feat: postgres mcp kiro integration (#1910)

* initial change for postgres mcp kiro integration by supporting creating cluster and connect to any cluster

* add support for direction connection and connection map unit test

* cp_api_connection unit test

* add support for UFC. add support for connect to any database through prompt

* support get connection information and fix get_table_schema bug

* remove delete cluster options

* fix policy attachment

* fix Kiro integration issue

* allow connection to RPG and make connection method and database type explicitly in MCP tool

* support expiry for IAM auth tokens

* remove outdated function

* Fix and add unit tests

* check for pgwire_iam conn in map

* MCP steering file

* remove UFC in this release

* Fix pyright errors

* fix ruff

* sync uv.lock

* Add license header to missing file

* Add baseline secrets

* Add more UT

* Add more unit tests

* Add tests

* Fix pre-commit

* support user agent in boto3

* update README.md

* Kiro power

* Fix tests

* Accept pre-commit fixes

* fix secrets

* fix init.py

* fix

* fix

* fix

* Accept precommit

* fix precommit

---------

Co-authored-by: Sharu Goel <[email protected]>
Co-authored-by: Sharu Goel <[email protected]>

Author: kennthhz

.secrets.baseline

@@ -869,6 +869,80 @@
         "is_secret": false
       }
     ],
+    "src/postgres-mcp-server/kiro_power/steering/aurora-postgres.md": [
+      {
+        "type": "Secret Keyword",
+        "filename": "src/postgres-mcp-server/kiro_power/steering/aurora-postgres.md",
+        "hashed_secret": "91dfd9ddb4198affc5c194cd8ce6d338fde470e2",
+        "is_verified": false,
+        "line_number": 506,
+        "is_secret": false
+      }
+    ],
+    "src/postgres-mcp-server/tests/test_cp_api_simple_functions.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "src/postgres-mcp-server/tests/test_cp_api_simple_functions.py",
+        "hashed_secret": "102b223470fdcb13103b4144fdd24975d9ef2387",
+        "is_verified": false,
+        "line_number": 52,
+        "is_secret": false
+      }
+    ],
+    "src/postgres-mcp-server/tests/test_psycopg_connector.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "src/postgres-mcp-server/tests/test_psycopg_connector.py",
+        "hashed_secret": "72cb70dbbafe97e5ea13ad88acd65d08389439b0",
+        "is_verified": false,
+        "line_number": 422,
+        "is_secret": false
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "src/postgres-mcp-server/tests/test_psycopg_connector.py",
+        "hashed_secret": "9fb7fe1217aed442b04c0f5e43b5d5a7d3287097",
+        "is_verified": false,
+        "line_number": 500,
+        "is_secret": false
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "src/postgres-mcp-server/tests/test_psycopg_connector.py",
+        "hashed_secret": "f84864c6bffa2e0843a4ab2abdca91df7995c462",
+        "is_verified": false,
+        "line_number": 563,
+        "is_secret": false
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "src/postgres-mcp-server/tests/test_psycopg_connector.py",
+        "hashed_secret": "43b5a7ccc96b402d0fc814b5e03f8e23c2d9d1d8",
+        "is_verified": false,
+        "line_number": 891,
+        "is_secret": false
+      }
+    ],
+    "src/postgres-mcp-server/tests/test_rds_api_connection.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "src/postgres-mcp-server/tests/test_rds_api_connection.py",
+        "hashed_secret": "102b223470fdcb13103b4144fdd24975d9ef2387",
+        "is_verified": false,
+        "line_number": 29,
+        "is_secret": false
+      }
+    ],
+    "src/postgres-mcp-server/tests/test_server_internal_functions.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "src/postgres-mcp-server/tests/test_server_internal_functions.py",
+        "hashed_secret": "43b5a7ccc96b402d0fc814b5e03f8e23c2d9d1d8",
+        "is_verified": false,
+        "line_number": 120,
+        "is_secret": false
+      }
+    ],
     "src/stepfunctions-tool-mcp-server/README.md": [
       {
         "type": "Base64 High Entropy String",
@@ -906,5 +980,5 @@
       }
     ]
   },
-  "generated_at": "2025-12-01T14:26:01Z"
+  "generated_at": "2025-12-10T01:04:18Z"
 }

src/postgres-mcp-server/README.md

@@ -12,11 +12,9 @@ An AWS Labs Model Context Protocol (MCP) server for Aurora Postgres
 
