When we first announced the Orca MCP Server, we showed some examples with Claude and with Cursor. In this blog, we’re excited to show the experience with Amazon Q Developer connected to the Orca MCP Server. 

What is Amazon Q?

Amazon Q is a GenAI chatbot developed by Amazon for businesses and developers. Companies like Smartsheet, Bayer Crop Science, and Accenture have all experienced efficiency gains from Amazon Q across business and infrastructure teams.

Amazon Q comes in two different products: Amazon Q Business and Amazon Q Developer. Amazon Q Business streamlines knowledge sharing and makes it easier to answer questions about your business. The end user experience is very similar to other GenAI chatbots, and is built for the clear use case for integrating with internal content, data, and systems. Amazon Q Developer makes it easier for developers, data scientists, and IT professionals to build, operate, and transform software, with advanced capabilities for managing data and AI/ML. The examples we will explore later in this blog focus on how we use Amazon Q Developer with the Orca MCP Server to ensure secure coding for cloud native applications.

Amazon Q is powered by Amazon Bedrock and includes automated abuse detection implemented in Amazon Bedrock to enforce safety, security, and the responsible use of AI. 

What is Amazon Bedrock?

Amazon Bedrock is a fully managed web service that allows developers to utilize a variety of AI models via API to power their GenAI apps with incredible speed to market. Large global companies in industries like manufacturing, finance, travel, healthcare, and high tech choose to build with Amazon Bedrock because of the resiliency, security, data privacy, and responsible use of AI built in.

Customers love the combination of choice between various models per use case while maintaining an intentional airgap between model host and model provider. Examples of applications built with Amazon Bedrock include apps that:

  • Help physicians interpret blood tests
  • Make trading rules accessible to the everyday person
  • Deliver better customer service and reduce reliance on human interaction
  • Interpret data from legacy proprietary apps into plain English
  • Increase internal organizational efficiency 

Amazon Bedrock boosts organizations that want to modernize with GenAI without the exorbitant price tag because it’s serverless – no infrastructure to manage.

What is the Orca MCP Server?

MCP (Model Context Protocol) is an open standard created by Anthropic to simplify how applications can provide context to LLMs. MCP servers give developers a way to expose data and services from their apps so people can use GenAI to ask questions, create summaries, and simply understand their data better.

The Orca Pod created the Orca MCP Server so people can securely connect the data from their Orca environment with any GenAI. Once the MCP Server is connected, people can ask questions about their cloud environment, create summaries, and discover more stories buried in the plethora of cloud security and compliance data from the Orca Platform. 

Use Amazon Q Developer and Orca MCP Server together to ask anything about your cloud environment

Amazon Bedrock Agents and Amazon Q provide a state of the art foundation to run our MCP server, all in a single user experience. Below is a high level architectural view of how the different components interact with each other, followed by an example in Amazon Q using the Orca MCP Server.


Architecture diagram showing how Amazon Q, Amazon Bedrock, and MCP servers work together.

Example demo questions and video

When security professionals use Amazon Q Developer to accomplish tasks, they can tap into the Orca MCP server to ask questions about the security of their cloud environment. For example, users can explore all of the cloud accounts connected to the Orca Platform and get a shortlist of their most vulnerable containers to address. Take a look at this example using the command line interface (CLI) experience.

Want to use these capabilities or learn more?

If you’re an Orca customer and you’d like to try out the Orca MCP Server, reach out to your account team. If you want to create your own MCP server, take a look at Amazon’s community blog, and check out other MCP servers here.

About Orca

The Orca Cloud Security Platform is an open platform that identifies, prioritizes, and remediates security risks and compliance gaps across AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Kubernetes. The Orca Platform leverages our patented SideScanning™ technology to provide complete coverage and comprehensive risk detection. To see how this platform can work for your organization, schedule a personalized 1:1 demo.