Schema | AWS Security Posture Advisor MCP Server

Describes the environment variables required to run the server.

Name	Required	Description	Default
`AWS_REGION`	Yes	AWS region to operate in (e.g., us-east-1)
`AWS_ACCESS_KEY_ID`	No	AWS access key ID for authentication
`AWS_SESSION_TOKEN`	No	AWS session token for temporary credentials
`FASTMCP_LOG_LEVEL`	No	Log level (DEBUG, INFO, WARNING, ERROR)
`AWS_SECRET_ACCESS_KEY`	No	AWS secret access key for authentication
`AWS_SECURITY_ADVISOR_LOG_DIR`	No	Log directory
`AWS_SECURITY_ADVISOR_TIMEOUT`	No	Request timeout in seconds	300
`AWS_SECURITY_ADVISOR_CACHE_TTL`	No	Cache TTL in seconds	300
`AWS_SECURITY_ADVISOR_READ_ONLY`	No	Enable read-only mode	true
`AWS_SECURITY_ADVISOR_CACHE_SIZE`	No	Max cache entries	1000
`AWS_SECURITY_ADVISOR_CONFIG_FILE`	No	Path to a configuration YAML file
`AWS_SECURITY_ADVISOR_LOG_TO_FILE`	No	Enable file logging
`AWS_SECURITY_ADVISOR_MAX_RETRIES`	No	Max retry attempts	3
`AWS_SECURITY_ADVISOR_REQUIRE_TLS`	No	Require TLS for all connections
`AWS_SECURITY_ADVISOR_ENABLE_CACHE`	No	Enable response caching	true
`AWS_SECURITY_ADVISOR_ENCRYPT_LOGS`	No	Encrypt log files
`AWS_SECURITY_ADVISOR_LOG_MAX_SIZE`	No	Max log file size (e.g., 100MB)
`AWS_SECURITY_ADVISOR_LOG_ROTATION`	No	Enable log rotation
`AWS_SECURITY_ADVISOR_PROFILE_NAME`	No	AWS profile name to use for credentials
`AWS_SECURITY_ADVISOR_AUDIT_LOGGING`	No	Enable audit logging	true
`AWS_SECURITY_ADVISOR_SANITIZE_LOGS`	No	Sanitize sensitive data in logs
`AWS_SECURITY_ADVISOR_BACKOFF_FACTOR`	No	Exponential backoff factor	2
`AWS_SECURITY_ADVISOR_MAX_CONCURRENT`	No	Max concurrent AWS API calls	10

Functions exposed to the LLM to take actions

Name	Description
No tools

Interactive templates invoked by user choice

Name	Description
No prompts

Contextual data attached and managed by the client

Name	Description
No resources

AWS Security Posture Advisor MCP Server