Aws Security MCP

🚀 AWS Security MCP

AWS Security MCP is a model context protocol server that allows MCP clients such as Claude to interact with AWS security services. This enables AI assistants to independently check and analyze security issues in your AWS infrastructure.

🚀 Quick Start

AWS Security MCP enables AI assistants to autonomously examine and analyze security issues within your AWS infrastructure. To get started, follow the installation and configuration steps below.

✨ Features

• Retrieve AWS infrastructure information using natural language queries, e.g., "List all EC2 instances with a running state of t2.large".
• Query security findings from GuardDuty, SecurityHub, and IAM Access Analyzer.
• List and check for security misconfigurations in AWS resources.
• Analyze security issues in IAM roles, policies, and permissions.
• Check EC2 instances, security groups, and network components.
• Scan environment variables and configurations for sensitive information.
• Generate threat modeling reports online.
• Generate context-aware security recommendations online based on the situation.
• Generate a network diagram with a single click to visualize the network structure of your AWS infrastructure.
• Analyze the blast radius of any service/resource or team.
• Seamlessly search between tagged resources.

📦 Installation

Prerequisites

• uv
• Python 3.11+
• An AWS account with valid credentials - You can use AWS access keys or AWS STS credentials!
• An MCP client (Claude Desktop, Cline, 5ire, etc.)

Setup Steps

1. Clone this repository:

git clone https://github.com/groovyBugify/aws-security-mcp.git
cd aws-security-mcp

2. Ensure uv is installed: https://docs.astral.sh/uv/getting-started/installation/#installation-methods
3. Make the runner script executable:

chmod +x ./awsSEC.sh

4. Configure AWS credentials and run the script:

./awsSEC.sh

💻 Usage Examples

MCP Client Setup

Configure in Claude Desktop as follows:

• Navigate to Edit > Settings.
• Select Default Project.
• Under Path Settings, add the following paths:
  • C:/Users/YourUsername/AppData/Roaming/Claude Desktop/extensions
  • C:/Program Files/Claude Desktop/resources/app/extensions

Add the following content to the configuration file:

{
    "iam": {
        "accessKeyId": "YOUR_ACCESS_KEY_ID",
        "secretAccessKey": "YOUR_SECRET_ACCESS_KEY"
    }
}

Running the Service

• Start the AWS Security MCP service.
• Run the following command in the terminal to test the connection:

./awsSEC.sh --test

📚 Documentation

Supported AWS Services

Currently Supported Services

• IAM: Role, user, policy, access key, and permission analysis
• EC2: Instances, security groups, elastic network interfaces, VPCs, subnets, and route tables
• S3: Buckets, permissions, and public access analysis
• GuardDuty: Findings and detectors
• SecurityHub: Findings and standard compliance
• Lambda: Functions, permissions, and configurations
• Cloudfront: Cloudfront distributions, origin mappings, and API route mappings
• LoadBalancer: ALBs, ELBs, NLBs, target groups, and listeners
• Route53: Hosted zones and record sets
• WAF: WebACLs and AWS WAF
• Shield: AWS DDoS protection
• IAM Access Analyzer: Security findings from IAM Access Analyzer
• ECS/ECR: Container repositories, images, and scan results
• Organizations: AWS organizational structure, accounts, SCPs, and organization-level controls

In Development

• CloudTrail: Audit log analysis
• KMS: Key management and encryption
• Config: Configuration compliance

Other Notes

• Supports integration with other MCP servers such as Sequentialthinking and Shodan to enhance functionality.

Troubleshooting

• Check the log file path: C:/Program Files/Claude Desktop/resources/app/extensions or $HOME/.Claude Desktop

📄 License

This project is licensed under the MIT License.