to the error
+        identifier: Optional resource identifier related to the error
+
+    Returns:
+        Standardized error response dictionary
+    """
+    print('performing error mapping for an AWS exception')
+    error_message = str(e)
+    error_type = 'UnknownError'
+
+    # Extract error type from AWS exceptions if possible
+    if hasattr(e, 'response') and 'Error' in getattr(e, 'response', {}):
+        error_type = e.response['Error'].get('Code', 'UnknownError')  # pyright: ignore[reportAttributeAccessIssue]
+
+    # Handle common AWS error patterns
+    if 'AccessDenied' in error_message or error_type == 'AccessDeniedException':
+        return ClientError('Access denied. Please check your AWS credentials and permissions.')
+    elif 'IncompleteSignature' in error_message:
+        return ClientError(
+            'Incomplete signature. The request signature does not conform to AWS standards.'
+        )
+    elif 'InvalidAction' in error_message:
+        return ClientError(
+            'Invalid action. The action or operation requested is invalid. Verify that the action is typed correctly.'
+        )
+    elif 'InvalidClientTokenId' in error_message:
+        return ClientError(
+            'Invalid client token id. The X.509 certificate or AWS access key ID provided does not exist in our records.'
+        )
+    elif 'NotAuthorized' in error_message:
+        return ClientError('Not authorized. You do not have permission to perform this action.')
+    elif 'ValidationException' in error_message or error_type == 'ValidationException':
+        return ClientError('Validation error. Please check your input parameters.')
+    elif 'ResourceNotFoundException' in error_message or error_type == 'ResourceNotFoundException':
+        return ClientError('Resource was not found')
+    elif (
+        'UnsupportedActionException' in error_message or error_type == 'UnsupportedActionException'
+    ):
+        return ClientError('This action is not supported for this resource type.')
+    elif 'InvalidPatchException' in error_message:
+        return ClientError(
+            'The patch document provided contains errors or is not RFC 6902 compliant.'
+        )
+    elif 'ThrottlingException' in error_message or error_type == 'ThrottlingException':
+        return ClientError('Request was throttled. Please reduce your request rate.')
+    elif 'InternalFailure' in error_message or error_type == 'InternalFailure':
+        return ServerError('Internal failure. The server failed to process the request.')
+    elif 'ServiceUnavailable' in error_message or error_type == 'ServiceUnavailable':
+        return ServerError('Service unavailable. The server failed to process the request.')
+    else:
+        # Generic error handling - we might shift to this for everything eventually since it gives more context to the LLM, will have to test
+        return ClientError(f'An error occurred: {error_message}')
+
+
+class ClientError(Exception):
+    """An error that indicates that the request was malformed or incorrect in some way. There was no issue on the server side."""
+
+    def __init__(self, message):
+        """Call super and set message."""
+        # Call the base class constructor with the parameters it needs
+        super().__init__(message)
+        self.type = 'client'
+        self.message = message
+
+
+class ServerError(Exception):
+    """An error that indicates that there was an issue processing the request."""
+
+    def __init__(self, log):
+        """Call super."""
+        # Call the base class constructor with the parameters it needs
+        super().__init__('An internal error occured while processing your request')
+        print(log)
+        self.type = 'server'

awslabs/cfn_mcp_server/schema_manager.py

@@ -0,0 +1,163 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+# with the License. A copy of the License is located at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
+
+import json
+import os
+from awslabs.cfn_mcp_server.aws_client import get_aws_client
+from awslabs.cfn_mcp_server.errors import ClientError
+from datetime import datetime, timedelta
+from pathlib import Path
+from typing import Dict
+
+
+# all schema metadata is stored in .schemas/schema_metadata.json. The schemas themselves are all stored in the directory.
+SCHEMA_CACHE_DIR = '.schemas'
+SCHEMA_METADATA_FILE = 'schema_metadata.json'
+SCHEMA_UPDATE_INTERVAL = timedelta(days=7)  # Check for updates weekly
+
+
+class SchemaManager:
+    """Responsible for keeping track of schemas, cacheing them locally, and updating them if they are outdated."""
+
+    def __init__(self):
+        """Initialize the schema manager with the cache directory."""
