AWS Security Posture Advisor MCP Server
The AWS Security Posture Advisor MCP Server allows you to perform comprehensive security assessments, threat analysis, compliance monitoring, and remediation planning across your AWS infrastructure. Key capabilities include:
Comprehensive Security Assessments: Orchestrates multiple AWS security services (Security Hub, GuardDuty, Config, Inspector, CloudTrail, Macie) for a unified security posture view with risk scoring and resource-level analysis.
Intelligent Threat Analysis: Identifies attack patterns using ML-powered correlation and behavioral anomaly detection based on the MITRE ATT&CK framework.
Multi-Framework Compliance Monitoring: Assesses and reports compliance against CIS, NIST, SOC2, and PCI-DSS, with gap analysis and audit evidence collection.
Automated Remediation Recommendations: Delivers prioritized security improvements with cost-benefit analysis and implementation complexity assessments.
Security Incident Investigation: Performs root cause analysis, traces attack paths, reconstructs timelines, and collects evidence for incident response.
Executive and Technical Reporting: Generates customizable dashboards and reports tailored for both executive overviews and technical deep-dives.
Security Control Validation: Automatically tests the effectiveness and compliance of security controls.
Health & Server Info Checks: Verifies server connectivity, AWS service access, and retrieves details about server capabilities and configuration.
Provides intelligent security insights by orchestrating multiple AWS security services, including Security Hub, GuardDuty, Config, Inspector, CloudTrail, and Macie, for comprehensive security assessments, threat analysis, and compliance monitoring.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@AWS Security Posture Advisor MCP Serveranalyze my AWS account for high-risk security findings and remediation steps"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
AWS Security Posture Advisor MCP Server
A production-ready Model Context Protocol (MCP) server that provides intelligent security insights by orchestrating multiple AWS security services for comprehensive security assessments, threat analysis, compliance monitoring, and automated remediation recommendations.
๐ Latest Enhancements
NEW: Complete testing suite, real AWS integration examples, executive reporting, and production-ready validation tools!
โ 15 Comprehensive Test Cases with 100% pass rate
โ Real AWS Service Integration examples and tools
โ Executive Security Reporting with professional dashboards
โ Production Validation with deployment health checking
โ Zero Security Vulnerabilities (100/100 security score)
โ 81.8% More Functionality with 27 new files added
Related MCP server: AWS MCP Server
Features
๐ Core Security Capabilities
Comprehensive Security Assessment: Unified view across Security Hub, GuardDuty, Config, Inspector, CloudTrail, and Macie
Intelligent Threat Analysis: ML-powered correlation and attack pattern identification
Multi-Framework Compliance: Support for CIS, NIST, SOC2, and PCI-DSS standards
Automated Remediation: Prioritized recommendations with cost-benefit analysis
Incident Investigation: Root cause analysis and attack path tracing
Executive Reporting: Customizable security reports and metrics
๐งช Testing & Validation
Complete Test Framework: 15 test cases covering all functionality
Server Health Validation: Automated health checking and readiness validation
Performance Testing: Load testing with 1000+ findings processing
Deployment Validation: Production readiness verification tools
๐ก๏ธ Security Excellence
Security-First Design: Built following AWS Well-Architected Security Pillar principles
