MCP for AWS Security Engineers: Build a Read-Only Security Hub Triage Agent
For AWS-heavy security work, I would start with AWS Agent Toolkit for AWS and the managed AWS MCP Server, not a custom MCP server.
The reason is practical. AWS now provides a managed MCP path that can connect AI coding agents to AWS documentation, AWS APIs, AWS skills, and existing IAM credentials. The Agent Toolkit also provides plugin-based setup for supported agents such as Claude Code and Codex.
For security teams, that is the right starting point because the enforcement point remains AWS IAM, not the model.
The initial operating model should be strict:







