MCP Test Environment

Multi-region test infrastructure for generating and analyzing network traffic patterns using AWS VPC Flow Logs and Cloudflare integration.

🎯 Purpose

This repository provides a complete testing environment to:

• Generate realistic HTTP/HTTPS traffic patterns across multiple regions
• Produce VPC Flow Logs for network analysis and monitoring
• Test Cloudflare MCP integration with AWS infrastructure
• Validate security controls and network visibility tools

📁 Repository Structure

mcp-test-environment/
├── test-api/                    # Test API infrastructure and application
│   ├── main.tf                  # Terraform configuration
│   ├── app.py                   # FastAPI application
│   ├── Dockerfile               # Container definition
│   └── README.md                # Detailed documentation
│
├── traffic-generators/          # Multi-region Lambda traffic generators
│   ├── traffic-generators.tf    # Terraform configuration
│   ├── traffic_generator.py     # Lambda function code
│   └── README.md                # Detailed documentation
│
└── scripts/                     # Deployment automation
    ├── deploy-api.sh            # Deploy Test API
    └── deploy-traffic-generators.sh

🚀 Quick Start

Prerequisites

• AWS CLI configured with appropriate credentials
• Terraform >= 1.6
• Docker (with buildx for ARM64 builds on WSL2)
• Domain configured in Cloudflare

1. Deploy Test API

# Configure
cd test-api
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your values

# Deploy
cd ..
./scripts/deploy-api.sh

2. Deploy Traffic Generators (Optional)

# Configure
cd traffic-generators
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your values

# Deploy
cd ..
./scripts/deploy-traffic-generators.sh

See component READMEs for detailed instructions:

• Test API Documentation
• Traffic Generators Documentation

🏗️ Architecture

Test API

• FastAPI application running on ECS Fargate (ARM64/Graviton2)
• Application Load Balancer with HTTPS termination
• Cloudflare proxy for DDoS protection and analytics
• VPC Flow Logs captured to S3 in Parquet format

Traffic Generators

• Lambda functions deployed across 4 AWS regions
• EventBridge scheduled execution every 5 minutes
• Configurable traffic patterns (normal, bursty, error-prone)
• Multi-region realistic traffic simulation

🔐 Security Features

• TLS 1.3 encryption via Cloudflare and ALB
• Non-root container execution
• Security group least-privilege access
• ECR image scanning enabled
• VPC Flow Logs for network monitoring
• Encrypted S3 storage (AES-256)
• No hardcoded credentials

📊 Monitoring

• CloudWatch Logs for application and container logs
• CloudWatch Metrics for ECS and Lambda metrics
• VPC Flow Logs for network traffic analysis
• ALB Access Logs for HTTP request details
• Cloudflare Analytics for edge traffic insights

💰 Cost Estimation

Test API (Running 24/7):

• ECS Fargate (2 tasks, ARM64): ~$15/month
• ALB: ~$20/month
• S3 + Flow Logs: ~$5/month
• Total: ~$40/month

Traffic Generators (Optional):

• Lambda invocations: ~$2/month
• Total: ~$2/month

🧹 Cleanup

# Destroy traffic generators
cd traffic-generators
terraform destroy

# Destroy test API
cd ../test-api
terraform destroy

📝 Use Cases

• Network Security Testing - Validate firewall rules and security controls
• MCP Integration Testing - Test Cloudflare MCP with real traffic patterns
• Flow Log Analysis - Develop and test flow log parsing tools
• Performance Testing - Load test applications with realistic traffic
• Training - Learn AWS networking, ECS, and infrastructure-as-code

🛠️ Development

Local Testing

# Test API locally
cd test-api
docker build -t test-api:latest .
docker run -p 8080:8080 test-api:latest

# Test traffic generator locally
cd traffic-generators
python3 traffic_generator.py

WSL2 / Windows Users

For ARM64 builds on WSL2, the deployment scripts use docker buildx. Ensure Docker Desktop has BuildKit enabled.

📚 Additional Resources

• Migration Guide - Upgrading from old structure
• AWS VPC Flow Logs
• ECS Best Practices
• Cloudflare MCP Documentation

🤝 Contributing

1. Create a feature branch
2. Make changes with descriptive commits
3. Test deployments in a separate AWS account
4. Submit pull request with detailed description

📄 License

Internal use - Network Security Team

Maintained by: Kwiatriot
Last Updated: October 2025
Terraform Version: >= 1.6
AWS Provider: ~> 6.15.0