Loading subscription status...
💡 Description
AWS-IReveal-MCP is a Model Context Protocol (MCP) server that provides security teams and operatives with a unified interface to AWS services useful for investigations. By connecting AWS-IReveal-MCP to any MCP client (like Claude Desktop or Cline), you can run queries and analysis across multiple AWS services without leaving your LLM-powered workspace.
📝 JSON Entries
{
"mcpServers": [
{
"aws-ireveal": {
"env": {
"AWS_PROFILE": "<YOUR_PROFILE>"
},
"args": [
"run",
"/path/to/aws-ireveal-mcp/server.py"
],
"command": "uv"
}
}
]
}🛠️ Tools
accessanalyzer_get_findingcloudtrail_describe_trailscloudtrail_lookup_eventsathena_create_cloudtrail_tableathena_query_eventscloudwatch_describe_log_groupscloudwatch_list_log_streamscloudwatch_filter_log_events
⚡ Features
- Integration with AWS services for security investigation
- Unified interface for running queries across multiple AWS services
💬 Example Queries
- Analyze activity by IP xxxx in the last 5 days
- Analyze the activity of the role 'Sysadmin' in the last 24 hours
- Investigate suspicious activities on CloudTrail in the last 7 days in US-West-2
- Are there any data events in the last seven days for buckets that include the name 'customers'?
- Examine CloudWatch logs related to Bedrock
- Suggest remediation for high-risk GuardDuty findings that occurred in the past 2 days
- Identify non-compliant resources, explain violated rules, and suggest remediation measures