Skip to main content

Core Components

SuperBox uses four AWS services:

S3 Bucket

Registry storage - one JSON file per server

Lambda Function

MCP executor with Python 3.11 runtime

IAM Role

Lambda execution permissions

CloudWatch Logs

7-day log retention

Architecture

Infrastructure Details

S3 Bucket

Name: superbox-mcp-registry Region: ap-south-1 Structure: 
superbox-mcp-registry/
├── weather-server.json
├── file-server.json
└── ...
Each JSON file contains:
  • Server metadata (name, version, description, author)
  • Repository URL
  • Entrypoint file
  • Tools list
  • Security report
  • Pricing

Lambda Function

Name: superbox-mcp-executor Runtime: Python 3.11 Memory: 512 MB (default, configurable) Timeout: 60 seconds (configurable up to 900) Handler: lambda.lambda_handler Function URL: Public HTTPS endpoint
  • CORS enabled for web clients
  • No authentication required
  • Format: https://{url}/{server-name}
Environment Variables:
  • AWS_REGION - Deployment region
  • S3_BUCKET - Registry bucket name
Execution:
  1. Receive HTTP POST with server name
  2. Fetch {name}.json from S3
  3. Download GitHub repo as ZIP
  4. Extract to /tmp
  5. Install dependencies (pip install)
  6. Run entrypoint with request body
  7. Return JSON-RPC response

IAM Role

Permissions:
  • s3:GetObject - Read from registry
  • logs:CreateLogGroup - CloudWatch setup
  • logs:CreateLogStream - Log streaming
  • logs:PutLogEvents - Write logs
Trust: Lambda service

CloudWatch Logs

Log Group: /aws/lambda/superbox-mcp-executor Retention: 7 days Content: Execution logs, errors, debug info

Infrastructure as Code

SuperBox-Infra/
├── main.tf              # Root configuration
├── variables.tf         # Input variables
├── outputs.tf           # Output values
├── providers.tf         # AWS provider config
├── terraform.tfvars     # Variable values (gitignored)
└── modules/
    ├── s3/              # S3 bucket module
    │   ├── main.tf
    │   ├── variables.tf
    │   └── outputs.tf
    ├── lambda/          # Lambda function module
    │   ├── main.tf
    │   ├── variables.tf
    │   └── outputs.tf
    └── iam/             # IAM roles module
        ├── main.tf
        ├── variables.tf
        └── outputs.tf

Cost Optimization

S3 Costs

  • Storage: ~₹2/GB/month - Requests: Minimal (read-heavy) - Transfer: Free within AWS Estimated: ₹80-400/month

Lambda Costs

  • Invocations: First 1M free/month - Duration: ₹0.0014/GB-second - Requests: ₹16 per 1M requests Estimated: ₹800-4000/month (based on traffic)

CloudWatch Costs

  • Ingestion: First 5GB free/month - Storage: ₹40/GB/month - Retention: 7 days (minimal storage) Estimated: ₹0-160/month

Total Monthly Cost

Small Scale: ₹880-4560/month Medium Scale: ₹4000-16000/month Enterprise Scale: Custom pricing

Security Best Practices

1

IAM Least Privilege

Lambda execution role has only necessary S3 read and CloudWatch write permissions. No write access to S3 or other AWS services.
2

VPC Isolation

Lambda functions can be deployed in VPC for network isolation. MCP servers cannot access internal AWS resources.
3

Encryption at Rest

S3 bucket uses AES-256 server-side encryption. CloudWatch logs are encrypted by default.
4

HTTPS Only

Lambda Function URL enforces HTTPS. No plain HTTP traffic allowed.
5

CloudWatch Monitoring

All Lambda invocations logged. Failed executions trigger alerts. Anomaly detection enabled.

Next Steps

Setup Guide

Deploy infrastructure with OpenTofu

Monitoring

Set up CloudWatch dashboards

Scaling

Configure auto-scaling policies

Troubleshooting

Debug common infrastructure issues