Aws Security Mcp
@groovyBugify
关于 Aws Security Mcp
A Model Context Protocol server that connects AI assistants like Claude to AWS security services, allowing them to autonomously query, inspect, and analyze AWS infrastructure for security issues and misconfigurations.
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"aws-security": {
"command": "/path/to/aws-security-mcp/run_aws_security.sh"
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is Aws Security Mcp?
Aws Security Mcp is a Model Context Protocol server that enables AI assistants to perform comprehensive AWS security analysis through natural language queries. It bridges AI assistants like Claude with AWS security services, providing real-time infrastructure analysis across multiple accounts without requiring deep AWS CLI knowledge.
How to use Aws Security Mcp?
Clone the repository, set up a Python 3.11+ environment with uv, install dependencies, configure AWS credentials and config.yaml, then run the server locally or deploy it as an ECS service. Configure your MCP client (e.g., Claude Desktop) by installing mcp-proxy and adding the server’s SSE endpoint to the client’s configuration.
Key features of Aws Security Mcp
- Automatic cross-account discovery via AWS Organizations
- Natural language queries for AWS resources
- Integrated findings from GuardDuty, SecurityHub, and Access Analyzer
- Infrastructure mapping, threat modelling, and blast radius analysis
- Athena-powered log analytics for CloudTrail, VPC Flow Logs, and more
Use cases of Aws Security Mcp
- List running EC2 instances and check Lambda function secrets
- Analyze GuardDuty findings and IAM roles with administrative privileges
- Generate network maps and blast radius analysis for IP addresses
- Query resources tagged by team across all accounts in an organization
- Review compliance status using SecurityHub and Athena log analysis
FAQ from Aws Security Mcp
What prerequisites are required to run Aws Security Mcp?
Python 3.11 or higher, uv package manager, an AWS account with IAM permissions, and a compatible MCP client (e.g., Claude Desktop). The AWS IAM user/role must have the SecurityAudit policy attached.
How do I configure cross-account access?
Create an IAM role named aws-security-mcp-cross-account-access in each target account with a trust policy allowing your master account to assume it. Attach the SecurityAudit managed policy to the role.
Which security services does the server integrate with?
GuardDuty, SecurityHub, IAM Access Analyzer, and Athena for log analysis. It also analyzes EC2, S3, Lambda, CloudFront, Route53, WAF, and other security-relevant services.
Can I use this server without Athena integration?
Yes. Athena permissions are optional and only needed for advanced log analysis features. Core functionality (resource discovery, security findings, IAM analysis) works without it.
Which MCP clients are supported?
Claude Desktop, Cline, and any MCP-compatible client. Use of a plan supporting token sizes greater than 100,000 is recommended.
云与基础设施 分类下的更多 MCP 服务器
MCP Gateway
mcp-ecosystem🧩 MCP Gateway - A lightweight gateway service that instantly transforms existing MCP Servers and APIs into MCP servers with zero code changes. Features Docker deployment and management UI, requiring no infrastructure modifications.
Firebase MCP
gannonh🔥 Model Context Protocol (MCP) server for Firebase.
🐳 docker-mcp
QuantGeekDevA docker MCP Server (modelcontextprotocol)
Supabase MCP Server
coleam00Supabase MCP server created in Python.
Awesome DevOps MCP Servers
rohitg00A curated list of awesome MCP servers focused on DevOps tools and capabilities.
评论