awslabs.eks-mcp-server 0.1.1__py3-none-any.whl → 0.1.3__py3-none-any.whl

{awslabs_eks_mcp_server-0.1.1.dist-info → awslabs_eks_mcp_server-0.1.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: awslabs.eks-mcp-server
-Version: 0.1.1
+Version: 0.1.3
 Summary: An AWS Labs Model Context Protocol (MCP) server for EKS
 Project-URL: homepage, https://awslabs.github.io/mcp/
 Project-URL: docs, https://awslabs.github.io/mcp/servers/eks-mcp-server/
@@ -89,30 +89,36 @@ For read operations, the following permissions are required:
 
 ### Write Operations Policy
 
-For write operations, the following permissions are required:
-
-```
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "cloudformation:CreateStack",
-        "cloudformation:UpdateStack",
-        "cloudformation:DeleteStack",
-        "iam:PutRolePolicy"
-      ],
-      "Resource": "*",
-      "Condition": {
-        "StringEquals": {
-          "aws:RequestTag/CreatedBy": "EksMcpServer"
-        }
+For write operations, we recommend the following IAM policies to ensure successful deployment of EKS clusters using the CloudFormation template in `/awslabs/eks_mcp_server/templates/eks-templates/eks-with-vpc.yaml`:
+
+* [**IAMFullAccess**](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/IAMFullAccess.html): Enables creation and management of IAM roles and policies required for cluster operation
+* [**AmazonVPCFullAccess**](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonVPCFullAccess.html): Allows creation and configuration of VPC resources including subnets, route tables, internet gateways, and NAT gateways
+* [**AWSCloudFormationFullAccess**](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSCloudFormationFullAccess.html): Provides permissions to create, update, and delete CloudFormation stacks that orchestrate the deployment
+* **EKS Full Access (provided below)**: Required for creating and managing EKS clusters, including control plane configuration, node groups, and add-ons
+   ```
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": "eks:*",
+        "Resource": "*"
       }
-    }
-  ]
-}
-```
+    ]
+  }
+   ```
+
+
+**Important Security Note**: Users should exercise caution when `--allow-write` and `--allow-sensitive-data-access` modes are enabled with these broad permissions, as this combination grants significant privileges to the MCP server. Only enable these flags when necessary and in trusted environments. For production use, consider creating more restrictive custom policies.
+
+### Kubernetes API Access Requirements
+
+All Kubernetes API operations will only work when one of the following conditions is met:
+
+1. The user's principal (IAM role/user) actually created the EKS cluster being accessed
+2. An EKS Access Entry has been configured for the user's principal
+
+If you encounter authorization errors when using Kubernetes API operations, verify that an access entry has been properly configured for your principal.
 
 ## Quickstart
 
@@ -124,6 +130,30 @@ This quickstart guide walks you through the steps to configure the Amazon EKS MC
 2. Click the gear icon (⚙️) in the top right to open the settings panel, click **MCP**, **Add new global MCP server**.
 3. Paste your MCP server definition. For example, this example shows how to configure the EKS MCP Server, including enabling mutating actions by adding the `--allow-write` flag to the server arguments:
 
+   **For Mac/Linux:**
+
+	```
+	{
+	  "mcpServers": {
+	    "awslabs.eks-mcp-server": {
+	      "autoApprove": [],
+	      "disabled": false,
+	      "command": "uvx",
+	      "args": [
+	        "awslabs.eks-mcp-server@latest",
+	        "--allow-write"
+	      ],
+	      "env": {
+	        "FASTMCP_LOG_LEVEL": "ERROR"
+	      },
+	      "transportType": "stdio"
+	    }
+	  }
+	}
+	```
+
+   **For Windows:**
+
 	```
 	{
 	  "mcpServers": {
@@ -132,7 +162,9 @@ This quickstart guide walks you through the steps to configure the Amazon EKS MC
 	      "disabled": false,
 	      "command": "uvx",
 	      "args": [
+	        "--from",
 	        "awslabs.eks-mcp-server@latest",
+	        "awslabs.eks-mcp-server.exe",
 	        "--allow-write"
 	      ],
 	      "env": {
@@ -153,6 +185,8 @@ This quickstart guide walks you through the steps to configure the Amazon EKS MC
 1. Install the [Amazon Q Developer CLI](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/command-line-installing.html) .
