run_checks
Execute security and operational checks on AWS resources to identify compliance issues and generate actionable reports with cost analysis.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| snapshot_id | Yes |
Implementation Reference
- src/aws_mcp_audit/server.py:137-160 (handler)The handler function for the 'run_checks' MCP tool, decorated with @mcp.tool for automatic registration. It loads the snapshot JSON, runs multiple imported check functions to generate findings, saves the findings, and returns a summary with finding_set_id (matching snapshot_id) and the count of findings.
@mcp.tool def run_checks(snapshot_id: str) -> Dict[str, Any]: p = os.path.join(snapshot_dir(DATA_DIR, snapshot_id), "snapshot.json") snap = read_json(p) findings: List[Dict[str, Any]] = [] # Exposure findings.extend([f.__dict__ for f in check_sg_world_open(snap)]) findings.extend([f.__dict__ for f in check_public_instances(snap)]) findings.extend([f.__dict__ for f in check_unassociated_eips(snap)]) findings.extend([f.__dict__ for f in check_unattached_ebs(snap)]) # Telemetry signals findings.extend([f.__dict__ for f in check_cloudtrail_present(snap)]) findings.extend([f.__dict__ for f in check_cloudwatch_alarm_signal(snap)]) # Data protection findings.extend([f.__dict__ for f in check_unencrypted_ebs(snap)]) findings.extend([f.__dict__ for f in check_rds_public_or_low_backup(snap)]) # Health findings.extend([f.__dict__ for f in check_unhealthy_targets(snap)]) save_findings(DATA_DIR, snapshot_id, findings) # v1: 1:1 mapping of finding_set_id to snapshot_id return {"finding_set_id": snapshot_id, "count": len(findings)} - src/aws_mcp_audit/server.py:137-137 (registration)The @mcp.tool decorator registers the run_checks function as an MCP tool.
@mcp.tool