AWS CloudTrail MCP
Official AWS Labs MCP for CloudTrail: 90 days of management events via lookup_events and Trino-compatible SQL queries against CloudTrail Lake Event Data Stores. 3 commits on the server path in the last 30 days. Pairs with the IAM MCP for security audit workflows.
“Official AWS Labs MCP for CloudTrail: 90 days of management events via lookup_events and Trino-compatible SQL queries against CloudTrail Lake Event Data Stores. 3 commits on the server path in the last 30 days. Pairs with the IAM MCP for security audit workflows: trace who did what across AWS accounts.”
INSTALL THIS SERVER
{
"mcpServers": {
"awslabs.cloudtrail-mcp-server": {
"command": "uvx",
"args": [
"awslabs.cloudtrail-mcp-server@latest"
],
"env": {
"AWS_PROFILE": "default",
"AWS_REGION": "us-east-1"
}
}
}
}
{
"mcpServers": {
"awslabs.cloudtrail-mcp-server": {
"command": "uvx",
"args": [
"awslabs.cloudtrail-mcp-server@latest"
],
"env": {
"AWS_PROFILE": "default",
"AWS_REGION": "us-east-1"
}
}
}
}
{
"mcpServers": {
"awslabs.cloudtrail-mcp-server": {
"command": "uvx",
"args": [
"awslabs.cloudtrail-mcp-server@latest"
],
"env": {
"AWS_PROFILE": "default",
"AWS_REGION": "us-east-1"
}
}
}
}
{
"mcpServers": {
"awslabs.cloudtrail-mcp-server": {
"command": "uvx",
"args": [
"awslabs.cloudtrail-mcp-server@latest"
],
"env": {
"AWS_PROFILE": "default",
"AWS_REGION": "us-east-1"
}
}
}
}
{
"mcpServers": {
"awslabs.cloudtrail-mcp-server": {
"command": "uvx",
"args": [
"awslabs.cloudtrail-mcp-server@latest"
],
"env": {
"AWS_PROFILE": "default",
"AWS_REGION": "us-east-1"
}
}
}
}
5 TOOLS AVAILABLE
OUR ASSESSMENT
- Apache-2.0 licence.
- Official AWS Labs maintenance.
- Two access patterns: 90-day lookup via lookup_events, plus full Lake SQL via lake_query.
- Trino-compatible SQL syntax for Lake queries.
- Async query lifecycle with explicit status and results tools.
- Pagination support on both lookup and Lake results for large result sets.
- Clear IAM permission table in the README.
- 3 commits on the server path in the last 30 days, modest cadence.
- 90-day cap on the lookup_events API; longer windows require CloudTrail Lake (separate infrastructure).
- CloudTrail Lake pricing covers query and storage; large queries carry cost.
- Read-only by design; remediation actions live elsewhere.
The MCP is read-only for CloudTrail data; it carries no mutation surface. Scope the AWS profile to the listed IAM permissions; reserve broader CloudTrail permissions (e.g., cloudtrail:DeleteTrail) for dedicated administrative roles separate from the MCP. CloudTrail Lake queries can return sensitive operational data; treat the MCP results stream as sensitive in the host LLM context. Lake query results contain raw event payloads; redact or filter columns when surfacing to broad agent contexts.
Security teams running CloudTrail Lake who want agent-driven audit queries with SQL-native flexibility; incident response workflows: trace what happened, who acted, when, across the last 90 days of management events; compliance reporting where the agent pulls evidence from CloudTrail Lake under operator-scoped IAM.
TECHNICAL DETAILS
ADOPTION METRICS
// Reading this8,924 stars on the awslabs/mcp parent monorepo. 3 commits on the CloudTrail server path in the last 30 days.
// Reading thisFifth-ranked in security. Tier 2 cadence; Tier 1 vendor signal. Pairs with IAM MCP for audit and incident response.
SOURCES & VERIFICATION
We don't take any single directory's word for it. Before scoring, we cross-reference 4 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.
The same server, 4 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.
| Source | Their rating | Their star count | Their downloads | Last synced |
|---|---|---|---|---|
| AutomationSwitch This page | 4editorial | 8,924 | — | MAY 1, 2026 |
| PulseMCP | — unrated | unavailable | unavailable | MAY 1, 2026 |
| MCP.so | — unrated | unavailable | unavailable | MAY 1, 2026 |
| Glama | — unrated | unavailable | unavailable | MAY 1, 2026 |
| Official MCP Registry | — unrated | unavailable | unavailable | MAY 1, 2026 |
// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.
OTHER SECURITY MCP SERVERS
Prowler MCP
Cloud Security Posture Management (CSPM) platform with 1000+ security checks across multiple cloud providers and 70+ compliance frameworks, exposed through MCP. Three deployment options: Prowler Cloud (recommended), local stdio, self-hosted HTTP. 13,717 stars, Apache-2.0.
Auth0 MCP Server
Official Auth0 MCP server connecting Claude, Cursor, Windsurf, VS Code, and Gemini to Auth0 Management APIs. Create apps, deploy Actions, debug logs, and query users with natural-language commands. Read-only mode and tool-glob filtering supported. Beta software per Auth0.
HashiCorp Vault MCP
Official HashiCorp MCP for Vault: secrets, mounts, KV, and PKI management with stdio and Streamable HTTP transports. 9 commits on main in the last 30 days. MPL-2.0 with HashiCorp official-vendor signal.
AWS IAM MCP
Official AWS Labs MCP for IAM administration: users, roles, groups, policies, inline policies, access keys, and policy simulation. Read-only mode supported via --allow-write opt-in pattern. Apache-2.0 within awslabs/mcp monorepo.
Infisical MCP
Official Infisical MCP server for secrets management. 10 tools cover the full secret lifecycle plus project, environment, folder, and member management. Two authentication methods (machine identity universal-auth and access-token), self-hostable instance support via INFISICAL_HOST_URL.
Trivy MCP
Official Aqua Security Trivy plugin that turns Trivy scanning capabilities into an MCP server. Distributed as a Trivy plugin: `trivy plugin install mcp`. Three transport modes (stdio, streamable HTTP, SSE), IDE integration for VS Code, Cursor, JetBrains, and Claude Desktop.
DISCUSS YOUR
MCP REQUIREMENTS.
Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.