A Model Context Protocol (MCP) server that provides comprehensive access to AWS Trusted Advisor through both legacy Support API and modern TrustedAdvisor API endpoints.
This server implements the Model Context Protocol to provide standardized access to AWS Trusted Advisor functionality, including:
- Legacy Support API: Compatible with existing Trusted Advisor integrations
- Modern TrustedAdvisor API: Enhanced functionality with better performance and features
- Organization Support: Enterprise-level features for AWS Organizations
- Resource Management: Detailed resource analysis and lifecycle management
- List all available Trusted Advisor checks with filtering
- Get detailed information about specific checks
- Support for multiple languages (en, ja, fr, zh)
- List and filter recommendations by various criteria
- Get detailed recommendation information
- Resource-level analysis and management
- Lifecycle management (in progress, dismissed, resolved, etc.)
- Organization-wide recommendation aggregation
- Multi-account resource management
- Organization-level lifecycle management
- Account-specific resource filtering
- Batch exclusion/inclusion of resources
- Resource status tracking
- Metadata and detailed resource information
- Cross-account resource visibility
Lists all available Trusted Advisor checks using the legacy Support API.
- URI:
trusted-advisor://checks - Parameters:
language,awsAccountId,region - Filters: Language-based filtering
- Requirements: Business, Enterprise On-Ramp, or Enterprise Support plan
Gets a specific recommendation using the legacy Support API.
- URI:
trusted-advisor://recommendations/{checkId} - Parameters:
checkId,language,awsAccountId - Requirements: Business, Enterprise On-Ramp, or Enterprise Support plan
List a filterable set of Trusted Advisor Checks.
- URI:
trusted-advisor://checks/list - Parameters:
awsService,pillar,source,maxResults,nextToken,language,awsAccountId,region - Filters: AWS service, pillar, source
- Pagination: Supported with
nextToken
Get a specific Trusted Advisor Recommendation.
- URI:
trusted-advisor://recommendations/{recommendationIdentifier} - Parameters:
recommendationIdentifier,language,awsAccountId,region - Response: Detailed recommendation with lifecycle information
List a filterable set of Trusted Advisor Recommendations.
- URI:
trusted-advisor://recommendations - Parameters:
awsService,pillar,source,status,maxResults,nextToken,language,awsAccountId,region - Filters: AWS service, pillar, source, status
- Pagination: Supported with
nextToken
List Resources of a Trusted Advisor Recommendation.
- URI:
trusted-advisor://recommendations/{recommendationIdentifier}/resources - Parameters:
recommendationIdentifier,status,exclusionStatus,maxResults,nextToken,language,awsAccountId,region - Filters: Resource status, exclusion status
- Pagination: Supported with
nextToken
Update the lifecycle of a Trusted Advisor Recommendation.
- URI:
trusted-advisor://recommendations/{recommendationIdentifier}/lifecycle - Parameters:
recommendationIdentifier,lifecycleStage,updateReason,updateReasonCode,language,awsAccountId,region - Lifecycle Stages:
pending_response,in_progress,dismissed,resolved - Note: Only supports prioritized recommendations
Update one or more exclusion status for a list of recommendation resources.
- URI:
trusted-advisor://recommendations/{recommendationIdentifier}/resource-exclusions - Parameters:
recommendationIdentifier,resourceExclusions(array),language,awsAccountId,region - Batch Size: Up to 100 resources per request
- Response: Success/error status for each resource
List a filterable set of Recommendations within an Organization.
- URI:
trusted-advisor://organizations/{organizationId}/recommendations - Parameters:
organizationId,awsService,pillar,source,status,maxResults,nextToken,language,awsAccountId,region - Requirements: Enterprise Support plan
- Note: Only supports prioritized recommendations
Get a specific recommendation within an AWS Organizations organization.
- URI:
trusted-advisor://organizations/{organizationId}/recommendations/{recommendationIdentifier} - Parameters:
organizationId,recommendationIdentifier,language,awsAccountId,region - Requirements: Enterprise Support plan
- Note: Only supports prioritized recommendations
Lists the accounts that own the resources for an organization aggregate recommendation.
- URI:
trusted-advisor://organizations/{organizationId}/recommendations/{recommendationIdentifier}/accounts - Parameters:
organizationId,recommendationIdentifier,maxResults,nextToken,language,awsAccountId,region - Requirements: Enterprise Support plan
- Note: Only supports prioritized recommendations
List Resources of a Recommendation within an Organization.
- URI:
trusted-advisor://organizations/{organizationId}/recommendations/{recommendationIdentifier}/resources - Parameters:
organizationId,recommendationIdentifier,status,exclusionStatus,affectedAccountId,maxResults,nextToken,language,awsAccountId,region - Requirements: Enterprise Support plan
- Note: Only supports prioritized recommendations
Update the lifecycle of a Recommendation within an Organization.
