Skip to content

Run Script

Overview

In this lab, you'll use the run_script capability to execute a Python script that audits your S3 buckets — listing them, checking versioning status, enabling versioning where missing, and generating a compliance report. This demonstrates how agents can run multi-step automation logic server-side.

What You'll Learn

  • How to use the run_script tool to execute Python/boto3 code through the MCP Server
  • How to perform multi-step automation (audit → fix → report) in a single agent interaction
  • How server-side script execution differs from direct API calls

Instructions

Explore

Try to accomplish this goal using your agent. Here are some hints if you get stuck:

  1. Ask your agent to write and execute a Python script that lists all S3 buckets in your account
  2. Have it extend the script to check versioning status on each bucket
  3. Ask it to enable versioning on any bucket where it's not already enabled and produce a summary report
Step-by-step Walkthrough
  1. Ask your agent to create and run a compliance audit script:

Write and execute a Python script using run_script that does the following: list all S3 buckets in my account, check the versioning status of each bucket, enable versioning on any bucket that doesn't have it enabled, and generate a compliance report showing the before and after status of each bucket.

  1. Your agent will write a Python script using boto3 and execute it via the run_script tool. The script should:
  2. Call list_buckets() to enumerate all buckets
  3. Call get_bucket_versioning() for each bucket
  4. Call put_bucket_versioning() to enable versioning where needed

  5. Output a formatted report

  6. Review the compliance report output. You should see:

  7. The agent-toolkit-workshop-{participant-id} bucket (pre-deployed with versioning disabled) now showing as enabled

  8. The workshop-secure-{participant-id} bucket (from Lab 1) already showing as enabled

  9. Verify the fix was applied:

Check the versioning status of my agent-toolkit-workshop bucket — is it now enabled?

Validation

Open the CloudWatch Dashboard in the AWS Console. The Module 3 widget checks:

  • ✅ S3 bucket agent-toolkit-workshop-{participant-id} has versioning Enabled

The pre-deployed bucket started with versioning disabled. Your run_script execution should have enabled it.

Agent-Specific Tips

Claude Code has native run_script support through the MCP Server. It runs Python in a sandboxed environment with boto3 available:

Use run_script to execute the compliance audit — the sandbox has boto3 pre-installed.

Kiro can execute scripts through the MCP Server's run_script tool. If Kiro tries to run the script locally instead:

Use the MCP Server's run_script tool to execute this on the server side, not locally.

Cursor supports run_script through the AWS toolkit. The script runs server-side with full AWS access:

Execute this as a run_script through the MCP Server — it needs AWS credentials from the server.

Codex can use run_script to execute Python server-side. If Codex writes the script as a file instead of executing it:

Don't save this as a file — execute it directly using the run_script tool through the MCP Server.

:::alert{type="info"} If your agent doesn't support run_script directly, you can achieve the same result by asking it to make the individual API calls (ListBuckets, GetBucketVersioning, PutBucketVersioning) sequentially through the MCP Server.

:::