 1. Install `uv` from [Astral](https://docs.astral.sh/uv/getting-started/installation/) or the [GitHub README](https://github.com/astral-sh/uv#installation)
 2. Install Python using `uv python install 3.10`
-3. Aurora Postgres Cluster with Postgres username and password stored in AWS Secrets Manager
-4. Enable RDS Data API for your Aurora Postgres Cluster, see [instructions here](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html)
-5. This MCP server can only be run locally on the same host as your LLM client.
-6. Docker runtime
-7. Set up AWS credentials with access to AWS services
+3. This MCP server can only be run locally on the same host as your LLM client.
+4. Docker runtime
+5. Set up AWS credentials with access to AWS services
    - You need an AWS account with appropriate permissions
    - Configure AWS credentials with `aws configure` or environment variables
 
@@ -28,20 +26,14 @@ An AWS Labs Model Context Protocol (MCP) server for Aurora Postgres
 
 Configure the MCP server in your MCP client configuration (e.g., for Amazon Q Developer CLI, edit `~/.aws/amazonq/mcp.json`):
 
-### Option 1: Using RDS Data API Connection (for Aurora Postgres)
-
 ```json
 {
   "mcpServers": {
     "awslabs.postgres-mcp-server": {
       "command": "uvx",
       "args": [
         "awslabs.postgres-mcp-server@latest",
-        "--resource_arn", "[your data]",
-        "--secret_arn", "[your data]",
-        "--database", "[your data]",
-        "--region", "[your data]",
-        "--readonly", "True"
+        "--allow_write_query"
       ],
       "env": {
         "AWS_PROFILE": "your-aws-profile",
@@ -55,35 +47,6 @@ Configure the MCP server in your MCP client configuration (e.g., for Amazon Q De
 }
 ```
 
-### Option 2: Using Direct PostgreSQL(psycopg) Connection (for Aurora Postgres and RDS Postgres)
-
-```json
-{
-  "mcpServers": {
-    "awslabs.postgres-mcp-server": {
-      "command": "uvx",
-      "args": [
-        "awslabs.postgres-mcp-server@latest",
-        "--hostname", "[your data]",
-        "--secret_arn", "[your data]",
-        "--database", "[your data]",
-        "--region", "[your data]",
-        "--readonly", "True"
-      ],
-      "env": {
-        "AWS_PROFILE": "your-aws-profile",
-        "AWS_REGION": "us-east-1",
-        "FASTMCP_LOG_LEVEL": "ERROR"
-      },
-      "disabled": false,
-      "autoApprove": []
-    }
-  }
-}
-```
-
-Note: The `--port` parameter is optional and defaults to 5432 (the standard PostgreSQL port). You only need to specify it if your PostgreSQL instance uses a non-standard port.
-
 ### Windows Installation
 
