AWS Compliance Server
БесплатноНе проверенEnables LLMs to perform automated compliance scanning of AWS infrastructure against PCI-DSS, CIS, and Well-Architected frameworks. It provides tools for scannin
Описание
Enables LLMs to perform automated compliance scanning of AWS infrastructure against PCI-DSS, CIS, and Well-Architected frameworks. It provides tools for scanning, remediation, and audit report generation.
README
A Model Context Protocol (MCP) server that connects an LLM (Claude, GPT-4, etc.) to real AWS infrastructure and performs automated compliance scanning against:
- PCI-DSS v3.2.1 (18 controls across 8 requirements)
- CIS AWS Foundations Benchmark v1.4 (19 controls across 5 sections)
- AWS Well-Architected Framework (14 checks across all 5 pillars)
Architecture
Claude / Any MCP Client
│ MCP Protocol (stdio)
▼
aws-compliance-mcp (FastMCP server)
├── ConfigTools → AWS Config APIs
├── SecurityHubTools → Security Hub APIs
└── ComplianceScanner → Rule mappings + scoring
Prerequisites
- Python 3.10+
- AWS credentials with read access to Config and Security Hub
- AWS Config and Security Hub enabled in your target region
Installation
# Clone the repo
git clone https://github.com/YOUR_USERNAME/aws-compliance-mcp.git
cd aws-compliance-mcp
# Create virtual environment
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
# Install the package
pip install -e ".[dev]"
# Or with pip from requirements
pip install -r requirements.txt
pip install -r requirements-dev.txt
Configuration
cp .env.example .env
# Edit .env with your AWS region and optional profile
.env.example:
AWS_REGION=us-east-1
# AWS_PROFILE=my-profile # Uncomment to use a named profile
Running the Server
# Run directly
python -m aws_compliance_mcp.server
# Or via installed script
aws-compliance-mcp
Connect to Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS):
{
"mcpServers": {
"aws-compliance": {
"command": "/path/to/.venv/bin/python",
"args": ["-m", "aws_compliance_mcp.server"],
"env": {
"AWS_REGION": "us-east-1",
"AWS_PROFILE": "your-profile"
}
}
}
}
Available MCP Tools
| Tool | Description |
|---|---|
scan_pcidss_compliance |
Full PCI-DSS v3.2.1 scan |
scan_cis_compliance |
CIS Benchmark v1.4 scan |
scan_well_architected |
Well-Architected scan (all pillars or single) |
scan_all_frameworks |
Unified scan with overall risk score |
get_remediation_steps |
Step-by-step fix for a specific control |
generate_audit_report |
Audit-ready report with top-10 priorities |
get_config_compliance_summary |
Overall Config rule compliance % |
list_config_rules |
All Config rules + compliance state |
get_config_rule_status |
Single rule details + failing resources |
get_noncompliant_resources |
NON_COMPLIANT resources |
get_security_hub_summary |
Finding counts by severity |
get_security_hub_findings |
Filtered findings list |
get_security_hub_score |
Pass/fail ratio per standard |
Example Claude prompts
"Run a full PCI-DSS compliance scan in us-east-1 and tell me what's failing."
"What are my top 10 remediation priorities across all frameworks?"
"Give me step-by-step remediation for PCI.10.1"
"What's my Security Hub score and how many CRITICAL findings do I have?"
MCP Resources
| URI | Description |
|---|---|
compliance://pcidss/controls |
Full PCI-DSS control catalog |
compliance://cis/controls |
Full CIS control catalog |
compliance://well-architected/pillars |
Well-Architected pillar checks |
Running Tests
# All tests
make test
# With coverage
make coverage
# Lint
make lint
# Or directly
pytest tests/ -v
Tests use moto to mock all AWS API calls — no real AWS account needed.
Project Structure
aws-compliance-mcp/
├── src/aws_compliance_mcp/
│ ├── server.py # FastMCP server + all tool/resource definitions
│ ├── aws_client.py # Shared boto3 client with retry config
│ ├── tools/
│ │ ├── config_tools.py # AWS Config API wrapper
│ │ ├── securityhub_tools.py # Security Hub API wrapper
│ │ └── compliance_scanner.py # Framework scanning + reporting
│ └── rules/
│ ├── pcidss.py # PCI-DSS v3.2.1 control mappings
│ ├── cis.py # CIS Benchmark v1.4 control mappings
│ └── well_architected.py # Well-Architected checks
├── tests/
│ ├── conftest.py
│ ├── test_config_tools.py
│ ├── test_securityhub_tools.py
│ └── test_compliance_scanner.py
├── pyproject.toml
├── Makefile
└── .env.example
Required IAM Permissions
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"config:DescribeComplianceByConfigRule",
"config:GetComplianceSummaryByConfigRule",
"config:GetComplianceDetailsByConfigRule",
"config:DescribeComplianceByResource",
"config:DescribeConfigRules",
"securityhub:GetFindings",
"securityhub:GetEnabledStandards",
"securityhub:DescribeStandardsControls"
],
"Resource": "*"
}
]
}
CI/CD
GitHub Actions runs tests on Python 3.10 and 3.12 on every push. See .github/workflows/ci.yml.
License
MIT
Установка AWS Compliance Server
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/aditya0529/AWS-Compliance-MCP-ServerFAQ
AWS Compliance Server MCP бесплатный?
Да, AWS Compliance Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для AWS Compliance Server?
Нет, AWS Compliance Server работает без API-ключей и переменных окружения.
AWS Compliance Server — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить AWS Compliance Server в Claude Desktop, Claude Code или Cursor?
Открой AWS Compliance Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare AWS Compliance Server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