Zero Vulnerabilities: Comprehensive security audit with 100/100 score
Enterprise Ready: Comprehensive audit logging, error handling, and monitoring
Production Tested: Real-world AWS integration and validation
Quick Start
Prerequisites
Python 3.10 or higher
AWS CLI configured with appropriate credentials
AWS services enabled: Security Hub, GuardDuty (recommended: Config, Inspector)
Installation
Option 1: Install from PyPI (Recommended)
# Create virtual environment
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
# Install the package
pip install awslabs.aws-security-posture-advisorOption 2: Install from Source
# Clone the repository
git clone https://github.com/timwukp/aws-security-posture-advisor-mcp
cd aws-security-posture-advisor-mcp
# Create virtual environment
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
# Install in development mode
pip install -e .Option 3: Using Docker
# Pull the image
docker pull awslabs/aws-security-posture-advisor:latest
# Run with AWS credentials
docker run -e AWS_REGION=us-east-1 \
-e AWS_ACCESS_KEY_ID=AKIA... \
-e AWS_SECRET_ACCESS_KEY=your-secret \
awslabs/aws-security-posture-advisor:latest๐งช Testing & Verification
Quick Health Check
# Test server health and readiness
python test_server_status.py
# Run comprehensive test suite (15 test cases)
python run_all_tests.py
# Verify deployment readiness
python verify_deployment.pyAWS Connectivity Test
# Check AWS credentials and connectivity
aws sts get-caller-identity
# Test AWS security services
python test_assessment.pyReal Security Assessment
# Run actual security assessment (replace with your account ID)
python assess_security.py
# Generate executive security report
python security_recommendations_report.pyConfiguration
AWS Prerequisites
Before using the server, ensure the following AWS services are enabled:
Required Services
AWS Security Hub: Must be enabled with at least one security standard
AWS Identity and Access Management (IAM): For authentication and authorization
Recommended Services
Amazon GuardDuty: For threat detection and behavioral analysis
AWS Config: For compliance monitoring and configuration assessment
Amazon Inspector: For vulnerability assessments
AWS CloudTrail: For incident investigation and audit trails
Amazon Macie: For data classification and privacy protection
Enable Services
# Enable Security Hub
aws securityhub enable-security-hub
# Enable GuardDuty
aws guardduty create-detector --enable
# Enable Config (requires S3 bucket and IAM role)
aws configservice put-configuration-recorder \
--configuration-recorder name=default,roleARN=arn:aws:iam::123456789012:role/config-role
# Enable Inspector v2
aws inspector2 enable --resource-types ECR EC2AWS Credentials Configuration
The server supports multiple AWS credential mechanisms following boto3 standards:
Option 1: AWS Profile (Recommended for Development)
# Configure AWS profile
aws configure --profile security-advisor
AWS Access Key ID [None]: AKIA...
AWS Secret Access Key [None]: ...
Default region name [None]: us-east-1
Default output format [None]: json
# Set environment variable
export AWS_SECURITY_ADVISOR_PROFILE_NAME=security-advisorOption 2: IAM Roles (Recommended for Production)
For EC2, ECS, Lambda, or other AWS services:
# No additional configuration needed
# The server will automatically use the attached IAM role
export AWS_REGION=us-east-1Option 3: Environment Variables
# Temporary credentials (recommended)
export AWS_ACCESS_KEY_ID=AKIA...
export AWS_SECRET_ACCESS_KEY=...
export AWS_SESSION_TOKEN=... # For temporary credentials
export AWS_REGION=us-east-1
# Or long-term credentials (not recommended for production)
export AWS_ACCESS_KEY_ID=AKIA...
export AWS_SECRET_ACCESS_KEY=...
export AWS_REGION=us-east-1Environment Variables
Core Configuration
# AWS Configuration
export AWS_REGION=us-east-1 # AWS region to operate in
export AWS_SECURITY_ADVISOR_PROFILE_NAME=your-profile # AWS profile name (optional)
# Server Configuration
export AWS_SECURITY_ADVISOR_READ_ONLY=true # Enable read-only mode (default: true)
export AWS_SECURITY_ADVISOR_AUDIT_LOGGING=true # Enable audit logging (default: true)
export FASTMCP_LOG_LEVEL=INFO # Log level (DEBUG, INFO, WARNING, ERROR)Advanced Configuration
# Performance Configuration
export AWS_SECURITY_ADVISOR_MAX_CONCURRENT=10 # Max concurrent AWS API calls
export AWS_SECURITY_ADVISOR_TIMEOUT=300 # Request timeout in seconds
export AWS_SECURITY_ADVISOR_MAX_RETRIES=3 # Max retry attempts
export AWS_SECURITY_ADVISOR_BACKOFF_FACTOR=2 # Exponential backoff factor
# Caching Configuration
export AWS_SECURITY_ADVISOR_ENABLE_CACHE=true # Enable response caching
export AWS_SECURITY_ADVISOR_CACHE_TTL=300 # Cache TTL in seconds
export AWS_SECURITY_ADVISOR_CACHE_SIZE=1000 # Max cache entries
# Logging Configuration
export AWS_SECURITY_ADVISOR_LOG_TO_FILE=true # Enable file logging
export AWS_SECURITY_ADVISOR_LOG_DIR=/var/log/security-advisor # Log directory
export AWS_SECURITY_ADVISOR_LOG_ROTATION=true # Enable log rotation
export AWS_SECURITY_ADVISOR_LOG_MAX_SIZE=100MB # Max log file size
# Security Configuration
export AWS_SECURITY_ADVISOR_ENCRYPT_LOGS=true # Encrypt log files
export AWS_SECURITY_ADVISOR_SANITIZE_LOGS=true # Sanitize sensitive data in logs
export AWS_SECURITY_ADVISOR_REQUIRE_TLS=true # Require TLS for all connectionsConfiguration File
Create a configuration file for persistent settings:
# Create configuration directory
mkdir -p ~/.aws-security-advisor
# Create configuration file
cat > ~/.aws-security-advisor/config.yaml << EOF
aws:
region: us-east-1
profile: security-advisor
server:
read_only: true
audit_logging: true
log_level: INFO
performance:
max_concurrent: 10
timeout: 300
enable_cache: true
cache_ttl: 300
security:
encrypt_logs: true
sanitize_logs: true
require_tls: true
EOF
# Set configuration file path
export AWS_SECURITY_ADVISOR_CONFIG_FILE=~/.aws-security-advisor/config.yaml๐ Usage Examples
๐งช Testing and Validation
Run Complete Test Suite
# Run all 15 test cases with comprehensive validation
python run_all_tests.py
# Run specific test categories
python test_questions.py # Structured test scenarios
python test_server_status.py # Server health validation
python test_functionality.py # Functionality verificationDeployment Validation
# Verify deployment readiness
python verify_deployment.py
# Test AWS service connectivity
python test_assessment.py
# Direct server testing
python direct_test.py๐ Security Assessment Tools
Real AWS Security Assessment
# Comprehensive security assessment (replace <AWS_ACCOUNT_ID> with your account)
python assess_security.py
# Real-time assessment with live AWS data
python real_assessment.py
# Advanced security audit
python comprehensive_security_audit.pyExecutive Security Reporting
# Generate executive security report
python security_recommendations_report.py
# Detailed security review and analysis
python security_review.py
# Code-level security analysis
python code_security_analysis.py๐ง MCP Client Integration
Test MCP Client Connection
# Test MCP client integration
python mcp_client_test.py
# Use example configuration
cp example_config.json mcp_client_config.json
# Edit with your AWS account detailsUsage Examples
# Practical usage demonstrations
python usage_example.py
# Minimal server implementation
python minimal_server.py๐ Configuration and Setup
Example Configuration
{
"server_name": "aws-security-posture-advisor",
"aws_region": "us-east-1",
"log_level": "INFO",
"example_usage": {
"assess_security_posture": {
"scope": "account",
"target": "<YOUR_AWS_ACCOUNT_ID>",
"frameworks": ["CIS"],
"severity_threshold": "MEDIUM"
}
}
}Usage
Running the Server
# Run directly
awslabs.aws-security-posture-advisor
# Or using Python module
python -m awslabs.aws_security_posture_advisor.server
# With custom configuration
python -m awslabs.aws_security_posture_advisor.server --config config.yaml๐ก๏ธ Security & Compliance
Security Audit Results
Security Score: 100/100 (Excellent)
Vulnerabilities: 0 (Zero security issues found)
Security Controls: 18/18 implemented
Compliance Ready: Enterprise-grade security standards
Security Features
โ Comprehensive input validation and sanitization
โ Proper secrets management with environment variables
โ Structured error handling with no information disclosure
โ Comprehensive audit logging for security events
โ Rate limiting and API security controls
โ AWS security best practices throughout
Compliance Frameworks Supported
CIS Benchmarks: Industry-standard security configurations
NIST Framework: Federal cybersecurity standards
SOC2: Service organization controls for security
PCI-DSS: Payment card industry data security standards
๐งช Testing & Quality Assurance
Test Coverage
Total Test Cases: 15 comprehensive tests
Pass Rate: 100% (All tests passing)
Coverage Areas: All MCP server functionality
Performance Testing: 1000+ findings processing validated
Test Categories
โ Basic functionality tests (2/2)
โ Security assessment tests (3/3)
โ Threat analysis tests (2/2)
โ Compliance tests (3/3)
โ Recommendation tests (2/2)
โ Error handling tests (2/2)
โ Performance tests (1/1)
Quality Metrics
Code Quality: Production-ready standards
Security Validation: Comprehensive security audit passed
Performance: Sub-second response times for most operations
Reliability: Robust error handling and recovery
MCP Client Configuration
Kiro IDE
Add to your .kiro/settings/mcp.json:
{
"mcpServers": {
"aws-security-posture-advisor": {
"command": "awslabs.aws-security-posture-advisor",
"env": {
"AWS_REGION": "us-east-1",
"FASTMCP_LOG_LEVEL": "INFO"
},
"disabled": false,
"autoApprove": ["health_check", "get_server_info"]
}
}
}Cursor IDE
Add to your MCP settings:
{
"mcpServers": {
"aws-security-posture-advisor": {
"command": "awslabs.aws-security-posture-advisor",
"env": {
"AWS_REGION": "us-east-1"
}
}
}
}Available Tools
๐ Core Assessment Tools
assess_security_posture: Comprehensive security assessment across AWS infrastructureMulti-service orchestration (Security Hub, GuardDuty, Config, Inspector, CloudTrail, Macie)
Multi-framework compliance (CIS, NIST, SOC2, PCI-DSS)
Risk scoring and prioritization
analyze_security_findings: Intelligent threat analysis with correlation and remediationAttack pattern identification using MITRE ATT&CK framework
Behavioral anomaly detection
Automated remediation recommendations
check_compliance_status: Multi-framework compliance assessment and gap analysisFramework-specific compliance checking
Gap analysis with remediation priorities
Audit evidence collection
๐ Advanced Security Tools
recommend_security_improvements: Prioritized security recommendations with ROI analysisCost-benefit analysis for security improvements
Implementation complexity assessment
Automation opportunity identification
investigate_security_incident: Security incident analysis and root cause identificationTimeline reconstruction and attack path analysis
Evidence collection and correlation
Impact assessment and containment recommendations
generate_security_report: Executive and technical security reportingCustomizable report templates
Executive dashboards and metrics
Technical deep-dive analysis
validate_security_controls: Automated security control validationControl effectiveness testing
Compliance validation
Continuous monitoring setup
๐ง Utility Tools
health_check: Server health and connectivity verificationAWS service connectivity testing
Configuration validation
Performance metrics
get_server_info: Detailed server capabilities and configurationSupported frameworks and services
Feature availability
Version and capability information
๐งช Testing & Validation Tools
run_all_tests.py: Complete test framework (15 test cases)test_server_status.py: Server health validationverify_deployment.py: Deployment readiness verificationtest_assessment.py: AWS service connectivity testing
๐ Analysis & Reporting Tools
security_recommendations_report.py: Executive security reportingcomprehensive_security_audit.py: Advanced security auditcode_security_analysis.py: Code-level security analysissecurity_review.py: Detailed security review
Required IAM Permissions
The server requires the following AWS IAM permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"securityhub:GetFindings",
"securityhub:DescribeStandards",
"securityhub:GetInsights",
"guardduty:GetFindings",
"guardduty:ListDetectors",
"guardduty:GetDetector",
"config:GetComplianceDetailsByConfigRule",
"config:DescribeConfigRules",
"config:GetResourceConfigHistory",
"inspector2:ListFindings",
"inspector2:GetFindings",
"cloudtrail:LookupEvents",
"macie2:GetFindings",
"macie2:DescribeClassificationJob",
"sts:GetCallerIdentity"
],
"Resource": "*"
}
]
}Development
Setup Development Environment
git clone https://github.com/awslabs/aws-security-posture-advisor-mcp
cd aws-security-posture-advisor-mcp
# Install development dependencies
pip install -e ".[dev]"
# Run tests
pytest
# Run linting
ruff check .
black --check .
mypy .Project Structure
aws-security-posture-advisor-mcp/
โโโ awslabs/
โ โโโ aws_security_posture_advisor/
โ โโโ __init__.py
โ โโโ server.py # Main FastMCP server
โ โโโ core/
โ โโโ aws/ # AWS service integrations
โ โโโ common/ # Common utilities and models
โ โโโ intelligence/ # Risk correlation & compliance engines
โ โโโ kb/ # Knowledge base
โโโ tests/ # Pytest unit tests
โ โโโ conftest.py # Shared fixtures
โ โโโ test_models.py # Data model tests
โ โโโ test_errors.py # Error handling tests
โ โโโ test_cache.py # Caching system tests
โ โโโ test_intelligence.py # Intelligence engine tests
โ โโโ test_security.py # Security module tests
โโโ scripts/ # Utility and assessment scripts
โโโ examples/ # Usage examples and configs
โโโ docs/ # Documentation
โ โโโ API.md
โ โโโ SECURITY.md
โ โโโ TROUBLESHOOTING.md
โโโ Dockerfile # Multi-stage production build
โโโ docker-compose.yml # Container orchestration
โโโ pyproject.toml # Project configuration
โโโ README.md # This file๐ Performance & Scalability
Performance Metrics
Response Time: Sub-second for most operations
Throughput: 1000+ findings processing capability
Concurrent Operations: Up to 10 concurrent AWS API calls
Memory Usage: Optimized for production environments
Scalability Features
Caching: Intelligent response caching with configurable TTL
Rate Limiting: Built-in rate limiting for AWS API protection
Batch Processing: Efficient batch processing for large datasets
Resource Management: Automatic resource cleanup and management
๐ง Development & Customization
Development Setup
# Clone and setup development environment
git clone https://github.com/timwukp/aws-security-posture-advisor-mcp
cd aws-security-posture-advisor-mcp
# Create virtual environment
python -m venv .venv
source .venv/bin/activate
# Install in development mode
pip install -e ".[dev]"
# Run tests
pytest
# Run linting and formatting
ruff check .
black --check .
mypy .Customization Options
Custom Security Rules: Add custom security validation rules
Framework Extensions: Extend compliance framework support
Report Templates: Customize security report templates
Integration Hooks: Add custom integration endpoints
Security Considerations
Read-Only by Default: Server operates in read-only mode by default
Credential Security: No long-term credentials stored; uses IAM roles and profiles
Audit Logging: Comprehensive audit trail for all security operations
Data Sanitization: Sensitive data automatically sanitized in logs
Least Privilege: Minimal required IAM permissions
Zero Vulnerabilities: Comprehensive security audit with 100/100 score
๐ Additional Resources
Documentation
API Documentation: Complete API reference
Security Guide: Security best practices
Troubleshooting: Common issues and solutions
Enhancement Guide: Latest enhancements and features
Security Compliance: Security audit results
Examples and Templates
Configuration Templates: Ready-to-use configuration examples
Usage Examples: Practical implementation demonstrations
Client Integration: MCP client integration examples
Testing Framework: Comprehensive testing and validation tools
License
This project is licensed under the Apache License 2.0. See the LICENSE file for details.
Contributing
We welcome contributions! Please see our Contributing Guide for details.
Development Workflow
Fork the repository
Create a feature branch
Run tests:
pytestSubmit a pull request with comprehensive description
Support
For issues and questions:
GitHub Issues: Report a bug or request a feature
Documentation: Read the full documentation
Security Issues: Please report security concerns responsibly
Changelog
See CHANGELOG.md for version history and updates.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/timwukp/aws-security-posture-advisor-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server