今日已更新 420 条资讯 | 累计 20392 条内容
关于我们

MCP for AWS Security Engineers: Build a Read-Only Security Hub Triage Agent

Mike Anderson 2026年07月16日 17:54 0 次阅读 来源:Dev.to

MCP for AWS Security Engineers: Build a Read-Only Security Hub Triage Agent For AWS-heavy security work, I would start with AWS Agent Toolkit for AWS and the managed AWS MCP Server , not a custom MCP server. The reason is practical. AWS now provides a managed MCP path that can connect AI coding agents to AWS documentation, AWS APIs, AWS skills, and existing IAM credentials. The Agent Toolkit also provides plugin-based setup for supported agents such as Claude Code and Codex. For security teams, that is the right starting point because the enforcement point remains AWS IAM, not the model. The initial operating model should be strict: Read-only first. No production write authority. No access to secrets. No raw customer PII or sensitive incident logs in prompt context. No automatic remediation. No AI-approved suppression, exception, merge, deploy, or risk acceptance. Human review and CI/CD remain the release authority. That is the same posture I would use for a governed Claude Code or Codex rollout: named identities, SSO, scoped credentials, default deny, tool approval, audit logs, and security evidence tied back to tickets, pull requests, CI logs, and cloud findings. What we are building This article walks through a practical security workflow: A read-only Security Hub triage assistant that helps a junior security engineer produce a daily or weekly findings summary, remediation backlog, and evidence pack without allowing the agent to modify AWS. The agent will be able to: Read AWS Security Hub findings. Group findings by account, severity, product, resource, and control. Explain why a finding matters. Draft remediation tickets. Draft a Slack-ready summary. Produce local markdown, CSV, and JSON evidence files. The agent will not be able to: Suppress findings. Archive findings. Mark findings resolved. Disable Security Hub standards. Modify IAM, S3, EC2, KMS, GuardDuty, Inspector, or Config. Deploy remediation. Run destructive scripts. Approve risk acceptance. This is no

本文内容来源于互联网,版权归原作者所有
查看原文