feat(mcp): add stateless mcp on ecs sample

Author: krokoko

README.md

@@ -22,6 +22,7 @@ This repo provides samples to demonstrate how to build your own Generative AI so
 | [Code Expert](samples/code-expert/)                                                          | This project addresses the scalability limitations of manual code reviews by leveraging artificial intelligence to perform expert code reviews automatically. It leverages the [Bedrock Batch Step Functions CDK construct](https://github.com/awslabs/generative-ai-cdk-constructs/blob/main/src/patterns/gen-ai/aws-bedrock-batch-stepfn/README.md). | Backend            | Python for Backend and Demo, TypeScript for CDK     |
 |[Bedrock Agent UI Wrapper](samples/bedrock-agent-ui-wrapper/)| This sample provides a CDK construct that creates an API layer and frontend application for Amazon Bedrock Agents. It includes authentication with Amazon Cognito, agent trace streaming, and can be deployed locally or on ECS Fargate. | API layer + Frontend | Python|
 |[Stateless MCP Server on AWS Lambda](samples/mcp-stateless-lambda/)| Sample MCP Server running natively on AWS Lambda and API Gateway without any extra bridging components or custom transports and a test MCP client. | API layer | TypeScript |
+|[Stateless MCP Server on ECS](samples/mcp-stateless-ecs/)| Sample MCP Server running natively on ECS Fargate and ALB without any extra bridging components or custom transports and a test MCP client. | API layer | TypeScript |
 
 ## Contributing
 

samples/mcp-stateless-ecs/.gitignore

@@ -0,0 +1,7 @@
+!jest.config.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

samples/mcp-stateless-ecs/.npmignore

@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

samples/mcp-stateless-ecs/README.md

@@ -0,0 +1,164 @@
+# Stateless MCP Server on ECS Fargate
+
+This is a sample MCP Server running natively on on ECS Fargate and ALB without any extra bridging components or custom transports. This is now possible thanks to the [Streamable HTTP transport](https://modelcontextprotocol.io/specification/2025-03-26/basic/transports#streamable-http) introduced in v2025-03-26.
+
+The solution provides the CDK code to deploy the server on AWS, as well as a sample client to test the deployed server.
+
+The original Terraform version of this sample is available [here](https://github.com/aws-samples/sample-serverless-mcp-servers/tree/main/stateless-mcp-on-lambda-nodejs)
+
+## Overview
+
+MCP Server can run in two modes - stateless and stateful. This repo demonstrates the stateless mode.
+
+In stateless mode, clients do not establish persistent SSE connections to MCP Server. This means clients will not receive proactive notifications from the server. On the other hand, stateless mode allows you to scale your server horizontally.
+
+This sample implements simple authorization demo with API Gateway Custom Authorizer.
+
+![Architecture Diagram](./doc/architecture.png)
+
+## Folder Structure
+
+This sample application codebase is organized into folders : the backend code lives in ```bin/mcp-stateless-lambda.ts``` and uses the AWS CDK resources defined in the ```lib``` folder.
+
+The key folders are:
+
+```
+samples/mcp-stateless-lambda
+│
+├── bin
+│   └── mcp-stateless-lambda.ts               # Backend - CDK app
+├── lib                                       # CDK Stacks
+│   ├── mcp-stateless-lambda-stack.ts         # Stack deploying the resources
+├── mcp_client                                # test mcp client to connect to the remote server
+├── lambdas                                   # lambda functions
+```
+
+## Getting started
+
+### Prerequisites
+
+- An AWS account. We recommend you deploy this solution in a new account.
+- [AWS CLI](https://aws.amazon.com/cli/): configure your credentials
+
+```
+aws configure --profile [your-profile] 
+AWS Access Key ID [None]: xxxxxx
+AWS Secret Access Key [None]:yyyyyyyyyy
+Default region name [None]: us-east-1 
+Default output format [None]: json
+```
+
+- Node.js: v18.12.1
+- [AWS CDK](https://github.com/aws/aws-cdk/releases/tag/v2.114.0): 2.114.0
+- jq: jq-1.6
+
+### Deploy the solution
+
+This project is built using the [AWS Cloud Development Kit (CDK)](https://aws.amazon.com/cdk/). See [Getting Started With the AWS CDK](https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html) for additional details and prerequisites.
+
+1. Clone this repository.
+
+    ```shell
+    git clone https://github.com/aws-samples/generative-ai-cdk-constructs-samples.git
+    ```
+
+2. Enter the code sample backend directory.
+
+    ```shell
+    cd samples/mcp-stateless-lambda
+    ```
+
+3. Install packages
+
+   ```shell
+   npm install
+   ```
+
+4. Install the dependencies
+
+    ```shell
+   (cd src/mcpclient && npm install)
+   (cd src/mcpserver && npm install)
+   ```
+
+5. Boostrap AWS CDK resources on the AWS account.
+
+    ```shell
+    cdk bootstrap aws://ACCOUNT_ID/REGION
+    ```
+
+6. Deploy the sample in your account.
+
+    ```shell
+    $ cdk deploy
+    ```
+
+The command above will deploy one stack in your account. With the default configuration of this sample.
+
+To protect you against unintended changes that affect your security posture, the AWS CDK Toolkit prompts you to approve security-related changes before deploying them. You will need to answer yes to get all the stack deployed.
+
+7. Retrieve the value of the CfnOutput related to your remote MCP server endpoint from the stack
+
+    ```shell
+    $ aws cloudformation describe-stacks --stack-name McpStatelessLambdaStack --query "Stacks[0].Outputs[?contains(OutputKey, 'McpServerEndpoint')].OutputValue"
+
+    [
+        "OutputValue": "https://<endpoint>/dev/mcp"
+    ]
+    ```
+
+8. Export an env variable named `MCP_SERVER_ENDPOINT` with the previous output value
+
+    ```shell
+    export MCP_SERVER_ENDPOINT='value'
+    ```
+
+### Test your remote MCP Server with MCP client
+
+Use the provided mcp client to test your remote mcp server
+
+```shell
+node mcp_client/index.js
+```
+
+Observe the response:
+
+```
+Connecting ENDPOINT_URL=XXXXXXXX.amazonaws.com/dev/mcp
+connected
+listTools response:  { tools: [ { name: 'ping', inputSchema: [Object] } ] }
+callTool:ping response:  {
+  content: [
+    {
+      type: 'text',
+      text: 'pong! logStream=2025/05/06/[$LATEST]7037eebd7f314fa18d6320801a54a50f v=0.0.12 d=49'
+    }
+  ]
+}
+callTool:ping response:  {
+  content: [
+    {
+      type: 'text',
+      text: 'pong! logStream=2025/05/06/[$LATEST]7037eebd7f314fa18d6320801a54a50f v=0.0.12 d=101'
+    }
+  ]
+}
+```
+
+## Clean up
+
+Do not forget to delete the stack to avoid unexpected charges.
+
+```shell
+    $ cdk destroy
+```
+
+Delete associated logs created by the different services in Amazon CloudWatch logs.
+
+## Content Security Legal Disclaimer
+
+The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
+
+## Operational Metrics Collection
+
+This solution collects anonymous operational metrics to help AWS improve the quality and features of the solution. Data collection is subject to the AWS Privacy Policy (https://aws.amazon.com/privacy/). To opt out of this feature, simply remove the tag(s) starting with “uksb-” or “SO” from the description(s) in any CloudFormation templates or CDK TemplateOptions.

