Is Aws Security Mcp safe to use?

Aws Security Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.

How do I install Aws Security Mcp?

Aws Security Mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Aws Security Mcp?

Aws Security Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Aws Security Mcp actively maintained?

Aws Security Mcp is less actively maintained — last commit was 309 days ago. It has 83 GitHub stars.

Aws Security Mcp

Name: Aws Security Mcp
Author: groovyBugify

by groovyBugify

A Model Context Protocol server that connects AI assistants like Claude to AWS security services, allowing them to autonomously query, inspect, and analyze AWS infrastructure for security issues and misconfigurations.

83 0 tools GitHub

No known CVEs

Apache-2.0 license

Stale

Last commit 309d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Security Cloud

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "aws-security-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/aws-security-mcp)](https://mcppedia.org/s/aws-security-mcp)

Read me

What Aws Security Mcp does

A Model Context Protocol (MCP) server that enables AI assistants to perform comprehensive AWS security analysis through natural language queries.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

30/100across 5 weighted dimensions

How we score →

0255075100

−70

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Aws Security Mcp safe to use?: Aws Security Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Aws Security Mcp?: Aws Security Mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Aws Security Mcp?: Aws Security Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Aws Security Mcp actively maintained?: Aws Security Mcp is less actively maintained — last commit was 309 days ago. It has 83 GitHub stars.

Similar servers

Others in security / cloud

View all →

Observability Mcp95

MCP Server for GCP environment for interacting with various Observability APIs.

809 10

Sink95

⚡ A Simple / Speedy / Secure Link Shortener with Analytics, 100% run on Cloudflare.

6.7k 3

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

MCP Security Weekly

Get CVE alerts and security updates for Aws Security Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security Cloud

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "aws-security-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/aws-security-mcp)](https://mcppedia.org/s/aws-security-mcp)

Read me

What Aws Security Mcp does

A Model Context Protocol (MCP) server that enables AI assistants to perform comprehensive AWS security analysis through natural language queries.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

AWS Security MCP

A Model Context Protocol (MCP) server that enables AI assistants to perform comprehensive AWS security analysis through natural language queries.

Overview

AWS Security MCP bridges AI assistants like Claude with AWS security services, enabling real-time infrastructure analysis through conversational queries. The system automatically discovers and analyzes resources across multiple AWS accounts, providing security insights without requiring deep AWS CLI knowledge.

Key Capabilities

Cross-Account Discovery: Automatic detection and access to AWS Organization accounts
Natural Language Interface: Query AWS resources using plain English
Security Analysis: Integrated findings from GuardDuty, SecurityHub, and Access Analyzer
Infrastructure Mapping: Network topology, threat modelling, security review and blast radius analysis
Log Analytics: Athena-powered analysis of CloudTrail, VPC Flow Logs, and security events

Prerequisites

Python: 3.11 or higher
Package Manager: uv
AWS Account: With appropriate IAM permissions
MCP Client: Claude Desktop, Cline, or compatible client

AWS Requirements

MCP Server's AWS credentials must have the following permissions:

Core MCP Permissions

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "CrossAccountAccess",
      "Effect": "Allow",
      "Action": [
        "sts:AssumeRole"
      ],
      "Resource": "arn:aws:iam::*:role/aws-security-mcp-cross-account-access"
    },
    {
      "Sid": "OrganizationDiscovery",
      "Effect": "Allow",
      "Action": [
        "organizations:ListAccounts"
      ],
      "Resource": "*"
    }
  ]
}

Athena Integration Permissions

For advanced log analysis capabilities, additional permissions are required:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AthenaQueryExecution",
      "Effect": "Allow",
      "Action": [
        "athena:BatchGetQueryExecution",
        "athena:GetQueryExecution",
        "athena:GetQueryResults",
        "athena:GetWorkGroup",
        "athena:GetTableMetadata",
        "athena:ListQueryExecutions",
        "athena:StartQueryExecution",
        "athena:GetQueryResultsStream",
        "athena:GetDataCatalog",
        "athena:ListDataCatalogs",
        "athena:ListDatabases",
        "athena:ListTableMetadata"
      ],
      "Resource": "*"
    },
    {
      "Sid": "GlueCatalogAccess",
      "Effect": "Allow",
      "Action": [
        "glue:GetDatabase",
        "glue:GetDatabases",
        "glue:GetTable",
        "glue:GetTables",
        "glue:GetPartition",
        "glue:GetPartitions",
        "glue:BatchGetPartition"
      ],
      "Resource": "*"
    },
    {
      "Sid": "S3LogDataAccess",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::your-cloudtrail-bucket/*",
        "arn:aws:s3:::your-cloudtrail-bucket",
        "arn:aws:s3:::your-vpc-flow-logs-bucket/*",
        "arn:aws:s3:::your-vpc-flow-logs-bucket",
        "arn:aws:s3:::your-security-logs-bucket/*",
        "arn:aws:s3:::your-security-logs-bucket"
      ]
    },
    {
      "Sid": "AthenaResultsAccess",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket",
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::your-athena-results-bucket/*",
        "arn:aws:s3:::your-athena-results-bucket"
      ]
    }
  ]
}

Required AWS Managed Policies

SecurityAudit Policy (Required)

Attach the AWS managed SecurityAudit policy to your MCP Server's IAM user or IAM role:

Policy ARN: arn:aws:

... [View full README on GitHub](https://github.com/groovyBugify/aws-security-mcp#readme)

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

30/100across 5 weighted dimensions

How we score →

0255075100

−70

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Aws Security Mcp safe to use?: Aws Security Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Aws Security Mcp?: Aws Security Mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Aws Security Mcp?: Aws Security Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Aws Security Mcp actively maintained?: Aws Security Mcp is less actively maintained — last commit was 309 days ago. It has 83 GitHub stars.