Amazon Bedrock

The Falcon MCP Server is available on the AWS Marketplace for streamlined deployment to Amazon Bedrock AgentCore.

Prerequisites

CrowdStrike API Credentials

Create API credentials in your CrowdStrike console:

Log into your CrowdStrike console
Navigate to Support > API Clients and Keys
Click Add new API client
Configure scopes based on the modules you plan to use (see API Credentials)
Note down your FALCON_CLIENT_ID, FALCON_CLIENT_SECRET, and FALCON_BASE_URL

AWS VPC Requirements

The MCP Server requires internet connectivity to communicate with CrowdStrike’s APIs:

Internet Gateway or NAT Gateway for outbound connectivity
Outbound HTTPS access to api.crowdstrike.com on port 443
Appropriate security group rules

Getting Started

Visit the Falcon MCP Server on AWS Marketplace
Subscribe and follow the deployment instructions
Configure the environment variables below

Environment Variables

Variable	Value	Description
`FALCON_CLIENT_ID`	Your client ID	CrowdStrike API client ID
`FALCON_CLIENT_SECRET`	Your client secret	CrowdStrike API client secret
`FALCON_BASE_URL`	`https://api.crowdstrike.com`	API base URL (region-specific)
`FALCON_MCP_TRANSPORT`	`streamable-http`	Transport protocol
`FALCON_MCP_HOST`	`0.0.0.0`	Host binding
`FALCON_MCP_PORT`	`8000`	Server port
`FALCON_MCP_USER_AGENT_COMMENT`	`AWS/Bedrock/AgentCore`	Request identifier
`FALCON_MCP_STATELESS_HTTP`	`true`	Required for AgentCore
`FALCON_MCP_API_KEY`	(optional)	API key to secure the MCP endpoint

Verify Deployment

After deployment, verify connectivity by invoking the falcon_check_connectivity tool:

{
  "jsonrpc": "2.0",
  "id": "1",
  "method": "tools/call",
  "params": { "name": "falcon_check_connectivity" }
}

Example Tool Invocation

Search for recent detections:

{
  "jsonrpc": "2.0",
  "id": "1",
  "method": "tools/call",
  "params": {
    "name": "falcon_search_detections",
    "arguments": { "filter": "status:'new'" }
  }
}