Secure Fetch vs AWS MCP Servers

Implements a whitelist-based security model that validates HTTP/HTTPS fetch requests against a configurable allowlist before execution. The MCP server intercepts fetch calls and checks the target URL against permitted domains/patterns, blocking any requests to unlisted resources. This prevents LLM agents from accidentally or maliciously accessing local file:// URIs, internal IP ranges (127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), or metadata endpoints (169.254.169.254).

Unique: Implements MCP-native fetch security by intercepting tool calls at the protocol level rather than wrapping fetch libraries, enabling transparent enforcement across any LLM client using the MCP standard without code changes to the LLM application

vs alternatives: More effective than application-level fetch wrappers because it enforces policy at the MCP boundary, preventing bypass via direct library imports or alternative HTTP clients

Detects and blocks requests to local file:// URIs and private IP address ranges (RFC 1918: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, plus loopback 127.0.0.1 and link-local 169.254.0.0/16). The implementation parses the target URL, extracts the hostname, resolves it to IP addresses, and checks against a hardcoded list of private/reserved ranges. This prevents LLM agents from reading /etc/passwd, accessing localhost services, or querying cloud metadata endpoints.

Unique: Combines DNS resolution with hardcoded private IP range checks to catch both hostname-based and direct IP-based attempts to access local resources, preventing bypass via IP spoofing or direct 127.0.0.1 usage

vs alternatives: More comprehensive than simple regex URL blocking because it resolves hostnames to IPs, catching attacks that use localhost aliases or DNS rebinding techniques

Implements a Model Context Protocol (MCP) server that intercepts fetch tool calls before they reach the underlying HTTP client. The server acts as a middleware layer in the MCP message flow, validating each fetch request against security policies and either allowing it to proceed or returning a blocked response. This architecture allows the security layer to be transparent to the LLM client and enforces policy consistently across all LLM applications using the MCP standard.

Unique: Operates at the MCP protocol layer rather than wrapping HTTP libraries, enabling transparent security enforcement that works with any LLM client supporting MCP without requiring changes to the LLM application code

vs alternatives: More portable than library-level wrappers (e.g., wrapping node-fetch) because it enforces policy at the protocol boundary, making it language-agnostic and compatible with any MCP-compliant client

Provides a configuration mechanism to define allowed URLs using exact matches, wildcard patterns, or regex expressions. The implementation loads allowlist rules from a configuration file or environment variables, then evaluates incoming fetch requests against these rules using pattern matching. This allows operators to define fine-grained policies such as 'allow api.example.com but not api.example.com/admin' or 'allow any subdomain of trusted-domain.com'.

Unique: Supports multiple pattern matching syntaxes (exact, wildcard, regex) in a single allowlist, allowing operators to express policies at different levels of specificity without requiring separate configuration files

vs alternatives: More flexible than hardcoded domain lists because it supports wildcard and regex patterns, enabling operators to express complex policies like 'allow any subdomain of example.com except admin.example.com' without code changes

Allows approved fetch requests to proceed to the target server and returns the HTTP response (status code, headers, body) to the LLM agent. The implementation validates the request against security policies, then uses a standard HTTP client (node-fetch, requests, etc.) to execute the request and stream the response back through the MCP protocol. This ensures that only security-approved requests reach external services.

Unique: Combines security validation with transparent HTTP passthrough, allowing approved requests to execute without modification while blocking unauthorized requests at the MCP boundary

vs alternatives: More secure than direct fetch access because it validates every request before execution, whereas unrestricted fetch allows agents to access any URL

When a fetch request violates security policies (e.g., targets a blocked IP range or unlisted domain), the MCP server returns a detailed error message explaining why the request was blocked and what policies apply. The implementation catches policy violations, constructs a human-readable error response, and returns it through the MCP protocol. This helps developers understand why their LLM agents cannot access certain resources and guides them toward compliant API usage.

Unique: Provides policy-aware error messages that explain not just that a request was blocked, but why it was blocked based on specific security rules, helping developers understand and work within security constraints

vs alternatives: More helpful than generic 'access denied' errors because it explains the specific policy violation and guides developers toward compliant alternatives

awslabs/mcp | DeepWiki Loading... Index your code with Devin DeepWiki DeepWiki awslabs/mcp Index your code with Devin Edit Wiki Share Loading... Last indexed: 8 January 2026 ( 49d158 ) Overview What is Model Context Protocol? Available MCP Servers Server Workflow Classifications Architecture System Design Client-Server Interaction Package Structure & Dependencies Security & Permission Model Documentation System Core Infrastructure Core MCP Server AWS API MCP Server Lambda Handler & Remote Servers Infrastructure as Code Servers AWS IaC MCP Server Terraform MCP Server CDK MCP Server CloudFormation & Cloud Control Servers Container & Compute Servers ECS MCP Server EKS & Kubernetes Servers Lambda Tool MCP Server Serverless & Container Tools AI & Machine Learning Servers Bedrock KB Retrieval MCP Server Nova Canvas MCP Server SageMaker AI MCP Server AWS HealthOmics MCP Server Bedrock AgentCore & Other AI Servers Data & Analytics Servers DynamoDB MCP Server PostgreSQL MCP Server Other Database Servers S3 Tables & Storage Servers Analytics & Data Processing Servers Operations & Monitoring Servers Cost Analysis & Explorer Servers AWS Diagram MCP Server CloudWatch & Monitoring Servers IAM & Security Servers Support & CloudTrail Servers Messaging & Integration Servers SNS/SQS & Messaging Servers Step Functions & Workflow Servers Developer Tools & Documentation AWS Docume

