- Overview
- Prerequisites
- Deployment Steps
- Deployment Validation
- Running the Guidance
- Next Steps
- Cleanup
- FAQ, known issues, additional considerations, and limitations
- Revisions
- Notices
This guidance demonstrates how to deploy Model Context Protocol (MCP) servers on AWS with secure authentication using Amazon Cognito. It enables you to host MCP servers that can be accessed remotely while maintaining security through OAuth 2.0 authentication flows.
The solution addresses several key challenges:
- Secure hosting of MCP servers on AWS infrastructure
- Authentication and authorization using AWS Cognito
- Remote access to MCP servers through secure endpoints
- Scalable and maintainable deployment using AWS CDK
The architecture implements:
- CloudFront distribution for global content delivery
- Application Load Balancer for traffic distribution
- ECS Fargate for containerized MCP servers
- AWS Cognito for user authentication
- AWS WAF for security
- DynamoDB for token storage
You are responsible for the cost of the AWS services used while running this Guidance. As of May 2025, the cost for running this Guidance with the default settings in the US East (N. Virginia) Region is approximately $189.97 per month for processing moderate traffic levels.
We recommend creating a Budget through AWS Cost Explorer to help manage costs. Prices are subject to change. For full details, refer to the pricing webpage for each AWS service used in this Guidance.
The following table provides a sample cost breakdown for deploying this Guidance with the default parameters in the US East (N. Virginia) Region for one month.
| AWS service | Dimensions | Cost [USD] |
|---|---|---|
| VPC (NAT Gateway) | 1 NAT Gateway Ă— 730 hours + 100 GB data processing | $32.85 |
| Elastic Load Balancing | Application Load Balancer with moderate traffic | $18.62 |
| Amazon Cognito | 10,500 MAUs (500 above free tier) | $7.50 |
| CloudFront | 2 TB data transfer + 15M requests | $85.00 |
| WAF | 2 Web ACLs (CloudFront and Regional) | $10.00 |
| DynamoDB | Token storage with on-demand capacity | $5.40 |
| ECS (Fargate) | 1 vCPU, 2GB memory Ă— 730 hours | $30.00 |
| Secrets Manager | 1 secret for Cognito credentials | $0.40 |
| Lambda | Custom resources (minimal usage) | $0.20 |
| Total | $189.97/month |
These deployment instructions are optimized to work on Amazon Linux 2 AMI. Deployment in another OS may require additional steps.
- AWS account with administrative access
- Enabled services:
- Amazon Cognito
- Amazon ECS
- AWS CloudFront
- Amazon DynamoDB
- AWS WAF
- AWS Secrets Manager
If you're using AWS CDK for the first time, bootstrap your account:
cdk bootstrap-
Clone the repository:
git clone <repository-url> cd guidance-for-remote-mcp-servers-on-aws cd source
-
Install dependencies:
npm install
-
Deploy the stacks:
cdk deploy --all
-
(Optional) Configure custom domain:
cdk deploy --all --context certificateArn=arn:aws:acm:... --context customDomain=mcp-server.example.com
-
Verify CloudFormation stack status:
- Open AWS CloudFormation console
- Check that all stacks show "CREATE_COMPLETE"
-
Validate Cognito setup:
- Open Amazon Cognito console
- Verify User Pool creation
- Confirm App Client configuration
-
Verify infrastructure:
- CloudFront distribution is "Deployed"
- Application Load Balancer is "Active"
- ECS services are running
For development and testing environments only, you can quickly create and manage users with AWS CLI:
# Create test user
aws cognito-idp admin-create-user --user-pool-id YOUR_USER_POOL_ID --username [email protected]
# Set permanent password (bypass temporary)
aws cognito-idp admin-set-user-password --user-pool-id YOUR_USER_POOL_ID --username [email protected] --password "TestPass123!" --permanent
The mcp-remote utility enables MCP clients that only support local (stdio) servers to connect to remote MCP servers with authentication support. While this tool is considered experimental, it provides a crucial bridge for testing and development.
Most MCP servers are currently installed locally using stdio transport, which offers benefits like implicit trust between client and server, secure handling of API keys via environment variables, and simplified installation through tools like npx and uvx.
However, web-based deployment offers significant advantages for development and maintenance:
- Easier bug fixing and feature iteration through centralized updates
- No need to run code on users' machines
- Simplified distribution and version management
While the MCP Authorization specification now provides a secure way to share MCP servers remotely, many popular MCP clients are still stdio-only or lack support for OAuth flows. The mcp-remote utility bridges this gap until clients implement native support for remote, authorized servers.
Note: mcp-remote is just one way to test this implementation. Our Dynamic Client Registration (DCR) implementation is only registering a single redirect URI per client. If you encounter an error related to this, you can always clear the
~/.mcp-authdirectory to redo this process.
-
Install mcp-remote:
npm install -g mcp-remote
-
Create configuration (e.g.,
config.json):{ "mcpServers": { "weather-sse-python": { "command": "npx", "args": [ "mcp-remote@latest", "https://<your-cloudfront-endpoint>/weather-python/sse" ] }, "weather-streamable-nodejs": { "command": "npx", "args": [ "mcp-remote@latest", "https://<your-cloudfront-endpoint>/weather-nodejs/mcp" ] }, "weather-streamable-nodejs-lambda": { "command": "npx", "args": [ "mcp-remote@latest", "https://<your-cloudfront-endpoint>/weather-nodejs-lambda/mcp" ] } } } -
Test the connection:
npx mcp-remote@latest https://<your-cloudfront-endpoint>/weather-python/sse
-
Implement additional MCP servers:
- Add new server containers to ECS
- Configure OAuth flows for new servers
- Update mcp-remote configuration
-
Optimize costs:
- Monitor usage patterns
- Consider reserved capacity for steady workloads
- Implement caching strategies
-
Enhance security:
- Enable MFA in Cognito
- Implement additional WAF rules
- Set up monitoring and alerting
-
Remove deployed resources:
cdk destroy --all
-
Manual cleanup steps:
- Empty any created S3 buckets
- Delete Cognito User Pool (if not needed)
- Remove CloudWatch log groups
- Delete any created secrets in Secrets Manager
- Token refresh may require re-authentication in some cases
- CloudFront cache invalidation may take up to 5 minutes
- Initial cold start delay for Fargate containers
- Public endpoints are created for OAuth flows
- CloudFront distributions may take 15-20 minutes to deploy
- DynamoDB tables use on-demand capacity by default
For detailed information, refer to these additional documentation files:
- Monthly Cost Estimate Report
- Basic OAuth Flow
- Detailed OAuth Flow
- AWS Architecture
- Token Binding & Validation
- Region availability depends on AWS Cognito support
- Custom domains require ACM certificates in us-east-1
- Some MCP clients may not support remote connections
For any feedback, questions, or suggestions, please use the issues tab under this repo.
- Initial release
- Basic OAuth flow implementation
- Support for weather sample servers
Customers are responsible for making their own independent assessment of the information in this Guidance. This Guidance: (a) is for informational purposes only, (b) represents AWS current product offerings and practices, which are subject to change without notice, and (c) does not create any commitments or assurances from AWS and its affiliates, suppliers or licensors. AWS products or services are provided "as is" without warranties, representations, or conditions of any kind, whether express or implied. AWS responsibilities and liabilities to its customers are controlled by AWS agreements, and this Guidance is not part of, nor does it modify, any agreement between AWS and its customers.
