This is a Model Context Protocol (MCP) server that integrates with AWS CodePipeline, allowing you to manage your pipelines through Windsurf and Cascade. The server provides a standardized interface for interacting with AWS CodePipeline services.
Documentation
AWS CodePipeline MCP Server
This is a Model Context Protocol (MCP) server that integrates with AWS CodePipeline, allowing you to manage your pipelines through Windsurf and Cascade. The server provides a standardized interface for interacting with AWS CodePipeline services.
Author: Cuong T Nguyen
Features
- List all pipelines
- Get pipeline state and detailed pipeline definitions
- List pipeline executions
- Approve or reject manual approval actions
- Retry failed stages
- Trigger pipeline executions
- View pipeline execution logs
- Stop pipeline executions
- Tag pipeline resources
- Create webhooks for automatic pipeline triggering
- Get pipeline performance metrics
Prerequisites
- Node.js (v14 or later)
- AWS account with CodePipeline access
- AWS credentials with permissions for CodePipeline and CloudWatch (read metrics)
- Windsurf IDE with Cascade AI assistant
Installation
1. Clone this repository:
git clone https://github.com/cuongdev/mcp-codepipeline-server.git
cd mcp-codepipeline-server2. Install dependencies:
npm install3. Create a .env file based on the .env.example template:
cp .env.example .env4. Update the .env file with your AWS configuration (see .env.example):
AWS_REGION=us-east-1
AWS_PROFILE=your-aws-profileNote: For security, never commit your
.envfile to version control.
AWS authentication
You do not need long-lived access keys in .env. Pick one approach:
| Approach | Configuration |
|---|---|
| AWS profile (recommended for local dev) | AWS_PROFILE=my-profile — uses ~/.aws/credentials / ~/.aws/config |
| AWS SSO | aws configure sso then aws sso login --profile my-sso and set AWS_PROFILE=my-sso |
| Static keys | Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (and AWS_SESSION_TOKEN for temporary creds) |
| IAM role | Run on EC2/ECS/Lambda/EKS with an attached role; set only AWS_REGION |
If access keys are omitted, the AWS SDK uses its default credential provider chain.
Creating an AWS profile
A profile is a named entry in ~/.aws/credentials and ~/.aws/config. Set AWS_PROFILE to that name in .env or MCP config.
Option A: Access keys (IAM user)
Requires AWS CLI.
aws configure --profile codepipeline-devYou will be prompted for:
| Prompt | Example |
|---|---|
| AWS Access Key ID | AKIA... |
| AWS Secret Access Key | (secret) |
| Default region name | us-east-1 |
| Default output format | json |
Then in .env:
AWS_REGION=us-east-1
AWS_PROFILE=codepipeline-devOption B: AWS SSO (IAM Identity Center)
aws configure sso --profile codepipeline-ssoFollow the prompts (SSO start URL, SSO region, account, role). Then log in before starting the MCP server:
aws sso login --profile codepipeline-ssoIn .env:
AWS_REGION=us-east-1
AWS_PROFILE=codepipeline-ssoSSO sessions expire; run aws sso login again when you see credential errors.
Verify the profile
aws sts get-caller-identity --profile codepipeline-dev
aws codepipeline list-pipelines --region us-east-1 --profile codepipeline-devIf both commands succeed, the MCP server can use the same AWS_PROFILE and AWS_REGION.
Files created (reference)
~/.aws/credentials:
[codepipeline-dev]
aws_access_key_id = AKIA...
aws_secret_access_key = ...~/.aws/config:
[profile codepipeline-dev]
region = us-east-1
output = jsonUsage
Build the project
npm run buildStart the server
npm startFor development with auto-restart:
npm run devIntegration with Windsurf
This MCP server is designed to work with Windsurf, allowing Cascade to interact with AWS CodePipeline through natural language requests.
