AWS CodePipeline MCP Server
Tích hợp với AWS CodePipeline để quản lý các pipeline tích hợp liên tục và phân phối liên tục.
Tài liệu
AWS CodePipeline MCP Server
This is a Model Context Protocol (MCP) server that integrates with AWS CodePipeline, allowing you to manage your pipelines through Windsurf and Cascade. The server provides a standardized interface for interacting with AWS CodePipeline services.
Author: Cuong T Nguyen
Features
- List all pipelines
- Get pipeline state and detailed pipeline definitions
- List pipeline executions
- Approve or reject manual approval actions
- Retry failed stages
- Trigger pipeline executions
- View pipeline execution logs
- Stop pipeline executions
- Tag pipeline resources
- Create webhooks for automatic pipeline triggering
- Get pipeline performance metrics
Prerequisites
- Node.js (v14 or later)
- AWS account with CodePipeline access
- AWS credentials with permissions for CodePipeline and CloudWatch (read metrics)
- Windsurf IDE with Cascade AI assistant
Installation
- Clone this repository:
git clone https://github.com/cuongdev/mcp-codepipeline-server.git
cd mcp-codepipeline-server
- Install dependencies:
npm install
- Create a
.envfile based on the.env.exampletemplate:
cp .env.example .env
- Update the
.envfile with your AWS configuration (see.env.example):
AWS_REGION=us-east-1
AWS_PROFILE=your-aws-profile
Note: For security, never commit your
.envfile to version control.
AWS authentication
You do not need long-lived access keys in .env. Pick one approach:
| Approach | Configuration |
|---|---|
| AWS profile (recommended for local dev) | AWS_PROFILE=my-profile — uses ~/.aws/credentials / ~/.aws/config |
| AWS SSO | aws configure sso then aws sso login --profile my-sso and set AWS_PROFILE=my-sso |
| Static keys | Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (and AWS_SESSION_TOKEN for temporary creds) |
| IAM role | Run on EC2/ECS/Lambda/EKS with an attached role; set only AWS_REGION |
If access keys are omitted, the AWS SDK uses its default credential provider chain.
Creating an AWS profile
A profile is a named entry in ~/.aws/credentials and ~/.aws/config. Set AWS_PROFILE to that name in .env or MCP config.
Option A: Access keys (IAM user)
Requires AWS CLI.
aws configure --profile codepipeline-dev
You will be prompted for:
| Prompt | Example |
|---|---|
| AWS Access Key ID | AKIA... |
| AWS Secret Access Key | (secret) |
| Default region name | us-east-1 |
| Default output format | json |
Then in .env:
AWS_REGION=us-east-1
AWS_PROFILE=codepipeline-dev
Option B: AWS SSO (IAM Identity Center)
aws configure sso --profile codepipeline-sso
Follow the prompts (SSO start URL, SSO region, account, role). Then log in before starting the MCP server:
aws sso login --profile codepipeline-sso
In .env:
AWS_REGION=us-east-1
AWS_PROFILE=codepipeline-sso
SSO sessions expire; run aws sso login again when you see credential errors.
Verify the profile
aws sts get-caller-identity --profile codepipeline-dev
aws codepipeline list-pipelines --region us-east-1 --profile codepipeline-dev
If both commands succeed, the MCP server can use the same AWS_PROFILE and AWS_REGION.
Files created (reference)
~/.aws/credentials:
[codepipeline-dev]
aws_access_key_id = AKIA...
aws_secret_access_key = ...
~/.aws/config:
[profile codepipeline-dev]
region = us-east-1
output = json
Usage
Build the project
npm run build
Start the server
npm start
For development with auto-restart:
npm run dev
Integration with Windsurf
This MCP server is designed to work with Windsurf, allowing Cascade to interact with AWS CodePipeline through natural language requests.
