MCP Server for AI Agents

cloud-audit includes a Model Context Protocol (MCP) server that lets AI coding assistants scan your AWS account directly.

Quick Setup

Claude Code

claude mcp add cloud-audit -- uvx --from cloud-audit cloud-audit-mcp

Project-scoped config

Add .mcp.json to your repo root (shared with team):

{
  "cloud-audit": {
    "command": "uvx",
    "args": ["--from", "cloud-audit", "cloud-audit-mcp"]
  }
}

With pip

pip install cloud-audit
claude mcp add cloud-audit -- cloud-audit-mcp

Available Tools

Tool	Description
`scan_aws`	Run a full security scan
`get_findings`	Get findings filtered by severity/category
`get_attack_chains`	Get detected attack chains
`get_remediation`	Get fix for a specific check ID
`get_health_score`	Get the health score and risk exposure
`list_checks`	List all available checks

Example Prompts

After setup, ask your AI assistant:

"Scan my AWS account and show me the critical findings"
"What attack chains were detected?"
"How much risk exposure does my account have in dollars?"
"Show me the Terraform code to fix aws-iam-001"
"Which CIS controls are we failing?"

How It Differs

Prowler and Wiz have MCP servers, but both require their paid SaaS platform ($99+/month). cloud-audit MCP works locally with zero accounts, zero API keys, and zero data sent anywhere.

Compatibility

Works with any MCP-compatible client:

Claude Code
Cursor
VS Code with GitHub Copilot
Any tool supporting the Model Context Protocol

Requirements

AWS credentials configured (same as CLI usage)
SecurityAudit IAM policy attached to your role/user