+        cache_dir = os.path.join(os.path.dirname(__file__), '.schemas')
+        self.cache_dir = Path(cache_dir)
+        self.metadata_file = self.cache_dir / SCHEMA_METADATA_FILE
+        self.schema_registry: Dict[str, dict] = {}
+
+        # Ensure cache directory exists
+        self.cache_dir.mkdir(exist_ok=True)
+
+        # Load metadata if it exists
+        self.metadata = self._load_metadata()
+
+        # Load cached schemas into registry
+        self._load_cached_schemas()
+
+    def _load_metadata(self) -> dict:
+        """Load schema metadata from file or create if it doesn't exist."""
+        if self.metadata_file.exists():
+            try:
+                with open(self.metadata_file, 'r') as f:
+                    return json.load(f)
+            except json.JSONDecodeError:
+                print('Corrupted metadata file. Creating new one.')
+
+        # Default metadata
+        metadata = {'version': '1', 'schemas': {}}
+
+        # Save default metadata
+        with open(self.metadata_file, 'w') as f:
+            json.dump(metadata, f, indent=2)
+
+        return metadata
+
+    def _load_cached_schemas(self):
+        """Load all cached schemas into the registry."""
+        for schema_file in self.cache_dir.glob('*.json'):
+            if schema_file.name == SCHEMA_METADATA_FILE:
+                continue
+
+            try:
+                with open(schema_file, 'r') as f:
+                    schema = json.load(f)
+                    if 'typeName' in schema:
+                        resource_type = schema['typeName']
+                        self.schema_registry[resource_type] = schema
+                        print(f'Loaded schema for {resource_type} from cache')
+            except (json.JSONDecodeError, IOError) as e:
+                print(f'Error loading schema from {schema_file}: {str(e)}')
+
+    async def get_schema(self, resource_type: str, region: str | None = None) -> dict:
+        """Get schema for a resource type, downloading it if necessary."""
+        # Check if schema is in registry and not forced to refresh
+        if resource_type in self.schema_registry:
+            # Check if schema needs to be updated based on last update time
+            if resource_type in self.metadata['schemas']:
+                schema_metadata = self.metadata['schemas'][resource_type]
+                last_updated_str = schema_metadata.get('last_updated')
+
+                if last_updated_str:
+                    try:
+                        last_updated = datetime.fromisoformat(last_updated_str)
+                        if datetime.now() - last_updated < SCHEMA_UPDATE_INTERVAL:
+                            # Schema is recent enough, use cached version
+                            return self.schema_registry[resource_type]
+                        else:
+                            print(
+                                f'Schema for {resource_type} is older than {SCHEMA_UPDATE_INTERVAL.days} days, refreshing...'
+                            )
+                    except ValueError:
+                        print(f'Invalid timestamp format for {resource_type}: {last_updated_str}')
+            else:
+                # No metadata for this schema, use cached version
+                return self.schema_registry[resource_type]
+
+        # Download schema
+        schema = await self._download_resource_schema(resource_type, region)
+        return schema
+
+    async def _download_resource_schema(
+        self, resource_type: str, region: str | None = None
+    ) -> dict:
+        """Download schema for a specific resource type.
+
+        Args:
+            resource_type: The AWS resource type (e.g., "AWS::S3::Bucket")
+            region: AWS region to use for API calls
+
+        Returns:
+            The downloaded schema or None if download failed
+        """
+        # Extract service name from resource type
+        parts = resource_type.split('::')
+        if len(parts) < 2:
+            raise ClientError(
+                f"Invalid resource type format: {resource_type}. Expected format like 'Namespace::Service::Resource'"
+            )
+
+        # If no local spec file or it failed to load, try CloudFormation API
+        try:
+            print(f'Downloading schema for {resource_type} using CloudFormation API')
+            cfn_client = get_aws_client('cloudformation', region)
+            resp = cfn_client.describe_type(Type='RESOURCE', TypeName=resource_type)
+            schema_str = resp['Schema']
+            spec = json.loads(schema_str)
+
+            # Save schema to cache
+            schema_file = self.cache_dir / f'{resource_type.replace("::", "_")}.json'
+            with open(schema_file, 'w') as f:
+                f.write(schema_str)
+
+            # Update metadata
+            self.metadata['schemas'][resource_type] = {
+                'last_updated': datetime.now().isoformat(),
+                'file_path': str(schema_file),
+                'source': 'cloudformation_api',
+            }
+
+            with open(self.metadata_file, 'w') as f:
+                json.dump(self.metadata, f, indent=2)
+
+            print(f'Processed and cached schema for {resource_type}')
+            return spec
+        except Exception as e:
+            raise ClientError(f'Error downloading the schema for {resource_type}: {str(e)}')
+
+
+_schema_manager_instance = SchemaManager()
+
+
+# used to load a single instance of the schema manager
+def schema_manager() -> SchemaManager:
+    """Loads a singleton of the resource."""
