acuvity/mcp-server-aws-canvas

Verified Publisher

By Acuvity Inc.

Updated about 1 year ago

Generate images using Amazon Nova Canvas with text prompts and color guidance.

Helm
Image
1

2.3K

acuvity/mcp-server-aws-canvas repository overview

Acuvity logo

Join Acuvity community Follow us on LinkedIn Follow us on Bluesky

What is mcp-server-aws-canvas?

![Rating](https://img.shields.io/badge/-3775A9?label=Rating) Helm Docker PyPI Scout Install in VS Code Docker

Description: Generate images using Amazon Nova Canvas with text prompts and color guidance.

Packaged by Acuvity and published to our curated MCP server registry from awslabs.nova-canvas-mcp-server original sources.

Quick links:

Why We Built This

At Acuvity, security is central to our mission—especially for critical systems like MCP servers and integration in agentic systems. To address this need, we've created a secure and robust Docker image designed to ensure awslabs.nova-canvas-mcp-server run reliably and safely.

🔐 Key Security Features

📦 Isolated Immutable Sandbox
  • Isolated Execution: All tools run within secure, containerized sandboxes to enforce process isolation and prevent lateral movement.
  • Non-root by Default: Enforces least-privilege principles, minimizing the impact of potential security breaches.
  • Read-only Filesystem: Ensures runtime immutability, preventing unauthorized modification.
  • Version Pinning: Guarantees consistency and reproducibility across deployments by locking tool and dependency versions.
  • CVE Scanning: Continuously scans images for known vulnerabilities using Docker Scout to support proactive mitigation.
  • SBOM & Provenance: Delivers full supply chain transparency by embedding metadata and traceable build information."
🛡️ Runtime Security and Guardrails

Minibridge Integration: Minibridge establishes secure Agent-to-MCP connectivity, supports Rego/HTTP-based policy enforcement 🕵️, and simplifies orchestration.

The ARC container includes a built-in Rego policy that enables a set of runtime "guardrails"" to help enforce security, privacy, and correct usage of your services. Below is an overview of each guardrail provided.

🔒 Resource Integrity

Mitigates MCP Rug Pull Attacks

  • Goal: Protect users from malicious tool description changes after initial approval, preventing post-installation manipulation or deception.
  • Mechanism: Locks tool descriptions upon client approval and verifies their integrity before execution. Any modification to the description triggers a security violation, blocking unauthorized changes from server-side updates.
🛡️ Gardrails
Covert Instruction Detection

Monitors incoming requests for hidden or obfuscated directives that could alter policy behavior.

  • Goal: Stop attackers from slipping unnoticed commands or payloads into otherwise harmless data.
  • Mechanism: Applies a library of regex patterns and binary‐encoding checks to the full request body. If any pattern matches a known covert channel (e.g., steganographic markers, hidden HTML tags, escape-sequence tricks), the request is rejected.
Sensitive Pattern Detection

Block user-defined sensitive data patterns (credential paths, filesystem references).

  • Goal: Block accidental or malicious inclusion of sensitive information that violates data-handling rules.
  • Mechanism: Runs a curated set of regexes against all payloads and tool descriptions—matching patterns such as .env files, RSA key paths, directory traversal sequences.
Shadowing Pattern Detection

Detects and blocks "shadowing" attacks, where a malicious MCP server sneaks hidden directives into its own tool descriptions to hijack or override the behavior of other, trusted tools.

  • Goal: Stop a rogue server from poisoning the agent’s logic by embedding instructions that alter how a different server’s tools operate (e.g., forcing all emails to go to an attacker’s address even when the user calls a separate send_email tool).
  • Mechanism: During policy load, each tool description is scanned for cross‐tool override patterns—such as <IMPORTANT> sections referencing other tool names, hidden side‐effects, or directives that apply to a different server’s API. Any description that attempts to shadow or extend instructions for a tool outside its own namespace triggers a policy violation and is rejected.
Schema Misuse Prevention

Enforces strict adherence to MCP input schemas.

  • Goal: Prevent malformed or unexpected fields from bypassing validations, causing runtime errors, or enabling injections.
  • Mechanism: Compares each incoming JSON object against the declared schema (required properties, allowed keys, types). Any extra, missing, or mistyped field triggers an immediate policy violation.
Cross-Origin Tool Access

Controls whether tools may invoke tools or services from external origins.

  • Goal: Prevent untrusted or out-of-scope services from being called.
  • Mechanism: Examines tool invocation requests and outgoing calls, verifying each target against an allowlist of approved domains or service names. Calls to any non-approved origin are blocked.
Secrets Redaction

Automatically masks sensitive values so they never appear in logs or responses.

  • Goal: Ensure that API keys, tokens, passwords, and other credentials cannot leak in plaintext.
  • Mechanism: Scans every text output for known secret formats (e.g., AWS keys, GitHub PATs, JWTs). Matches are replaced with [REDACTED] before the response is sent or recorded.

