AWS Security ChangesHomeSearch

AWS mcp-sap medium security documentation change

Service: mcp-sap · 2026-05-22 · Security-related medium

File: mcp-sap/latest/awsforsapmcp/configuration-reference.md

Summary

Removed MCP_SERVER_HOST, MCP_SERVER_PORT, and MCP_SERVER_LEGACY_SSL environment variables. Updated MCP_SERVER_REGION description with deployment clarification.

Security assessment

Removal of MCP_SERVER_LEGACY_SSL (previously defaulted to true) indicates enforcement of modern TLS protocols. This addresses potential security vulnerabilities from outdated SSL/TLS implementations by eliminating downgrade options.

Diff

diff --git a/mcp-sap/latest/awsforsapmcp/configuration-reference.md b/mcp-sap/latest/awsforsapmcp/configuration-reference.md
index ec2e5c8ea..5ebdcfa5f 100644
--- a//mcp-sap/latest/awsforsapmcp/configuration-reference.md
+++ b//mcp-sap/latest/awsforsapmcp/configuration-reference.md
@@ -50,3 +49,0 @@ Variable | Default | Description
-`MCP_SERVER_HOST` |  `0.0.0.0` |  Network address the server binds to.  
-`MCP_SERVER_PORT` |  `8000` |  Port the server listens inside the container.  
-`MCP_SERVER_LEGACY_SSL` |  `true` |  Set to `false` if SAP system supports modern TLS security protocol.  
@@ -54 +51 @@ Variable | Default | Description
-`MCP_SERVER_REGION` |  `$AWS_REGION` or `us-west-2` |  AWS Region for AWS Secrets Manager, Amazon S3, and AgentCore Identity calls.  
+`MCP_SERVER_REGION` |  `$AWS_REGION` or `us-west-2` |  AWS Region for AWS Secrets Manager, Amazon S3, and AgentCore Identity calls. (When deploying with the CFN template, this value is automatically set to the deployment region `$AWS_REGION`. For custom automation workflows, this parameter must be explicitly set in AgentCore to avoid deployment failures.)