Security Context MCP Server

Overview Schema Related Servers Score Discussions

aws.ts•23.2 KiB

import { DocumentSource, SecurityDocument } from "../types.js"; export class AWSSource implements DocumentSource { name = "AWS"; async fetchDocuments(): Promise<SecurityDocument[]> { const documents: SecurityDocument[] = []; try { console.error("Fetching AWS Security documents..."); // AWS Security Best Practices documents.push({ id: "aws-security-best-practices", source: "AWS", title: "AWS Security Best Practices", url: "https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html", content: `AWS Security Best Practices are built on six design principles: Implement a strong identity foundation using least privilege and separation of duties. Enable traceability by monitoring, alerting, and auditing actions. Apply security at all layers from edge to compute. Automate security best practices to improve scalability. Protect data in transit and at rest using encryption and access controls. Keep people away from data by eliminating direct access and using automation. Prepare for security events with incident response procedures and testing.`, category: "Cloud Security", lastUpdated: new Date(), metadata: { provider: "AWS" }, }); // Well-Architected Framework - Security Pillar documents.push({ id: "aws-waf-security", source: "AWS", title: "AWS Well-Architected Framework - Security Pillar", url: "https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html", content: `The Security Pillar of AWS Well-Architected Framework encompasses the ability to protect data, systems, and assets. Key areas include: Identity and Access Management - implement strong identity foundation, use temporary credentials, enforce least privilege. Detection - enable logging and monitoring, analyze logs, automate responses. Infrastructure Protection - enforce boundary protection, use defense in depth, protect compute resources. Data Protection - classify data, encrypt at rest and in transit, implement backup and replication. Incident Response - prepare with runbooks and automation, simulate events, understand AWS shared responsibility model.`, category: "Cloud Security", lastUpdated: new Date(), metadata: { framework: "Well-Architected", pillar: "Security" }, }); // IAM Best Practices documents.push({ id: "aws-iam-best-practices", source: "AWS", title: "AWS IAM Security Best Practices", url: "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html", content: `AWS IAM Best Practices include: Lock away AWS account root user access keys, use IAM users for individual people and applications. Create individual IAM users with unique credentials. Use groups to assign permissions to IAM users. Grant least privilege access - start with minimal permissions and grant additional as needed. Enable MFA for privileged users and sensitive operations. Use roles for applications running on EC2 instances. Delegate using roles instead of sharing credentials. Rotate credentials regularly. Remove unnecessary credentials. Use policy conditions for extra security. Monitor activity in AWS account using CloudTrail and CloudWatch. Use IAM Access Analyzer to identify resources shared externally.`, category: "Identity and Access", lastUpdated: new Date(), metadata: { service: "IAM" }, }); // S3 Security Best Practices documents.push({ id: "aws-s3-security", source: "AWS", title: "Amazon S3 Security Best Practices", url: "https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html", content: `S3 Security Best Practices: Block public access by default using S3 Block Public Access settings. Use IAM roles and policies for access control. Enable S3 versioning to protect against accidental deletion and overwrites. Enable default encryption for S3 buckets. Use S3 Object Lock for write-once-read-many (WORM) protection. Implement bucket policies and access points for fine-grained access control. Enable S3 server access logging and CloudTrail for audit. Use VPC endpoints to keep traffic within AWS network. Enable MFA Delete for additional protection. Regularly review bucket permissions using Access Analyzer. Use pre-signed URLs for temporary access. Implement cross-region replication for disaster recovery.`, category: "Storage Security", lastUpdated: new Date(), metadata: { service: "S3" }, }); // VPC Security documents.push({ id: "aws-vpc-security", source: "AWS", title: "AWS VPC Security Best Practices", url: "https://docs.aws.amazon.com/vpc/latest/userguide/security.html", content: `VPC Security Best Practices: Use security groups as virtual firewalls to control inbound and outbound traffic. Implement network ACLs for additional subnet-level security. Use private subnets for resources that don't need internet access. Deploy NAT gateways for outbound internet access from private subnets. Implement VPC Flow Logs to capture network traffic for analysis. Use VPC endpoints to privately connect to AWS services. Segment networks using multiple VPCs or subnets. Use AWS Network Firewall for advanced traffic filtering. Enable VPC Flow Logs and analyze with CloudWatch or third-party tools. Implement DDoS protection using AWS Shield and WAF. Use PrivateLink for secure service connectivity.