AWS-IReveal-MCPServer

Brucedh
GitHub
AWSSecurityMonitoring

Loading subscription status...

💡 Description

AWS-IReveal-MCP is a Model Context Protocol (MCP) server that provides security teams and operatives with a unified interface to AWS services useful for investigations. By connecting AWS-IReveal-MCP to any MCP client (like Claude Desktop or Cline), you can run queries and analysis across multiple AWS services without leaving your LLM-powered workspace.

📝 JSON Entries

{
  "mcpServers": [
    {
      "aws-ireveal": {
        "env": {
          "AWS_PROFILE": "<YOUR_PROFILE>"
        },
        "args": [
          "run",
          "/path/to/aws-ireveal-mcp/server.py"
        ],
        "command": "uv"
      }
    }
  ]
}

🛠️ Tools

accessanalyzer_get_findingcloudtrail_describe_trailscloudtrail_lookup_eventsathena_create_cloudtrail_tableathena_query_eventscloudwatch_describe_log_groupscloudwatch_list_log_streamscloudwatch_filter_log_events

Features

  • Integration with AWS services for security investigation
  • Unified interface for running queries across multiple AWS services

💬 Example Queries

  • Analyze activity by IP xxxx in the last 5 days
  • Analyze the activity of the role 'Sysadmin' in the last 24 hours
  • Investigate suspicious activities on CloudTrail in the last 7 days in US-West-2
  • Are there any data events in the last seven days for buckets that include the name 'customers'?
  • Examine CloudWatch logs related to Bedrock
  • Suggest remediation for high-risk GuardDuty findings that occurred in the past 2 days
  • Identify non-compliant resources, explain violated rules, and suggest remediation measures