AWS MCP Server

list_access_denied_events

Identify recent unauthorized access attempts in AWS by retrieving Access Denied events from CloudTrail logs.

Instructions

Lists recent Access Denied or Unauthorized events from CloudTrail.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`limit`	No	Number of events to return (default: 20).

Implementation Reference

src/index.ts:1866-1903 (handler)

Handler function for 'list_access_denied_events' tool. Fetches recent CloudTrail events using LookupEventsCommand, parses CloudTrailEvent JSON to extract errorCode and errorMessage, filters for AccessDenied or Unauthorized errors, limits results, and returns formatted list.

if (name === "list_access_denied_events") {
    const limit = (args as any)?.limit || 20;
    // LookupEvents doesn't natively support filtering by 'AccessDenied' error code directly via LookupAttributes 
    // the way we want (it allows specific keys).
    // Best approach: Fetch recent events and client-side filter for ErrorCode.

    const command = new LookupEventsCommand({
        MaxResults: 50 // Fetch a bit more to filter
    });
    const response = await cloudTrailClient.send(command);

    // Note: LookupEvents output (Events) doesn't always contain ErrorCode as a top-level field?
    // Actually, LookupEvents output contains 'CloudTrailEvent' string which has the full JSON.

    const deniedEvents = response.Events?.map(e => {
        let errorCode = "N/A";
        let errorMessage = "N/A";

        if (e.CloudTrailEvent) {
            try {
                const json = JSON.parse(e.CloudTrailEvent);
                errorCode = json.errorCode;
                errorMessage = json.errorMessage;
            } catch (err) { }
        }

        return {
            EventTime: e.EventTime,
            EventName: e.EventName,
            Username: e.Username,
            ErrorCode: errorCode,
            ErrorMessage: errorMessage
        };
    }).filter(e => e.ErrorCode && (e.ErrorCode === "AccessDenied" || e.ErrorCode === "Client.UnauthorizedOperation" || e.ErrorCode.includes("Unauthorized")))
        .slice(0, limit) || [];

    return { content: [{ type: "text", text: JSON.stringify(deniedEvents, null, 2) }] };
}

src/index.ts:537-548 (registration)

Tool registration in ListTools response, including name, description, and input schema (optional limit).

    name: "list_access_denied_events",
    description: "Lists recent Access Denied or Unauthorized events from CloudTrail.",
    inputSchema: {
        type: "object",
        properties: {
            limit: {
                type: "number",
                description: "Number of events to return (default: 20)."
            }
        }
    }
},

src/index.ts:540-548 (schema)

Input schema definition for the tool, specifying optional 'limit' parameter.

        type: "object",
        properties: {
            limit: {
                type: "number",
                description: "Number of events to return (default: 20)."
            }
        }
    }
},

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure but offers minimal information. It mentions 'recent' events but doesn't define the time range, specify whether results are paginated, indicate authentication requirements, or describe the return format. For a security monitoring tool with zero annotation coverage, this leaves significant behavioral questions unanswered.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that gets straight to the point without unnecessary words. It's appropriately sized for a simple list operation, though it could potentially benefit from a second sentence to clarify scope or differentiation from sibling tools.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the lack of annotations and output schema, the description is insufficiently complete. A security event listing tool should ideally specify time ranges, result format, authentication requirements, or any filtering criteria beyond just 'Access Denied or Unauthorized.' The description leaves too many operational questions unanswered for effective tool selection and invocation.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% description coverage, with the single parameter 'limit' clearly documented in the schema. The description adds no additional parameter information beyond what's already in the structured schema. According to scoring rules, when schema_description_coverage is high (>80%), the baseline is 3 even with no param info in the description.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Lists') and the resource ('Access Denied or Unauthorized events from CloudTrail'), making the purpose immediately understandable. However, it doesn't explicitly differentiate this tool from sibling tools like 'list_recent_cloudtrail_events' or 'list_cloudtrail_changes', which could cause confusion about when to use this specific filtered list versus other CloudTrail-related tools.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. With multiple CloudTrail-related sibling tools (list_recent_cloudtrail_events, list_cloudtrail_changes), there's no indication whether this tool provides a filtered subset, different time ranges, or serves a distinct security monitoring purpose. The agent must infer usage context from the name alone.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/bhaveshopss/MCP-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server