Skip to main content
Glama
bhaveshopss

AWS MCP Server

by bhaveshopss
OverviewSchemaRelated ServersScoreDiscussions
JavaScript
Remote

list_cloudtrail_changes

Monitor AWS resource modifications by listing CloudTrail write events for specific resources or services over a defined period.

Instructions

Lists write/mutation events (Create, Update, Delete) for a specific resource or service.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
resource_idNoOptional: The Resource ID or Name (e.g., sg-12345, my-bucket).
lookup_keyNoThe attribute to lookup by (default: ResourceName if resource_id provided).
lookup_valueNoThe value for the lookup key (required if resource_id is omitted).
daysNoLookback period in days (default: 7).

Implementation Reference

  • src/index.ts:511-535 (registration)
    Registration of the list_cloudtrail_changes tool in the ListToolsRequestSchema handler, including description and input schema definition.
        name: "list_cloudtrail_changes",
    description: "Lists write/mutation events (Create, Update, Delete) for a specific resource or service.",
    inputSchema: {
        type: "object",
        properties: {
            resource_id: {
                type: "string",
                description: "Optional: The Resource ID or Name (e.g., sg-12345, my-bucket)."
            },
            lookup_key: {
                type: "string",
                enum: ["ResourceName", "ResourceType", "EventName", "Username"],
                description: "The attribute to lookup by (default: ResourceName if resource_id provided)."
            },
            lookup_value: {
                type: "string",
                description: "The value for the lookup key (required if resource_id is omitted)."
            },
            days: {
                type: "number",
                description: "Lookback period in days (default: 7)."
            }
        }
    }
},
  • src/index.ts:1815-1864 (handler)
    Handler implementation for list_cloudtrail_changes tool. Queries CloudTrail events using LookupEventsCommand, filters for write/mutation events based on EventName patterns, and returns relevant event details.
    if (name === "list_cloudtrail_changes") {
    const resourceId = (args as any)?.resource_id;
    const lookupKey = (args as any)?.lookup_key || (resourceId ? "ResourceName" : undefined);
    const lookupValue = resourceId || (args as any)?.lookup_value;
    const days = (args as any)?.days || 7;

    if (!lookupKey || !lookupValue) {
        return { content: [{ type: "text", text: "Please provide a resource_id OR a lookup_key and lookup_value." }], isError: true };
    }

    const startTime = new Date(Date.now() - days * 24 * 60 * 60 * 1000);

    const command = new LookupEventsCommand({
        LookupAttributes: [{ AttributeKey: lookupKey, AttributeValue: lookupValue }],
        StartTime: startTime,
        MaxResults: 50
    });

    const response = await cloudTrailClient.send(command);

    // Filter for mutations (not ReadOnly)
    // Note: 'ReadOnly' field in event isn't always populated in LookupEvents response types directly in all SDK versions, 
    // but we can infer or it is often there. Some events don't have it.
    // We'll primarily rely on showing the event name and letting user see.
    // But we can try to filter if resource JSON is parsed.

    const events = response.Events?.map(e => {
        let isReadOnly = true;
        // Try to guess read-only if not explicit. 
        // Usually "Get", "Describe", "List" are read. "Create", "Update", "Delete", "Put", "Modify" are write.
        const name = e.EventName || "";
        if (name.startsWith("Get") || name.startsWith("Describe") || name.startsWith("List")) {
            isReadOnly = true;
        } else {
            isReadOnly = false;
        }

        // If Resources tag is present, it's useful
        return {
            EventTime: e.EventTime,
            EventName: e.EventName,
            Username: e.Username,
            EventSource: e.EventSource,
            ResourceName: e.Resources?.[0]?.ResourceName,
            IsAssumedReadOnly: isReadOnly
        };
    }).filter(e => !e.IsAssumedReadOnly) || []; // Show only changes

    return { content: [{ type: "text", text: JSON.stringify(events, null, 2) }] };
}

Tool Definition Quality

C2.9/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. While it mentions the tool lists 'write/mutation events,' it doesn't cover critical aspects like authentication requirements, rate limits, pagination, error conditions, or what the output format looks like. For a tool with no annotation coverage, this leaves significant gaps in understanding its behavior.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that clearly states the tool's purpose without unnecessary words. It's front-loaded with the core functionality and avoids redundancy, making it easy for an agent to parse quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of listing cloud trail changes (which involves filtering and event types), no annotations, and no output schema, the description is insufficient. It doesn't explain the return format, error handling, or how events are structured, leaving the agent with incomplete context for proper tool invocation.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents all four parameters thoroughly. The description adds no additional parameter semantics beyond what's in the schema, such as examples, constraints, or interactions between parameters. This meets the baseline for high schema coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's function: 'Lists write/mutation events (Create, Update, Delete) for a specific resource or service.' It specifies the verb ('Lists'), resource ('write/mutation events'), and scope ('for a specific resource or service'). However, it doesn't explicitly differentiate from sibling tools like 'list_recent_cloudtrail_events' or 'list_access_denied_events', which might offer similar functionality.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention sibling tools like 'list_recent_cloudtrail_events' or 'list_access_denied_events', nor does it specify prerequisites, exclusions, or typical use cases. The agent must infer usage from the description alone.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/bhaveshopss/MCP-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server