 2. The Q Developer CLI supports MCP servers for tools and prompts out-of-the-box. Edit your Q developer CLI's MCP configuration file named mcp.json following [these instructions](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/command-line-mcp-configuration.html). For example:
 
+   **For Mac/Linux:**
+
 	```
 	{
 	  "mcpServers": {
@@ -169,6 +203,24 @@ This quickstart guide walks you through the steps to configure the Amazon EKS MC
 	}
 	```
 
+   **For Windows:**
+
+	```
+	{
+	  "mcpServers": {
+	    "awslabs.eks-mcp-server": {
+	      "command": "uvx",
+	      "args": ["--from", "awslabs.eks-mcp-server@latest", "awslabs.eks-mcp-server.exe"],
+	      "env": {
+	        "FASTMCP_LOG_LEVEL": "ERROR"
+	      },
+	      "autoApprove": [],
+	      "disabled": false
+	    }
+	  }
+	}
+	```
+
 3. Verify your setup by running the `/tools` command in the Q Developer CLI to see the available EKS MCP tools.
 
 Note that this is a basic quickstart. You can enable additional capabilities, such as [running MCP servers in containers](https://github.com/awslabs/mcp?tab=readme-ov-file#running-mcp-servers-in-containers) or combining more MCP servers like the [AWS Documentation MCP Server](https://awslabs.github.io/mcp/servers/aws-documentation-mcp-server/) into a single MCP server definition. To view an example, see the [Installation and Setup](https://github.com/awslabs/mcp?tab=readme-ov-file#installation-and-setup) guide in AWS MCP Servers on GitHub. To view a real-world implementation with application code in context with an MCP server, see the [Server Developer](https://modelcontextprotocol.io/quickstart/server) guide in Anthropic documentation.
@@ -179,13 +231,36 @@ Note that this is a basic quickstart. You can enable additional capabilities, su
 
 The `args` field in the MCP server definition specifies the command-line arguments passed to the server when it starts. These arguments control how the server is executed and configured. For example:
 
+**For Mac/Linux:**
+```
+{
+  "mcpServers": {
+    "awslabs.eks-mcp-server": {
+      "command": "uvx",
+      "args": [
+        "awslabs.eks-mcp-server@latest",
+        "--allow-write",
+        "--allow-sensitive-data-access"
+      ],
+      "env": {
+        "AWS_PROFILE": "your-profile",
+        "AWS_REGION": "us-east-1"
+      }
+    }
+  }
+}
+```
+
+**For Windows:**
 ```
 {
   "mcpServers": {
     "awslabs.eks-mcp-server": {
       "command": "uvx",
       "args": [
+        "--from",
         "awslabs.eks-mcp-server@latest",
+        "awslabs.eks-mcp-server.exe",
         "--allow-write",
         "--allow-sensitive-data-access"
       ],
@@ -198,11 +273,17 @@ The `args` field in the MCP server definition specifies the command-line argumen
 }
 ```
 
-#### `awslabs.eks-mcp-server@latest` (required)
+#### Command Format
+
+The command format differs between operating systems:
 
-Specifies the latest package/version specifier for the MCP client config.
+**For Mac/Linux:**
+* `awslabs.eks-mcp-server@latest` - Specifies the latest package/version specifier for the MCP client config.
 
-* Enables MCP server startup and tool registration.
+**For Windows:**
+* `--from awslabs.eks-mcp-server@latest awslabs.eks-mcp-server.exe` - Windows requires the `--from` flag to specify the package and the `.exe` extension.
+
+Both formats enable MCP server startup and tool registration.
 
 #### `--allow-write` (optional)
 
@@ -396,24 +477,45 @@ Features:
 Parameters:
 
 * cluster_name, log_type (application, host, performance, control-plane, custom), resource_type (pod, node, container, cluster),
-resource_name, minutes (optional), start_time (optional), end_time (optional), limit (optional), filter_pattern (optional), fields (optional)
+resource_name (optional), minutes (optional), start_time (optional), end_time (optional), limit (optional), filter_pattern (optional), fields (optional)
 
 #### `get_cloudwatch_metrics`
 
-Retrieves metrics from CloudWatch for a specific EKS cluster resource.
+Retrieves metrics from CloudWatch for Kubernetes resources.
 
 Features:
 
-* Fetches metrics based on resource type (pod, node, container, cluster), resource name, and metric name.
