MCP.so
Sign In

Aws Security Mcp

@groovyBugify

About Aws Security Mcp

A Model Context Protocol server that connects AI assistants like Claude to AWS security services, allowing them to autonomously query, inspect, and analyze AWS infrastructure for security issues and misconfigurations.

Basic information

Category

Cloud & Infrastructure

License

Apache-2.0

Runtime

python

Transports

stdio

Publisher

groovyBugify

Submitted by

Saransh Rana

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "aws-security": {
      "command": "/path/to/aws-security-mcp/run_aws_security.sh"
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Aws Security Mcp?

Aws Security Mcp is a Model Context Protocol server that enables AI assistants to perform comprehensive AWS security analysis through natural language queries. It bridges AI assistants like Claude with AWS security services, providing real-time infrastructure analysis across multiple accounts without requiring deep AWS CLI knowledge.

How to use Aws Security Mcp?

Clone the repository, set up a Python 3.11+ environment with uv, install dependencies, configure AWS credentials and config.yaml, then run the server locally or deploy it as an ECS service. Configure your MCP client (e.g., Claude Desktop) by installing mcp-proxy and adding the server’s SSE endpoint to the client’s configuration.

Key features of Aws Security Mcp

  • Automatic cross-account discovery via AWS Organizations
  • Natural language queries for AWS resources
  • Integrated findings from GuardDuty, SecurityHub, and Access Analyzer
  • Infrastructure mapping, threat modelling, and blast radius analysis
  • Athena-powered log analytics for CloudTrail, VPC Flow Logs, and more

Use cases of Aws Security Mcp

  • List running EC2 instances and check Lambda function secrets
  • Analyze GuardDuty findings and IAM roles with administrative privileges
  • Generate network maps and blast radius analysis for IP addresses
  • Query resources tagged by team across all accounts in an organization
  • Review compliance status using SecurityHub and Athena log analysis

FAQ from Aws Security Mcp

What prerequisites are required to run Aws Security Mcp?

Python 3.11 or higher, uv package manager, an AWS account with IAM permissions, and a compatible MCP client (e.g., Claude Desktop). The AWS IAM user/role must have the SecurityAudit policy attached.

How do I configure cross-account access?

Create an IAM role named aws-security-mcp-cross-account-access in each target account with a trust policy allowing your master account to assume it. Attach the SecurityAudit managed policy to the role.

Which security services does the server integrate with?

GuardDuty, SecurityHub, IAM Access Analyzer, and Athena for log analysis. It also analyzes EC2, S3, Lambda, CloudFront, Route53, WAF, and other security-relevant services.

Can I use this server without Athena integration?

Yes. Athena permissions are optional and only needed for advanced log analysis features. Core functionality (resource discovery, security findings, IAM analysis) works without it.

Which MCP clients are supported?

Claude Desktop, Cline, and any MCP-compatible client. Use of a plan supporting token sizes greater than 100,000 is recommended.

Comments

More Cloud & Infrastructure MCP servers