AWS Security MCP is a Model Context Protocol (MCP) server that enables AI assistants like Claude to interact with AWS security services. Think of it as a bridge that lets AI assistants directly inspect and analyze your AWS infrastructure for security issues, just by asking questions in plain English.
- Natural Language Queries: Ask questions like "show me all running EC2 instances of type t2.large" and get immediate answers
- Cross-Account Support: Automatically discovers and queries multiple AWS accounts in your organization
- Security Analysis: Query findings from GuardDuty, SecurityHub, and IAM Access Analyzer
- Resource Inspection: List and inspect AWS resources for security misconfigurations
- IAM Analysis: Analyze roles, policies, and permissions for security issues
- Network Security: Examine EC2 instances, security groups, and networking components
- Threat Intelligence: Generate threat modeling reports and contextual security recommendations
- Network Visualization: Generate network maps to visualize your AWS infrastructure
- Blast Radius Analysis: Understand the impact scope of any service, resource, or team
- Smart Search: Search seamlessly between your tagged resources across accounts
- Optimized Performance: Reduced from 110+ tools to 38 streamlined tools with nested functionality
- IAM: Roles, users, policies, access keys, and permission analysis
- EC2: Instances, security groups, Elastic Network Interfaces, VPCs, Subnets, and route tables
- S3: Buckets, permissions, and public access analysis
- GuardDuty: Findings and detectors
- SecurityHub: Findings and standards compliance
- Lambda: Functions, permissions, and configurations
- Cloudfront: Cloudfront Distributions, Origin Mapping, API Route Mapping
- LoadBalancer: ALB, ELB, NLB, Target Groups, Listeners
- Route53: Hosted Zones, RecordSets
- WAF: WebACL, AWS WAF
- Shield: AWS DDOS Protection
- IAM Access Analyser: Security findings on IAM Access Analyser
- ECS/ECR: Container repositories, images, and scan findings
- Organizations: AWS Organization structure, accounts, SCPs and organization-level controls
- CloudTrail: Audit logging analysis
- KMS: Key management and encryption
- Config: Configuration compliance
- uv (Python package manager) - Installation Guide
- Python 3.11+
- AWS Account with proper credentials
- MCP Client (Claude Desktop, Cline, 5ire, etc.)
AWS Security MCP automatically discovers and accesses multiple AWS accounts using a smart approach:
- Organization Discovery: First, it attempts to list accounts using
aws organizations list-accounts - Role Assumption: For each discovered account, it tries to assume the IAM role:
aws-security-mcp-cross-account-access - Fallback: If an account is not part of an AWS Organization, it defaults to standard AWS credential resolution (profile/environment/IMDS/ECS)
For each AWS account you want to access, create an IAM role with these specifications:
Role Name: aws-security-mcp-cross-account-access
Trust Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::YOUR-MASTER-ACCOUNT-ID:root"
},
"Action": "sts:AssumeRole"
}
]
}Attached Policy: SecurityAudit (AWS Managed Policy)
This setup allows the MCP server to securely access resources across all your AWS accounts with read-only security permissions.
This is the primary and recommended way to run AWS Security MCP. SSE provides better performance, stability, and compatibility with various MCP clients.
-
Configure your AWS Credentials:
AWS Security MCP automatically detects and uses AWS credentials from your ~/.aws/credentials, AWS_PROFILE, env variables or metadata endpoints.
Required IAM Permissions: Your default AWS profile/credentials must have the following permissions:
- Cross-Account Role Assumption Policy:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "CrossAccountAccess", "Effect": "Allow", "Action": [ "sts:AssumeRole" ], "Resource": [ "arn:aws:iam::*:role/aws-security-mcp-cross-account-access" ] } ] }- Organization Discovery Policy:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "OrganizationAccess", "Effect": "Allow", "Action": [ "organizations:ListAccounts" ], "Resource": "*" } ] }- AWS SecurityAudit Managed Policy (attach to your user/role):
arn:aws:iam::aws:policy/SecurityAuditImportant: These permissions allow the default profile to discover organization accounts, assume cross-account roles, and perform security audits across your AWS infrastructure.
Security Note: At no point can the MCP Client retrieve AWS credentials. All credential handling is done securely by the MCP server, and only API responses are shared with the client.
Cross-Account Access: The system automatically discovers AWS Organization accounts and assumes the
aws-security-mcp-cross-account-accessrole where available. -
Start the SSE Server locally:
# Navigate to the aws-security-mcp directory cd /path/to/aws-security-mcp # Start the SSE server python aws_security_mcp/main.py sse
-
Configure Your MCP Client:
For Claude Desktop with SSE:
First, install the mcp-proxy tool:
# Install mcp-proxy using uv uv tool install mcp-proxy # Find the absolute path of mcp-proxy (you'll need this for the config) which mcp-proxy # Example output: /Users/username/.local/bin/mcp-proxy
Then configure Claude Desktop:
{ "mcpServers": { "aws-security": { "command": "/Users/username/.local/bin/mcp-proxy", "args": ["http://localhost:8000/sse"] } } }Important: Replace
/Users/username/.local/bin/mcp-proxywith the actual path from thewhich mcp-proxycommand above.For Other MCP Clients:
- Connect to:
http://localhost:8000/sse - Use Server-Sent Events transport
- Health check:
http://localhost:8000/health
- Connect to:
Note: This method is kept for backward compatibility but SSE is recommended.
