AWS CloudTrail MCP Server
raw JSON → 0.0.13 verified Mon Apr 27 auth: no python
An AWS Labs MCP (Model Context Protocol) server that provides AI agents with access to AWS CloudTrail logs for security investigation and troubleshooting. Current version 0.0.13, under active development with frequent releases.
pip install awslabs-cloudtrail-mcp-server Common errors
error ModuleNotFoundError: No module named 'cloudtrail_mcp_server' ↓
cause Package not installed or installed under a different name.
fix
Run 'pip install awslabs-cloudtrail-mcp-server' and verify with 'pip show awslabs-cloudtrail-mcp-server'.
error RuntimeError: AWS credentials not found ↓
cause Missing or invalid AWS credentials in environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY).
fix
Set the environment variables or use a credentials file. For example: 'export AWS_ACCESS_KEY_ID=your_key'.
Warnings
breaking Python 3.10 or higher required. The library uses match/case and other 3.10 features. ↓
fix Upgrade to Python 3.10+ or use an older version (none exist).
gotcha Requires AWS credentials with cloudtrail:LookupEvents permission. Without proper IAM, the server starts but returns empty results. ↓
fix Attach a policy like AWSCloudTrailReadOnlyAccess to the IAM user/role.
gotcha The server runs as a subprocess; ensure that the parent process manages its lifecycle to avoid zombie processes. ↓
fix Use a proper process supervisor or call server.stop() on shutdown.
Imports
- CloudTrailMCPServer
from cloudtrail_mcp_server import CloudTrailMCPServer
Quickstart
import os
from cloudtrail_mcp_server import CloudTrailMCPServer
# Configure AWS credentials (ensure proper IAM permissions)
aws_access_key_id = os.environ.get('AWS_ACCESS_KEY_ID', '')
aws_secret_access_key = os.environ.get('AWS_SECRET_ACCESS_KEY', '')
region = os.environ.get('AWS_DEFAULT_REGION', 'us-east-1')
# Initialize and run the server
server = CloudTrailMCPServer(
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
region=region
)
server.run()