AWS CloudWatch MCP server

The CloudWatch MCP server provides a streamlined way to interact with AWS CloudWatch resources through the Model Context Protocol (MCP). It allows you to work with CloudWatch log groups, run log queries, monitor alarms, and more using a simple interface.

Prerequisites

• Python 3.12 or higher
• AWS credentials configured
• MCP CLI (version 0.1.1 or higher)
• Boto3 (AWS SDK for Python)

Installation

1. Make sure you have Python 3.12+ installed.

2. Create a virtual environment (optional but recommended):

   python -m venv .venv
   source .venv/bin/activate  # On Windows: .venv\Scripts\activate
   

3. Install dependencies:

   pip install -r requirements.txt
   

4. Configure AWS credentials if you haven't already:

   aws configure
   

   Or set environment variables:

   export AWS_ACCESS_KEY_ID="your-access-key"
   export AWS_SECRET_ACCESS_KEY="your-secret-key"
   export AWS_REGION="your-region"
   

Running the Server

Start the MCP server:

python cloudwatch_server.py

Or using the MCP CLI:

mcp run cloudwatch_server.py

Available Resources

The server exposes the following resources:

• Log Groups: cloudwatch://log-groups - Lists all CloudWatch log groups
• Specific Log Group: cloudwatch://log-groups/{log_group_name} - Gets detailed information about a specific log group
• Alarms: cloudwatch://alarms - Lists all CloudWatch alarms
• Alarms in Alert State: cloudwatch://alarms/in-alarm - Lists only CloudWatch alarms currently in ALARM state
• Saved Queries: cloudwatch://saved-queries - Lists all saved CloudWatch Logs Insights queries

Available Tools

Query Logs

Query CloudWatch logs using CloudWatch Insights:

mcp call query_logs --log_group_names '["log-group-1", "log-group-2"]' --query_string "fields @timestamp, @message | limit 10"

Parameters:

• log_group_names: Single log group name or list of log group names to query
• query_string: CloudWatch Insights query string
• start_time: (Optional) Start time for the query in Unix timestamp milliseconds
• end_time: (Optional) End time for the query in Unix timestamp milliseconds

For a single log group, you can simplify the syntax:

mcp call query_logs --log_group_names "my-log-group" --query_string "fields @timestamp, @message | limit 10"

Discover Log Fields

Discover available fields across multiple log groups:

mcp call discover_log_fields --log_group_names '["log-group-1", "log-group-2"]'

Parameters:

• log_group_names: Single log group name or list of log group names to analyze

Check Log Group Existence

Check if CloudWatch log groups exist:

mcp call log_group_exists --log_group_names '["log-group-1", "log-group-2"]'

Parameters:

• log_group_names: Single log group name or list of log group names to check

Returns a dictionary mapping each log group to its existence status.

Get Saved Queries

Fetch all saved CloudWatch Logs Insights queries:

mcp call get_saved_queries

Usage Examples

Inspecting Resources

# List all log groups
mcp inspect cloudwatch://log-groups

# Get details about a specific log group
mcp inspect cloudwatch://log-groups/my-log-group-name

# List all alarms
mcp inspect cloudwatch://alarms

# List alarms currently in ALARM state
mcp inspect cloudwatch://alarms/in-alarm

# List all saved CloudWatch Logs Insights queries
mcp inspect cloudwatch://saved-queries

Running Log Queries

# Query logs with a time range (Unix timestamp milliseconds)
mcp call query_logs --log_group_names '["log-group-1", "log-group-2"]' --query_string "fields @timestamp, @message | limit 10" --start_time 1609459200000 --end_time 1609545600000

The query results will automatically parse JSON in the @message field, returning structured data for JSON messages.

How to install this MCP server

For Claude Code

To add this MCP server to Claude Code, run this command in your terminal:

claude mcp add-json "cloudwatch-mcp" '{"command":"python","args":["cloudwatch_server.py"]}'

See the official Claude Code MCP documentation for more details.

For Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cloudwatch-mcp": {
            "command": "python",
            "args": [
                "cloudwatch_server.py"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.

For Claude Desktop

To add this MCP server to Claude Desktop:

1. Find your configuration file:

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json
• Linux: ~/.config/Claude/claude_desktop_config.json

2. Add this to your configuration file:

{
    "mcpServers": {
        "cloudwatch-mcp": {
            "command": "python",
            "args": [
                "cloudwatch_server.py"
            ]
        }
    }
}

3. Restart Claude Desktop for the changes to take effect