AWS solutions medium security documentation change
Summary
Added documentation for the MCP Server workflow including authorization through Cognito, read-only API access scoping, and integration architecture with AI tools.
Security assessment
The changes explicitly document security controls: 1) Authorization through Cognito token validation, 2) Read-only API access restriction, 3) Scoped Lambda permissions. These directly address potential security risks by implementing least-privilege access and authentication mechanisms for the new AI interface.
Diff
diff --git a/solutions/latest/distributed-load-testing-on-aws/how-distributed-load-testing-on-aws-works.md b/solutions/latest/distributed-load-testing-on-aws/how-distributed-load-testing-on-aws-works.md index e9f2a6987..81b12db88 100644 --- a//solutions/latest/distributed-load-testing-on-aws/how-distributed-load-testing-on-aws-works.md +++ b//solutions/latest/distributed-load-testing-on-aws/how-distributed-load-testing-on-aws-works.md @@ -4,0 +5,2 @@ +MCP Server workflow (Optional) + @@ -49,0 +52,29 @@ The following detailed breakdown shows the steps involved in running a test scen +## MCP Server workflow (Optional) + +If you deploy the optional MCP Server integration, AI agents can access and analyze your load testing data through the following workflow: + +**MCP Server architecture** + + + + 1. **Customer interaction** \- The customer interacts with DLT’s MCP via the MCP Endpoint hosted by AWS AgentCore Gateway. AI agents connect to this endpoint to request access to load testing data. + + 2. **Authorization** \- AgentCore Gateway handles authorization against the Solution Cognito user pool application client. The gateway validates the user’s Cognito token to ensure they have permission to access the DLT MCP server. Authorized users are granted access with agent tool access limited to read-only operations. + + 3. **Tool specification** \- AgentCore Gateway connects to the DLT MCP Server Lambda function. A tool specification defines the available tools that AI agents can use to interact with your load testing data. + + 4. **Read-only API access** \- The Lambda function is scoped to read-only API access through the existing DLT API Gateway endpoints. The function provides four primary operations: + + * **List scenarios** \- Retrieve a list of test scenarios from the DynamoDB scenarios table + + * **Get scenario test results** \- Access detailed test results for specific scenarios from DynamoDB and S3 + + * **Get Fargate load test runners** \- Query information about running Fargate tasks in the ECS cluster + + * **Get available Regional stacks** \- Retrieve information about deployed regional infrastructure from CloudFormation + + + + +The MCP Server integration leverages the existing DLT infrastructure (API Gateway, Cognito, DynamoDB, S3) to provide secure, read-only access to test data for AI-powered analysis and insights. + @@ -56 +87 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Backend +MCP Server