aws-security-mcp 0.7.4 → 0.7.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/src/index.js
CHANGED
|
@@ -4,7 +4,7 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
|
|
|
4
4
|
import { z } from "zod";
|
|
5
5
|
|
|
6
6
|
// src/version.ts
|
|
7
|
-
var VERSION = "0.7.
|
|
7
|
+
var VERSION = "0.7.5";
|
|
8
8
|
|
|
9
9
|
// src/utils/aws-client.ts
|
|
10
10
|
import { STSClient, GetCallerIdentityCommand } from "@aws-sdk/client-sts";
|
|
@@ -9060,8 +9060,9 @@ LOW \u2192 P3 (Low)
|
|
|
9060
9060
|
`;
|
|
9061
9061
|
|
|
9062
9062
|
// src/index.ts
|
|
9063
|
-
import { readFileSync as readFileSync2 } from "fs";
|
|
9063
|
+
import { readFileSync as readFileSync2, mkdirSync as mkdirSync2, writeFileSync as writeFileSync2 } from "fs";
|
|
9064
9064
|
import { join as join2, dirname } from "path";
|
|
9065
|
+
import { homedir as homedir2 } from "os";
|
|
9065
9066
|
import { fileURLToPath } from "url";
|
|
9066
9067
|
var MODULE_DESCRIPTIONS = {
|
|
9067
9068
|
service_detection: "Detects which AWS security services (Security Hub, GuardDuty, Inspector, Config) are enabled and assesses security maturity.",
|
|
@@ -9702,6 +9703,79 @@ Deploy this as a StackSet from your Management Account to all member accounts.`
|
|
|
9702
9703
|
}
|
|
9703
9704
|
}
|
|
9704
9705
|
);
|
|
9706
|
+
server.tool(
|
|
9707
|
+
"scan_and_report",
|
|
9708
|
+
"Run a full security scan AND generate reports in one step. Avoids large data transfer between tools. Reports are saved to ~/.aws-security/reports/",
|
|
9709
|
+
{
|
|
9710
|
+
region: z.string().optional().describe("AWS region (default: server region)"),
|
|
9711
|
+
org_mode: z.boolean().optional().describe("Enable multi-account org scanning"),
|
|
9712
|
+
role_name: z.string().optional().describe("IAM role name for cross-account scanning"),
|
|
9713
|
+
account_ids: z.array(z.string()).optional().describe("Filter to specific account IDs"),
|
|
9714
|
+
reports: z.array(z.enum(["html", "hw_defense", "mlps3", "markdown", "all"])).optional().describe("Report types to generate (default: all)"),
|
|
9715
|
+
lang: z.enum(["zh", "en"]).optional().describe("Language: zh or en (default: zh)")
|
|
9716
|
+
},
|
|
9717
|
+
async ({ region, org_mode, role_name, account_ids, reports, lang }) => {
|
|
9718
|
+
try {
|
|
9719
|
+
const r = region ?? defaultRegion;
|
|
9720
|
+
const l = lang ?? "zh";
|
|
9721
|
+
const reportTypes = reports ?? ["all"];
|
|
9722
|
+
const wantAll = reportTypes.includes("all");
|
|
9723
|
+
let result;
|
|
9724
|
+
if (org_mode) {
|
|
9725
|
+
result = await runMultiAccountScanners(allScanners, r, {
|
|
9726
|
+
orgMode: true,
|
|
9727
|
+
roleName: role_name ?? "AWSSecurityMCPAudit",
|
|
9728
|
+
accountIds: account_ids
|
|
9729
|
+
});
|
|
9730
|
+
} else {
|
|
9731
|
+
result = await runAllScanners(allScanners, r);
|
|
9732
|
+
}
|
|
9733
|
+
const baseDir = join2(homedir2(), ".aws-security", "reports", (/* @__PURE__ */ new Date()).toISOString().slice(0, 10));
|
|
9734
|
+
mkdirSync2(baseDir, { recursive: true });
|
|
9735
|
+
const savedFiles = [];
|
|
9736
|
+
if (wantAll || reportTypes.includes("html")) {
|
|
9737
|
+
const html = generateHtmlReport(result, void 0, l);
|
|
9738
|
+
const p = join2(baseDir, "security-report.html");
|
|
9739
|
+
writeFileSync2(p, html);
|
|
9740
|
+
savedFiles.push(p);
|
|
9741
|
+
}
|
|
9742
|
+
if (wantAll || reportTypes.includes("hw_defense")) {
|
|
9743
|
+
const html = generateHwDefenseHtmlReport(result, l);
|
|
9744
|
+
const p = join2(baseDir, "hw-defense-report.html");
|
|
9745
|
+
writeFileSync2(p, html);
|
|
9746
|
+
savedFiles.push(p);
|
|
9747
|
+
}
|
|
9748
|
+
if (wantAll || reportTypes.includes("mlps3")) {
|
|
9749
|
+
const html = generateMlps3HtmlReport(result, void 0, l);
|
|
9750
|
+
const p = join2(baseDir, "mlps3-report.html");
|
|
9751
|
+
writeFileSync2(p, html);
|
|
9752
|
+
savedFiles.push(p);
|
|
9753
|
+
}
|
|
9754
|
+
if (wantAll || reportTypes.includes("markdown")) {
|
|
9755
|
+
const md = generateMarkdownReport(result, l);
|
|
9756
|
+
const p = join2(baseDir, "security-report.md");
|
|
9757
|
+
writeFileSync2(p, md);
|
|
9758
|
+
savedFiles.push(p);
|
|
9759
|
+
}
|
|
9760
|
+
saveResults(result);
|
|
9761
|
+
const summary = summarizeResult(result, l);
|
|
9762
|
+
const fileList = savedFiles.map((f) => ` ${f}`).join("\n");
|
|
9763
|
+
return {
|
|
9764
|
+
content: [{
|
|
9765
|
+
type: "text",
|
|
9766
|
+
text: `${summary}
|
|
9767
|
+
|
|
9768
|
+
Reports saved:
|
|
9769
|
+
${fileList}
|
|
9770
|
+
|
|
9771
|
+
Dashboard data updated.`
|
|
9772
|
+
}]
|
|
9773
|
+
};
|
|
9774
|
+
} catch (err) {
|
|
9775
|
+
return { content: [{ type: "text", text: `Error: ${err instanceof Error ? err.message : String(err)}` }], isError: true };
|
|
9776
|
+
}
|
|
9777
|
+
}
|
|
9778
|
+
);
|
|
9705
9779
|
server.resource(
|
|
9706
9780
|
"security-rules",
|
|
9707
9781
|
"security://rules",
|