+    return _schema_manager_instance

awslabs/cfn_mcp_server/server.py

@@ -0,0 +1,381 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+# with the License. A copy of the License is located at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
+
+"""awslabs CFN MCP Server implementation."""
+
+import argparse
+import json
+from awslabs.cfn_mcp_server.aws_client import get_aws_client
+from awslabs.cfn_mcp_server.cloud_control_utils import progress_event, validate_patch
+from awslabs.cfn_mcp_server.context import Context
+from awslabs.cfn_mcp_server.errors import ClientError, handle_aws_api_error
+from awslabs.cfn_mcp_server.schema_manager import schema_manager
+from mcp.server.fastmcp import FastMCP
+from pydantic import Field
+
+
+mcp = FastMCP(
+    'awslabs.cfn-mcp-server',
+    instructions="""
+    # CloudFormation MCP
+
+    This MCP allows you to:
+    1. Read and List all of your AWS resources by the CloudFormation type name (e.g. AWS::S3::Bucket)
+    2. Create/Update/Delete your AWS resources
+    """,
+    dependencies=[
+        'pydantic',
+        'loguru',
+        'boto3',
+    ],
+)
+
+
+@mcp.tool()
+async def get_resource_schema_information(
+    resource_type: str = Field(
+        description='The AWS resource type (e.g., "AWS::S3::Bucket", "AWS::RDS::DBInstance")'
+    ),
+    region: str | None = Field(
+        description='The AWS region that the operation should be performed in', default=None
+    ),
+) -> dict:
+    """Get schema information for an AWS resource.
+
+    Parameters:
+        resource_type: The AWS resource type (e.g., "AWS::S3::Bucket")
+
+    Returns:
+        The resource schema information
+    """
+    if not resource_type:
+        raise ClientError('Please provide a resource type (e.g., AWS::S3::Bucket)')
+
+    sm = schema_manager()
+    schema = await sm.get_schema(resource_type, region)
+    return schema
+
+
+@mcp.tool()
+async def list_resources(
+    resource_type: str = Field(
+        description='The AWS resource type (e.g., "AWS::S3::Bucket", "AWS::RDS::DBInstance")'
+    ),
+    region: str | None = Field(
+        description='The AWS region that the operation should be performed in', default=None
+    ),
+) -> list:
+    """List AWS resources of a specified type.
+
+    Parameters:
+        resource_type: The AWS resource type (e.g., "AWS::S3::Bucket", "AWS::RDS::DBInstance")
+        region: AWS region to use (e.g., "us-east-1", "us-west-2")
+
+    Returns:
+        A list of resource identifiers
+    """
+    if not resource_type:
+        raise ClientError('Please provide a resource type (e.g., AWS::S3::Bucket)')
+
+    cloudcontrol = get_aws_client('cloudcontrol', region)
+    paginator = cloudcontrol.get_paginator('list_resources')
+
+    results = []
+    page_iterator = paginator.paginate(TypeName=resource_type)
+    try:
+        for page in page_iterator:
+            results.extend(page['ResourceDescriptions'])
+    except Exception as e:
+        raise handle_aws_api_error(e)
+
+    return [response['Identifier'] for response in results]
+
+
+@mcp.tool()
+async def get_resource(
+    resource_type: str = Field(
+        description='The AWS resource type (e.g., "AWS::S3::Bucket", "AWS::RDS::DBInstance")'
+    ),
+    identifier: str = Field(
+        description='The primary identifier of the resource to get (e.g., bucket name for S3 buckets)'
+    ),
+    region: str | None = Field(
+        description='The AWS region that the operation should be performed in', default=None
+    ),
+) -> dict:
+    """Get details of a specific AWS resource.
