AWS Security
A Model Context Protocol server that connects AI assistants like Claude to AWS security services, allowing them to autonomously query, inspect, and analyze AWS infrastructure for security issues and misconfigurations.
What is AWS Security?
AWS Security is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to model context protocol server that connects ai assistants like claude to aws security services, allowing them to autonomously query, inspect, and analyze aws infrastructure for security issues and mis...
A Model Context Protocol server that connects AI assistants like Claude to AWS security services, allowing them to autonomously query, inspect, and analyze AWS infrastructure for security issues and misconfigurations.
This server falls under the Cloud Services and Security categories on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- A Model Context Protocol server that connects AI assistants
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx aws-security-mcpConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use AWS Security
AWS Security MCP is a Python-based Model Context Protocol server that connects AI assistants like Claude directly to AWS security services, enabling autonomous querying, inspection, and analysis of your cloud infrastructure. It covers a wide range of AWS services including IAM, EC2, S3, GuardDuty, SecurityHub, Lambda, CloudFront, WAF, Shield, ECS/ECR, and more, allowing the AI to surface misconfigurations, analyze blast radius, and audit permissions without manual CLI work. Security teams can use it to run natural-language security investigations across single or multi-account AWS environments.
Prerequisites
- Python 3.10 or higher and the `uv` package manager installed
- AWS credentials configured (via `aws configure sso`, environment variables, or an IAM role)
- AWS IAM policy `arn:aws:iam::aws:policy/SecurityAudit` attached to your credentials
- An MCP-compatible client such as Claude Desktop
- `uv tool install mcp-proxy` for bridging stdio MCP clients to the HTTP server
Clone the repository
Download the server source code from GitHub since it is not published to PyPI.
git clone https://github.com/groovyBugify/aws-security-mcp.git
cd aws-security-mcpCreate a virtual environment and install dependencies
Use `uv` to set up an isolated Python environment and install all required packages.
uv venv
source .venv/bin/activate
uv pip install -r requirements.txtConfigure AWS credentials
Ensure your AWS credentials are available. You can use AWS SSO, environment variables, or a named profile. The SecurityAudit managed policy must be attached to the credentials being used.
# Option 1: AWS SSO
aws configure sso
# Option 2: Environment variables
export AWS_ACCESS_KEY_ID=your_key
export AWS_SECRET_ACCESS_KEY=your_secret
export AWS_DEFAULT_REGION=us-east-1Create or edit config.yaml
Configure the server's AWS region, log level, and optional cross-account role settings in the YAML configuration file.
aws:
region: us-east-1
profile: null # Optional: named AWS profile
server:
log_level: info
cross_account:
role_name: SecurityAuditRole # Optional: for multi-account
max_concurrent_assumptions: 5Install mcp-proxy and configure your MCP client
Install mcp-proxy to bridge Claude Desktop (stdio) with the MCP server, then add the server configuration to your Claude Desktop config file.
uv tool install mcp-proxyAdd the server to Claude Desktop configuration
Edit your claude_desktop_config.json to register the AWS Security MCP server. Update the path to match your cloned repository location.
{
"mcpServers": {
"aws-security": {
"command": "/path/to/aws-security-mcp/.venv/bin/python",
"args": ["/path/to/aws-security-mcp/server.py"],
"env": {
"AWS_DEFAULT_REGION": "us-east-1",
"AWS_ACCESS_KEY_ID": "your_key",
"AWS_SECRET_ACCESS_KEY": "your_secret"
}
}
}
}AWS Security Examples
Client configuration
Claude Desktop configuration using direct Python execution with environment variable credentials.
{
"mcpServers": {
"aws-security": {
"command": "/path/to/aws-security-mcp/.venv/bin/python",
"args": ["/path/to/aws-security-mcp/server.py"],
"env": {
"AWS_DEFAULT_REGION": "us-east-1",
"AWS_ACCESS_KEY_ID": "AKIAIOSFODNN7EXAMPLE",
"AWS_SECRET_ACCESS_KEY": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
}
}
}
}Prompts to try
Natural language prompts that leverage the server's AWS security analysis capabilities across IAM, EC2, GuardDuty, and more.
- "List all running EC2 instances and flag any with public IPs"
- "Show GuardDuty findings from the last 7 days with HIGH or CRITICAL severity"
- "Analyze IAM roles with administrative privileges and show their trust policies"
- "Find S3 buckets with public access enabled"
- "Generate a blast radius analysis for IP 172.16.1.10"
- "Find resources tagged Team:Security across all accounts"Troubleshooting AWS Security
Permission denied errors when querying AWS services
Ensure the AWS credentials in use have the `arn:aws:iam::aws:policy/SecurityAudit` managed policy attached. For cross-account analysis, also ensure the role specified in `cross_account.role_name` exists in target accounts and trusts the calling account.
Server fails to start or crashes on launch
Verify the virtual environment is activated and all dependencies are installed (`uv pip install -r requirements.txt`). Check that `config.yaml` exists in the project root with valid YAML syntax and an accessible AWS region.
Claude Desktop does not see the server tools
Restart Claude Desktop after editing `claude_desktop_config.json`. Verify the Python path points to the `.venv` binary, not a system Python, and that the absolute path to `server.py` is correct.
Frequently Asked Questions about AWS Security
What is AWS Security?
AWS Security is a Model Context Protocol (MCP) server that model context protocol server that connects ai assistants like claude to aws security services, allowing them to autonomously query, inspect, and analyze aws infrastructure for security issues and misconfigurations. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install AWS Security?
Follow the installation instructions on the AWS Security GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with AWS Security?
AWS Security works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is AWS Security free to use?
Yes, AWS Security is open source and available under the Apache 2.0 license. You can use it freely in both personal and commercial projects.
AWS Security Alternatives — Similar Cloud Services Servers
Looking for alternatives to AWS Security? Here are other popular cloud services servers you can use with Claude, Cursor, and VS Code.
Open WebUI
★ 138.2kUser-friendly AI Interface (Supports Ollama, OpenAI API, ...)
Anything LLM
★ 60.4kThe all-in-one AI productivity accelerator. On device and privacy first with no annoying setup or configuration.
LocalAI
★ 46.4kLocalAI is the open-source AI engine. Run any model - LLMs, vision, voice, image, video - on any hardware. No GPU required.
Nacos
★ 33.0kan easy-to-use dynamic service discovery, configuration and service management platform for building AI cloud native applications.
Xiaozhi ESP32
★ 26.7k本项目为xiaozhi-esp32提供后端服务,帮助您快速搭建ESP32设备控制服务器。Backend service for xiaozhi-esp32, helps you quickly build an ESP32 device control server.
Gateway
★ 11.8kA blazing fast AI Gateway with integrated guardrails. Route to 1,600+ LLMs, 50+ AI Guardrails with 1 fast & friendly API.
Browse More Cloud Services MCP Servers
Explore all cloud services servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up AWS Security in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use AWS Security?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.