How it Works

An MCP server that sits between your AI agent and AWS STS, issuing temporary credentials scoped to specific AWS services and access levels on demand.

Architecture

Timebound IAM runs as an MCP (Model Context Protocol) server that your AI agent communicates with through standard tool calls. Instead of giving your agent long-lived AWS keys, the agent requests exactly the permissions it needs, for a short period of time.

The server uses AWS STS AssumeRole to generate temporary credentials scoped to specific services. Session policies are built from standard AWS managed policy actions -- the same actions AWS already defines for each service -- so you're not relying on custom or hand-rolled permission sets. These credentials are written to a secure file on disk -- never passed through the chat context -- and are automatically cleaned up when they expire.

Credential Flow

Agent requests access

The agent calls grant_access specifying the services, access level, and TTL it needs.

Handler validates the request

The MCP handler checks services are supported, TTL is within bounds (15m-12h), and the requested level is valid.

STS AssumeRole

The server calls AWS STS to assume the timebound-iam-broker role with a session policy scoped to only the requested services.

Credentials written to secure file

Temporary credentials are written to a profile-specific file with 0600 permissions. The file path is returned to the agent.

Auto-cleanup on expiry

When the TTL expires, credentials are automatically removed from disk. The agent can request new credentials at any time.

Security Properties

Every design decision prioritizes minimizing the blast radius of credential exposure.

Time-bounded

Credentials expire automatically. No permanent access is ever granted.

Service-scoped

Session policies restrict access to only the specific AWS services requested.

File-based

Credentials are written to disk with 0600 permissions, never passed through the chat context.

Scoped permissions

Session policies use standard AWS managed policy actions to scope access to only the requested services.

Per-profile isolation

Each AWS profile gets its own credential file and IAM role, preventing cross-account leakage.

Auto-cleanup

Expired credentials are removed from disk. No stale secrets accumulate over time.