+
+    Parameters:
+        resource_type: The AWS resource type (e.g., "AWS::S3::Bucket")
+        identifier: The primary identifier of the resource to get (e.g., bucket name for S3 buckets)
+        region: AWS region to use (e.g., "us-east-1", "us-west-2")
+
+    Returns:
+        Detailed information about the specified resource with a consistent structure:
+        {
+            "identifier": The resource identifier,
+            "properties": The detailed information about the resource
+        }
+    """
+    if not resource_type:
+        raise ClientError('Please provide a resource type (e.g., AWS::S3::Bucket)')
+
+    if not identifier:
+        raise ClientError('Please provide a resource identifier')
+
+    cloudcontrol = get_aws_client('cloudcontrol', region)
+    try:
+        result = cloudcontrol.get_resource(TypeName=resource_type, Identifier=identifier)
+        return {
+            'identifier': result['ResourceDescription']['Identifier'],
+            'properties': result['ResourceDescription']['Properties'],
+        }
+    except Exception as e:
+        raise handle_aws_api_error(e)
+
+
+@mcp.tool()
+async def update_resource(
+    resource_type: str = Field(
+        description='The AWS resource type (e.g., "AWS::S3::Bucket", "AWS::RDS::DBInstance")'
+    ),
+    identifier: str = Field(
+        description='The primary identifier of the resource to get (e.g., bucket name for S3 buckets)'
+    ),
+    patch_document: list = Field(
+        description='A list of RFC 6902 JSON Patch operations to apply', default=[]
+    ),
+    region: str | None = Field(
+        description='The AWS region that the operation should be performed in', default=None
+    ),
+) -> dict:
+    """Update an AWS resource.
+
+    Parameters:
+        resource_type: The AWS resource type (e.g., "AWS::S3::Bucket")
+        identifier: The primary identifier of the resource to update
+        patch_document: A list of RFC 6902 JSON Patch operations to apply
+        region: AWS region to use (e.g., "us-east-1", "us-west-2")
+
+    Returns:
+        Information about the updated resource with a consistent structure:
+        {
+            "status": Status of the operation ("SUCCESS", "PENDING", "FAILED", etc.)
+            "resource_type": The AWS resource type
+            "identifier": The resource identifier
+            "is_complete": Boolean indicating whether the operation is complete
+            "status_message": Human-readable message describing the result
+            "request_token": A token that allows you to track long running operations via the get_request_status tool
+            "resource_info": Optional information about the resource properties
+        }
+    """
+    if not resource_type:
+        raise ClientError('Please provide a resource type (e.g., AWS::S3::Bucket)')
+
+    if not identifier:
+        raise ClientError('Please provide a resource identifier')
+
+    if not patch_document:
+        raise ClientError('Please provide a patch document for the update')
+
+    if Context.readonly_mode():
+        raise ClientError(
+            'You have configured this tool in readonly mode. To make this change you will have to update your configuration.'
+        )
+
+    validate_patch(patch_document)
+    cloudcontrol_client = get_aws_client('cloudcontrol', region)
+
+    # Convert patch document to JSON string for the API
+    patch_document_str = json.dumps(patch_document)
+
+    # Update the resource
+    try:
+        response = cloudcontrol_client.update_resource(
+            TypeName=resource_type, Identifier=identifier, PatchDocument=patch_document_str
+        )
+    except Exception as e:
+        raise handle_aws_api_error(e)
+
+    return progress_event(response['ProgressEvent'])
+
+
+@mcp.tool()
+async def create_resource(
+    resource_type: str = Field(
+        description='The AWS resource type (e.g., "AWS::S3::Bucket", "AWS::RDS::DBInstance")'
+    ),
+    properties: dict = Field(description='A dictionary of properties for the resource'),
+    region: str | None = Field(
+        description='The AWS region that the operation should be performed in', default=None
+    ),
+) -> dict:
+    """Create an AWS resource.
