aws-infrasec-mcp-server
Verified Safeby edlsh
Overview
An AWS Model Context Protocol (MCP) server that provides infrastructure security analysis for EC2 instances and Security Groups.
Installation
docker build -t aws-infrasec-mcp . && docker run -it --rm -e AWS_REGION=${AWS_REGION:-us-east-1} -v ~/.aws:/home/mcpuser/.aws:ro aws-infrasec-mcpEnvironment Variables
- AWS_REGION
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_PROFILE
Security Notes
The project demonstrates a strong focus on security, utilizing `eslint-plugin-security` with strict rules (e.g., disallowing `eval`, object injection, and unsafe regex). Docker configuration includes `read_only: true` and `no-new-privileges:true` for enhanced container security. AWS credentials are correctly handled via environment variables or profiles, with no hardcoded secrets identified. Error handling for AWS API calls is present. The `security/detect-non-literal-fs-filename` warning is noted in the ESLint config for `rules-loader.ts`, but for runtime execution, the default path is a static, relative path, mitigating this specific risk.
Similar Servers
tfmcp
A CLI tool and MCP server that enables LLMs to analyze, manage, and operate Terraform configurations and infrastructure environments.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
toolhive-studio
ToolHive is a desktop application (Electron UI) for discovering, deploying, and managing Model Context Protocol (MCP) servers in isolated containers, and connecting them to AI agents and clients.
boilerplate-mcp-server
Provides a production-ready foundation for developing custom Model Context Protocol (MCP) servers in TypeScript to connect AI assistants with external APIs and data sources, exemplified by an IP geolocation tool.