aws-security-mcp

Overview

AWS Security MCP enables AI assistants like Claude to perform comprehensive security analysis of AWS infrastructure through natural language queries. It bridges the gap between AI capabilities and AWS security services, allowing automatic discovery and analysis of resources across multiple AWS accounts. The system integrates findings from GuardDuty, SecurityHub, and Access Analyzer while providing infrastructure mapping and Athena-powered log analytics capabilities.

Try asking AI

After installing, here are 5 things you can ask your AI assistant:

• query_aws_resources

  Query AWS resources across multiple services including EC2, S3, IAM, Lambda, and GuardDuty

  Try:Show me all running EC2 instances in my accountTry:List all S3 buckets with public accessTry:Find IAM roles with administrative privileges
• analyze_security_findings

  Analyze security findings from GuardDuty and SecurityHub

  Try:Show me all GuardDuty findings from the last 7 daysTry:What is my current SecurityHub compliance score?Try:List high-risk security findings across all accounts
• cross_account_analysis

  Perform security analysis across multiple AWS accounts

  Try:List all connected AWS accountsTry:Find resources tagged Team:Security across all accountsTry:Show compliance status across organization
• blast_radius_analysis

  Generate blast radius analysis for AWS resources

  Try:Generate blast radius analysis for IP 172.16.1.10Try:What resources would be affected if this security group is deleted?Try:Show network blast radius for this EC2 instance
• athena_log_analysis

  Analyze AWS logs using Athena including CloudTrail and VPC Flow Logs

  Try:Show all failed login attempts from external IPs in the last 24 hoursTry:What did 'saransh.rana@company.com' do in past 24 hours?Try:Correlate GuardDuty findings with CloudTrail events
• network_topology_analysis

  Analyze network topology including VPCs, security groups, and load balancers

  Try:Share network map for resource 172.22.141.11Try:Show all security groups attached to this EC2 instanceTry:Analyze ALB configuration for security vulnerabilities
• refresh_aws_session

  Refresh AWS session credentials for cross-account access

  Try:Refresh my AWS sessionTry:Update cross-account credentialsTry:Reconnect to all organization accounts
• security_compliance_check

  Check security compliance against AWS standards and frameworks

  Try:Check my PCI compliance statusTry:Generate SecurityHub compliance reportTry:Show all non-compliant resources
• analyze_lambda_security

  Analyze Lambda functions for security vulnerabilities

  Try:Show secrets stored in environment variables of Lambda functionsTry:List Lambda functions with overly permissive IAM rolesTry:Check for public access to Lambda functions
• s3_security_analysis

  Analyze S3 buckets for security misconfigurations

  Try:Check for publicly accessible S3 bucketsTry:List all S3 buckets with public access blocks disabledTry:Show encryption settings for all S3 buckets
• access_analyzer_check

  Use IAM Access Analyzer to check for potentially unauthorized access

  Try:Check for IAM roles with external accessTry:Find resources shared with external principalsTry:Analyze public access to my IAM resources
• generate_security_report

  Generate comprehensive security reports across AWS infrastructure

  Try:Generate a security summary for all resourcesTry:Create a compliance report for my organizationTry:Export all security findings to a formatted report

Note: Tools were inferred from usage examples and service descriptions rather than a dedicated tools section. The README doesn't provide explicit tool names or parameters, but rather shows how users can interact with the system through natural la

Comparable tools

Installation

FAQ

What AWS permissions are required?

The server needs the SecurityAudit policy and STS AssumeRole permissions for cross-account access. Athena permissions are optional for log analysis features.

Can it work with non-Claude MCP clients?

Yes, it should work with any MCP client that supports SSE connections, like Cline. The mcp-proxy component helps bridge the connection.

Compare aws-security-mcp with