Non-human identity for MCP servers on AWS

The common misconception is that a machine‑to‑machine API can simply reuse an engineer’s IAM user key, but that approach fails to provide a proper non-human identity. Many teams assume that a machine‑to‑machine API can simply reuse an engineer’s IAM user key and be considered secure. The reality is that static credentials shared across services create a single point of failure, make revocation painful, and provide no visibility into what the automated process actually does. This misconception is especially harmful when you need a non-human identity for MCP servers running on AWS. Without a dedicated service account, you lose the ability to enforce least‑privilege policies and you cannot prove which automated job performed a given action.

In practice, teams often provision an AWS access key for a service, embed it in code or environment variables, and let the MCP server connect directly to other AWS resources. The key is long‑lived, may be copied between environments, and any compromise instantly grants the same level of access to every target the service touches. Auditors cannot trace individual requests, and security teams cannot intervene when a rogue command is issued because there is no enforcement point on the data path.

Why non-human identity alone is not enough

Introducing a dedicated service account, or any non-human identity, solves the credential‑ownership problem. It tells the identity provider who is making the request and allows you to assign a scoped IAM role. However, the request still travels straight to the target AWS service. No gateway inspects the traffic, no inline policy can block dangerous API calls, and no session is recorded for later review. The setup therefore fixes identity attribution but leaves the core risk surface unchanged: unrestricted access, no real‑time approval, and no audit trail.

hoop.dev as the data‑path enforcement layer

hoop.dev sits between the MCP server and the AWS resources it needs to reach. It validates the non-human identity token, then proxies the connection at the protocol level. Because the gateway is the only place the traffic passes, hoop.dev can enforce a range of controls that were previously impossible.

• hoop.dev records each session, providing a replayable audit log that ties every API call back to the service account.
• hoop.dev masks sensitive response fields in real time, preventing secrets from leaking into downstream logs.
• hoop.dev requires just‑in‑time approval for high‑risk operations, pausing the request until an authorized human reviews it.
• hoop.dev can block disallowed commands before they reach the AWS service, reducing blast radius from misbehaving automation.

All of these outcomes exist only because hoop.dev occupies the data path. The initial identity check (the setup) determines who is allowed to start a session, but hoop.dev is the sole component that can actually enforce policy, capture evidence, and intervene.

Architectural steps for enabling non-human identity with MCP on AWS

1. Define a dedicated service account in your IdP (Okta, Azure AD, Google Workspace, etc.) and assign it a minimal IAM role that permits only the required AWS actions.

2. Deploy the hoop.dev gateway inside the same VPC or network segment where the MCP server runs. The gateway runs as a container or pod and hosts an agent that can reach the target AWS endpoints.

3. Register the MCP server as a connection in hoop.dev, supplying the service account’s OIDC token source. The gateway stores the AWS credentials needed to talk to the target services; the MCP process never sees them.

4. Configure policies in hoop.dev that specify which API calls are allowed without approval, which require a human sign‑off, and which fields must be masked.

5. Operate the MCP server as usual, pointing its client libraries to the hoop.dev endpoint. The gateway transparently proxies traffic, applying the policies defined in step 4.

When the MCP server initiates a request, hoop.dev validates the non-human identity, checks the request against the policy, records the interaction, and either forwards it, masks the response, or pauses for approval. This flow gives you full visibility and control without changing the MCP code.

Getting started

For a step‑by‑step walkthrough, see the getting‑started guide. For deeper details on policy configuration, see the learn section. The documentation explains how to deploy the gateway, register a service account, and define policies for AWS resources. All configuration details are available in the open‑source repository.

Explore the source code, contribute improvements, and review the implementation details on GitHub.

FAQ

Do I still need IAM roles for the service account?

Yes. The service account’s IAM role defines the maximum permissions the MCP server can request. hoop.dev enforces those permissions at the gateway, but the role is still the source of truth for AWS.

Can I use hoop.dev with other cloud providers?

hoop.dev supports a range of connectors, including Kubernetes, SSH, and various databases. The same pattern, non‑human identity validated at the gateway, applies across all supported targets.

How long are session recordings retained?

Retention is configurable in the gateway’s storage settings. The policy can be aligned with your organization’s compliance requirements.