Setup Steps
1. Make sure the server is running:
npm start2. Add the server configuration to your Windsurf MCP config file at ~/.codeium/windsurf/mcp_config.json:
{
"mcpServers": {
"codepipeline": {
"command": "npx",
"args": [
"-y",
"path/to/mcp-codepipeline-server/dist/index.js"
],
"env": {
"AWS_REGION": "us-east-1",
"AWS_PROFILE": "your-aws-profile"
}
}
}
}3. Create the directory if it doesn't exist:
mkdir -p ~/.codeium/windsurf
touch ~/.codeium/windsurf/mcp_config.json4. Restart Windsurf to load the new MCP server configuration
Using with Cascade
Once configured, you can interact with AWS CodePipeline using natural language in Windsurf. For example:
- "List all my CodePipeline pipelines"
- "Show me the current state of my 'production-deploy' pipeline"
- "Trigger the 'test-build' pipeline"
- "Get metrics for my 'data-processing' pipeline"
- "Create a webhook for my 'frontend-deploy' pipeline"
Cascade will translate these requests into the appropriate MCP tool calls.
MCP Tools
Core Pipeline Management
| Tool Name | Description | Parameters |
|---|---|---|
list_pipelines | List all CodePipeline pipelines | None |
get_pipeline_state | Get the state of a specific pipeline | pipelineName: Name of the pipeline |
list_pipeline_executions | List executions for a specific pipeline | pipelineName: Name of the pipeline |
trigger_pipeline | Trigger a pipeline execution | pipelineName: Name of the pipeline |
stop_pipeline_execution | Stop a pipeline execution | pipelineName: Name of the pipelineexecutionId: Execution IDreason: Optional reason for stopping |
Pipeline Details and Metrics
| Tool Name | Description | Parameters |
|---|---|---|
get_pipeline_details | Get the full definition of a pipeline | pipelineName: Name of the pipeline |
get_pipeline_execution_logs | Get logs for a pipeline execution | pipelineName: Name of the pipelineexecutionId: Execution ID |
get_pipeline_metrics | Get performance metrics for a pipeline | pipelineName: Name of the pipelineperiod: Optional metric period in secondsstartTime: Optional start time for metricsendTime: Optional end time for metrics |
Pipeline Actions and Integrations
| Tool Name | Description | Parameters |
|---|---|---|
approve_action | Approve or reject a manual approval action | pipelineName: Name of the pipelinestageName: Name of the stageactionName: Name of the actiontoken: Approval tokenapproved: Boolean indicating approval or rejectioncomments: Optional comments |
retry_stage | Retry a failed stage | pipelineName: Name of the pipelinestageName: Name of the stagepipelineExecutionId: Execution ID |
tag_pipeline_resource | Add or update tags for a pipeline resource | pipelineName: Name of the pipelinetags: Array of key-value pairs for tagging |
create_pipeline_webhook | Create a webhook for a pipeline | pipelineName: Name of the pipelinewebhookName: Name for the webhooktargetAction: Target action for the webhookauthentication: Authentication typeauthenticationConfiguration: Optional auth configfilters: Optional event filters |
Troubleshooting
Common Issues
1. Connection refused error:
- Ensure the server is running on the specified port
- Check if the port is blocked by a firewall
2. AWS credential errors:
- For profiles/SSO: run
aws sso login --profile YOUR_PROFILEif needed, then setAWS_PROFILE - For static keys: verify
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEYin.envor MCPenv - Ensure the principal has CodePipeline (and CloudWatch for metrics) permissions
- Check server startup logs for
AWS credentials: default provider chainvsstatic keys
3. Windsurf not detecting the MCP server:
- Check the
mcp_config.jsonfile format - Ensure the server URL is correct
- Restart Windsurf after making changes
Logs
The server logs information to the console. Check these logs for troubleshooting:
# Run with more verbose logging
DEBUG=* npm startExamples
Creating a Webhook for GitHub Integration
{
"pipelineName": "my-pipeline",
"webhookName": "github-webhook",
"targetAction": "Source",
"authentication": "GITHUB_HMAC",
"authenticationConfiguration": {
"SecretToken": "my-secret-token"
},
"filters": [
{
"jsonPath": "$.ref",
"matchEquals": "refs/heads/main"
}
]
}Getting Pipeline Metrics
{
"pipelineName": "my-pipeline",
"period": 86400,
"startTime": "2025-03-10T00:00:00Z",
"endTime": "2025-03-17T23:59:59Z"
}License
ISC
Similar MCP
Based on tags & features
Trending MCP
Most active this week