AWS CloudWatch

Type: Official

Source Type: Repository

Source: GitHub

Description: AWS CloudWatch MCP server enables AI assistants to query metrics, analyze alarms, and search logs using CloudWatch Logs Insights. It is useful for incident investigation, observability workflows, and on-call triage directly from your AI assistant.

Configuration Parameters:

• AwsAccessKey ID * - AWS access key ID for authentication

• AwsRegion * - AWS region for API requests (e.g., us-east-1)

• AwsSecretAccessKey * - AWS secret access key for authentication

• AwsSessionToken * - Session token for temporary AWS credentials

• FastmcpLogLevel - Logging level for the server (optional). Default: ERROR

Setup Steps:

1. Log in to the AWS Console and navigate to IAM.

2. Create a new IAM user (or select an existing one) for the MCP server.

3. Attach a policy that grants the following CloudWatch and Logs permissions:

   • cloudwatch:DescribeAlarms

   • cloudwatch:DescribeAlarmHistory

   • cloudwatch:GetMetricData

   • cloudwatch:ListMetrics

   • logs:DescribeLogGroups

   • logs:DescribeQueryDefinitions

   • logs:ListLogAnomalyDetectors

   • logs:ListAnomalies

   • logs:StartQuery

   • logs:GetQueryResults

   • logs:StopQuery

4. Generate an Access Key ID and Secret Access Key for the user. For short-lived credentials, also generate a Session Token via AWS STS.

5. Note the AWS region you want to query (e.g., us-east-1).

6. Copy the credentials into the Natoma connector configuration.