`, category: "Network Security", lastUpdated: new Date(), metadata: { service: "VPC" }, }); // Shared Responsibility Model documents.push({ id: "aws-shared-responsibility", source: "AWS", title: "AWS Shared Responsibility Model", url: "https://aws.amazon.com/compliance/shared-responsibility-model/", content: `AWS Shared Responsibility Model defines security and compliance as a shared responsibility between AWS and the customer. AWS Responsibility (Security OF the Cloud): AWS is responsible for protecting infrastructure that runs AWS services including hardware, software, networking, and facilities. Customer Responsibility (Security IN the Cloud): Customers are responsible for managing guest OS, application software, security groups, firewalls, network configurations, and data encryption. The responsibility varies based on service type: IaaS (customer has more control and responsibility), PaaS (AWS manages more of the stack), SaaS (AWS manages nearly everything except data and access). Customers must understand their responsibilities for each service used.`, category: "Cloud Security", lastUpdated: new Date(), metadata: { concept: "Shared Responsibility" }, }); // KMS Best Practices documents.push({ id: "aws-kms-best-practices", source: "AWS", title: "AWS KMS Best Practices", url: "https://docs.aws.amazon.com/kms/latest/developerguide/best-practices.html", content: `AWS KMS Best Practices for encryption key management: Use AWS managed keys for simple use cases and customer managed keys for granular control. Enable automatic key rotation for customer managed keys. Use IAM policies and key policies together for access control. Grant least privilege access to keys. Use grants for temporary permissions. Enable CloudTrail logging to monitor key usage. Use separate keys for different purposes and data classifications. Implement key deletion with waiting period. Use aliases to simplify key management. Enable multi-region keys for global applications. Use KMS with AWS services for integrated encryption. Implement envelope encryption for large data. Validate ciphertext before decryption.`, category: "Cryptography", lastUpdated: new Date(), metadata: { service: "KMS" }, }); // Security Pillar - Security Foundations documents.push({ id: "aws-waf-security-foundations", source: "AWS", title: "AWS Well-Architected Security Pillar - Security Foundations", url: "https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/security-foundations.html", content: `Security Foundations in AWS: Before implementing security controls, establish foundational practices. Implement AWS account management best practices using AWS Organizations for multi-account strategy. Separate workloads using accounts to limit blast radius. Use Service Control Policies (SCPs) to enforce governance. Enable AWS CloudTrail in all accounts for comprehensive audit trails. Establish security baselines using AWS Config and Conformance Packs. Implement centralized security services using AWS Security Hub. Create security response runbooks and incident response procedures. Train teams on security practices and AWS security services. Use AWS Well-Architected Tool to review workload security posture regularly.`, category: "Cloud Security", lastUpdated: new Date(), metadata: { framework: "Well-Architected", pillar: "Security", topic: "Foundations" }, }); // Security Pillar - Identity and Access Management Deep Dive documents.push({ id: "aws-waf-identity-access", source: "AWS", title: "AWS Well-Architected Security Pillar - Identity and Access Management", url: "https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/identity-and-access-management.html", content: `Identity and Access Management in AWS: Use strong authentication with MFA for human identities. Leverage AWS IAM Identity Center (formerly SSO) for workforce access. Implement temporary credentials using IAM roles instead of long-term access keys. Use IAM roles for workload identities (EC2, Lambda, containers). Apply least privilege principle - grant minimum permissions necessary. Use permission boundaries to delegate permission management. Implement attribute-based access control (ABAC) for scalable permissions. Use AWS Organizations SCPs to establish permission guardrails. Regularly analyze access patterns using IAM Access Analyzer and Access Advisor. Implement lifecycle management for credentials. Use resource-based policies for cross-account access. Enable CloudTrail to log all API calls for audit. Implement break-glass procedures for emergency access.`, category: "Identity and Access", lastUpdated: new Date(), metadata: { framework: "Well-Architected", pillar: "Security", topic: "Identity" }, }); // Security Pillar - Detection documents.push({ id: "aws-waf-detection", source: "AWS", title: "AWS Well-Architected Security Pillar - Detection", url: "https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/detection.html", content: `Detection Controls in AWS: Configure comprehensive logging using CloudTrail (API calls), VPC Flow Logs (network traffic), and service-specific logs. Centralize log storage using S3 with appropriate retention and encryption. Enable CloudWatch Logs for application and system logs. Implement AWS Config to track configuration changes and compliance. Use AWS Security Hub to aggregate and prioritize security findings. Enable Amazon GuardDuty for threat detection using ML. Implement Amazon Detective for security investigation. Use AWS Config Rules for continuous compliance monitoring. Set up CloudWatch Alarms for anomalous activities. Implement automated response using EventBridge and Lambda. Use Amazon Macie for sensitive data discovery. Enable AWS WAF logging for application protection. Implement log analysis using CloudWatch Insights, Athena, or third-party SIEM. Establish security metrics and dashboards.