+
+    Parameters:
+        resource_type: The AWS resource type (e.g., "AWS::S3::Bucket")
+        properties: A dictionary of properties for the resource
+        region: AWS region to use (e.g., "us-east-1", "us-west-2")
+
+    Returns:
+        Information about the created resource with a consistent structure:
+        {
+            "status": Status of the operation ("SUCCESS", "PENDING", "FAILED", etc.)
+            "resource_type": The AWS resource type
+            "identifier": The resource identifier
+            "is_complete": Boolean indicating whether the operation is complete
+            "status_message": Human-readable message describing the result
+            "request_token": A token that allows you to track long running operations via the get_request_status tool
+            "resource_info": Optional information about the resource properties
+        }
+    """
+    if not resource_type:
+        raise ClientError('Please provide a resource type (e.g., AWS::S3::Bucket)')
+
+    if not properties:
+        raise ClientError('Please provide the properties for the desired resource')
+
+    if Context.readonly_mode():
+        raise ClientError(
+            'You have configured this tool in readonly mode. To make this change you will have to update your configuration.'
+        )
+
+    cloudcontrol_client = get_aws_client('cloudcontrol', region)
+    try:
+        response = cloudcontrol_client.create_resource(
+            TypeName=resource_type, DesiredState=json.dumps(properties)
+        )
+    except Exception as e:
+        raise handle_aws_api_error(e)
+
+    return progress_event(response['ProgressEvent'])
+
+
+@mcp.tool()
+async def delete_resource(
+    resource_type: str = Field(
+        description='The AWS resource type (e.g., "AWS::S3::Bucket", "AWS::RDS::DBInstance")'
+    ),
+    identifier: str = Field(
+        description='The primary identifier of the resource to get (e.g., bucket name for S3 buckets)'
+    ),
+    region: str | None = Field(
+        description='The AWS region that the operation should be performed in', default=None
+    ),
+) -> dict:
+    """Delete an AWS resource.
+
+    Parameters:
+        resource_type: The AWS resource type (e.g., "AWS::S3::Bucket")
+        identifier: The primary identifier of the resource to delete (e.g., bucket name for S3 buckets)
+        region: AWS region to use (e.g., "us-east-1", "us-west-2")
+
+    Returns:
+        Information about the deletion operation with a consistent structure:
+        {
+            "status": Status of the operation ("SUCCESS", "PENDING", "FAILED", "NOT_FOUND", etc.)
+            "resource_type": The AWS resource type
+            "identifier": The resource identifier
+            "is_complete": Boolean indicating whether the operation is complete
+            "status_message": Human-readable message describing the result
+            "request_token": A token that allows you to track long running operations via the get_request_status tool
+        }
+    """
+    if not resource_type:
+        raise ClientError('Please provide a resource type (e.g., AWS::S3::Bucket)')
+
+    if not identifier:
+        raise ClientError('Please provide a resource identifier')
+
+    if Context.readonly_mode():
+        raise ClientError(
+            'You have configured this tool in readonly mode. To make this change you will have to update your configuration.'
+        )
+
+    cloudcontrol_client = get_aws_client('cloudcontrol', region)
+    try:
+        response = cloudcontrol_client.delete_resource(
+            TypeName=resource_type, Identifier=identifier
+        )
+    except Exception as e:
+        raise handle_aws_api_error(e)
+
+    return progress_event(response['ProgressEvent'])
+
+
+@mcp.tool()
+async def get_request_status(
+    request_token: str = Field(
+        description='The request_token returned from the long running operation'
+    ),
+    region: str | None = Field(
+        description='The AWS region that the operation should be performed in', default=None
+    ),
+) -> dict:
+    """Get the status of a long running operation with the request token.
+
+    Args:
+        request_token: The request_token returned from the long running operation
+        region: AWS region to use (e.g., "us-east-1", "us-west-2")
+
+    Returns:
+        Detailed information about the request status structured as
+        {
+            "status": Status of the operation ("SUCCESS", "PENDING", "FAILED", "NOT_FOUND", etc.)