- URI:
trusted-advisor://organizations/{organizationId}/recommendations/{recommendationIdentifier}/lifecycle - Parameters:
organizationId,recommendationIdentifier,lifecycleStage,updateReason,updateReasonCode,language,awsAccountId,region - Requirements: Enterprise Support plan
- Note: Only supports prioritized recommendations
All AWS configuration can be managed through environment variables:
# AWS Credentials
AWS_ACCESS_KEY_ID=your_access_key
AWS_SECRET_ACCESS_KEY=your_secret_key
AWS_SESSION_TOKEN=your_session_token # if using temporary credentials
# AWS Configuration
AWS_REGION=us-east-1 # Default region
AWS_PROFILE=your_profile # AWS profile to use
# Trusted Advisor specific
AWS_SUPPORT_REGION=us-east-1 # Support API only available in us-east-1The server requires the following AWS permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"support:DescribeTrustedAdvisorChecks",
"support:DescribeTrustedAdvisorCheckResult",
"trustedadvisor:ListChecks",
"trustedadvisor:GetRecommendation",
"trustedadvisor:ListRecommendations",
"trustedadvisor:ListRecommendationResources",
"trustedadvisor:UpdateRecommendationLifecycle",
"trustedadvisor:BatchUpdateRecommendationResourceExclusion",
"trustedadvisor:ListOrganizationRecommendations",
"trustedadvisor:GetOrganizationRecommendation",
"trustedadvisor:ListOrganizationRecommendationAccounts",
"trustedadvisor:ListOrganizationRecommendationResources",
"trustedadvisor:UpdateOrganizationRecommendationLifecycle"
],
"Resource": "*"
}
]
}Different features require different AWS Support plans:
- Basic Support: No Trusted Advisor access
- Developer Support: Limited Trusted Advisor access
- Business Support: Full individual account Trusted Advisor access
- Enterprise On-Ramp: Full individual account Trusted Advisor access
- Enterprise Support: Full individual account + Organization-wide Trusted Advisor access
The server implements comprehensive error handling:
- AWS API Errors: Properly formatted error responses with AWS error codes
- Validation Errors: Input validation with detailed error messages
- Network Errors: Graceful handling of connection issues
- Permission Errors: Clear indication of missing permissions
# Install dependencies
pnpm install
# Build the project
pnpm run build
# Run the server
pnpm startThis server is designed to be used with MCP-compatible clients. The server communicates via stdio and provides structured JSON responses for all operations.
Add this server to your Claude Desktop configuration file:
Location: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%/Claude/claude_desktop_config.json (Windows)
{
"mcpServers": {
"trusted-advisor": {
"command": "node",
"args": ["/path/to/mcp-trustedadvisor-server/build/main.js"],
"env": {
"AWS_REGION": "us-east-1",
"AWS_ACCESS_KEY_ID": "your_access_key",
"AWS_SECRET_ACCESS_KEY": "your_secret_key"
}
}
}
}Configure the MCP server in your Amazon Q Developer settings:
{
"mcp": {
"servers": {
"trusted-advisor": {
"command": "node",
"args": ["/path/to/mcp-trustedadvisor-server/build/main.js"],
"environment": {
"AWS_REGION": "us-east-1",
"AWS_PROFILE": "your-aws-profile"
}
}
}
}
}For any MCP-compatible client, use these parameters:
# Command to run the server
node /path/to/mcp-trustedadvisor-server/build/main.js
# Required environment variables
AWS_REGION=us-east-1
AWS_ACCESS_KEY_ID=your_access_key
AWS_SECRET_ACCESS_KEY=your_secret_key
# Optional environment variables
AWS_PROFILE=your-profile
AWS_SESSION_TOKEN=your_session_tokenOnce configured, you can ask your AI client to:
- List available checks: "Show me all available Trusted Advisor checks"
- Get recommendations: "What are the current Trusted Advisor recommendations for my account?"
- Check specific services: "Show me cost optimization recommendations"
- Manage resources: "Update the lifecycle status of recommendation xyz to resolved"
- Organization insights: "List all recommendations across my organization"
The AI client will automatically use the appropriate MCP resources based on your requests and provide structured responses with the Trusted Advisor data.
The server follows Clean Code principles with:
- Modular Design: Each functionality is in its own module
- Reusable Components: Shared schemas, utilities, and error handling
- Type Safety: Full TypeScript implementation with strict typing
- Error Resilience: Comprehensive error handling and validation
- Extensibility: Easy to add new Trusted Advisor features
- Fork the repository
- Create a feature branch
- Implement your changes following the existing patterns
- Add tests for new functionality
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.