`, category: "Security Monitoring", lastUpdated: new Date(), metadata: { framework: "Well-Architected", pillar: "Security", topic: "Detection" }, }); // Security Pillar - Infrastructure Protection documents.push({ id: "aws-waf-infrastructure-protection", source: "AWS", title: "AWS Well-Architected Security Pillar - Infrastructure Protection", url: "https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/infrastructure-protection.html", content: `Infrastructure Protection in AWS: Create network layers using VPC with public, private, and isolated subnets. Implement security groups as stateful firewalls at instance level. Use network ACLs for stateless subnet-level controls. Deploy AWS Network Firewall for advanced traffic filtering. Implement AWS WAF to protect web applications from common exploits. Use AWS Shield Standard (automatic) and Shield Advanced (DDoS protection). Implement VPC endpoints to keep traffic within AWS network. Use PrivateLink for secure service connectivity. Implement inspection VPC for centralized security controls. Use AWS Firewall Manager for centralized firewall management. Protect compute resources using Systems Manager for patch management. Implement instance metadata service v2 (IMDSv2). Use security scanning for AMIs and container images. Implement network segmentation and microsegmentation. Deploy resources across multiple Availability Zones for resilience.`, category: "Infrastructure Security", lastUpdated: new Date(), metadata: { framework: "Well-Architected", pillar: "Security", topic: "Infrastructure" }, }); // Security Pillar - Data Protection documents.push({ id: "aws-waf-data-protection", source: "AWS", title: "AWS Well-Architected Security Pillar - Data Protection", url: "https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/data-protection.html", content: `Data Protection in AWS: Classify data based on sensitivity levels. Implement encryption at rest for all data stores using AWS KMS or service-managed keys. Use S3 default encryption, EBS encryption, RDS encryption. Enable encryption in transit using TLS 1.2+ for all data transfers. Use AWS Certificate Manager for TLS certificate management. Implement key management using AWS KMS with automatic key rotation. Use separate KMS keys for different data classifications. Implement access controls using IAM, bucket policies, and encryption context. Use S3 Object Lock for immutable storage. Enable versioning for data recovery. Implement data backup using AWS Backup with encryption. Use Secrets Manager or Parameter Store for credentials. Implement data lifecycle policies for automated retention. Use Amazon Macie to discover and classify sensitive data. Implement tokenization or format-preserving encryption where appropriate. Regularly test data recovery procedures.`, category: "Data Security", lastUpdated: new Date(), metadata: { framework: "Well-Architected", pillar: "Security", topic: "Data Protection" }, }); // Security Pillar - Incident Response documents.push({ id: "aws-waf-incident-response", source: "AWS", title: "AWS Well-Architected Security Pillar - Incident Response", url: "https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/incident-response.html", content: `Incident Response in AWS: Develop incident response plans and runbooks. Create response team with defined roles and responsibilities. Pre-deploy incident response tools and ensure access. Use AWS CloudFormation for rapid environment recreation. Implement automated forensic capabilities using Lambda and Step Functions. Enable CloudTrail Insights for unusual API activity detection. Use AWS Systems Manager for remote investigation without SSH. Create isolated forensic VPC for investigation. Implement automated isolation procedures using Lambda. Use EC2 snapshot and memory dump for forensic analysis. Enable Amazon Detective for investigation workflows. Implement security information event management (SIEM). Conduct regular game days and simulations. Document lessons learned and update procedures. Use AWS Incident Response guides and AWS Support. Implement automated notifications using SNS. Maintain evidence preservation procedures. Test incident response procedures quarterly.`, category: "Incident Response", lastUpdated: new Date(), metadata: { framework: "Well-Architected", pillar: "Security", topic: "Incident Response" }, }); // Security Pillar - Application Security documents.push({ id: "aws-waf-application-security", source: "AWS", title: "AWS Well-Architected Security Pillar - Application Security", url: "https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/application-security.html", content: `Application Security in AWS: Implement secure software development lifecycle (SDLC). Use AWS CodePipeline with security scanning stages. Integrate Amazon CodeGuru for code quality and security reviews. Implement static application security testing (SAST) in CI/CD. Use dependency scanning to identify vulnerable packages. Implement container image scanning using Amazon ECR. Use AWS Lambda for serverless security with automatic patching. Implement API security using Amazon API Gateway with authentication. Use AWS WAF to protect against OWASP Top 10 vulnerabilities. Implement secrets management using AWS Secrets Manager. Use IAM roles for service-to-service authentication. Implement input validation and output encoding. Use security headers and implement CORS properly. Conduct regular penetration testing following AWS policies. Implement runtime application self-protection (RASP). Use Amazon Inspector for vulnerability management. Implement security training for developers.