Basic Authentication via Shared Secret

Provides a lightweight auth layer using a single shared token.

  • Mechanism: Expects clients to send an Authorization header with the predefined secret.
  • Use Case: Quickly lock down your endpoint in development or simple internal deployments—no complex OAuth/OIDC setup required.

These controls ensure robust runtime integrity, prevent unauthorized behavior, and provide a foundation for secure-by-design system operations.

To review the full policy, see it here. Alternatively, you can override the default policy or supply your own policy file to use (see here for Docker, here for Helm charts).

Note

By default, all guardrails are turned off. You can enable or disable each one individually, ensuring that only the protections your environment needs are active.

Quick reference

Maintained by:

Where to get help:

Where to file issues:

Supported architectures:

  • amd64
  • arm64

Base image:

  • ghcr.io/astral-sh/uv:python3.12-alpine

Resources:

Latest tags:

📦 How to Install

Tip

Given mcp-server-aws-canvas scope of operation it can be hosted anywhere.

🧰 Clients Integrations

Below are the steps for configuring most clients that use MCP to elevate their Copilot experience.

Note

These integrations function natively across all Minibridge modes. To keep things brief, only the docker local-run setup is covered here.
Visual Studio Code

To get started immediately, you can use the "one-click" link below:

Install in VS Code Docker

Global scope

Press ctrl + shift + p and type Preferences: Open User Settings JSON to add the following section:

{
  "mcp": {
    "servers": {
      "acuvity-mcp-server-aws-canvas": {
        "env": {
          "AWS_PROFILE": "TO_BE_SET",
          "AWS_REGION": "TO_BE_SET"
        },
        "command": "docker",
        "args": [
          "run",
          "-i",
          "--rm",
          "--read-only",
          "-e",
          "AWS_PROFILE",
          "-e",
          "AWS_REGION",
          "docker.io/acuvity/mcp-server-aws-canvas:0.2.8"
        ]
      }
    }
  }
}

Workspace scope

In your workspace create a file called .vscode/mcp.json and add the following section:

{
  "servers": {
    "acuvity-mcp-server-aws-canvas": {
      "env": {
        "AWS_PROFILE": "TO_BE_SET",
        "AWS_REGION": "TO_BE_SET"
      },
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "--read-only",
        "-e",
        "AWS_PROFILE",
        "-e",
        "AWS_REGION",
        "docker.io/acuvity/mcp-server-aws-canvas:0.2.8"
      ]
    }
  }
}

To pass secrets you should use the promptString input type described in the Visual Studio Code documentation.

Windsurf IDE

In ~/.codeium/windsurf/mcp_config.json add the following section:

{
  "mcpServers": {
    "acuvity-mcp-server-aws-canvas": {
      "env": {
        "AWS_PROFILE": "TO_BE_SET",
        "AWS_REGION": "TO_BE_SET"
      },
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "--read-only",
        "-e",
        "AWS_PROFILE",
        "-e",
        "AWS_REGION",
        "docker.io/acuvity/mcp-server-aws-canvas:0.2.8"
      ]
    }
  }
}

See Windsurf documentation for more info.

Cursor IDE

Add the following JSON block to your mcp configuration file:

  • ~/.cursor/mcp.json for global scope
  • .cursor/mcp.json for project scope
{
  "mcpServers": {
    "acuvity-mcp-server-aws-canvas": {
      "env": {
        "AWS_PROFILE": "TO_BE_SET",
        "AWS_REGION": "TO_BE_SET"
      },
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "--read-only",
        "-e",
        "AWS_PROFILE",
        "-e",
        "AWS_REGION",
        "docker.io/acuvity/mcp-server-aws-canvas:0.2.8"
      ]
    }
  }
}

See cursor documentation for more information.

Claude Desktop

In the claude_desktop_config.json configuration file add the following section:

{
  "mcpServers": {
    "acuvity-mcp-server-aws-canvas": {
      "env": {
        "AWS_PROFILE": "TO_BE_SET",
        "AWS_REGION": "TO_BE_SET"
      },
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "--read-only",
        "-e",
        "AWS_PROFILE",
        "-e",
        "AWS_REGION",
        "docker.io/acuvity/mcp-server-aws-canvas:0.2.8"
      ]
    }
  }
}

See Anthropic documentation for more information.

OpenAI python SDK

Running locally

async with MCPServerStdio(
    params={
        "env": {"AWS_PROFILE":"TO_BE_SET","AWS_REGION":"TO_BE_SET"},
        "command": "docker",
        "args": ["run","-i","--rm","--read-only","-e","AWS_PROFILE","-e","AWS_REGION","docker.io/acuvity/mcp-server-aws-canvas:0.2.8"]
    }
) as server:
    tools = await server.list_tools()

Running remotely

async with MCPServerSse(
    params={
        "url": "http://<ip>:<port>/sse",
    }
) as server:
    tools = await server.list_tools()

See OpenAI Agents SDK docs for more info.