-
Configure Claude Desktop with stdio:
{ "mcpServers": { "aws-security": { "command": "/full/path/to/aws-security-mcp/run_aws_security.sh", "args": ["stdio"] } } } -
Direct File Edit Locations:
- macOS:
/Users/YOUR_USER/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json - Linux:
~/.config/Claude/claude_desktop_config.json
- macOS:
-
Restart Claude Desktop to load the new configuration
-
Test with MCP Inspector:
# Use the MCP Inspector to test the connection: npx @modelcontextprotocol/inspector http://127.0.0.1:8000/sse -
Direct SSE Testing:
# Test the SSE endpoint directly: curl -N -H "Accept: text/event-stream" http://localhost:8000/sse
-
Health Check:
# Check server health: curl http://localhost:8000/health
-
Docker Deployment:
# Build the container: docker build -t aws-security-mcp . # Run with environment variables: docker run -p 8000:8000 \ -e AWS_ACCESS_KEY_ID=your_key \ -e AWS_SECRET_ACCESS_KEY=your_secret \ -e AWS_DEFAULT_REGION=us-east-1 \ aws-security-mcp
-
Environment Variables for SSE:
# Optional SSE configuration export MCP_HOST=0.0.0.0 # Bind to all interfaces export MCP_PORT=8000 # Server port export MCP_LOG_LEVEL=info # Logging level export MCP_DEBUG=false # Debug mode
When deploying behind a load balancer:
- Health Check Path:
/health - SSE Endpoint:
/sse - Important: Configure your load balancer to NOT redirect
/sseto/sse/ - Sticky Sessions: Not required (stateless design)
- Timeout: Set appropriate timeouts for SSE connections (recommended: 30+ seconds)
- Better Performance: Reduced overhead and better resource management
- Scalability: Multiple clients can connect to the same server
- Monitoring: Built-in health checks and observability
- Cloud Native: Works seamlessly in containerized environments
- Flexibility: Compatible with various MCP clients and custom integrations
Query: "Can you share connected AWS accounts?"
Response: The MCP tool will return a list of all AWS accounts in your organization that the server can access, including account IDs, names, and status.
Query: "Can you refresh my AWS session?"
Response: The MCP tool refreshes all valid boto3 sessions across multiple AWS accounts, ensuring you have the latest credentials and permissions.
Query: "Show me all EC2 instances across all accounts"
Query: "Find security groups with port 22 open to the internet"
Query: "List S3 buckets with public read access"
Query: "Show me GuardDuty findings from the last 7 days"
Query: "Generate a network map for my production environment"
Query: "What's the blast radius if the web-tier security group is compromised?"
AWS Security MCP has been optimized from 110+ individual tools to 38 core tools with nested functionality. This provides several benefits:
- Reduced Memory Usage: Prevents server memory errors in resource-constrained environments
- Faster Loading: Quicker startup and tool discovery
- Better Organization: Related functions are grouped logically
- Improved Reliability: Fewer tools mean less complexity and fewer failure points
The 38 tools are organized into these categories:
- Account Management (3 tools): Cross-account access, session management
- IAM Security (5 tools): Roles, policies, users, access analysis
- Compute Security (8 tools): EC2, Lambda, containers
- Network Security (6 tools): VPCs, security groups, load balancers
- Storage Security (4 tools): S3, EBS, file systems
- Security Services (8 tools): GuardDuty, SecurityHub, WAF, Shield
- Compliance & Audit (4 tools): Config, CloudTrail, Access Analyzer
Each tool can handle multiple related operations, providing the same functionality as the original 110+ tools but with better performance.
You can combine AWS Security MCP with other MCP servers for enhanced capabilities:
- Sequential Thinking: For complex reasoning and analysis
- Shodan: For external threat intelligence
- Brave Web Search: For researching security vulnerabilities
- CVE Search: For vulnerability database queries
{
"mcpServers": {
"aws-security": {
"command": "/Users/username/.local/bin/mcp-proxy",
"args": [
"http://localhost:8000/sse"
]
},
"shodan": {
"command": "npx",
"args": ["@mcp/shodan"],
"env": {
"SHODAN_API_KEY": "your-shodan-key"
}
},
"brave-search": {
"command": "npx",
"args": ["@mcp/brave-search"],
"env": {
"BRAVE_API_KEY": "your-brave-key"
}
}
}
}-
"No tools available" or empty tool list:
- Check AWS credentials are properly configured
- Verify the
run_aws_security.shscript is executable - Ensure you're using Claude Pro (free version has token limitations)
-
Cross-account access not working:
- Verify the
aws-security-mcp-cross-account-accessrole exists in target accounts - Check the trust policy allows your master account
- Ensure the SecurityAudit policy is attached
- Verify the
-
MCP server crashes or memory errors:
- This should be resolved with the new 38-tool architecture
- If issues persist, check system resources and Python memory limits
-
Slow response times:
- Large AWS environments may take time to query
- Consider using more specific queries to reduce scope
- Check AWS API rate limits in CloudTrail
MCP Server Logs:
- macOS:
/Users/{userName}/Library/Logs/Claude - Windows:
%APPDATA%\Claude\Logs - Linux:
~/.local/share/Claude/Logs
Enable Debug Mode:
# Add to run_aws_security.sh
export MCP_DEBUG=true
export AWS_SDK_DEBUG=trueTest MCP Server Directly:
# Test the server without Claude
python -m aws_security_mcp.server --transport stdio- Least Privilege: The SecurityAudit policy provides read-only access
- Credential Management: Use IAM roles instead of access keys when possible
- Network Security: Consider running in private subnets for production use
- Audit Logging: All AWS API calls are logged in CloudTrail
- Session Management: Sessions are automatically refreshed and expire safely
- Memory: Minimum 2GB RAM (4GB recommended for large AWS environments)
- Python: Version 3.11 or higher
- Network: Internet access for AWS API calls
- Disk Space: ~100MB for installation and logs
This project is licensed under the MIT License - see the LICENSE file for details.