Secure MCP-Style Code Execution on AWS (Doc Set)
November 18, 2025 · View on GitHub
This repo contains a three-part doc set for securing Anthropic-style “code execution with MCP” patterns using Amazon Bedrock AgentCore and AWS primitives.
Think of it as:
- Design – what and why.
- Lab – how to do it with code.
- Runbook – how to do it in the console.
Documents
-
secure_mcp_agentcore.md
Architectural whitepaper and threat model:- Explains the risks of LLM-driven code execution with MCP-style tools.
- Proposes a reference architecture on AWS/AgentCore (Runtime, Gateway, Identity, Code Interpreter).
- Details isolation choices (containers vs microVM/VM + VPC/IAM).
- Provides a step-by-step implementation guide (Section 5).
-
secure_mcp_agentcore_lab.ipynb
Executable Jupyter notebook:- Mirrors Section 5 of the whitepaper.
- Uses Python (
boto3) to create VPCs, IAM roles, Lambda-based Code Interpreter, etc. - Intended as a lab or internal workshop to stand up the pattern in a non-production account.
-
secure_mcp_agentcore_console_runbook.md
Console-based operator guide:- Click-by-click instructions for using the AWS Console.
- “Click X, paste Y” steps for VPC, IAM, Lambda, API Gateway.
- Designed for platform/ops teams who prefer the console over CLI/SDKs.
Recommended Reading Order
- Start with
secure_mcp_agentcore.mdto understand the threat model and architecture. - Experiment with
secure_mcp_agentcore_lab.ipynbin a non-production AWS account. - Operationalize with
secure_mcp_agentcore_console_runbook.mdwhen rolling out via the console.
Scope and Non-Goals
- Focuses on secure code execution and isolation for MCP-style agents on AWS.
- Assumes you already have (or will adopt) an MCP/AgentCore-like pattern for tool access.
- Does not cover:
- Every possible AWS service or network topology.
- Detailed AgentCore product configuration beyond what’s needed to reason about security.
Use these docs as a starting point and adapt them to your org’s standards, controls, and tooling.