- An EC2 instance running (Amazon Linux 2023 or Ubuntu recommended)
- Node.js 18+ installed
- PM2 or similar process manager for running Node.js applications
- Git installed
- IAM Role attached to the EC2 instance
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"inspector2:ListFindings",
"inspector2:GetFindings",
"inspector2:ListCoverage",
"inspector2:GetDashboardMetrics",
"inspector2:BatchGetAccountStatus",
"inspector2:ListTagsForResource"
],
"Resource": "*"
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sts:AssumeRole",
"sts:GetCallerIdentity"
],
"Resource": "arn:aws:iam::*:role/*"
}
]
}- Connect to your EC2 instance
ssh -i your-key.pem ec2-user@your-instance-ip- Install Node.js and other dependencies
# For Amazon Linux 2023
sudo dnf update -y
sudo dnf install -y nodejs git
# For Ubuntu
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt-get install -y nodejs git- Install PM2 globally
sudo npm install -g pm2- Clone the repository
git clone https://github.com/groovyBugify/aws-inspector-mcp.git
cd aws-inspector-mcp- Install dependencies
npm install- Create environment file
cp .env.example .env- Configure environment variables Edit the .env file with your configuration:
nano .envRequired configurations:
PORT=3001
AWS_REGION=your-region
CORS_ORIGIN=your-frontend-domain
LOG_LEVEL=info
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100- Build the application
npm run build- Start the application with PM2
pm2 start npm --name "aws-inspector-mcp" -- start- Save PM2 configuration for auto-restart
pm2 save
pm2 startup-
Configure Firewall Rules Allow inbound traffic only on port 3001 (or your configured port) from your frontend application's IP/subnet.
-
Set up NGINX as a reverse proxy (Optional but recommended)
sudo apt install nginxCreate NGINX configuration:
server {
listen 80;
server_name your-domain.com;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}- View application logs
pm2 logs aws-inspector-mcp- Monitor application status
pm2 monit- View application metrics
pm2 show aws-inspector-mcpThe application exposes a health check endpoint at /health that can be used for monitoring.
- Check application logs
pm2 logs aws-inspector-mcp --lines 100- Verify IAM Role
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/- Test AWS Inspector Access
aws inspector2 list-findings --region your-region- Update application
cd aws-inspector-mcp
git pull
npm install
npm run build
pm2 restart aws-inspector-mcp- Backup configuration
cp .env .env.backup{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"inspector2:ListFindings",
"inspector2:GetFindings",
"inspector2:ListCoverage",
"inspector2:GetDashboardMetrics"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:RequestedRegion": ["us-east-1"] // Replace with your region
}
}
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNT-ID:role/ROLE-NAME"
},
"Action": [
"inspector2:ListFindings",
"inspector2:GetFindings"
],
"Resource": "*"
}
]
}