Anthropic Bedrock Python | MCP | SSE | ECS (#4)

* add project

* move readme

* move readme

* add mermaid

* update readme

* remove old infra file

* add dependencies

* update ALB command

* update health check path

Author: jlonge4

modules/anthropic-bedrock-python-ecs-mcp/README.md

@@ -0,0 +1,161 @@
+# Model Context Protocol (MCP) Service with AWS CDK
+
+## Architecture Overview
+
+```mermaid
+flowchart LR
+    subgraph aws[AWS]
+        alb[Application Load Balancer]
+        
+        subgraph vpc[VPC]
+            server[MCP Server\nECS Service]
+            client[MCP Client / Bedrock Agent\nECS Service]
+        end
+        
+        subgraph services[AWS Services]
+            bedrock[Bedrock]
+        end
+    end
+    
+    internet((Internet))
+    
+    %% Connections
+    internet <--> alb
+    alb --> client
+    client <--> bedrock
+    client <--> server
+
+    %% Styling
+    style aws fill:#f5f5f5,stroke:#232F3E,stroke-width:2px
+    style vpc fill:#E8F4FA,stroke:#147EBA,stroke-width:2px
+    style services fill:#E8F4FA,stroke:#147EBA,stroke-width:2px
+
+    style alb fill:#FF9900,color:#fff,stroke:#FF9900
+    style server fill:#2196f3,color:#fff,stroke:#2196f3
+    style client fill:#2196f3,color:#fff,stroke:#2196f3
+    style bedrock fill:#FF9900,color:#fff,stroke:#FF9900
+    style internet fill:#fff,stroke:#666,stroke-width:2px
+
+    %% Link styling
+    linkStyle default stroke:#666,stroke-width:2px
+```
+
+## Prerequisites
+
+- AWS CLI configured
+- Docker installed
+- Node.js (for CDK)
+- Python 3.11+
+- UV package manager
+
+## Project Structure
+```
+.
+├── docker/               # Docker configurations
+├── infra/               # Infrastructure code
+│   └── mcp-sse-cdk/    # CDK application
+├── src/                 # Application code
+└── requirements.txt     # Project dependencies
+```
+
+## Setup Instructions
+
+1. **Install Dependencies**
+```bash
+# Create and activate virtual environment
+uv venv
+source .venv/bin/activate
+
+# Install project dependencies
+uv pip install -r requirements.txt
+```
+
+2. **Build Docker Images**
+```bash
+# Get AWS account ID
+export AWS_ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
+export AWS_REGION=us-east-1
+
+# Create ECR repository if it doesn't exist
+aws ecr create-repository --repository-name mcp-sse
+
+# Login to ECR
+aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com
+
+# Build images locally
+docker build -f docker/server/Dockerfile -t server-image .
+docker build -f docker/client/Dockerfile -t client-image .
+
+# Tag images for ECR
+docker tag server-image ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/mcp-sse:server-image
+docker tag client-image ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/mcp-sse:client-image
+
+# Push images to ECR
+docker push ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/mcp-sse:server-image
+docker push ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/mcp-sse:client-image
+```
+
+3. **Deploy Infrastructure**
+```bash
+# Navigate to CDK directory
+cd infra/mcp-sse-cdk
+
+# Install CDK dependencies
+uv pip install -r requirements.txt
+
+# Bootstrap CDK (first time only)
+cdk bootstrap
+
+# Synthesize CloudFormation template
+cdk synth
+
+# Deploy stack
+cdk deploy
+```
+
+4. **Verify Deployment**
+```bash
+# Get Load Balancer DNS
+export ALB_DNS=$(aws elbv2 describe-load-balancers --query 'LoadBalancers[*].DNSName' --output text)
+
+# Test health endpoint
+curl http://${ALB_DNS}/health
+
+# Test query endpoint
+curl -X POST http://${ALB_DNS}/query \
+    -H "Content-Type: application/json" \
+    -d '{"text": "Get me a greeting for Sarah"}'
+
+# output: {"response":"I'll help you get a greeting for Sarah using the greeting function.
+#[Calling tool greeting with args {'name': 'Sarah'}]
+#Hello Sarah! 👋 Hope you're having a wonderful day!"}%
+```
+
+## Cleanup
+
+To avoid incurring charges, clean up resources:
+```bash
+# Delete CDK stack
+cd infra/mcp-sse-cdk
+cdk destroy
+
+# Delete ECR images
+aws ecr delete-repository --repository-name mcp-sse --force
+```
+
+## Troubleshooting
+
+1. **Container Health Checks**
+   - Verify target group health in EC2 Console
+   - Ensure security group rules allow traffic
+
+2. **Service Connect Issues**
+   - Verify namespace creation in Cloud Map
+   - Check service discovery endpoints
+
+3. **Bedrock Access**
+   - Verify IAM role permissions
+   - Check regional endpoints
+   - Validate model ARNs
+
+For more detailed information, consult the AWS documentation or raise an issue in the repository.