-* Allows specification of CloudWatch namespace, Kubernetes namespace, and time range.
+* Fetches metrics based on metric name and dimensions.
+* Allows specification of CloudWatch namespace and time range.
 * Configurable period, statistic (Average, Sum, etc.), and limit for data points.
 * Supports providing custom dimensions for fine-grained metric querying.
 
 Parameters:
 
-* cluster_name, metric_name, resource_type (pod, node, container, cluster), resource_name, namespace (optional), k8s_namespace
-(optional), minutes (optional), start_time (optional), end_time (optional), limit (optional), stat (optional), period (optional), custom_dimensions
- (optional)
+* cluster_name, metric_name, namespace, dimensions, minutes (optional), start_time (optional), end_time (optional), limit (optional), stat (optional), period (optional)
+
+#### `get_eks_metrics_guidance`
+
+Provides guidance on available CloudWatch metrics for different resource types in EKS clusters.
+
+Features:
+
+* Returns a list of available Container Insights metrics for the specified resource type, including metric names, dimensions, and descriptions.
+* Helps determine the correct dimensions to use with the `get_cloudwatch_metrics` tool.
+* Supports the following resource types:
+  * `cluster`: Metrics for EKS clusters (e.g., cluster_node_count, cluster_failed_node_count)
+  * `node`: Metrics for EKS nodes (e.g., node_cpu_utilization, node_memory_utilization, node_network_total_bytes)
+  * `pod`: Metrics for Kubernetes pods (e.g., pod_cpu_utilization, pod_memory_utilization, pod_network_rx_bytes)
+  * `namespace`: Metrics for Kubernetes namespaces (e.g., namespace_number_of_running_pods)
+  * `service`: Metrics for Kubernetes services (e.g., service_number_of_running_pods)
+
+Parameters:
+
+* resource_type
+
+Implementation:
+
+The data in `/awslabs/eks_mcp_server/data/eks_cloudwatch_metrics_guidance.json` is generated by a Python script (`/awslabs/eks_mcp_server/scripts/update_eks_cloudwatch_metrics_guidance.py`) that scrapes the [Container Insights metrics table](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-metrics-EKS.html) from AWS documentation. Running the script requires installing BeautifulSoup (used for parsing HTML content) with uv: `uv pip install bs4`.
 
 ### IAM Integration
 
@@ -500,6 +602,7 @@ The EKS MCP Server can be used for production environments with proper security
 
 An array within the MCP server definition that lists tool names to be automatically approved by the EKS MCP Server client, bypassing user confirmation for those specific tools. For example:
 
+**For Mac/Linux:**
 ```
 {
   "mcpServers": {
@@ -530,6 +633,39 @@ An array within the MCP server definition that lists tool names to be automatica
 }
 ```
 
+**For Windows:**
+```
+{
+  "mcpServers": {
+    "awslabs.eks-mcp-server": {
+      "command": "uvx",
+      "args": [
+        "--from",
