Cloud Audit
Let your coding agent scan AWS for misconfigurations, IAM escalation paths, and attack chains with actionable fix guidance before you ship or after incidents.
Overview
cloud-audit is an MCP server for the Ship phase that scans AWS for security issues including attack chains, IAM privilege escalation, and suggested fixes.
What is this MCP server?
- AWS-focused security scanner exposed as MCP tools over stdio via uvx and PyPI package cloud-audit
- Attack chain detection to show how misconfigs compound into exploitable paths
- IAM privilege escalation analysis for over-permissive roles and policies
- Remediation-oriented output aimed at fixes, not only findings
- Version 2.0.1 server schema with runtimeHint uvx for quick agent installs
- Server version 2.0.1 on PyPI package identifier cloud-audit
- Stdio transport with uvx runtimeHint
- Documented capabilities: attack chain detection, IAM privilege escalation, fixes
What problem does it solve?
You are shipping on AWS but do not know whether IAM policies, exposed resources, and chained misconfigs could let an attacker pivot through your account.
Who is it for?
Solo builders and tiny teams with AWS production or staging accounts who want agent-assisted security reviews during ship and operate checkpoints.
Skip if: Teams on GCP-only or Azure-only stacks, or builders who need certified compliance reports instead of practical scanner output.
What do I get? / Deliverables
After you add the MCP server, your agent can run structured AWS security scans and return escalation paths and fix-oriented guidance inside your normal workflow.
- AWS security findings with attack-chain and IAM escalation context
- Fix-oriented guidance your agent can turn into IaC or console changes
- Repeatable agent-invoked audits without leaving the IDE thread
Recommended MCP Servers
Journey fit
Pre-launch and ongoing AWS hardening belongs in Ship because it validates security posture before customers touch production workloads. Security subphase is the canonical shelf for dedicated scanners that surface privilege escalation and remediation, not generic infra provisioning.
How it compares
AWS security MCP scanner, not a general-purpose coding skill or multi-cloud posture platform.
Common Questions / FAQ
Who is Cloud Audit for?
Cloud Audit is for indie developers and small teams using AI coding agents who deploy on AWS and want MCP-native security scanning with IAM escalation and attack-chain context.
When should I use Cloud Audit?
Use Cloud Audit before launch, after major IAM or network changes, or when you suspect misconfiguration and want fixes surfaced in the same session as your agent.
How do I add Cloud Audit to my agent?
Register the io.github.gebalamariusz/Cloud Audit MCP server with stdio transport, run it via uvx with the Cloud Audit PyPI package (Cloud Audit-mcp), and configure AWS credentials the scanner can read.