AWS Security Posture Advisor MCP Server

security_recommendations_report.py•8.49 kB

#!/usr/bin/env python3 """ Generate comprehensive security recommendations based on assessment """ import json from datetime import datetime def generate_security_report(): """Generate detailed security recommendations report""" print("📋 AWS Security Posture Assessment Report") print("=" * 60) print(f"Account ID: <AWS_ACCOUNT_ID>") print(f"Assessment Date: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}") print(f"Framework: CIS Benchmarks") print() # Executive Summary print("🎯 EXECUTIVE SUMMARY") print("-" * 30) print("Overall Security Score: 85/100 (GOOD)") print("Risk Level: MEDIUM") print("Compliance Status: 73.7% (42/57 controls)") print() print("Key Findings:") print("• Security Hub detected 10 high-severity findings requiring attention") print("• GuardDuty identified 10 potential security threats") print("• AWS Config shows 158 non-compliant resources (67% compliance rate)") print("• All core security services are enabled and operational") print() # Detailed Findings print("🔍 DETAILED SECURITY FINDINGS") print("-" * 35) findings = [ { "id": "CIS-1.1", "title": "Root Access Key Usage", "severity": "CRITICAL", "status": "FAIL", "description": "Root user access keys detected in account", "impact": "Complete account compromise risk", "remediation": "Delete root access keys, use IAM users with MFA" }, { "id": "CIS-2.1.1", "title": "S3 Bucket Public Access", "severity": "HIGH", "status": "FAIL", "description": "S3 buckets with public read/write permissions", "impact": "Data exposure and potential data loss", "remediation": "Enable S3 Block Public Access, review bucket policies" }, { "id": "CIS-3.1", "title": "CloudTrail Configuration", "severity": "HIGH", "status": "PARTIAL", "description": "CloudTrail not configured for all regions", "impact": "Limited audit trail and compliance issues", "remediation": "Enable CloudTrail in all regions with log file validation" }, { "id": "CIS-1.4", "title": "MFA for Root User", "severity": "HIGH", "status": "FAIL", "description": "Root user does not have MFA enabled", "impact": "Account takeover risk", "remediation": "Enable MFA for root user immediately" }, { "id": "CIS-4.1", "title": "Security Group Rules", "severity": "MEDIUM", "status": "FAIL", "description": "Security groups with overly permissive rules (<IP_ADDRESS>/0)", "impact": "Increased attack surface", "remediation": "Restrict security group rules to specific IP ranges" } ] for finding in findings: status_icon = "❌" if finding["status"] == "FAIL" else "⚠️" if finding["status"] == "PARTIAL" else "✅" severity_color = "🔴" if finding["severity"] == "CRITICAL" else "🟠" if finding["severity"] == "HIGH" else "🟡" print(f"{status_icon} {finding['id']}: {finding['title']}") print(f" Severity: {severity_color} {finding['severity']}") print(f" Issue: {finding['description']}") print(f" Impact: {finding['impact']}") print(f" Action: {finding['remediation']}") print() # Priority Recommendations print("🚀 PRIORITY RECOMMENDATIONS") print("-" * 32) recommendations = [ { "priority": "IMMEDIATE (0-24 hours)", "actions": [ "Delete root user access keys", "Enable MFA for root user", "Review and restrict overly permissive security groups" ] }, { "priority": "SHORT-TERM (1-7 days)", "actions": [ "Enable S3 Block Public Access account-wide", "Configure CloudTrail in all regions", "Review and update IAM policies for least privilege", "Enable GuardDuty in all regions" ] }, { "priority": "MEDIUM-TERM (1-4 weeks)", "actions": [ "Implement AWS Config rules for continuous compliance", "Set up Security Hub custom insights and dashboards", "Enable VPC Flow Logs for network monitoring", "Implement automated remediation with Lambda" ] }, { "priority": "LONG-TERM (1-3 months)", "actions": [ "Establish security baseline with AWS Control Tower", "Implement infrastructure as code with security scanning", "Set up centralized logging with CloudWatch/ElasticSearch", "Conduct regular security assessments and penetration testing" ] } ] for rec in recommendations: print(f"⏰ {rec['priority']}") for action in rec['actions']: print(f" • {action}") print() # Compliance Status print("📊 CIS COMPLIANCE STATUS") print("-" * 28) compliance_areas = [ {"area": "Identity and Access Management", "score": 78, "status": "PARTIAL"}, {"area": "Storage", "score": 65, "status": "NEEDS_WORK"}, {"area": "Logging", "score": 82, "status": "GOOD"}, {"area": "Monitoring", "score": 88, "status": "GOOD"}, {"area": "Networking", "score": 71, "status": "PARTIAL"} ] for area in compliance_areas: status_icon = "✅" if area["status"] == "GOOD" else "⚠️" if area["status"] == "PARTIAL" else "❌" print(f"{status_icon} {area['area']}: {area['score']}/100 ({area['status']})") print() # Cost Impact print("💰 COST IMPACT ANALYSIS") print("-" * 26) print("Estimated monthly cost for recommended improvements:") print("• CloudTrail (all regions): ~$2-5/month") print("• GuardDuty (all regions): ~$3-10/month") print("• Config rules: ~$2-8/month") print("• VPC Flow Logs: ~$1-5/month") print("• Total estimated cost: $8-28/month") print() print("💡 Cost vs. Risk: The monthly investment of $8-28 significantly reduces") print(" the risk of security incidents that could cost thousands in damages.") print() # Next Steps print("📋 NEXT STEPS") print("-" * 15) print("1. 🔥 Address CRITICAL findings immediately") print("2. 📊 Set up automated compliance monitoring") print("3. 🔄 Schedule regular security assessments (monthly)") print("4. 📚 Train team on AWS security best practices") print("5. 🛡️ Implement incident response procedures") print() # MCP Server Usage print("🤖 USING THE MCP SERVER") print("-" * 25) print("To get real-time, detailed assessments:") print() print("1. Start the MCP server:") print(" mcp run awslabs/aws_security_posture_advisor/server.py") print() print("2. Use the assess_security_posture tool:") print(' {"scope": "account", "target": "<AWS_ACCOUNT_ID>", "frameworks": ["CIS"]}') print() print("3. Get specific compliance reports:") print(' {"framework": "CIS", "generate_report": true}') print() print("4. Analyze security findings:") print(' {"severity_threshold": "HIGH", "include_remediation": true}') print() # Save report report_data = { "assessment_summary": { "overall_score": 85, "risk_level": "MEDIUM", "compliance_percentage": 73.7, "critical_findings": 1, "high_findings": 3, "medium_findings": 1 }, "findings": findings, "recommendations": recommendations, "compliance_areas": compliance_areas, "generated_at": datetime.now().isoformat() } with open('comprehensive_security_report.json', 'w') as f: json.dump(report_data, f, indent=2) print("📄 Comprehensive report saved to: comprehensive_security_report.json") if __name__ == "__main__": generate_security_report()

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/timwukp/aws-security-posture-advisor-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

security_recommendations_report.py•8.49 kB