+        "awslabs.eks-mcp-server@latest",
+        "awslabs.eks-mcp-server.exe"
+      ],
+      "env": {
+        "AWS_PROFILE": "eks-mcp-readonly-profile",
+        "AWS_REGION": "us-east-1",
+        "FASTMCP_LOG_LEVEL": "INFO"
+      },
+      "autoApprove": [
+        "manage_eks_stacks",
+        "manage_k8s_resource",
+        "list_k8s_resources",
+        "get_pod_logs",
+        "get_k8s_events",
+        "get_cloudwatch_logs",
+        "get_cloudwatch_metrics",
+        "get_policies_for_role",
+        "search_eks_troubleshoot_guide",
+        "list_api_versions"
+      ]
+    }
+  }
+}
+```
+
 ### IAM Permissions Management
 
 When the `--allow-write` flag is enabled, the EKS MCP Server can create missing IAM permissions for EKS resources through the `add_inline_policy` tool. This tool enables the following:

awslabs_eks_mcp_server-0.1.3.dist-info/RECORD

@@ -0,0 +1,26 @@
+awslabs/__init__.py,sha256=WuqxdDgUZylWNmVoPKiK7qGsTB_G4UmuXIrJ-VBwDew,731
+awslabs/eks_mcp_server/__init__.py,sha256=ghJqbcPKp3-jM8LmEQzU_KRSbVm6yKQFg7C0ZwxAdeA,668
+awslabs/eks_mcp_server/aws_helper.py,sha256=uiH-CSJPo_L903EzmV8HZB6xg_F4Jm_-BmJk_3AAH4g,2850
+awslabs/eks_mcp_server/cloudwatch_handler.py,sha256=k3GsORIFswOknxYM0reCBsCHXn--gSwl7WVtxkUTyzg,28853
+awslabs/eks_mcp_server/cloudwatch_metrics_guidance_handler.py,sha256=b0fFMvsGX98HKK4kVFI1YbhZqZC623lZ6TNXs3EiRSI,5283
+awslabs/eks_mcp_server/consts.py,sha256=XBat-KcMckueQQpDeLkD_Nv_9G9kX0_d48sMEHtZ5HQ,1380
+awslabs/eks_mcp_server/eks_kb_handler.py,sha256=5UvzCub7BVZsl9eTXEw3BeyTiqmj6Bcr4mT2yTF0cXE,3546
+awslabs/eks_mcp_server/eks_stack_handler.py,sha256=gbZizqaumsAz5x-fLM-VJlmUCzTp7TwtbOGn8u6_omc,29721
+awslabs/eks_mcp_server/iam_handler.py,sha256=t2QIJVP61lAVTiTB9VCko9RDXjAtz8nuXr_MRdKG9pw,14586
+awslabs/eks_mcp_server/k8s_apis.py,sha256=YRx29w-7n3LX3DsniPgULuxNx_6Mkw-Jzh-PGetZDag,20448
+awslabs/eks_mcp_server/k8s_client_cache.py,sha256=Nh8V6IXvWltQwiBhFk8KgDUggmf9dqQ-sR3kENBnecM,5871
+awslabs/eks_mcp_server/k8s_handler.py,sha256=vA08ONRDky7S5hINif8hxe_Y1KAArQDzOao1YLf4Uck,49447
+awslabs/eks_mcp_server/logging_helper.py,sha256=hr8xZhAZOKyR7dkwc7bhqkDVuSDI3BRK3-UzllQkWgE,1854
+awslabs/eks_mcp_server/models.py,sha256=UtMmZaRJNjV8I9A8jCD9vzU66tXYOLna8RzaMNQPddE,11930
+awslabs/eks_mcp_server/server.py,sha256=UHKhCEgR7D5pXpH1xnpMyOfRLZ9o9d327n5c311erGI,6704
+awslabs/eks_mcp_server/data/eks_cloudwatch_metrics_guidance.json,sha256=a4tzVdwpF_0kZGwOJCDEQskScp5rjRU89M7ONp3HpdA,9304
+awslabs/eks_mcp_server/scripts/update_eks_cloudwatch_metrics_guidance.py,sha256=Y1OvU85wc3WIviUbabbGCCO-DvJwtP2UU9ABuEMSNyY,10099
+awslabs/eks_mcp_server/templates/eks-templates/eks-with-vpc.yaml,sha256=_Lxk2MEXNA7N0-kvXckxwBamDEagjGvC6-Z5uxhVO5s,10774
+awslabs/eks_mcp_server/templates/k8s-templates/deployment.yaml,sha256=J2efYFISlT3sTvf8_BJV3p0_m51cltqiRhXdBXb9YJs,2343
+awslabs/eks_mcp_server/templates/k8s-templates/service.yaml,sha256=DA0Db_5yjUZmnnYy5Bljcv3hj7D6YvFFWFRB6GiIstY,414
