Detecting Fraud with Amazon Q, MCP and Aurora PostgreSQL
Amazon Web Services (AWS) announced the expansion of Amazon Q Developer’s capabilities to include intelligent fraud detection workflows, powered by natural language and PostgreSQL integration. Using the Model Context Protocol (MCP), developers can now ask domain-specific questions such as "What are the high-risk transactions this week?" and receive live results from their Aurora PostgreSQL database all from their terminal.
Published Jun 3, 2025
By combining structured relational data with the power of Amazon Q Developer’s CLI and flexible MCP configuration, teams can now streamline investigations, reduce time-to-insight, and build secure, scalable fraud detection pipelines with ease.
In a typical financial system, transactional anomalies must be detected quickly and confidently. With Amazon Q Developer, you can now use natural language to explore a relational schema that includes tables like `transactions`, `fraud_cases`, `devices`, and `logins` backed by Aurora PostgreSQL.
Amazon Aurora combines the performance and availability of high-end commercial databases with the simplicity and cost-effectiveness of open-source engines. This architecture makes it an ideal choice for real-time fraud detection use cases where scalability, reliability, and SQL support are essential.
Let’s walk through how to configure this setup so that you can interact with it using the `qchat` command-line interface.
Traditionally, detecting fraud involves writing complex SQL joins or relying on predefined dashboards. But with Amazon Q Developer CLI and a configured MCP server connected to Aurora PostgreSQL, developers and analysts can use simple prompts like:
"List all transactions over \$5000 flagged as fraud."
"Show users with multiple devices involved in fraud cases."
"Which accounts had login failures followed by high-risk transactions?"
Amazon Q understands the intent, generates SQL behind the scenes, executes it against Aurora, and returns results inline with no need to switch tools or write manual queries.
The Amazon Q Developer CLI empowers developers to interact with their tools, data, and environments using natural language through `qchat`, a conversational interface built into the terminal. At the core of this capability is the Model Context Protocol (MCP), a lightweight, extensible framework that allows Amazon Q to communicate with external systems such as databases, scripts, or services via custom or open-source agents. By defining MCP servers in a simple JSON configuration, developers can register agents that accept input (e.g., SQL or plain English), invoke commands (like connecting to an Aurora PostgreSQL database), and return results inline. Whether you're querying structured data, executing workflows, or integrating with APIs, the combination of Q Developer CLI, `qchat`, and MCP enables a powerful, pluggable developer experience that brings AI-driven assistance directly into your terminal or IDE.
Pre requisite:
Create Aurora Db cluster and Create Full Schema with Sample Data using Aurora Query Editor:
Data Inserts:
Recommended Indexes for Performance:
Optional: Role-based Access Control
You can load your own production data, or simulate data using tools like [Amazon RDS Data Generator]
1. Install the Amazon Q Developer CLI
Verify installation:
2. Configure Your Workspace
Amazon Q Developer CLI uses a local project structure. Initialize it with:
This will help you initialize your AWS configuration. To get started with AWS CLI configuration, we need to set up your credentials and default region.
Have AWS configuration files set up (config and credentials) in ~/.aws/config
First, let's check if you already have any AWS configuration files:
This also creates:
3. MCP Overview
MCP (Model Context Protocol) defines how Q communicates with external systems (like databases, tools, scripts). MCPs are configured in JSON and executed as subprocesses.
4. Define MCP Configuration (mcp.json)
Here’s an example for connecting Q CLI to Aurora PostgreSQL using a published MCP adapter:
Note: The password (``) is URL-encoded as `%23` to ensure JSON compatibility.
`acceptsInput: true` enables support for `qchat ask --name`.
Save the config as `mcp.json`
This MCP configuration uses the open-source @modelcontextprotocol/server-postgres adapter and connects to an Amazon Aurora PostgreSQL cluster via its writer endpoint.
5. Import MCP Configuration
Import it into your Q Developer CLI environment:
Ask your first question:
Amazon Q Developer CLI uses the underlying PostgreSQL schema and the query adapter to:
- Generate secure SQL
- Connect to Aurora
- Return live data with low latency
- Store credentials using AWS Secrets Manager or environment variables when deploying to production.
- Limit access to `is_fraud` and `transactions` using PostgreSQL roles and GRANT policies.
- Use `pg_stat_statements` and audit logging to monitor data access from the CLI.
With Amazon Q Developer CLI and MCP, querying complex fraud data in Aurora PostgreSQL becomes conversational, secure, and intuitive. Whether you're a fraud analyst, developer, or data engineer, you can now surface anomalies and insights faster than ever using the tools you already know.