AWS mcp-sap medium security documentation change
Summary
Removed MCP_SERVER_HOST, MCP_SERVER_PORT, and MCP_SERVER_LEGACY_SSL environment variables. Updated MCP_SERVER_REGION description with deployment clarification.
Security assessment
Removal of MCP_SERVER_LEGACY_SSL (previously defaulted to true) indicates enforcement of modern TLS protocols. This addresses potential security vulnerabilities from outdated SSL/TLS implementations by eliminating downgrade options.
Diff
diff --git a/mcp-sap/latest/awsforsapmcp/configuration-reference.md b/mcp-sap/latest/awsforsapmcp/configuration-reference.md index ec2e5c8ea..5ebdcfa5f 100644 --- a//mcp-sap/latest/awsforsapmcp/configuration-reference.md +++ b//mcp-sap/latest/awsforsapmcp/configuration-reference.md @@ -50,3 +49,0 @@ Variable | Default | Description -`MCP_SERVER_HOST` | `0.0.0.0` | Network address the server binds to. -`MCP_SERVER_PORT` | `8000` | Port the server listens inside the container. -`MCP_SERVER_LEGACY_SSL` | `true` | Set to `false` if SAP system supports modern TLS security protocol. @@ -54 +51 @@ Variable | Default | Description -`MCP_SERVER_REGION` | `$AWS_REGION` or `us-west-2` | AWS Region for AWS Secrets Manager, Amazon S3, and AgentCore Identity calls. +`MCP_SERVER_REGION` | `$AWS_REGION` or `us-west-2` | AWS Region for AWS Secrets Manager, Amazon S3, and AgentCore Identity calls. (When deploying with the CFN template, this value is automatically set to the deployment region `$AWS_REGION`. For custom automation workflows, this parameter must be explicitly set in AgentCore to avoid deployment failures.)