+awslabs_eks_mcp_server-0.1.3.dist-info/METADATA,sha256=Tvrfj5dp0sXJiaTwSh8FcV2bdv_lvayYEojCGtwS7hY,29163
+awslabs_eks_mcp_server-0.1.3.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+awslabs_eks_mcp_server-0.1.3.dist-info/entry_points.txt,sha256=VydotfOJYck8o4TPsaF6Pjmc8Bp_doacYXSE_71qH4c,78
+awslabs_eks_mcp_server-0.1.3.dist-info/licenses/LICENSE,sha256=CeipvOyAZxBGUsFoaFqwkx54aPnIKEtm9a5u2uXxEws,10142
+awslabs_eks_mcp_server-0.1.3.dist-info/licenses/NOTICE,sha256=gnCtD34qTDnb2Lykm9kNFYkqZIvqJHGuq1ZJBkl6EgE,90
+awslabs_eks_mcp_server-0.1.3.dist-info/RECORD,,

awslabs_eks_mcp_server-0.1.1.dist-info/RECORD

@@ -1,23 +0,0 @@
-awslabs/__init__.py,sha256=47wJeKcStxEJwX7SVVV2pnAWYR8FxcaYoT3YTmZ5Plg,674
-awslabs/eks_mcp_server/__init__.py,sha256=ClxsTrvClkBctqdiivFNI1oYee4M8mHm0E2jlQxmw_Y,611
-awslabs/eks_mcp_server/aws_helper.py,sha256=Ozn0xl5Qup7vQ2HEcIsMJSXZOv74eHA5yeiptKuZVhM,2733
-awslabs/eks_mcp_server/cloudwatch_handler.py,sha256=ZwWsym2zn4a9ounIXVrB4Xsw9I4TbzkHk5a9eotO-so,28874
-awslabs/eks_mcp_server/consts.py,sha256=tYxCxyDQy_Y1W__U6BeyBsB0Rcz3cTj-meWdJtIzPeE,1323
-awslabs/eks_mcp_server/eks_kb_handler.py,sha256=h5xEo_-X_lMt7ifZmfJm9PiEOkR_85j5BsS5ivskv88,3489
-awslabs/eks_mcp_server/eks_stack_handler.py,sha256=hjl5S3T-9iIIS8-Zkm-IIxLeAr3XeGlwTtTfQaDWEJk,28345
-awslabs/eks_mcp_server/iam_handler.py,sha256=hRF_YUwjHP-QAQkJOoutjsvTJungBCY0ouMAznXdPug,14266
-awslabs/eks_mcp_server/k8s_apis.py,sha256=VoF9KCD_eEUqqY2bcd2-hTXm02DVAHOTtKwMOEpPdzc,20170
-awslabs/eks_mcp_server/k8s_client_cache.py,sha256=KFlDt6_tq1PjhGhOy1Q4EOMyK0NkPu6xKzZf4ciGFvI,5814
-awslabs/eks_mcp_server/k8s_handler.py,sha256=Sa3-UwDFa8iELlMpRkM21UpoTvjwpRwfnVmv3LHMESo,47641
-awslabs/eks_mcp_server/logging_helper.py,sha256=p_7SbWclTIVQNcQvPf5jP7OSFEJNOFbSq9b1U4v6Cxw,1797
-awslabs/eks_mcp_server/models.py,sha256=YlTuQeweBlqt0aBPfK27_OFWhq4XFD023BBjbTPJWnY,11575
-awslabs/eks_mcp_server/server.py,sha256=PDoyTTkhYs_Saqp4uo1M-4jVT6H7ZWvw7MTLIIl7P_E,6247
-awslabs/eks_mcp_server/templates/eks-templates/eks-with-vpc.yaml,sha256=_Lxk2MEXNA7N0-kvXckxwBamDEagjGvC6-Z5uxhVO5s,10774
-awslabs/eks_mcp_server/templates/k8s-templates/deployment.yaml,sha256=J2efYFISlT3sTvf8_BJV3p0_m51cltqiRhXdBXb9YJs,2343
-awslabs/eks_mcp_server/templates/k8s-templates/service.yaml,sha256=DA0Db_5yjUZmnnYy5Bljcv3hj7D6YvFFWFRB6GiIstY,414
-awslabs_eks_mcp_server-0.1.1.dist-info/METADATA,sha256=l7ux4WDJae7sZx4ZOMR6hmpdETdGkgcA0Q1C-tJZllo,24126
-awslabs_eks_mcp_server-0.1.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-awslabs_eks_mcp_server-0.1.1.dist-info/entry_points.txt,sha256=VydotfOJYck8o4TPsaF6Pjmc8Bp_doacYXSE_71qH4c,78
-awslabs_eks_mcp_server-0.1.1.dist-info/licenses/LICENSE,sha256=CeipvOyAZxBGUsFoaFqwkx54aPnIKEtm9a5u2uXxEws,10142
-awslabs_eks_mcp_server-0.1.1.dist-info/licenses/NOTICE,sha256=gnCtD34qTDnb2Lykm9kNFYkqZIvqJHGuq1ZJBkl6EgE,90
-awslabs_eks_mcp_server-0.1.1.dist-info/RECORD,,