AWS Cognito Identity Provisioning Service (MCP Node)

This repository contains a specific Model Context Protocol (MCP) server component engineered to interface directly with Amazon's Cognito service for handling all aspects of user identity operations.

Foundational Requirements

Before deployment, ensure you have the following prerequisites satisfied:

• An active AWS tenant configured with a Cognito User Pool.
• A runtime environment supporting Node.js version 18 or newer.

Deployment Procedure

To integrate this service into your toolchain:

bash

Obtain the source code locally

git clone https://github.com/yourusername/mcp-server-aws-cognito.git

Navigate and initialize dependencies

cd mcp-server-aws-cognito npm install

Compile the implementation artifacts

npm run build

Cognito Credential Configuration

Configuration relies on specifying the target User Pool and the associated Application Client identifiers. These must be supplied as environment variables or injected via a .env file (required for Claude Code executions, optional for Claude Desktop):

AWS_COGNITO_USER_POOL_ID=your-pool-identifier-xyz AWS_COGNITO_USER_POOL_CLIENT_ID=your-app-client-id-abc

Exposed Functionalities (Tools)

This server exposes the following atomic operations to the MCP consumer:

Tool Identifier	Purpose	Required Arguments
register_new_identity	Onboard a novel user account	email, password
validate_registration_token	Finalize account setup via email code	username, confirmationCode
authenticate_user	Establish a secure user session	username, password
terminate_session	Invalidate the current user token/session	None
fetch_active_identity_details	Retrieve metadata for the logged-in principal	None
initiate_credential_recovery	Trigger a code delivery for password reset	username
finalize_credential_update	Apply a new password after verification	username, code, newPassword
modify_current_password	Change credentials while authenticated	oldPassword, newPassword
renew_authentication_token	Obtain fresh access/refresh tokens	None
update_user_profile_fields	Modify user-specific attributes (e.g., name)	attributes: Array of {name: string, value: string}
deactivate_principal	Permanently erase the current user record	None
resend_verification_payload	Request another account confirmation message	username
verify_hardware_token	Validate a Time-based One-Time Password (MFA)	username, totpCode

Reference the MCP Inspector URL provided upon launch for interactive diagnostics within your web browser.

Integration Guide: Claude Desktop Environment

Ensure Node.js is globally accessible for utilizing npx. Configuration is managed via the desktop application settings:

1. Navigate to: Settings -> Developer -> Configuration Editor.

2. Insert the following block into your claude_desktop_config.json file:

{ "mcpServers": { "cognito-identity-provider": { "command": "/path/to/mcp-server-aws-cognito/build/index.js", "env": { "AWS_COGNITO_USER_POOL_ID": "your-pool-identifier-xyz", "AWS_COGNITO_USER_POOL_CLIENT_ID": "your-app-client-id-abc" } } } }

Integration Guide: Claude Command-Line Interface (CLI)

To register this server for use with the Claude CLI utility:

1. Refer to the official Claude Code Documentation for prerequisite installation.

2. Register the service endpoint: bash claude mcp register "aws-cognito-handler" npx tsx index.ts

3. Confirm successful registration: bash claude mcp list

4. Initiate Claude utilizing the connected identity services: bash claude --with-mcp aws-cognito-handler

Maintenance and Development

For continuous integration during local development: bash

Trigger rebuilds on source file modifications

npm run watch

Debugging Utility

Because MCP communication relies on standard input/output streams, debugging can be opaque. Utilize the dedicated Inspector utility for clear communication tracing:

bash npm run inspector

Your enterprise workflows can now leverage robust, cloud-native identity management via AWS Cognito through this standardized MCP access point!