Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| AWS_REGION | Yes | AWS region to operate in (e.g., us-east-1) | |
| AWS_ACCESS_KEY_ID | No | AWS access key ID for authentication | |
| AWS_SESSION_TOKEN | No | AWS session token for temporary credentials | |
| FASTMCP_LOG_LEVEL | No | Log level (DEBUG, INFO, WARNING, ERROR) | |
| AWS_SECRET_ACCESS_KEY | No | AWS secret access key for authentication | |
| AWS_SECURITY_ADVISOR_LOG_DIR | No | Log directory | |
| AWS_SECURITY_ADVISOR_TIMEOUT | No | Request timeout in seconds | 300 |
| AWS_SECURITY_ADVISOR_CACHE_TTL | No | Cache TTL in seconds | 300 |
| AWS_SECURITY_ADVISOR_READ_ONLY | No | Enable read-only mode | true |
| AWS_SECURITY_ADVISOR_CACHE_SIZE | No | Max cache entries | 1000 |
| AWS_SECURITY_ADVISOR_CONFIG_FILE | No | Path to a configuration YAML file | |
| AWS_SECURITY_ADVISOR_LOG_TO_FILE | No | Enable file logging | |
| AWS_SECURITY_ADVISOR_MAX_RETRIES | No | Max retry attempts | 3 |
| AWS_SECURITY_ADVISOR_REQUIRE_TLS | No | Require TLS for all connections | |
| AWS_SECURITY_ADVISOR_ENABLE_CACHE | No | Enable response caching | true |
| AWS_SECURITY_ADVISOR_ENCRYPT_LOGS | No | Encrypt log files | |
| AWS_SECURITY_ADVISOR_LOG_MAX_SIZE | No | Max log file size (e.g., 100MB) | |
| AWS_SECURITY_ADVISOR_LOG_ROTATION | No | Enable log rotation | |
| AWS_SECURITY_ADVISOR_PROFILE_NAME | No | AWS profile name to use for credentials | |
| AWS_SECURITY_ADVISOR_AUDIT_LOGGING | No | Enable audit logging | true |
| AWS_SECURITY_ADVISOR_SANITIZE_LOGS | No | Sanitize sensitive data in logs | |
| AWS_SECURITY_ADVISOR_BACKOFF_FACTOR | No | Exponential backoff factor | 2 |
| AWS_SECURITY_ADVISOR_MAX_CONCURRENT | No | Max concurrent AWS API calls | 10 |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| health_check | Check the health and configuration of the AWS Security Posture Advisor MCP server. This tool verifies server configuration, AWS connectivity, and service availability.
Use this tool to troubleshoot connection issues or verify proper setup.
Returns server status, configuration summary, and AWS service connectivity status. |
| get_server_info | Get detailed information about the AWS Security Posture Advisor MCP server. This tool provides comprehensive information about server capabilities, supported
AWS services, compliance frameworks, and available intelligence engines.
Use this tool to understand what the server can do and how to use its capabilities. |
| assess_security_posture | Perform comprehensive security assessment across AWS infrastructure. This tool provides a unified view of your security posture by orchestrating multiple
AWS security services including Security Hub, GuardDuty, and Config. It performs
multi-framework compliance assessment and generates prioritized findings with
contextual recommendations.
The assessment includes:
- Security findings correlation across services
- Compliance status against industry frameworks (CIS, NIST, SOC2, PCI-DSS)
- Risk scoring and prioritization
- Actionable security recommendations
- Resource-level security analysis
Use this tool to get a comprehensive understanding of your AWS security posture
and identify the most critical security issues that need attention. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |