Tracecat

AWS MCP server

Search AWS documentation, call AWS APIs, and run sandboxed scripts with IAM-scoped access from a single endpoint.

Cloud
http
Official docs

About

Connect Tracecat to AWS to investigate findings across the cloud substrate for SOC and cloud security teams that live in IAM, CloudTrail, and GuardDuty. You can search AWS documentation, call any AWS API, and run sandboxed Python from a single endpoint governed by your existing IAM policies. From there, query CloudTrail for the responsible principal, pull CloudWatch metrics, and run a remediation script with every action captured in CloudTrail under the connected IAM Identity Center user.

Setup

  1. 1

    Sign in with OAuth

    You'll authorize Tracecat to access AWS on your behalf. No API keys to manage.

  2. 2

    Select the AWS tile in the Tracecat MCP catalog

    Open the MCP catalog in your workspace, select the AWS tile, and complete the OAuth flow.

  3. 3

    Enable AWS in your agent

    In your ai.agent action or Agents tools tab, select AWS from the MCP integrations dropdown.

Tools

search_documentation

Search the official AWS documentation across all services.

get_service_information

Retrieve service overviews, quotas, and regional availability.

call_aws_api

Call any AWS API using the caller's IAM credentials.

run_python_script

Run Python code in a sandboxed environment with access to AWS SDKs.

list_skills

List curated AWS skills the agent can follow for common workflows.

run_skill

Execute a curated AWS skill end to end.

get_cloudwatch_metrics

Read CloudWatch metrics for monitoring and incident investigation.

query_cloudtrail

Search CloudTrail for recent API calls for a given principal or resource.

Deploy the AWS MCP server in minutes

Connect your security agents to 50+ hosted MCP servers.

Self-host free