`, category: "Application Security", lastUpdated: new Date(), metadata: { framework: "Well-Architected", pillar: "Security", topic: "Application" }, }); // GuardDuty Best Practices documents.push({ id: "aws-guardduty-best-practices", source: "AWS", title: "AWS GuardDuty Best Practices", url: "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_best-practices.html", content: `Amazon GuardDuty Best Practices: Enable GuardDuty in all AWS accounts and regions. Use GuardDuty with AWS Organizations for centralized management. Enable all optional protection plans (S3, EKS, RDS, Lambda, Malware). Configure automated response using EventBridge rules. Integrate findings with AWS Security Hub for centralized view. Use suppression rules judiciously - investigate before suppressing. Configure finding retention to meet compliance requirements. Enable trusted IP lists for known good IPs. Implement threat lists for known bad actors. Use member account management for multi-account deployments. Configure SNS notifications for critical findings. Integrate with SIEM for correlation. Review findings regularly and tune detection sensitivity. Use GuardDuty finding types to understand threats. Implement automated containment for high-severity findings. Export findings to S3 for long-term analysis.`, category: "Threat Detection", lastUpdated: new Date(), metadata: { service: "GuardDuty" }, }); // Security Hub Best Practices documents.push({ id: "aws-security-hub-best-practices", source: "AWS", title: "AWS Security Hub Best Practices", url: "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-best-practices.html", content: `AWS Security Hub Best Practices: Enable Security Hub in all accounts and regions using Organizations. Designate an administrator account for centralized management. Enable all security standards (AWS Foundational Security, CIS, PCI DSS). Integrate all AWS security services (GuardDuty, Inspector, Macie, IAM Access Analyzer, Firewall Manager). Enable third-party product integrations for comprehensive coverage. Use custom actions for automated remediation. Configure finding aggregation for multi-region visibility. Implement automated remediation using EventBridge and Lambda. Use insights for trend analysis and prioritization. Configure severity-based workflows for findings. Use suppression rules to reduce noise from accepted risks. Export findings to S3 for compliance and audit. Integrate with ticketing systems for workflow management. Review compliance scores regularly. Use Security Hub automation rules for bulk updates. Implement dashboards for security posture visibility.`, category: "Security Operations", lastUpdated: new Date(), metadata: { service: "Security Hub" }, }); // CloudTrail Best Practices documents.push({ id: "aws-cloudtrail-best-practices", source: "AWS", title: "AWS CloudTrail Best Practices", url: "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html", content: `AWS CloudTrail Best Practices: Enable CloudTrail in all accounts and regions. Create organization trail for centralized logging. Enable log file validation for integrity checking. Encrypt CloudTrail logs using KMS customer managed keys. Store logs in dedicated S3 bucket with versioning enabled. Implement S3 Object Lock for tamper-proof log retention. Use separate AWS account for log aggregation. Enable CloudTrail Insights for anomalous activity detection. Configure CloudWatch Logs integration for real-time alerting. Implement S3 lifecycle policies for cost optimization. Use CloudTrail Lake for advanced querying. Enable data event logging for sensitive resources (S3, Lambda). Implement least privilege for CloudTrail management. Monitor CloudTrail status using Config rules. Use EventBridge for automated responses to critical events. Regularly review CloudTrail logs for security analysis. Implement MFA delete for log bucket protection.`, category: "Audit and Compliance", lastUpdated: new Date(), metadata: { service: "CloudTrail" }, }); // AWS Config Best Practices documents.push({ id: "aws-config-best-practices", source: "AWS", title: "AWS Config Best Practices", url: "https://docs.aws.amazon.com/config/latest/developerguide/best-practices.html", content: `AWS Config Best Practices: Enable AWS Config in all accounts and regions. Use AWS Config with Organizations for centralized compliance. Configure all resource types for comprehensive tracking. Enable configuration snapshots for point-in-time recovery. Store configuration history in S3 with encryption. Use Config Rules for automated compliance checking. Deploy Conformance Packs for multiple related rules. Enable Config Rules remediation for automatic fixing. Integrate Config findings with Security Hub. Use aggregators for multi-account and multi-region view. Implement custom Config Rules using Lambda for specific requirements. Monitor Config Rule compliance dashboard regularly. Use Config timeline to investigate configuration changes. Enable SNS notifications for compliance changes. Implement resource relationship tracking for impact analysis. Use Config with CloudFormation for infrastructure validation. Regularly review and update Config Rules.`, category: "Compliance Management", lastUpdated: new Date(), metadata: { service: "Config" }, }); console.error(`Fetched ${documents.length} AWS documents`); } catch (error) { console.error("Error fetching AWS documents:", error); } return documents; } }

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/abreed05/cybersecurity-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

aws.ts•23.2 KiB