AWS Well-Architected Security MCP Server
raw JSON → 0.1.7 verified Fri May 01 auth: no python
A Model Context Protocol (MCP) server that provides AWS Well-Architected Security best-practice assessments and guidance. Version 0.1.7, released monthly-ish.
pip install awslabs-well-architected-security-mcp-server Common errors
error ModuleNotFoundError: No module named 'well_architected_security_mcp_server' ↓
cause The package was installed with a different name or not installed at all.
fix
Install using pip install awslabs-well-architected-security-mcp-server. The import path uses underscores corresponding to the PyPI slug.
error botocore.exceptions.NoCredentialsError: Unable to locate credentials ↓
cause AWS credentials are not configured in the environment.
fix
Set AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and optionally AWS_SESSION_TOKEN, or use AWS_PROFILE. Example: export AWS_PROFILE=myprofile
error ImportError: cannot import name 'start_server' from 'well_architected_security_mcp_server' ↓
cause Using the old function name that was renamed in v0.1.5.
fix
Use run_server instead: from well_architected_security_mcp_server import run_server
Warnings
gotcha Requires AWS credentials with permissions for wellarchitected:ListWorkloads, wellarchitected:GetWorkload, wellarchitected:ListLensReviews, and wellarchitected:GetLensReviewReport. ↓
fix Ensure the AWS credentials used (via environment variables, AWS profile, or IAM role) have the required permissions. Attach the AWSWellArchitectedConsoleFullAccess managed policy or craft a custom policy.
gotcha The server binds to localhost:8080 by default; if the port is already in use or blocked, the server will fail to start. ↓
fix Override port via environment variable MCP_SERVER_PORT or modify the source code (currently no CLI argument). Use a different port or ensure 8080 is free.
deprecated As of v0.1.5, the function `start_server` was renamed to `run_server`. Old code using `start_server` will break. ↓
fix Replace `from well_architected_security_mcp_server import start_server` with `from well_architected_security_mcp_server import run_server`.
Imports
- WellArchitectedSecurityMCPServer
from well_architected_security_mcp_server import WellArchitectedSecurityMCPServer - run_server
from well_architected_security_mcp_server import run_server
Quickstart
import os
from well_architected_security_mcp_server import run_server
# Ensure AWS credentials are configured (e.g., via AWS_PROFILE or env vars)
os.environ.get('AWS_PROFILE', 'default')
run_server()