mcp-cloud-compliance

This MCP server provides an AI-assisted interface for AWS cloud compliance auditing focused on S3 bucket resources. It exposes capabilities to list S3 buckets by region, check storage compliance against SOC 2, CIS, and NIST frameworks, and generate high-level compliance findings and reports. You can interact with the server through Claude Desktop (or any MCP-compatible client) to initiate checks, retrieve findings, and request summaries or detailed analyses of your S3 storage landscape. The server is designed to evolve to cover additional AWS resource types as new compliance checks are implemented.

To use the server, start it with Java (as shown in the installation steps) and configure Claude Desktop to connect to the running MCP server. Once connected, you can ask Claude to: (1) list your S3 buckets and their regional metadata, (2) run standard compliance checks for SOC 2, CIS, and NIST on storage resources, (3) generate a compliance summary or a detailed report of non-compliant resources. The tools exposed by the MCP server include health_check, list_supported_standards, list_supported_resource_types, list_s3_buckets, and check_resource_compliance, which you can invoke conversationally through Claude to perform the corresponding actions and retrieve structured findings.

Prerequisites:

• Java 21 or higher
• Maven 3.6+ (for building from source)
• AWS credentials configured (for accessing S3 data during checks)

Installation steps:

1. Clone the repository git clone https://github.com/uprightsleepy/mcp-cloud-compliance.git
2. Build the project cd mcp-cloud-compliance mvn clean package
3. Run the MCP server (examples):
   • Using Maven: mvn spring-boot:run
   • Using the packaged JAR: java -jar target/cloud-compliance-mcp-0.1.0.jar
4. Verify the server is running (optional): You can call the health_check tool via your MCP client or Claude to confirm the server responds.

Note: Ensure your AWS credentials are configured in the environment where the server runs, so S3 bucket queries and compliance checks can access the necessary resources.

Tips and considerations:

• The current release focuses on S3 bucket compliance checks; future updates may add more AWS resource types and broader coverage.
• If you deploy behind a corporate firewall, ensure outbound access to AWS endpoints is permitted and that your IAM permissions allow read access to S3 buckets for auditing.
• When configuring Claude Desktop, use an absolute path to the JAR in the server configuration to avoid path resolution issues.
• Monitor Java memory usage in production; adjust JVM options if you anticipate large datasets or many buckets.
• If you encounter issues with running via Maven, prefer the packaged JAR for simpler deployment and fewer build-time dependencies.