+            "resource_type": The AWS resource type
+            "identifier": The resource identifier
+            "is_complete": Boolean indicating whether the operation is complete
+            "status_message": Human-readable message describing the result
+            "request_token": A token that allows you to track long running operations via the get_request_status tool
+            "error_code": A code associated with any errors if the request failed
+            "retry_after": A duration to wait before retrying the request
+        }
+    """
+    if not request_token:
+        raise ClientError('Please provide a request token to track the request')
+
+    cloudcontrol_client = get_aws_client('cloudcontrol', region)
+    try:
+        response = cloudcontrol_client.get_resource_request_status(
+            RequestToken=request_token,
+        )
+    except Exception as e:
+        raise handle_aws_api_error(e)
+
+    return progress_event(response['ProgressEvent'])
+
+
+def main():
+    """Run the MCP server with CLI argument support."""
+    parser = argparse.ArgumentParser(
+        description='An AWS Labs Model Context Protocol (MCP) server for doing common cloudformation tasks and for managing your resources in your AWS account'
+    )
+    parser.add_argument('--sse', action='store_true', help='Use SSE transport')
+    parser.add_argument('--port', type=int, default=8888, help='Port to run the server on')
+    parser.add_argument(
+        '--readonly',
+        action=argparse.BooleanOptionalAction,
+        help='Prevents the MCP server from performing mutating operations',
+    )
+
+    args = parser.parse_args()
+    Context.initialize(args.readonly)
+
+    # Run server with appropriate transport
+    if args.sse:
+        mcp.settings.port = args.port
+        mcp.run(transport='sse')
+    else:
+        mcp.run()
+
+
+if __name__ == '__main__':
+    main()

awslabs_cfn_mcp_server-0.0.1.dist-info/METADATA

@@ -0,0 +1,197 @@
+Metadata-Version: 2.4
+Name: awslabs.cfn-mcp-server
+Version: 0.0.1
+Summary: An AWS Labs Model Context Protocol (MCP) server for doing common cloudformation tasks and for managing your resources in your AWS account
+Project-URL: homepage, https://awslabs.github.io/mcp/
+Project-URL: docs, https://awslabs.github.io/mcp/servers/cfn-mcp-server/
+Project-URL: documentation, https://awslabs.github.io/mcp/servers/cfn-mcp-server/
+Project-URL: repository, https://github.com/awslabs/mcp.git
+Project-URL: changelog, https://github.com/awslabs/mcp/blob/main/src/cfn-mcp-server/CHANGELOG.md
+Author: Amazon Web Services
+Author-email: AWSLabs MCP <203918161+awslabs-mcp@users.noreply.github.com>, Karam Singh <karam.singh.vir@gmail.com>, Brian Terry <brianter@amazon.com>, Shardul Vaidya <cam.v737@gmail.com>
+License: Apache-2.0
+License-File: LICENSE
+License-File: NOTICE
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Requires-Python: >=3.10
+Requires-Dist: boto3>=1.34.0
+Requires-Dist: loguru>=0.7.0
+Requires-Dist: mcp[cli]>=1.6.0
+Requires-Dist: pydantic>=2.10.6
+Description-Content-Type: text/markdown
+
+# CloudFormation MCP Server
+
+Model Context Protocol (MCP) server that enables LLMs to directly create and manage over 1,100 AWS resources through natural language using AWS Cloud Control API with Infrastructure as Code best practices.
