AWS CodePipeline MCP Server

This is a Model Context Protocol (MCP) server that integrates with AWS CodePipeline, allowing you to manage your pipelines through Windsurf and Cascade. The server provides a standardized interface for interacting with AWS CodePipeline services.

Author: Cuong T Nguyen

Features

• List all pipelines
• Get pipeline state and detailed pipeline definitions
• List pipeline executions
• Approve or reject manual approval actions
• Retry failed stages
• Trigger pipeline executions
• View pipeline execution logs
• Stop pipeline executions
• Tag pipeline resources
• Create webhooks for automatic pipeline triggering
• Get pipeline performance metrics

Prerequisites

• Node.js (v14 or later)
• AWS account with CodePipeline access
• AWS credentials with permissions for CodePipeline and CloudWatch (read metrics)
• Windsurf IDE with Cascade AI assistant

Installation

1. Clone this repository:

git clone https://github.com/cuongdev/mcp-codepipeline-server.git
cd mcp-codepipeline-server

2. Install dependencies:

npm install

3. Create a .env file based on the .env.example template:

cp .env.example .env

4. Update the .env file with your AWS configuration (see .env.example):

AWS_REGION=us-east-1
AWS_PROFILE=your-aws-profile

Note: For security, never commit your .env file to version control.

AWS authentication

You do not need long-lived access keys in .env. Pick one approach:

If access keys are omitted, the AWS SDK uses its default credential provider chain.

Creating an AWS profile

A profile is a named entry in ~/.aws/credentials and ~/.aws/config. Set AWS_PROFILE to that name in .env or MCP config.

Option A: Access keys (IAM user)

Requires AWS CLI.

aws configure --profile codepipeline-dev

You will be prompted for:

Then in .env:

AWS_REGION=us-east-1
AWS_PROFILE=codepipeline-dev

Option B: AWS SSO (IAM Identity Center)

aws configure sso --profile codepipeline-sso

Follow the prompts (SSO start URL, SSO region, account, role). Then log in before starting the MCP server:

aws sso login --profile codepipeline-sso

In .env:

AWS_REGION=us-east-1
AWS_PROFILE=codepipeline-sso

SSO sessions expire; run aws sso login again when you see credential errors.

Verify the profile

aws sts get-caller-identity --profile codepipeline-dev
aws codepipeline list-pipelines --region us-east-1 --profile codepipeline-dev

If both commands succeed, the MCP server can use the same AWS_PROFILE and AWS_REGION.

Files created (reference)

~/.aws/credentials:

[codepipeline-dev]
aws_access_key_id = AKIA...
aws_secret_access_key = ...

~/.aws/config:

[profile codepipeline-dev]
region = us-east-1
output = json

Usage

Build the project

npm run build

Start the server

npm start

For development with auto-restart:

npm run dev

Integration with Windsurf

This MCP server is designed to work with Windsurf, allowing Cascade to interact with AWS CodePipeline through natural language requests.

Setup Steps

1. Make sure the server is running:

npm start

2. Add the server configuration to your Windsurf MCP config file at ~/.codeium/windsurf/mcp_config.json:

{
   "mcpServers": {
    "codepipeline": {
      "command": "npx",
      "args": [
        "-y",
        "path/to/mcp-codepipeline-server/dist/index.js"
      ],
      "env": {
        "AWS_REGION": "us-east-1",
        "AWS_PROFILE": "your-aws-profile"
      }
    }
  }
}

3. Create the directory if it doesn't exist:

mkdir -p ~/.codeium/windsurf
touch ~/.codeium/windsurf/mcp_config.json

4. Restart Windsurf to load the new MCP server configuration

Using with Cascade

Once configured, you can interact with AWS CodePipeline using natural language in Windsurf. For example:

• "List all my CodePipeline pipelines"
• "Show me the current state of my 'production-deploy' pipeline"
• "Trigger the 'test-build' pipeline"
• "Get metrics for my 'data-processing' pipeline"
• "Create a webhook for my 'frontend-deploy' pipeline"

Cascade will translate these requests into the appropriate MCP tool calls.

MCP Tools

Core Pipeline Management

Pipeline Details and Metrics

Pipeline Actions and Integrations

Troubleshooting

Common Issues

1. Connection refused error:

   • Ensure the server is running on the specified port
   • Check if the port is blocked by a firewall

2. AWS credential errors:

   • For profiles/SSO: run aws sso login --profile YOUR_PROFILE if needed, then set AWS_PROFILE
   • For static keys: verify AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in .env or MCP env
   • Ensure the principal has CodePipeline (and CloudWatch for metrics) permissions
   • Check server startup logs for AWS credentials: default provider chain vs static keys

3. Windsurf not detecting the MCP server:

   • Check the mcp_config.json file format
   • Ensure the server URL is correct
   • Restart Windsurf after making changes

Logs

The server logs information to the console. Check these logs for troubleshooting:

# Run with more verbose logging
DEBUG=* npm start

Examples

Creating a Webhook for GitHub Integration

{
  "pipelineName": "my-pipeline",
  "webhookName": "github-webhook",
  "targetAction": "Source",
  "authentication": "GITHUB_HMAC",
  "authenticationConfiguration": {
    "SecretToken": "my-secret-token"
  },
  "filters": [
    {
      "jsonPath": "$.ref",
      "matchEquals": "refs/heads/main"
    }
  ]
}

Getting Pipeline Metrics

{
  "pipelineName": "my-pipeline",
  "period": 86400,
  "startTime": "2025-03-10T00:00:00Z",
  "endTime": "2025-03-17T23:59:59Z"
}

License

ISC