Setup Steps
- Make sure the server is running:
npm start
- Add the server configuration to your Windsurf MCP config file at
~/.codeium/windsurf/mcp_config.json:
{
"mcpServers": {
"codepipeline": {
"command": "npx",
"args": [
"-y",
"path/to/mcp-codepipeline-server/dist/index.js"
],
"env": {
"AWS_REGION": "us-east-1",
"AWS_PROFILE": "your-aws-profile"
}
}
}
}
- Create the directory if it doesn't exist:
mkdir -p ~/.codeium/windsurf
touch ~/.codeium/windsurf/mcp_config.json
- Restart Windsurf to load the new MCP server configuration
Using with Cascade
Once configured, you can interact with AWS CodePipeline using natural language in Windsurf. For example:
- "List all my CodePipeline pipelines"
- "Show me the current state of my 'production-deploy' pipeline"
- "Trigger the 'test-build' pipeline"
- "Get metrics for my 'data-processing' pipeline"
- "Create a webhook for my 'frontend-deploy' pipeline"
Cascade will translate these requests into the appropriate MCP tool calls.
MCP Tools
Core Pipeline Management
| Tool Name | Description | Parameters |
|---|---|---|
list_pipelines | List all CodePipeline pipelines | None |
get_pipeline_state | Get the state of a specific pipeline | pipelineName: Name of the pipeline |
list_pipeline_executions | List executions for a specific pipeline | pipelineName: Name of the pipeline |
trigger_pipeline | Trigger a pipeline execution | pipelineName: Name of the pipeline |
stop_pipeline_execution | Stop a pipeline execution | pipelineName: Name of the pipelineexecutionId: Execution IDreason: Optional reason for stopping |
Pipeline Details and Metrics
| Tool Name | Description | Parameters |
|---|---|---|
get_pipeline_details | Get the full definition of a pipeline | pipelineName: Name of the pipeline |
get_pipeline_execution_logs | Get logs for a pipeline execution | pipelineName: Name of the pipelineexecutionId: Execution ID |
get_pipeline_metrics | Get performance metrics for a pipeline | pipelineName: Name of the pipelineperiod: Optional metric period in secondsstartTime: Optional start time for metricsendTime: Optional end time for metrics |
Pipeline Actions and Integrations
| Tool Name | Description | Parameters |
|---|---|---|
approve_action | Approve or reject a manual approval action | pipelineName: Name of the pipelinestageName: Name of the stageactionName: Name of the actiontoken: Approval tokenapproved: Boolean indicating approval or rejectioncomments: Optional comments |
retry_stage | Retry a failed stage | pipelineName: Name of the pipelinestageName: Name of the stagepipelineExecutionId: Execution ID |
tag_pipeline_resource | Add or update tags for a pipeline resource | pipelineName: Name of the pipelinetags: Array of key-value pairs for tagging |
create_pipeline_webhook | Create a webhook for a pipeline | pipelineName: Name of the pipelinewebhookName: Name for the webhooktargetAction: Target action for the webhookauthentication: Authentication typeauthenticationConfiguration: Optional auth configfilters: Optional event filters |
Troubleshooting
Common Issues
-
Connection refused error:
- Ensure the server is running on the specified port
- Check if the port is blocked by a firewall
-
AWS credential errors:
- For profiles/SSO: run
aws sso login --profile YOUR_PROFILEif needed, then setAWS_PROFILE - For static keys: verify
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEYin.envor MCPenv - Ensure the principal has CodePipeline (and CloudWatch for metrics) permissions
- Check server startup logs for
AWS credentials: default provider chainvsstatic keys
- For profiles/SSO: run
-
Windsurf not detecting the MCP server:
- Check the
mcp_config.jsonfile format - Ensure the server URL is correct
- Restart Windsurf after making changes
- Check the
Logs
The server logs information to the console. Check these logs for troubleshooting:
# Run with more verbose logging
DEBUG=* npm start
Examples
Creating a Webhook for GitHub Integration
{
"pipelineName": "my-pipeline",
"webhookName": "github-webhook",
"targetAction": "Source",
"authentication": "GITHUB_HMAC",
"authenticationConfiguration": {
"SecretToken": "my-secret-token"
},
"filters": [
{
"jsonPath": "$.ref",
"matchEquals": "refs/heads/main"
}
]
}
Getting Pipeline Metrics
{
"pipelineName": "my-pipeline",
"period": 86400,
"startTime": "2025-03-10T00:00:00Z",
"endTime": "2025-03-17T23:59:59Z"
}
License
ISC