AWS MCP server
Search AWS documentation, call AWS APIs, and run sandboxed scripts with IAM-scoped access from a single endpoint.
About
Connect Tracecat to AWS to investigate findings across the cloud substrate for SOC and cloud security teams that live in IAM, CloudTrail, and GuardDuty. You can search AWS documentation, call any AWS API, and run sandboxed Python from a single endpoint governed by your existing IAM policies. From there, query CloudTrail for the responsible principal, pull CloudWatch metrics, and run a remediation script with every action captured in CloudTrail under the connected IAM Identity Center user.
Setup
- 1
Sign in with OAuth
You'll authorize Tracecat to access AWS on your behalf. No API keys to manage.
- 2
Select the
AWStile in the Tracecat MCP catalogOpen the
MCP catalogin your workspace, select theAWStile, and complete the OAuth flow. - 3
Enable
AWSin your agentIn your
ai.agentaction orAgents→toolstab, selectAWSfrom theMCP integrationsdropdown.
Tools
search_documentation | Search the official AWS documentation across all services. |
get_service_information | Retrieve service overviews, quotas, and regional availability. |
call_aws_api | Call any AWS API using the caller's IAM credentials. |
run_python_script | Run Python code in a sandboxed environment with access to AWS SDKs. |
list_skills | List curated AWS skills the agent can follow for common workflows. |
run_skill | Execute a curated AWS skill end to end. |
get_cloudwatch_metrics | Read CloudWatch metrics for monitoring and incident investigation. |
query_cloudtrail | Search CloudTrail for recent API calls for a given principal or resource. |