Skip to main content
Glama

AWS‑IReveal‑MCP

athena_query_events

Query AWS CloudTrail logs using Athena to filter and retrieve specific event data based on parameters like event names, user details, and IP addresses. Requires a pre-configured Athena table for the region.

Instructions

Query Athena for granular granular searches on CloudTrail logs. <IMPORTANT> Before calling this tool, you must call the athena_create_cloudtrail_table tool to create the table. If the user asks for a different region, you must call the athena_create_cloudtrail_table tool to create the table in that region. </IMPORTANT> Parameters: aws_region: The AWS region - use 'us-east-1' if not specified. start_time: ISO string of the start time end_time: ISO string of the end time database: Athena database name to be used - use 'default' if not specified. output_bucket: S3 bucket URI (e.g. 's3://my-athena-query-results/') for query results - different from cloudtrail_bucket. event_names: List of event names to filter on (e.g. ["GetObject", "DeleteObject"]) principal_id: Optional principal ID to filter on. Use the percent sign (%) as a wildcard character. user_arn: Optional user ARN to filter on. Use the percent sign (%) as a wildcard character. This is the ARN of the user performing the action. user_name: Optional user name to filter on. This is the name of the user performing the action. role_name: Optional role name to filter on. This is the name of the role assumed by the user performing the action. ip_address: Optional IP address to filter on. Use the percent sign (%) as a wildcard character. This is the IP address of the user performing the action. bucket_name: Optional bucket name to filter on. Use the percent sign (%) as a wildcard character. limit: Maximum number of results to return (default is 50). Returns: str: JSON-formatted result of the Athena query.

Input Schema

NameRequiredDescriptionDefault
aws_regionYes
bucket_nameNo
databaseYes
end_timeYes
event_namesYes
ip_addressNo
limitNo
output_bucketYes
principal_idNo
role_nameNo
start_timeYes
user_arnNo
user_nameNo

Input Schema (JSON Schema)

{ "properties": { "aws_region": { "title": "Aws Region", "type": "string" }, "bucket_name": { "default": null, "title": "Bucket Name", "type": "string" }, "database": { "title": "Database", "type": "string" }, "end_time": { "title": "End Time", "type": "string" }, "event_names": { "items": {}, "title": "Event Names", "type": "array" }, "ip_address": { "default": null, "title": "Ip Address", "type": "string" }, "limit": { "default": 50, "title": "Limit", "type": "integer" }, "output_bucket": { "title": "Output Bucket", "type": "string" }, "principal_id": { "default": null, "title": "Principal Id", "type": "string" }, "role_name": { "default": null, "title": "Role Name", "type": "string" }, "start_time": { "title": "Start Time", "type": "string" }, "user_arn": { "default": null, "title": "User Arn", "type": "string" }, "user_name": { "default": null, "title": "User Name", "type": "string" } }, "required": [ "aws_region", "start_time", "end_time", "database", "output_bucket", "event_names" ], "title": "athena_query_eventsArguments", "type": "object" }

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Brucedh/aws-ireveal-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server