 For Windows users, the MCP server configuration format is slightly different:
@@ -136,56 +99,61 @@ For Windows users, the MCP server configuration format is slightly different:
         "-e", "AWS_SECRET_ACCESS_KEY=[your data]",
         "-e", "AWS_REGION=[your data]",
         "awslabs/postgres-mcp-server:latest",
-        "--resource_arn", "[your data]",
-        "--secret_arn", "[your data]",
-        "--database", "[your data]",
-        "--region", "[your data]",
-        "--readonly", "True"
+        "--allow_write_query"
       ]
     }
   }
 }
 ```
 
-#### Option 2: Using Direct PostgreSQL (psycopg) Connection (for Aurora Postgres and RDS Postgres)
+NOTE: the MCP config example include --allow_write_query illustrate how to enable write queries. If you want to disable write queries, remove --allow_write_query option.
 
-```
-{
-  "mcpServers": {
-    "awslabs.postgres-mcp-server": {
-      "command": "docker",
-      "args": [
-        "run",
-        "-i",
-        "--rm",
-        "-e", "AWS_ACCESS_KEY_ID=[your data]",
-        "-e", "AWS_SECRET_ACCESS_KEY=[your data]",
-        "-e", "AWS_REGION=[your data]",
-        "awslabs/postgres-mcp-server:latest",
-        "--hostname", "[your data]",
-        "--secret_arn", "[your data]",
-        "--database", "[your data]",
-        "--region", "[your data]",
-        "--readonly", "True"
-      ]
-    }
-  }
-}
-```
+## Support for Database Cluster Creation
 
-Note: The `--port` parameter is optional and defaults to 5432 (the standard PostgreSQL port). You only need to specify it if your PostgreSQL instance uses a non-standard port.
+You can use the following LLM prompt to create a new Aurora PostgreSQL cluster:
 
-NOTE: By default, only read-only queries are allowed and it is controlled by --readonly parameter above. Set it to False if you also want to allow writable DML or DDL.
+> Create an Aurora PostgreSQL cluster named 'mycluster' in us-west-2 region
+
+---
 
 ## Connection Methods
 
-This MCP server supports two connection methods:
+The MCP server supports connecting to multiple database endpoints using different connection methods via LLM prompts.
+
+### Database Types
+- **APG**: Amazon Aurora PostgreSQL
+- **RPG**: Amazon RDS for PostgreSQL
+
+### Example Prompts
+
+**Connect using RDS Data API:**
+> Connect to database named postgres in Aurora PostgreSQL cluster 'my-cluster' with database_type as APG, using rdsapi as connection method in us-west-2 region
+
+**Connect using pgwire (Aurora PostgreSQL):**
+> Connect to database named postgres with database endpoint as my-apg17-instance-1.ctgfg6yyo9df.us-west-2.rds.amazonaws.com with database_type as APG, using pgwire as connection method in us-west-2 region
+
+**Connect using pgwire (RDS PostgreSQL):**
+> Connect to database named postgres with database endpoint as test-apg17-instance-1.ctgfg6yyo9df.us-west-2.rds.amazonaws.com with database_type as RPG, using pgwire as connection method in us-west-2 region
+
+---
+
+### Supported Connection Methods
+
+| Method | Description | Supported Database Types |
+|--------|-------------|--------------------------|
+| `pgwire` | Connect to PostgreSQL instance directly using the PostgreSQL wire protocol. Requires proper VPC security group configuration for direct database connectivity. | APG, RPG |
+| `pgwire_iam` | Same as `pgwire`, but uses IAM authentication. Requires IAM authentication to be enabled on the Aurora PostgreSQL cluster. | APG only |
+| `rdsapi` | Connect to Aurora PostgreSQL using the RDS Data API. Requires the RDS Data API to be enabled on the cluster. | APG only |
 
-1. **RDS Data API Connection** (using `--resource_arn`): Uses the AWS RDS Data API to connect to Aurora PostgreSQL. This method requires that your Aurora cluster has the Data API enabled.
+### Prerequisites by Connection Method
 
-2. **Direct PostgreSQL Connection** (using `--hostname`): Uses psycopg to connect directly to any PostgreSQL database, including Aurora PostgreSQL, RDS PostgreSQL, or self-hosted PostgreSQL instances. This method provides better performance for frequent queries but requires direct network access to the database.
+#### pgwire / pgwire_iam
+- VPC security group must allow inbound connections from your MCP server to the database
+- For `pgwire_iam`: IAM authentication must be enabled on the Aurora PostgreSQL cluster
 
-Choose the connection method that best fits your environment and requirements.
+#### rdsapi
+- RDS Data API must be enabled on the Aurora PostgreSQL cluster
+- Appropriate IAM permissions for Data API access
 
 ### AWS Authentication
 

src/postgres-mcp-server/awslabs/postgres_mcp_server/__init__.py

@@ -14,4 +14,11 @@
 
 """awslabs.postgres-mcp-server"""
 
-__version__ = '1.0.9'
+from importlib.metadata import version
+
+try:
+    __version__ = version('awslabs.postgres-mcp-server')
+except Exception:
+    __version__ = '0.0.0+dev'
+
+__user_agent__ = f'awslabs/mcp/postgres_mcp_server/{__version__}'

src/postgres-mcp-server/awslabs/postgres_mcp_server/connection/__init__.py

@@ -14,5 +14,4 @@
 
 """aws.postgres-mcp-server.connection"""
 
-from awslabs.postgres_mcp_server.connection.db_connection_singleton import DBConnectionSingleton
 from awslabs.postgres_mcp_server.connection.abstract_db_connection import AbstractDBConnection