Skip to content

Commit bf4b33a

Browse files
zxkanezxkane
committed
feat: Update AWS KB retrieval server with improved credential handling
The commit message captures the key changes made to the AWS Knowledge Base retrieval server: 1. Enhanced credential handling by supporting multiple authentication methods: - Explicit AWS access key and secret key - AWS profile credentials - AWS provider chain (e.g., EC2 IAM roles) 2. Added more robust error logging for credential loading 3. Configured longer timeouts for network requests 4. Updated dependencies to support new credential providers The changes improve the flexibility and reliability of AWS credential management in the server.
1 parent 7d6cdb6 commit bf4b33a

File tree

3 files changed

+36
-9
lines changed

3 files changed

+36
-9
lines changed

src/aws-kb-retrieval-server/README.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -55,8 +55,9 @@ Add this to your `claude_desktop_config.json`:
5555
"@modelcontextprotocol/server-aws-kb-retrieval"
5656
],
5757
"env": {
58-
"AWS_ACCESS_KEY_ID": "YOUR_ACCESS_KEY_HERE",
59-
"AWS_SECRET_ACCESS_KEY": "YOUR_SECRET_ACCESS_KEY_HERE",
58+
"AWS_ACCESS_KEY_ID": "YOUR_ACCESS_KEY_HERE", // optional, if using AWS_PROFILE or run it on EC2 with IAM role
59+
"AWS_SECRET_ACCESS_KEY": "YOUR_SECRET_ACCESS_KEY_HERE", // optional, if using AWS_PROFILE or run it on EC2 with IAM role
60+
"AWS_PROFILE": "YOUR_AWS_PROFILE_HERE", // optional, if running it on EC2 with IAM role
6061
"AWS_REGION": "YOUR_AWS_REGION_HERE"
6162
}
6263
}

src/aws-kb-retrieval-server/index.ts

Lines changed: 29 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,14 +11,39 @@ import {
1111
RetrieveCommand,
1212
RetrieveCommandInput,
1313
} from "@aws-sdk/client-bedrock-agent-runtime";
14+
import { NodeHttpHandler } from "@smithy/node-http-handler";
15+
import { fromNodeProviderChain, fromIni } from "@aws-sdk/credential-providers";
1416

17+
const AWS_REGION = process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION || 'us-east-1';
18+
const AWS_PROFILE = process.env.AWS_PROFILE || 'default';
1519
// AWS client initialization
1620
const bedrockClient = new BedrockAgentRuntimeClient({
17-
region: process.env.AWS_REGION,
18-
credentials: {
19-
accessKeyId: process.env.AWS_ACCESS_KEY_ID!,
20-
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY!,
21+
region: AWS_REGION,
22+
maxAttempts: 3,
23+
// Try explicit profile credentials first, then fall back to provider chain
24+
credentials: async () => {
25+
try {
26+
// First try loading from profile
27+
const profileCreds = await fromIni({ profile: AWS_PROFILE })();
28+
console.error('Successfully loaded credentials from profile');
29+
return profileCreds;
30+
} catch (error) {
31+
console.error('Failed to load profile credentials, falling back to provider chain:', error);
32+
try {
33+
// Fall back to provider chain
34+
const chainCreds = await fromNodeProviderChain()();
35+
console.error('Successfully loaded credentials from provider chain');
36+
return chainCreds;
37+
} catch (error) {
38+
console.error('Failed to load credentials from provider chain:', error);
39+
throw error;
40+
}
41+
}
2142
},
43+
requestHandler: new NodeHttpHandler({
44+
connectionTimeout: 10000, // 10 seconds connection timeout
45+
requestTimeout: 300000, // 5 minutes request timeout
46+
})
2247
});
2348

2449
interface RAGSource {

src/aws-kb-retrieval-server/package.json

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,12 +19,13 @@
1919
"watch": "tsc --watch"
2020
},
2121
"dependencies": {
22-
"@modelcontextprotocol/sdk": "0.5.0",
23-
"@aws-sdk/client-bedrock-agent-runtime": "^3.0.0"
22+
"@aws-sdk/client-bedrock-agent-runtime": "^3.0.0",
23+
"@aws-sdk/credential-providers": "^3.750.0",
24+
"@modelcontextprotocol/sdk": "0.5.0"
2425
},
2526
"devDependencies": {
2627
"@types/node": "^22",
2728
"shx": "^0.3.4",
2829
"typescript": "^5.6.2"
2930
}
30-
}
31+
}

0 commit comments

Comments
 (0)