aws-security

This MCP server exposes three AWS tooling capabilities wrapped as MCP endpoints: listing security groups with inbound/outbound rules, listing S3 buckets with region and creation details, and analyzing VPC connections (peering, endpoints, transit gateways, route tables, and network ACLs). It also includes an interactive Agno agent that connects to the MCP server to manage tasks, stream tool calls in real time, and handle multiple concurrent queries, along with an optional Ollama-backed AI model for enhanced reasoning. To use the server, run the main Python script to start an SSE-based MCP server, then connect with an MCP client or the provided Python agents. You can also run the lightweight agent for basic interactions or a full interactive agent for richer orchestration and streaming of tool results. The server is designed to be compatible with any MCP client that understands the SSE transport and MCP tool dispatch patterns.

Prerequisites:

• Python 3.11 or later
• AWS credentials configured for boto3 (environment variables or AWS config/credentials file)
• Ollama installed and running locally (for the interactive agent)
• Required Python packages: boto3, agno, fastmcp, rich, click (as listed in requirements.txt)

Installation steps:

1. Clone the repository git clone https://github.com/skjortans/aws-mcp-server.git cd aws-mcp-server

2. Create and activate a virtual environment (optional but recommended) python -m venv venv source venv/bin/activate # On Windows use: venv\Scripts\activate

3. Install dependencies If a requirements.txt exists: python -m pip install -r requirements.txt Otherwise, install explicitly: python -m pip install boto3 agno fastmcp rich click

4. Install and start Ollama (required for the interactive agent) Follow the Ollama installation instructions at https://ollama.ai/download Then pull a model, for example: ollama pull qwen3

5. Run the MCP server python src/aws-security-mcp-server.py

6. (Optional) Run the interactive agent python src/aws-demo-agent.py

Notes:

• Ensure your AWS credentials are configured in the environment or via AWS config files so boto3 can access necessary AWS resources.
• The server uses SSE transport; clients should connect accordingly (e.g., via an MCP client configured for SSE).

Tips and common considerations:

• If you modify AWS tooling or add new capabilities, update the MCP server implementation accordingly and document any new MCP endpoints.
• Environment variables for AWS credentials are sensitive; prefer using AWS config/credentials files or tightly scoped roles for production setups.
• Ollama integration enables local AI capabilities for the interactive agent; ensure Ollama is running and that the chosen model is compatible with your workload.
• If you encounter transport issues, verify that the MCP client is configured to use SSE transport and that the server is reachable at the expected address and port (default is 127.0.0.1:5678 as indicated by the server log).
• The repository notes that the simple agent may have an import gap in the MCPClientParameters; for production use, prefer the interactive agent or ensure the simple agent is updated to align with your MCP client version.