Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

AWS Security Remediation Server

БесплатноНе проверен

Provides automated security incident remediation tools for AWS, enabling real-time threat response by quarantining malicious S3 objects, restricting IAM access,

GitHubEmbed

Описание

Provides automated security incident remediation tools for AWS, enabling real-time threat response by quarantining malicious S3 objects, restricting IAM access, and updating security groups.

README

An MCP (Model Context Protocol) server that provides automated security incident remediation tools for AWS environments. Designed to work with GuardDuty findings for real-time threat response.

Tools

Tool Description
quarantine_s3_object Move a malicious S3 object to a quarantine bucket and delete the original
restrict_iam_access Block all access for a compromised IAM user or role by attaching a deny-all policy
update_security_group Remove overly permissive inbound rules (0.0.0.0/0) from a security group

Prerequisites

  • Python 3.10+
  • AWS credentials configured (environment variables, ~/.aws/credentials, or IAM role)
  • QUARANTINE_BUCKET environment variable set (required for quarantine_s3_object)

Required IAM Permissions

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:CopyObject"
      ],
      "Resource": [
        "arn:aws:s3:::SOURCE-BUCKET/*",
        "arn:aws:s3:::QUARANTINE-BUCKET/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iam:PutUserPolicy",
        "iam:PutRolePolicy"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeSecurityGroups",
        "ec2:RevokeSecurityGroupIngress"
      ],
      "Resource": "*"
    }
  ]
}

Installation

pip install -e .

Usage

As a CLI tool (stdio transport)

QUARANTINE_BUCKET=my-quarantine-bucket security-remediation-mcp-server

With Claude Desktop / Amazon Q / Cline

Add to your MCP configuration:

{
  "mcpServers": {
    "security-remediation": {
      "command": "security-remediation-mcp-server",
      "env": {
        "QUARANTINE_BUCKET": "my-quarantine-bucket",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

With Docker

docker build -t security-remediation-mcp-server .

docker run --rm \
  -e AWS_ACCESS_KEY_ID \
  -e AWS_SECRET_ACCESS_KEY \
  -e AWS_REGION=us-east-1 \
  -e QUARANTINE_BUCKET=my-quarantine-bucket \
  -p 8000:8000 \
  security-remediation-mcp-server

Tool Details

quarantine_s3_object

Moves a malicious S3 object to a quarantine bucket with a date-based path structure, then deletes the original.

Parameters:

  • bucket_name (str): Source S3 bucket name
  • object_key (str): Object key (path) to quarantine

Example response:

{
  "action_type": "quarantine_s3_object",
  "status": "SUCCESS",
  "target_resource": "s3://source-bucket/malware.txt",
  "details": "Moved to quarantine bucket: s3://quarantine-bucket/2026/03/02/source-bucket/malware.txt"
}

restrict_iam_access

Attaches an inline deny-all policy (ACO-EmergencyDenyAll) to an IAM user or role, immediately revoking all permissions.

Parameters:

  • principal_arn (str): Full ARN of the IAM user or role

update_security_group

Removes all inbound rules that allow traffic from 0.0.0.0/0 (any IP address).

Parameters:

  • security_group_id (str): Security group ID (e.g., sg-0123456789abcdef0)

Use Case: GuardDuty Automated Response

This MCP server is designed to be used with an AI agent that receives GuardDuty findings and automatically takes remediation actions:

  1. GuardDuty detects a threat (e.g., malware in S3)
  2. EventBridge routes the finding to an AI agent
  3. Agent analyzes the finding and calls the appropriate tool
  4. Tool executes the remediation (quarantine, block, cleanup)
  5. Agent reports the result

License

MIT

from github.com/yslee96/security-remeidation-mcp-sever

Установка AWS Security Remediation Server

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/yslee96/security-remeidation-mcp-sever

FAQ

AWS Security Remediation Server MCP бесплатный?

Да, AWS Security Remediation Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для AWS Security Remediation Server?

Нет, AWS Security Remediation Server работает без API-ключей и переменных окружения.

AWS Security Remediation Server — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить AWS Security Remediation Server в Claude Desktop, Claude Code или Cursor?

Открой AWS Security Remediation Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare AWS Security Remediation Server with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development