samples/mcp-stateless-ecs/bin/mcp-stateless-ecs.ts

@@ -0,0 +1,21 @@
+#!/usr/bin/env node
+import * as cdk from 'aws-cdk-lib';
+import { McpStatelessEcsStack } from '../lib/mcp-stateless-ecs-stack';
+
+const app = new cdk.App();
+new McpStatelessEcsStack(app, 'McpStatelessEcsStack', {
+  /* If you don't specify 'env', this stack will be environment-agnostic.
+   * Account/Region-dependent features and context lookups will not work,
+   * but a single synthesized template can be deployed anywhere. */
+
+  /* Uncomment the next line to specialize this stack for the AWS Account
+   * and Region that are implied by the current CLI configuration. */
+  // env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
+
+  /* Uncomment the next line if you know exactly what Account and Region you
+   * want to deploy the stack to. */
+  // env: { account: '123456789012', region: 'us-east-1' },
+
+  /* For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html */
+  description: 'Description: (uksb-1tupboc43) (tag:mcp-stateless-ecs-sample)'
+});

samples/mcp-stateless-ecs/cdk.json

@@ -0,0 +1,89 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/mcp-stateless-ecs.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+    "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+    "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
+    "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
+    "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
+    "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
+    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
+    "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true,
+    "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
+    "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
+    "@aws-cdk/aws-eks:nodegroupNameAttribute": true,
+    "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
+    "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
+    "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
+    "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false,
+    "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": false,
+    "@aws-cdk/aws-ecs:disableEcsImdsBlocking": true,
+    "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true,
+    "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": true,
+    "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true,
+    "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true,
+    "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true,
+    "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true,
+    "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true,
+    "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true,
+    "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": true,
+    "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": true,
+    "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": true,
+    "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": true,
+    "@aws-cdk/core:enableAdditionalMetadataCollection": true,
+    "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": true,
+    "@aws-cdk/aws-s3:setUniqueReplicationRoleName": true
+  }
+}

samples/mcp-stateless-ecs/doc/architecture.png

@@ -0,0 +1,8 @@
+module.exports = {
+  testEnvironment: 'node',
+  roots: ['<rootDir>/test'],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.tsx?$': 'ts-jest'
+  }
+};

samples/mcp-stateless-ecs/jest.config.js

@@ -0,0 +1,16 @@
+import * as cdk from 'aws-cdk-lib';
+import { Construct } from 'constructs';
+// import * as sqs from 'aws-cdk-lib/aws-sqs';
+
+export class McpStatelessEcsStack extends cdk.Stack {
+  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
+    super(scope, id, props);
+
+    // The code that defines your stack goes here
+
+    // example resource
+    // const queue = new sqs.Queue(this, 'McpStatelessEcsQueue', {
+    //   visibilityTimeout: cdk.Duration.seconds(300)
+    // });
+  }
+}

samples/mcp-stateless-ecs/lib/mcp-stateless-ecs-stack.ts

@@ -0,0 +1,28 @@
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+
+const ENDPOINT_URL = process.env.MCP_SERVER_ENDPOINT || 'http://localhost:3000/mcp';
+
+console.log(`Connecting ENDPOINT_URL=${ENDPOINT_URL}`);
+
+const transport = new StreamableHTTPClientTransport(new URL(ENDPOINT_URL));
+
+const client = new Client({
+    name: "node-client",
+    version: "0.0.1"
+})
+
+await client.connect(transport);
+console.log('connected');
+
+const tools = await client.listTools();
+console.log(`listTools response: `, tools);
+
+for (let i = 0; i < 2; i++) {
+    let result = await client.callTool({
+        name: "ping"
+    });
+    console.log(`callTool:ping response: `, result);
+}
+
+await client.close();