Aws Security Mcp
@groovyBugify
About Aws Security Mcp
A Model Context Protocol server that connects AI assistants like Claude to AWS security services, allowing them to autonomously query, inspect, and analyze AWS infrastructure for security issues and misconfigurations.
Basic information
Category
Cloud & Infrastructure
License
Apache-2.0
Runtime
python
Transports
stdio
Publisher
groovyBugify
Submitted by
Saransh Rana
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"aws-security": {
"command": "/path/to/aws-security-mcp/run_aws_security.sh"
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Aws Security Mcp?
Aws Security Mcp is a Model Context Protocol server that enables AI assistants to perform comprehensive AWS security analysis through natural language queries. It bridges AI assistants like Claude with AWS security services, providing real-time infrastructure analysis across multiple accounts without requiring deep AWS CLI knowledge.
How to use Aws Security Mcp?
Clone the repository, set up a Python 3.11+ environment with uv, install dependencies, configure AWS credentials and config.yaml, then run the server locally or deploy it as an ECS service. Configure your MCP client (e.g., Claude Desktop) by installing mcp-proxy and adding the server’s SSE endpoint to the client’s configuration.
Key features of Aws Security Mcp
- Automatic cross-account discovery via AWS Organizations
- Natural language queries for AWS resources
- Integrated findings from GuardDuty, SecurityHub, and Access Analyzer
- Infrastructure mapping, threat modelling, and blast radius analysis
- Athena-powered log analytics for CloudTrail, VPC Flow Logs, and more
Use cases of Aws Security Mcp
- List running EC2 instances and check Lambda function secrets
- Analyze GuardDuty findings and IAM roles with administrative privileges
- Generate network maps and blast radius analysis for IP addresses
- Query resources tagged by team across all accounts in an organization
- Review compliance status using SecurityHub and Athena log analysis
FAQ from Aws Security Mcp
What prerequisites are required to run Aws Security Mcp?
Python 3.11 or higher, uv package manager, an AWS account with IAM permissions, and a compatible MCP client (e.g., Claude Desktop). The AWS IAM user/role must have the SecurityAudit policy attached.
How do I configure cross-account access?
Create an IAM role named aws-security-mcp-cross-account-access in each target account with a trust policy allowing your master account to assume it. Attach the SecurityAudit managed policy to the role.
Which security services does the server integrate with?
GuardDuty, SecurityHub, IAM Access Analyzer, and Athena for log analysis. It also analyzes EC2, S3, Lambda, CloudFront, Route53, WAF, and other security-relevant services.
Can I use this server without Athena integration?
Yes. Athena permissions are optional and only needed for advanced log analysis features. Core functionality (resource discovery, security findings, IAM analysis) works without it.
Which MCP clients are supported?
Claude Desktop, Cline, and any MCP-compatible client. Use of a plan supporting token sizes greater than 100,000 is recommended.
More Cloud & Infrastructure MCP servers
🐳 docker-mcp
QuantGeekDevA docker MCP Server (modelcontextprotocol)
Lambda MCP Server Demo (Streamable HTTP)
mikegc-awsCreates a simple MCP tool server with "streaming" HTTP.
Kubernetes MCP Server
manusaModel Context Protocol (MCP) server for Kubernetes and OpenShift
MCP Server that interacts with Azure AI Foundry (experimental)
azure-ai-foundryA MCP Server for Azure AI Foundry: it's now moved to cloud, check the new Foundry MCP Server
Azure DevOps MCP Server
Tiberriver256An MCP server for Azure DevOps
Comments