Getting Started with BlueRock Secure MCP Server
Introduction
The BlueRock Secure Model Context Protocol (MCP) Server provides a hardened Amazon Linux 2023 6.12 AMI with BlueRock runtime security built into the distribution. Additionally, the image includes the FastMCP framework for MCP server development to provide a fast and easy way for developers to build MCP servers.
The combination of this distribution provides a cloud-ready machine instance for quick deployment, the FastMCP framework for rapid MCP server development and the BlueRock runtime security to protect against potential code exploits or escapes via the MCP protocol.
Getting Started
The BlueRock Secure MCP Server deployment can be launched from the AWS Marketplace here.
Launch the EC2 image from the AWS Console
Enter the respective values for instance Name, VPC, Subnet, Security Group, and Key Pair and select Launch Instance.
Upon completion of launch, you may log into the instance start definition of MCP tools and initialization of FastMCP to launch a server.
This BlueRock instance provides security observability of the following events:
Python and Java Application Runtime Guardrails Detects and prevents exploits via deserialization, SSRF, path traversal, and other code-level exploits. Provides capabilities for full MCP protocol inspection and blocking.
Config Drift Detection Identify tool, tool argument and other control modifications on an MCP server.
Reverse shell protection Kills post-exploitation command-and-control via spawned shells/remote TTY.
Container drift protection Prevents execution of binaries not in the original image—classic malware drop behavior.
Capability escalation control Blocks attempts to add elevated Linux capabilities and expand blast radius.
Events can be monitored in AWS CloudWatch using the steps outlined in the "Configuring OTEL Event Collection with BlueRock" guide.
Test and validation steps can be found in the "Testing BlueRock Container Drift Alerts" section
Last updated