Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| CLOUD_AUDIT_REGIONS | No | Comma-separated list of AWS regions to scan, or 'all'. Example: 'eu-central-1,eu-west-1'. | |
| CLOUD_AUDIT_ROLE_ARN | No | IAM role ARN to assume for cross-account scanning. Example: 'arn:aws:iam::123456789012:role/auditor'. | |
| CLOUD_AUDIT_MIN_SEVERITY | No | Minimum severity filter for findings. Example: 'high'. | |
| CLOUD_AUDIT_EXCLUDE_CHECKS | No | Comma-separated list of check IDs to skip. Example: 'aws-eip-001,aws-iam-001'. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| scan_aws | Run an AWS security scan and return a summary. Scans your AWS account for security misconfigurations, detects attack chains, and estimates breach cost risk. Args: profile: AWS CLI profile name (default: "default") regions: Comma-separated AWS regions to scan (default: profile region) min_severity: Minimum finding severity: critical, high, medium, low |
| get_findings | Get findings from the last scan, optionally filtered. Each finding includes check ID, severity, resource, description, and estimated breach cost. Args: severity: Filter by severity (critical, high, medium, low) service: Filter by AWS service prefix (e.g. "iam", "s3", "ec2", "vpc") limit: Maximum number of findings to return (default: 20) |
| get_attack_chains | Get all detected attack chains from the last scan. Attack chains are correlated findings that form exploitable attack paths. Each chain includes a narrative, priority fix, and breach cost estimate. |
| get_remediation | Get remediation details (CLI command + Terraform code) for a specific check. Returns copy-paste ready AWS CLI command and Terraform HCL snippet to fix the finding. Args: check_id: The check ID (e.g. "aws-iam-001", "aws-s3-001", "aws-vpc-002") |
| get_health_score | Get the current health score and risk exposure summary. Returns the 0-100 health score, finding counts by severity, attack chain count, and total estimated risk exposure in USD. |
| list_checks | List all available security checks (no AWS credentials needed). Returns check IDs with their categories and services. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |