- Home
- MCP servers
- AWS Security
AWS Security
- python
80
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"groovybugify-aws-security-mcp": {
"command": "/path/to/mcp-proxy",
"args": [
"http://localhost:8000/sse"
],
"env": {
"AWS_ACCESS_KEY_ID": "AKIA...",
"AWS_SESSION_TOKEN": "AQoDYXdzEJr...",
"AWS_SECRET_ACCESS_KEY": "wJalrXUtnFEMI/K7..."
}
}
}
}You can analyze and monitor AWS security across multiple accounts with an MCP server that translates natural language queries into security findings. It integrates with AWS Security services, maps infrastructure, and analyzes logs to help you detect issues, map blast radii, and explore threat scenarios using everyday language.
How to use
Interact with your MCP client to ask questions in plain English. You can request cross-account visibility, pull GuardDuty or SecurityHub findings, map network topology, and perform log analytics using Athena-backed queries. The MCP server handles resource discovery, cross-account access, and security data aggregation, so you don’t need deep AWS CLI expertise.
How to install
Prerequisites and setup are designed to get you up and running quickly. You will use Python, a package manager, and an MCP client to connect to the server.
# Install runtime and MCP proxy tooling
# Install Python 3.11+ if not already installed
# Install uv (the package manager used here)
# (follow your platform’s instructions to install uvx/uv as needed)
# Install MCP proxy tooling via uv
uv tool install mcp-proxy
# Verify location of mcp-proxy
which mcp-proxy
# Add MCP server configuration to your MCP client (example)
# This configures the client to start the local MCP proxy and connect to the SSE endpoint
{
"mcpServers": {
"aws_security": {
"command": "/path/to/mcp-proxy",
"args": ["http://localhost:8000/sse"]
}
}
}
Additional configuration and notes
Security and IAM setup is critical. You will need appropriate AWS permissions for cross-account discovery and log analysis. The server uses a cross-account role to access resources in member accounts and requires read-only access to security services for analysis.
Available tools
cross_account_discovery
Discovers AWS Organization accounts and establishes cross-account access for MCP operations.
natural_language_interface
Parses plain English queries and maps them to AWS security queries and actions.
security_analysis
Aggregates findings from GuardDuty, SecurityHub, and Access Analyzer for a unified security view.
infrastructure_mapping
Generates network topology, threat models, and blast radius analyses based on discovered resources.
log_analytics
Runs Athena-backed queries on CloudTrail, VPC Flow Logs, and security events to surface insights.
athena_integration
Configures and runs Athena queries, joins with Glue catalogs, and returns results.