+
+## Features
+
+- **Resource Creation**: Uses a declarative approach to create any of 1,100+ AWS resources through Cloud Control API
+- **Resource Reading**: Reads all properties and attributes of specific AWS resources
+- **Resource Updates**: Uses a declarative approach to apply changes to existing AWS resources
+- **Resource Deletion**: Safely removes AWS resources with proper validation
+- **Resource Listing**: Enumerates all resources of a specified type across your AWS environment
+- **Schema Information**: Returns detailed CloudFormation schema for any resource to enable more effective operations
+- **Natural Language Interface**: Transform infrastructure-as-code from static authoring to dynamic conversations
+- **Partner Resource Support**: Works with both AWS-native and partner-defined resources
+
+## Prerequisites
+
+1. Configure AWS credentials:
+   - Via AWS CLI: `aws configure`
+   - Or set environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION)
+2. Ensure your IAM role or user has the necessary permissions (see [Security Considerations](#security-considerations))
+
+## Installation
+
+Here are some ways you can work with MCP across AWS, and we'll be adding support to more products including Amazon Q Developer CLI soon: (e.g. for Amazon Q Developer CLI MCP, `~/.aws/amazonq/mcp.json`):
+
+```json
+{
+  "mcpServers": {
+    "awslabs.cfn-mcp-server": {
+      "command": "uvx",
+      "args": [
+        "awslabs.aws-cfn-mcp-server@latest",
+        "--readonly" // Optional paramter if you would like to restrict the MCP to only read actions
+      ],
+      "env": {
+        "AWS_PROFILE": "your-named-profile",
+      },
+      "disabled": false,
+      "autoApprove": []
+    }
+  }
+}
+```
+
+or docker after a succesful `docker build -t awslabs/cfn-mcp-server .`:
+
+```file
+# ficticious `.env` file with AWS temporary credentials
+AWS_ACCESS_KEY_ID=ASIAIOSFODNN7EXAMPLE
+AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+AWS_SESSION_TOKEN=AQoEXAMPLEH4aoAH0gNCAPy...truncated...zrkuWJOgQs8IZZaIv2BXIa2R4Olgk
+```
+
+```json
+  {
+    "mcpServers": {
+      "awslabs.cfn-mcp-server": {
+        "command": "docker",
+        "args": [
+          "run",
+          "--rm",
+          "--interactive",
+          "--env-file",
+          "/full/path/to/file/above/.env",
+          "awslabs/cfn-mcp-server:latest",
+          "--readonly" // Optional paramter if you would like to restrict the MCP to only read actions
+        ],
+        "env": {},
+        "disabled": false,
+        "autoApprove": []
+      }
+    }
+  }
+```
+
+NOTE: Your credentials will need to be kept refreshed from your host
+
+## Tools
+
+### create_resource
+Creates an AWS resource using the AWS Cloud Control API with a declarative approach.
+**Example**: Create an S3 bucket with versioning and encryption enabled.
+
+### get_resource
+Gets details of a specific AWS resource using the AWS Cloud Control API.
+**Example**: Get the configuration of an EC2 instance.
+
+### update_resource
+Updates an AWS resource using the AWS Cloud Control API with a declarative approach.
+**Example**: Update an RDS instance's storage capacity.
+
+### delete_resource
+Deletes an AWS resource using the AWS Cloud Control API.
+**Example**: Remove an unused NAT gateway.
+
+### list_resources
+Lists AWS resources of a specified type using AWS Cloud Control API.
+**Example**: List all EC2 instances in a region.
+
+### get_resource_schema_information
+Get schema information for an AWS CloudFormation resource.
+**Example**: Get the schema for AWS::S3::Bucket to understand all available properties.
