If you discover a security vulnerability in AWS MCP Server, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

1. Email: Send details to the repository maintainer (see GitHub profile)
2. GitHub Security Advisory: Use GitHub's private vulnerability reporting

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

For detailed information about the security architecture, command validation, and sandbox execution, see Security Architecture.

When using AWS MCP Server:

1. Use Docker deployment - Provides strongest isolation
2. Apply least-privilege IAM - Limit AWS credentials to minimum required permissions
3. Keep updated - Use latest version for security fixes
4. Review blocked commands - Understand what operations are restricted in strict mode