AWS Logs MCP¶

Welcome to the AWS Logs MCP documentation. This Model Context Protocol (MCP) server enables AI assistants to securely access and query AWS CloudWatch Logs and CloudTrail Events, helping you troubleshoot issues and monitor your AWS environment with the help of AI.

What is AWS Logs MCP?¶

AWS Logs MCP is a server that implements the Model Context Protocol, allowing AI assistants to:

1. Query your AWS CloudWatch Logs to analyze application behavior
2. Examine CloudTrail events to understand recent AWS API activity
3. Filter logs and events using advanced criteria
4. Securely authenticate to AWS using your credentials

The server is designed to be privacy-aware, keeping your AWS credentials on your local machine while enabling AI assistants to help you analyze logs and events.

Key Features¶

• CloudWatch Logs Integration - Search, filter, and analyze log data from any AWS service that writes to CloudWatch Logs
• CloudTrail Event Analysis - Examine AWS API activity with filtering by event name, user, resource, and time
• Secure AWS Authentication - Multiple authentication methods including AWS profiles, IAM credentials, and roles
• Flexible Deployment - Run as a local process using STDIO mode or as a standalone HTTP server
• Docker Support - Easy containerization for reliable deployment

Available Tools¶

The MCP server provides four primary tools:

1. cloudWatchLogGroups - List and filter available CloudWatch Log Groups
2. cloudWatchLogs - Query logs with advanced filtering by pattern, time range, and more
3. cloudTrailEvents - Retrieve AWS API activity with filtering by event name, user, resource, and time
4. testAwsConnection - Verify AWS credentials and connectivity

Quick Installation¶

Choose your preferred AI assistant and installation method:

VSCode¶

One-click installation¶

Direct terminal command¶

# With AWS profile (recommended)
AWS_PROFILE=your-profile-name npx -y aws-logs-mcp --stdio

Claude Code¶

# Install the aws-logs MCP tool in Claude Code
claude mcp add aws-logs -s user -- npx -y aws-logs-mcp --stdio

GitHub Copilot and other MCP-compatible assistants¶

# Run with stdio mode (recommended for AI assistants)
npx aws-logs-mcp --stdio

Claude Desktop¶

For Claude Desktop, follow the MCP Quickstart for Users and add AWS Logs MCP as a custom tool.

{
  "name": "aws-logs",
  "displayName": "AWS Logs MCP",
  "command": "npx",
  "args": ["-y", "aws-logs-mcp", "--stdio"],
  "env": {
    "AWS_PROFILE": "default",
    "AWS_REGION": "us-east-1"
  }
}

Use Cases¶

• Troubleshooting and Debugging - Trace errors through complex distributed systems
• Security Auditing - Analyze authentication events and resource modifications
• Deployment Monitoring - Track logs in real-time during and after deployments
• Post-incident Analysis - Understand what happened during an outage or incident
• Resource Tracking - Monitor creation and deletion of AWS resources
• User Activity Auditing - Track what users are doing in your AWS account

Deployment Options¶

This MCP server supports two deployment modes:

• STDIO Mode - Recommended for local usage in IDEs, terminals, and applications like Claude Desktop
• HTTP Mode - For running as a standalone server or in containerized environments

Documentation Overview¶

• Installation Guide - Set up the server
• Configuration Guide - Configure AWS authentication
• Available Tools - Learn what you can do
• Security Best Practices - Ensure proper security
• Architecture - Understand how it works
• Transport Modes - STDIO vs HTTP

For additional questions or contributions, visit our GitHub repository.