🐳 Run it with Docker

Environment variables and secrets:

  • AWS_PROFILE required to be set
  • AWS_REGION required to be set
Locally with STDIO

In your client configuration set:

  • command: docker
  • arguments: run -i --rm --read-only -e AWS_PROFILE -e AWS_REGION docker.io/acuvity/mcp-server-aws-canvas:0.2.8
Locally with HTTP/sse

Simply run as:

docker run -it -p 8000:8000 --rm --read-only -e AWS_PROFILE -e AWS_REGION docker.io/acuvity/mcp-server-aws-canvas:0.2.8

Then on your application/client, you can configure to use it like:

{
  "mcpServers": {
    "acuvity-mcp-server-aws-canvas": {
      "url": "http://localhost:8000/sse"
    }
  }
}

You might have to use different ports for different tools.

Remotely with Websocket tunneling and MTLS

This section assume you are familiar with TLS and certificates and will require:

  • a server certificate with proper DNS/IP field matching your tool deployment.
  • a client-ca used to sign client certificates
  1. Start the server in backend mode
  • add an environment variable like -e MINIBRIDGE_MODE=backend
  • add the TLS certificates (recommended) through a volume let's say /certs ex (-v $PWD/certs:/certs)
  • instruct minibridge to use those certs with
    • -e MINIBRIDGE_TLS_SERVER_CERT=/certs/server-cert.pem
    • -e MINIBRIDGE_TLS_SERVER_KEY=/certs/server-key.pem
    • -e MINIBRIDGE_TLS_SERVER_KEY_PASS=optional
    • -e MINIBRIDGE_TLS_SERVER_CLIENT_CA=/certs/client-ca.pem
  1. Start minibridge locally in frontend mode:

In your client configuration, Minibridge works like any other STDIO command.

Example for Claude Desktop:

{
  "mcpServers": {
    "acuvity-mcp-server-aws-canvas": {
      "command": "minibridge",
      "args": ["frontend", "--backend", "wss://<remote-url>:8000/ws", "--tls-client-backend-ca", "/path/to/ca/that/signed/the/server-cert.pem/ca.pem", "--tls-client-cert", "/path/to/client-cert.pem", "--tls-client-key", "/path/to/client-key.pem"]
    }
  }
}

That's it.

Minibridge offers a host of additional features. For step-by-step guidance, please visit the wiki. And if anything’s unclear, don’t hesitate to reach out!

🛡️ Runtime security

Guardrails:

To activate guardrails in your Docker containers, define the GUARDRAILS environment variable with the protections you need. Available options:

  • covert-instruction-detection
  • sensitive-pattern-detection
  • shadowing-pattern-detection
  • schema-misuse-prevention
  • cross-origin-tool-access
  • secrets-redaction

For example adding:

  • -e GUARDRAILS="secrets-redaction covert-instruction-detection" to your docker arguments will enable the secrets-redaction and covert-instruction-detection guardrails.

Basic Authentication:

To turn on Basic Authentication, add BASIC_AUTH_SECRET like:

  • -e BASIC_AUTH_SECRET="supersecret" to your docker arguments. This will enable the Basic Authentication check.

Then you can connect through http/sse as usual given that you pass an Authorization: Bearer supersecret header with your secret as Bearer token.

Caution

While basic auth will protect against unauthorized access, you should use it only in controlled environment, rotate credentials frequently and **always** use TLS.

☁️ Deploy On Kubernetes

Deploy using Helm Charts
Chart settings requirements

This chart requires some mandatory information to be installed.

Mandatory Environment variables:

  • AWS_PROFILE environment variable to be set by env.AWS_PROFILE
  • AWS_REGION environment variable to be set by env.AWS_REGION
How to install

You can inspect the chart README:

helm show readme oci://docker.io/acuvity/mcp-server-aws-canvas --version 1.0.0

You can inspect the values that you can configure:

helm show values oci://docker.io/acuvity/mcp-server-aws-canvas --version 1.0.0

Install with helm

helm install mcp-server-aws-canvas oci://docker.io/acuvity/mcp-server-aws-canvas --version 1.0.0

From there your MCP server mcp-server-aws-canvas will be reachable by default through http/sse from inside the cluster using the Kubernetes Service mcp-server-aws-canvas on port 8000 by default. You can change that by looking at the service section of the values.yaml file.

How to Monitor

The deployment will create a Kubernetes service with a healthPort, that is used for liveness probes and readiness probes. This health port can also be used by the monitoring stack of your choice and exposes metrics under the /metrics path.

See full charts Readme for more details about settings and runtime security including guardrails activation.

💬 Questions? Open an issue or contact us [email protected] . 📦 Contributions welcome!

Tag summary

Content type

Image

Digest

sha256:9df0143f8

Size

261 Bytes

Last updated

about 1 year ago

docker pull acuvity/mcp-server-aws-canvas:sha256-cebb159c78276c38f91841cc54ba8195019d7cd5b0974b8f12719c452075c361.sig