modules/anthropic-bedrock-python-ecs-mcp/docker/client

@@ -0,0 +1,18 @@
+FROM ghcr.io/astral-sh/uv:bookworm
+
+# Set working directory
+WORKDIR /app
+
+# Install dependencies
+COPY ./src/client-requirements.txt .
+RUN uv venv
+RUN uv pip install -r client-requirements.txt
+
+# Copy client code
+COPY ./src/client.py .
+
+# Expose port 8080
+EXPOSE 8080
+
+# Command to run the client
+CMD ["uv", "run", "client.py"]

modules/anthropic-bedrock-python-ecs-mcp/docker/server

@@ -0,0 +1,17 @@
+FROM ghcr.io/astral-sh/uv:bookworm
+# Set working directory
+WORKDIR /app
+
+# Copy requirements and install dependencies
+COPY ./src/server-requirements.txt .
+RUN uv venv
+RUN uv pip install -r server-requirements.txt
+
+# Copy server code
+COPY ./src/server.py .
+
+# Expose port 8000
+EXPOSE 8000
+
+# Command to run the server
+CMD ["uv", "run", "server.py", "--transport", "sse", "--port", "8000"]

modules/anthropic-bedrock-python-ecs-mcp/infra/mcp-sse-cdk/.gitignore

@@ -0,0 +1,10 @@
+*.swp
+package-lock.json
+__pycache__
+.pytest_cache
+.venv
+*.egg-info
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

modules/anthropic-bedrock-python-ecs-mcp/infra/mcp-sse-cdk/README.md

@@ -0,0 +1,58 @@
+
+# Welcome to your CDK Python project!
+
+This is a blank project for CDK development with Python.
+
+The `cdk.json` file tells the CDK Toolkit how to execute your app.
+
+This project is set up like a standard Python project.  The initialization
+process also creates a virtualenv within this project, stored under the `.venv`
+directory.  To create the virtualenv it assumes that there is a `python3`
+(or `python` for Windows) executable in your path with access to the `venv`
+package. If for any reason the automatic creation of the virtualenv fails,
+you can create the virtualenv manually.
+
+To manually create a virtualenv on MacOS and Linux:
+
+```
+$ python3 -m venv .venv
+```
+
+After the init process completes and the virtualenv is created, you can use the following
+step to activate your virtualenv.
+
+```
+$ source .venv/bin/activate
+```
+
+If you are a Windows platform, you would activate the virtualenv like this:
+
+```
+% .venv\Scripts\activate.bat
+```
+
+Once the virtualenv is activated, you can install the required dependencies.
+
+```
+$ pip install -r requirements.txt
+```
+
+At this point you can now synthesize the CloudFormation template for this code.
+
+```
+$ cdk synth
+```
+
+To add additional dependencies, for example other CDK libraries, just add
+them to your `setup.py` file and rerun the `pip install -r requirements.txt`
+command.
+
+## Useful commands
+
+ * `cdk ls`          list all stacks in the app
+ * `cdk synth`       emits the synthesized CloudFormation template
+ * `cdk deploy`      deploy this stack to your default AWS account/region
+ * `cdk diff`        compare deployed stack with current state
+ * `cdk docs`        open CDK documentation
+
+Enjoy!

modules/anthropic-bedrock-python-ecs-mcp/infra/mcp-sse-cdk/app.py

@@ -0,0 +1,9 @@
+#!/usr/bin/env python3
+from mcp_sse_cdk.mcp_sse_cdk_stack import McpSseCdkStack
+from aws_cdk import App
+
+
+app = App()
+McpSseCdkStack(app, "McpSseCdkStack")
+app.synth()
+

modules/anthropic-bedrock-python-ecs-mcp/infra/mcp-sse-cdk/cdk.json

@@ -0,0 +1,89 @@
+{
+  "app": "python3 app.py",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "requirements*.txt",
+      "source.bat",
+      "**/__init__.py",
+      "**/__pycache__",
+      "tests"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+    "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+    "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
+    "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
+    "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
+    "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
+    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
+    "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true,
+    "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
+    "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
+    "@aws-cdk/aws-eks:nodegroupNameAttribute": true,
+    "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
+    "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
+    "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
+    "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false,
+    "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": false,
+    "@aws-cdk/aws-ecs:disableEcsImdsBlocking": true,
+    "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true,
+    "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": true,
+    "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true,
+    "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true,
+    "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true,
+    "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true,
+    "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true,
+    "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true,
+    "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": true,
+    "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": true,
+    "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": true,
+    "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": true,
+    "@aws-cdk/core:enableAdditionalMetadataCollection": true,
+    "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": false,
+    "@aws-cdk/aws-s3:setUniqueReplicationRoleName": true,
+    "@aws-cdk/aws-events:requireEventBusPolicySid": true,
+    "@aws-cdk/aws-dynamodb:retainTableReplica": true
+  }
+}