The AWS Security MCP server enables AI assistants to interact with AWS security services for comprehensive infrastructure inspection and analysis.
Query AWS Infrastructure: Use natural language to query resources across EC2, S3, IAM, Lambda, CloudFront, Load Balancers, Route53, WAF, and Shield
Security Findings Analysis: Retrieve and analyze findings from GuardDuty, SecurityHub, and IAM Access Analyzer
Detailed Security Audits: Perform audits on IAM roles, policies, permissions, EC2 instances, security groups, and networking components
S3 Security Checks: Scan buckets for public access and security issues
Domain Security Analysis: Check for subdomain takeover vulnerabilities and DNS configurations
Sensitive Data Scanning: Scan environment variables and configurations for sensitive information
Security Reporting: Generate threat modeling reports, security recommendations, network maps, and blast radius analyses
Tag-Based Searches: Search and analyze AWS resources by tags
Integration with Brave Search for web searching capabilities, can be coupled with AWS Security MCP for enhanced functionality.
Repository hosting for the AWS Security MCP project, accessible via git clone from the groovyBugify organization.
Required runtime environment for AWS Security MCP, version 3.11+ needed to execute the server.
AWS Security MCP
AWS Security MCP is a Model Context Protocol server that provides a MCP Client like Claude to interact to AWS security services, allowing AI assistants to autonomously inspect and analyze your AWS infrastructure for security issues.
Features
Query AWS Infrastructure with Natural Lang query for example - "share a list of running ec2 instances that are of type t2.large"
Query security findings from GuardDuty, SecurityHub, and IAM Access Analyzer
List and inspect AWS resources for security misconfigurations
Analyze IAM roles, policies, and permissions for security issues
Examine EC2 instances, security groups, and networking components
Scan for sensitive information in environment variables and configurations
Generate Threat Modelling reports on the fly
Generate Contextual Security Recommendations on the fly
Generate network map on the fly to visualise how network map of you AWS Infrastructure Looks like
Generate blast radius analysis of any service/resource or teams that are tagged.
Search Seamlessly between you tagged resources
AWS Services Coverage
Currently Supported
IAM: Roles, users, policies, access keys, and permission analysis
EC2: Instances, security groups, Elastic Network Interfaces, VPCs, Subnets, and route tables
S3: Buckets, permissions, and public access analysis
GuardDuty: Findings and detectors
SecurityHub: Findings and standards compliance
Lambda: Functions, permissions, and configurations
Cloudfront: Cloudfront Distributions, Origin Mapping, API Route Mapping
LoadBalancer: ALB, ELB, NLB, Target Groups, Listeners,
Route53: Hosted Zones, RecordSets
WAF: WebACL, AWS WAF
Shield: AWS DDOS Protection
IAM Access Analyser: Security findings on IAM Access Analyser
ECS/ECR: Container repositories, images, and scan findings
Organizations: AWS Organization structure, accounts, SCPs and organization-level controls
Work In Progress
CloudTrail: Audit logging analysis
KMS: Key management and encryption
Config: Configuration compliance
Installation
Prerequisites
uv
Python 3.11+
AWS Account with proper credentials - Can work with either AWS Access Keys or AWS STS Credentials!
MCP Client (Claude Desktop, Cline, 5ire, etc.)
Setup
Clone this repository:
git clone https://github.com/groovyBugify/aws-security-mcp.git cd aws-security-mcpMake sure you have installed
uv
https://docs.astral.sh/uv/getting-started/installation/#installation-methodsMake the runner script executable:
chmod +x run_aws_security.shUpdate
run_aws_security.sh
file with valid AWS Credentialsexport AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY_ID export AWS_SECRET_ACCESS_KEY=YOUR_SECRET_ACCESS_KEY
You can utilise AWS STS Credentials, AWS Profiles as well, you just need to export them before running the MCP Client.
MCP Client Setup
Theoretically, any MCP client should work with AWS Security MCP. Sharing Claude Desktop setup below.
To set up Claude Desktop as an AWS Security MCP client, go to Claude
-> Settings
-> Developer
-> Edit Config
-> claude_desktop_config.json
and add the following:
Alternatively, edit this file directly:
Running AWS Security MCP on steroids
Using any MCP Client we can couple multiple MCPs toghthere for example -
Troubleshooting
If at any point you face issues with running the MCP server, you can try checking the MCP Server logs that are usually stored on your system /Users/{userName}/Library/Logs/Claude
License
This project is licensed under the MIT License - see the LICENSE file for details.
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
A Model Context Protocol server that connects AI assistants like Claude to AWS security services, allowing them to autonomously query, inspect, and analyze AWS infrastructure for security issues and misconfigurations.
- Features
- AWS Services Coverage
- Installation
- MCP Client Setup
- Running AWS Security MCP on steroids
- Troubleshooting
- License
Related Resources
Related MCP Servers
- AsecurityFlicenseAqualityA Model Context Protocol (MCP) server that enables AI assistants like Claude to interact with your AWS environment. This allows for natural language querying and management of your AWS resources during conversations. Think of better Amazon Q alternative.Last updated -3285
- AsecurityAlicenseAqualityA Model Context Protocol server that enables AI assistants like Claude to interact with Google Cloud Platform environments through natural language, allowing users to query and manage GCP resources during conversations.Last updated -9228166MIT License
- AsecurityAlicenseAqualityA Model Context Protocol server that enables AI assistants like Claude to interact directly with Home Assistant, allowing them to query device states, control smart home entities, and perform automation tasks.Last updated -12191MIT License
- AsecurityFlicenseAqualityA Model Context Protocol server allowing Claude AI to interact with AWS resources through natural language, enabling users to query and manage AWS services without using the traditional AWS Console or CLI.Last updated -34