AWS Security Audit

MCP Servers

• IAM MCP: uvx awslabs.iam-mcp-server@latest --readonly (stdio transport)
• CloudTrail MCP: uvx awslabs.cloudtrail-mcp-server@latest (stdio transport)
• Requires: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION (or AWS_PROFILE)

Key Capabilities

IAM (Identity & Access Management)

• Users: List IAM users, access keys, MFA status, last activity
• Roles: List roles, trust policies, attached permissions
• Policies: Inspect policy documents, identify overly permissive policies
• Groups: List groups and their memberships
• Read-only mode: --readonly flag prevents any IAM modifications

CloudTrail (API Audit Trail)