+
+### get_request_status
+Get the status of a mutation that was initiated by create/update/delete resource
+**Example**: Give me the status of the last request I made
+
+## Basic Usage
+
+Examples of how to use the AWS Infrastructure as Code MCP Server:
+
+- "Create a new S3 bucket with versioning and encryption enabled"
+- "List all EC2 instances in the production environment"
+- "Update the RDS instance to increase storage to 500GB"
+- "Delete unused NAT gateways in VPC-123"
+- "Set up a three-tier architecture with web, app, and database layers"
+- "Create a disaster recovery environment in us-east-1"
+- "Configure CloudWatch alarms for all production resources"
+- "Implement cross-region replication for critical S3 buckets"
+- "Show me the schema for AWS::Lambda::Function"
+
+## Resource Type support
+Resources which are supported by this MCP and the supported operations can be found here: https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/supported-resources.html
+
+## Security Considerations
+
+When using this MCP server, you should consider:
+
+- Ensuring proper IAM permissions are configured before use
+- Use AWS CloudTrail for additional security monitoring
+- Configure resource-specific permissions when possible instead of wildcard permissions
+- Consider using resource tagging for better governance and cost management
+- Review all changes made by the MCP server as part of your regular security reviews
+- If you would like to restrict the MCP to readonly operations, specify --readonly True in the startup arguments for the MCP
+
+### Required IAM Permissions
+
+Ensure your AWS credentials have the following minimum permissions:
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cloudcontrol:ListResources",
+                "cloudcontrol:GetResource",
+                "cloudcontrol:CreateResource",
+                "cloudcontrol:DeleteResource",
+                "cloudcontrol:UpdateResource"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+
+## Limitations
+
+- Operations are limited to resources supported by AWS Cloud Control API
+- Performance depends on the underlying AWS services' response times
+- Some complex resource relationships may require multiple operations
+- This MCP server can only manage resources in the AWS regions where Cloud Control API is available
+- Resource modification operations may be limited by service-specific constraints
+- Rate limiting may affect operations when managing many resources simultaneously
+- Some resource types might not support all operations (create, read, update, delete)

awslabs_cfn_mcp_server-0.0.1.dist-info/RECORD

@@ -0,0 +1,14 @@
+awslabs/__init__.py,sha256=47wJeKcStxEJwX7SVVV2pnAWYR8FxcaYoT3YTmZ5Plg,674
+awslabs/cfn_mcp_server/__init__.py,sha256=0iDzkNDzH_VHat2joZdYA_i2NeOiAWYlorKpKaW1vpE,611
+awslabs/cfn_mcp_server/aws_client.py,sha256=E7ekLizw0P6q9Pem40UDnhFTHKo5TMYmPeajuFDnMBY,2649
+awslabs/cfn_mcp_server/cloud_control_utils.py,sha256=wUDT-J9iEAOYnqZAG2vDtBsXUp0EUZ__jQzJ4RJ6AvM,2973
+awslabs/cfn_mcp_server/context.py,sha256=YpJZPjyzHW7df9O-lyj2j8yuenZI-yPxLuVuyvmnAnE,777
+awslabs/cfn_mcp_server/errors.py,sha256=rNHaKx9t3xJGLLypSxXO6ec8nl1h19e8_2yYMTmDP4g,4480
+awslabs/cfn_mcp_server/schema_manager.py,sha256=7dw2W2hgdn1ODRU5PrUmOG9_rvnKUhGD51q8Wz4Ksks,6775
+awslabs/cfn_mcp_server/server.py,sha256=y0ipXAv2TKIxYTaGQZDkU1nxb7y6bXN9BW-TkzFSzuU,14177
+awslabs_cfn_mcp_server-0.0.1.dist-info/METADATA,sha256=q3oLI4k5q_bNnJHwGmrxleB97Y_IBbxA9IGdZMdB_kk,7875
+awslabs_cfn_mcp_server-0.0.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+awslabs_cfn_mcp_server-0.0.1.dist-info/entry_points.txt,sha256=Hartc24s_fYgi3o2m2tBHahod0pqXYwpebQy2_tXL7s,78
+awslabs_cfn_mcp_server-0.0.1.dist-info/licenses/LICENSE,sha256=CeipvOyAZxBGUsFoaFqwkx54aPnIKEtm9a5u2uXxEws,10142
+awslabs_cfn_mcp_server-0.0.1.dist-info/licenses/NOTICE,sha256=bcw4NZAgn5eQZzrtuDiwOe23BRSm_JiRzn0gxBLDzlg,90
+awslabs_cfn_mcp_server-0.0.1.dist-info/RECORD,,

awslabs_cfn_mcp_server-0.0.1.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.27.0
+Root-Is-Purelib: true
+Tag: py3-none-any

awslabs_cfn_mcp_server-0.0.1.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+awslabs.cfn-mcp-server = awslabs.cfn_mcp_server.server:main

awslabs_cfn_mcp_server-0.0.1.dist-info/licenses/LICENSE

@@ -0,0 +1,175 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.

awslabs_cfn_mcp_server-0.0.1.dist-info/licenses/NOTICE

@@ -0,0 +1,2 @@
+awslabs.cfn-mcp-server
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.