Skip to content

fix: reuse the boto3 session to sign request #122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
wzxxing merged 3 commits into from
Dec 10, 2025
Merged

fix: reuse the boto3 session to sign request #122

wzxxing merged 3 commits into from
Dec 10, 2025

Conversation

@wzxxing
Copy link
Contributor

@wzxxing wzxxing commented Dec 9, 2025
edited
Loading

instead of creating a new session to sign every request

Summary

Changes

Please provide a summary of what's being changed

Previously, the httpx client factory creates a new aws session object to sign the request with sigv4. This works with plain credentials, but not with assume-role credentials provider, which uses a different session role name with timestamp when the credentials is assumed.

Since the owner of the MCP session is the actors User ID (in the form of <principal-id>:session-name>, the users creates a session (mcp initialize), but will fail the following up requests when trying to access the MCP session ID with a different role session name.

fixes: #117

User experience

Please share what the user experience looks like before and after this change

User should be able to user their aws profile with assume role credentials provider.

Checklist

If your change doesn't seem to apply, please leave them unchecked.

  • I have reviewed the contributing guidelines
  • I have performed a self-review of this change
  • Changes have been tested
  • Changes are documented

Is this a breaking change? (Y/N)

  • Yes
  • No

Please add details about how this change was tested.

Tested with a profile with assume-role credentials

  • Did integration tests succeed?
  • If the feature is a new use case, is it necessary to add a new integration test case?

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@wzxxing wzxxing marked this pull request as ready for review December 10, 2025 08:31
@wzxxing wzxxing requested a review from a team as a code owner December 10, 2025 08:31
@wzxxing wzxxing enabled auto-merge (rebase) December 10, 2025 09:40
@wzxxing wzxxing disabled auto-merge December 10, 2025 09:40
@wzxxing wzxxing enabled auto-merge (squash) December 10, 2025 09:41
@wzxxing wzxxing merged commit 85df16d into aws:main Dec 10, 2025
3 checks passed
@psantus
Copy link

psantus commented Dec 10, 2025

I'll test when this is released, thanks for addressing my bug report!

@wzxxing wzxxing deleted the reuse-http-client branch December 12, 2025 09:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arangatang arangatang arangatang approved these changes

@arnewouters arnewouters arnewouters approved these changes

@PCManticore PCManticore Awaiting requested review from PCManticore

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

MCP Server won't start in Kiro CLI (using IAM Identity Center AWS CLI profile)

4 participants

@wzxxing @psantus @arangatang @arnewouters