{"id":23321,"library":"awslabs-well-architected-security-mcp-server","title":"AWS Well-Architected Security MCP Server","description":"A Model Context Protocol (MCP) server that provides AWS Well-Architected Security best-practice assessments and guidance. Version 0.1.7, released monthly-ish.","status":"active","version":"0.1.7","language":"python","source_language":"en","source_url":"https://github.com/awslabs/well-architected-security-mcp-server","tags":["aws","well-architected","security","mcp","assessment"],"install":[{"cmd":"pip install awslabs-well-architected-security-mcp-server","lang":"bash","label":"Install from PyPI"}],"dependencies":[{"reason":"AWS SDK for interacting with Well-Architected Tool API","package":"boto3","optional":false},{"reason":"Model Context Protocol library","package":"mcp","optional":false}],"imports":[{"note":"None","wrong":null,"symbol":"WellArchitectedSecurityMCPServer","correct":"from well_architected_security_mcp_server import WellArchitectedSecurityMCPServer"},{"note":"None","wrong":null,"symbol":"run_server","correct":"from well_architected_security_mcp_server import run_server"}],"quickstart":{"code":"import os\nfrom well_architected_security_mcp_server import run_server\n\n# Ensure AWS credentials are configured (e.g., via AWS_PROFILE or env vars)\nos.environ.get('AWS_PROFILE', 'default')\nrun_server()","lang":"python","description":"Starts the MCP server for AWS Well-Architected Security assessments."},"warnings":[{"fix":"Ensure the AWS credentials used (via environment variables, AWS profile, or IAM role) have the required permissions. Attach the AWSWellArchitectedConsoleFullAccess managed policy or craft a custom policy.","message":"Requires AWS credentials with permissions for wellarchitected:ListWorkloads, wellarchitected:GetWorkload, wellarchitected:ListLensReviews, and wellarchitected:GetLensReviewReport.","severity":"gotcha","affected_versions":"all"},{"fix":"Override port via environment variable MCP_SERVER_PORT or modify the source code (currently no CLI argument). Use a different port or ensure 8080 is free.","message":"The server binds to localhost:8080 by default; if the port is already in use or blocked, the server will fail to start.","severity":"gotcha","affected_versions":"all"},{"fix":"Replace `from well_architected_security_mcp_server import start_server` with `from well_architected_security_mcp_server import run_server`.","message":"As of v0.1.5, the function `start_server` was renamed to `run_server`. Old code using `start_server` will break.","severity":"deprecated","affected_versions":">=0.1.5"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Install using pip install awslabs-well-architected-security-mcp-server. The import path uses underscores corresponding to the PyPI slug.","cause":"The package was installed with a different name or not installed at all.","error":"ModuleNotFoundError: No module named 'well_architected_security_mcp_server'"},{"fix":"Set AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and optionally AWS_SESSION_TOKEN, or use AWS_PROFILE. Example: export AWS_PROFILE=myprofile","cause":"AWS credentials are not configured in the environment.","error":"botocore.exceptions.NoCredentialsError: Unable to locate credentials"},{"fix":"Use run_server instead: from well_architected_security_mcp_server import run_server","cause":"Using the old function name that was renamed in v0.1.5.","error":"ImportError: cannot import name 'start_server' from 'well_architected_security_mcp_server'"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}