Description
### 1. Basic Configuration
This is the minimal configuration to register the **GCP MCP Server - AI Google Cloud Management** with Claude Code, assuming the server is installed as an executable named `gcp-mcp-server` on your `PATH` and uses `GOOGLE_APPLICATION_CREDENTIALS` for auth.
```json
{
"mcpServers": {
"GCP MCP Server - AI Google Cloud Management": {
"command": "gcp-mcp-server",
"args": [],
"env": {}
}
}
}
```
**Explanation (markdown, not in JSON):**
- `"GCP MCP Server - AI Google Cloud Management"`:
Must match the MCP server name you want Claude to show in tools.
- `"command": "gcp-mcp-server"`:
The CLI/binary that starts the MCP server. Adjust if your binary name/path differs.
- `"args": []`:
No extra arguments; the server runs with its defaults.
- `"env": {}`:
Empty here; you’d rely on your shell/OS environment (e.g., `GOOGLE_APPLICATION_CREDENTIALS` already set globally).
---
### 2. Advanced Configuration
This version includes explicit credentials, project scoping, region defaults, and logging options. It assumes the server supports these flags/env vars (common patterns for GCP tools).
```json
{
"mcpServers": {
"GCP MCP Server - AI Google Cloud Management": {
"command": "/usr/local/bin/gcp-mcp-server",
"args": [
"--default-project=prod-ml-platform",
"--default-region=us-central1",
"--default-zone=us-central1-a",
"--enable-logging",
"--log-level=info",
"--max-concurrent-operations=10",
"--timeout-seconds=60"
],
"env": {
"GOOGLE_APPLICATION_CREDENTIALS": "/Users/your-user/.config/gcloud/prod-sa-key.json",
"GCP_MCP_ALLOWED_PROJECTS": "prod-ml-platform,shared-services",
"GCP_MCP_ALLOWED_SERVICES": "compute,storage,vertexai,iam",
"GCP_MCP_IMPERSONATE_SERVICE_ACCOUNT": "mcp-automation@prod-ml-platform.iam.gserviceaccount.com",
"GCP_MCP_REQUEST_LOGGING": "true"
}
}
}
}
```
**Explanation:**
- `"command": "/usr/local/bin/gcp-mcp-server"`
Absolute path for more deterministic execution.
- `"--default-project=prod-ml-platform"`
Default GCP project used when the user doesn’t specify one.
- `"--default-region=us-central1"`, `"--default-zone=us-central1-a"`
Default region/zone for compute and other regional resources.
- `"--enable-logging"`, `"--log-level=info"`
Turn on server-side logging with info verbosity.
- `"--max-concurrent-operations=10"`
Limit concurrency to avoid hitting API quotas too aggressively.
- `"--timeout-seconds=60"`
Per-request timeout from MCP client to server.
Environment variables:
- `GOOGLE_APPLICATION_CREDENTIALS`
Path to a service account JSON key for authentication.
- `GCP_MCP_ALLOWED_PROJECTS`
Comma-separated list of projects the MCP server is allowed to manage (safety control).
- `GCP_MCP_ALLOWED_SERVICES`
Restrict which GCP APIs the MCP server exposes (e.g., no BigQuery if not needed).
- `GCP_MCP_IMPERSONATE_SERVICE_ACCOUNT`
If the server supports impersonation, this is the SA it will use for operations.
- `GCP_MCP_REQUEST_LOGGING`
Enable per-request logging for auditing/debugging.
---
### 3. Use Case Specific Configuration – **Production Vertex AI & Compute Management**
This configuration is tailored for a **production ML platform** use case where Claude is used to manage Vertex AI endpoints, models, and a small set of Compute Engine instances in a single “prod” project, with strict safety limits.
```json
{
"mcpServers": {
"GCP MCP Server - AI Google Cloud Management": {
"command": "/opt/mcp/gcp-mcp-server",
"args": [
"--default-project=ml-prod-123456",
"--default-region=us-central1",
"--default-zone=us-central1-a",
"--enable-logging",
"--log-level=warning",
"--max-concurrent-operations=5",
"--timeout-seconds=45",
"--read-only-compute=true",
"--vertexai-profile=production",
"--resource-prefix-filter=projects/ml-prod-123456"
],
"env": {
"GOOGLE_APPLICATION_CREDENTIALS": "/etc/gcp/keys/ml-prod-mcp-sa.json",
"GCP_MCP_ALLOWED_PROJECTS": "ml-prod-123456",
"GCP_MCP_ALLOWED_SERVICES": "vertexai,compute,storage",
"GCP_MCP_VERTEXAI_ENDPOINT_REGION": "us-central1",
"GCP_MCP_VERTEXAI_MODEL_WHITELIST": "text-bison,gemini-1.5-pro,gemini-1.5-flash",
"GCP_MCP_COMPUTE_INSTANCE_WHITELIST": "ml-prod-api-*,ml-prod-batch-*",
"GCP_MCP_STORAGE_BUCKET_WHITELIST": "ml-prod-model-artifacts,ml-prod-logs",
"GCP_MCP_IMPERSONATE_SERVICE_ACCOUNT": "mcp-vertexai-orchestrator@ml-prod-123456.iam.gserviceaccount.com",
"GCP_MCP_REQUEST_LOGGING": "true",
"GCP_MCP_AUDIT_LOG_PATH": "/var/log/mcp/gcp-mcp-audit.log",
"GCP_MCP_DISABLE_DESTRUCTIVE_OPERATIONS": "true"
}
}
}
}
```
**Explanation:**
Arguments:
- `"--default-project=ml-prod-123456"`
Locks defaults to the production ML project.
- `"--log-level=warning"`
Reduce log noise in production.
- `"--max-concurrent-operations=5"`
Conservative concurrency for production stability.
- `"--read-only-compute=true"`
Assume server supports a mode where Compute operations are read-only (no delete/stop).
- `"--vertexai-profile=production"`
Hypothetical flag to load a “production” profile (e.g., stricter quotas, specific endpoints).
- `"--resource-prefix-filter=projects/ml-prod-123456"`
Ensure operations only target resources in this project.
Environment variables:
- `GOOGLE_APPLICATION_CREDENTIALS`
Path to a locked-down service account key managed by ops.
- `GCP_MCP_ALLOWED_PROJECTS`: `"ml-prod-123456"`
Explicitly limit to the prod ML project.
- `GCP_MCP_ALLOWED_SERVICES`: `"vertexai,compute,storage"`
Only allow tools for these services.
- `GCP_MCP_VERTEXAI_ENDPOINT_REGION`
Fix Vertex AI operations to a single region.
- `GCP_MCP_VERTEXAI_MODEL_WHITELIST`
Only allow using/operating on specific approved models.
- `GCP_MCP_COMPUTE_INSTANCE_WHITELIST`
Only interact with instances whose names match these patterns (e.g., `ml-prod-api-*`).
- `GCP_MCP_STORAGE_BUCKET_WHITELIST`
Restrict storage operations to specific buckets.
- `GCP_MCP_IMPERSONATE_SERVICE_ACCOUNT`
Use a dedicated orchestrator service account for all actions.
- `GCP_MCP_REQUEST_LOGGING`: `"true"`
Log each request for traceability.
- `GCP_MCP_AUDIT_LOG_PATH`
Local file path for detailed audit logs (if supported).
- `GCP_MCP_DISABLE_DESTRUCTIVE_OPERATIONS`: `"true"`
Safety guard to prevent deletes or other destructive changes in production.