What is Model Context Protocol? | awslabs/mcp | DeepWiki Loading... Index your code with Devin DeepWiki DeepWiki awslabs/mcp Index your code with Devin Edit Wiki Share Loading... Last indexed: 8 January 2026 ( 49d158 ) Overview What is Model Context Protocol? Available MCP Servers Server Workflow Classifications Architecture System Design Client-Server Interaction Package Structure & Dependencies Security & Permission Model Documentation System Core Infrastructure Core MCP Server AWS API MCP Server Lambda Handler & Remote Servers Infrastructure as Code Servers AWS IaC MCP Server Terraform MCP Server CDK MCP Server CloudFormation & Cloud Control Servers Container & Compute Servers ECS MCP Server EKS & Kubernetes Servers Lambda Tool MCP Server Serverless & Container Tools AI & Machine Learning Servers Bedrock KB Retrieval MCP Server Nova Canvas MCP Server SageMaker AI MCP Server AWS HealthOmics MCP Server Bedrock AgentCore & Other AI Servers Data & Analytics Servers DynamoDB MCP Server PostgreSQL MCP Server Other Database Servers S3 Tables & Storage Servers Analytics & Data Processing Servers Operations & Monitoring Servers Cost Analysis & Explorer Servers AWS Diagram MCP Server CloudWatch & Monitoring Servers IAM & Security Servers Support & CloudTrail Servers Messaging & Integration Servers SNS/SQS & Messaging Servers Step Functions & Workflow Servers Developer

Architecture | awslabs/mcp | DeepWiki Loading... Index your code with Devin DeepWiki DeepWiki awslabs/mcp Index your code with Devin Edit Wiki Share Loading... Last indexed: 8 January 2026 ( 49d158 ) Overview What is Model Context Protocol? Available MCP Servers Server Workflow Classifications Architecture System Design Client-Server Interaction Package Structure & Dependencies Security & Permission Model Documentation System Core Infrastructure Core MCP Server AWS API MCP Server Lambda Handler & Remote Servers Infrastructure as Code Servers AWS IaC MCP Server Terraform MCP Server CDK MCP Server CloudFormation & Cloud Control Servers Container & Compute Servers ECS MCP Server EKS & Kubernetes Servers Lambda Tool MCP Server Serverless & Container Tools AI & Machine Learning Servers Bedrock KB Retrieval MCP Server Nova Canvas MCP Server SageMaker AI MCP Server AWS HealthOmics MCP Server Bedrock AgentCore & Other AI Servers Data & Analytics Servers DynamoDB MCP Server PostgreSQL MCP Server Other Database Servers S3 Tables & Storage Servers Analytics & Data Processing Servers Operations & Monitoring Servers Cost Analysis & Explorer Servers AWS Diagram MCP Server CloudWatch & Monitoring Servers IAM & Security Servers Support & CloudTrail Servers Messaging & Integration Servers SNS/SQS & Messaging Servers Step Functions & Workflow Servers Developer Tools & Documentati

awslabs/mcp | DeepWiki Loading... Index your code with Devin DeepWiki DeepWiki awslabs/mcp Index your code with Devin Edit Wiki Share Loading... Last indexed: 8 January 2026 ( 49d158 ) Overview What is Model Context Protocol? Available MCP Servers Server Workflow Classifications Architecture System Design Client-Server Interaction Package Structure & Dependencies Security & Permission Model Documentation System Core Infrastructure Core MCP Server AWS API MCP Server Lambda Handler & Remote Servers Infrastructure as Code Servers AWS IaC MCP Server Terraform MCP Server CDK MCP Server CloudFormation & Cloud Control Servers Container & Compute Servers ECS MCP Server EKS & Kubernetes Servers Lambda Tool MCP Server Serverless & Container Tools AI & Machine Learning Servers Bedrock KB Retrieval MCP Server Nova Canvas MCP Server SageMaker AI MCP Server AWS HealthOmics MCP Server Bedrock AgentCore & Other AI Servers Data & Analytics Servers DynamoDB MCP Server PostgreSQL MCP Server Other Database Servers S3 Tables & Storage Servers Analytics & Data Processing Servers Operations & Monitoring Serv