AWS CloudWatch MCP Server

Official AWS Labs MCP server for CloudWatch. Query metrics, analyze logs, investigate alarms, and run PromQL queries for AI-powered root cause analysis.

Developer Tools by AWS Labs AWS IAM (profile-based) active

GitHub Docs

Overview

The CloudWatch MCP Server is an official AWS Labs server that exposes Amazon CloudWatch telemetry to AI agents through standardized MCP interfaces. It is designed for troubleshooting and root cause analysis workflows, giving agents access to metrics, logs, alarms, and Application Signals data without custom API integrations.

The server bundles four capability groups: metrics tools for querying and analyzing CloudWatch metric data, PromQL tools for time-series analysis (in supported regions), alarm tools for investigating active and historical alarm state, and log tools for running CloudWatch Logs Insights queries and detecting anomalies. It also provides metric metadata and recommended alarm configurations based on AWS best practices.

It is distributed as a Python package (awslabs.cloudwatch-mcp-server) runnable via uvx or Docker, lives in the AWS Labs MCP monorepo at github.com/awslabs/mcp, and uses standard AWS credential profiles for authentication. It is intended for local host deployment alongside your LLM client.

Tools

Tool	Description
`get_metric_data`	Query CloudWatch metric data by namespace, dimension, and statistic.
`get_metric_metadata`	Retrieve metric descriptions, calculations, and recommended statistics.
`get_recommended_metric_alarms`	Suggest optimal alarm thresholds and configurations based on AWS best practices.
`analyze_metric`	Run trend, seasonality, and statistical analysis on a metric.
`execute_promql_query`	Run an instant PromQL query against CloudWatch (supported regions only).
`execute_promql_range_query`	Run a PromQL range query for time-series trend analysis.
`get_promql_labels`	Discover available PromQL label names.
`get_promql_label_values`	Find values for a specific PromQL label.
`get_promql_series`	Locate matching PromQL time series.
`get_active_alarms`	Retrieve currently active CloudWatch alarms.
`get_alarm_history`	Fetch historical state transitions for an alarm.
`describe_log_groups`	List CloudWatch log groups and their metadata.
`analyze_log_group`	Detect anomalies and error patterns within a log group.
`execute_log_insights_query`	Run a CloudWatch Logs Insights query.
`execute_cwl_insights_batch`	Execute multiple Logs Insights queries in batch.
`get_logs_insight_query_results`	Fetch results for a running or completed Logs Insights query.
`cancel_logs_insight_query`	Cancel a running Logs Insights query.

Setup Guide

Prerequisites

Active AWS account with CloudWatch enabled
AWS credentials configured via aws configure or environment variables
Python with uv/uvx installed, or Docker
IAM permissions for the operations you intend to use:

cloudwatch:DescribeAlarms
cloudwatch:DescribeAlarmHistory
cloudwatch:GetMetricData
cloudwatch:ListMetrics
logs:DescribeLogGroups
logs:StartQuery
logs:GetQueryResults
logs:StopQuery

Option 1: uvx (recommended)

Add to your MCP client config (Claude Desktop, Cursor, Kiro, Cline, VS Code):

{
  "mcpServers": {
    "awslabs.cloudwatch-mcp-server": {
      "command": "uvx",
      "args": ["awslabs.cloudwatch-mcp-server@latest"],
      "env": {
        "AWS_PROFILE": "your-aws-profile",
        "FASTMCP_LOG_LEVEL": "ERROR"
      },
      "transportType": "stdio"
    }
  }
}

Option 2: Docker

{
  "mcpServers": {
    "awslabs.cloudwatch-mcp-server": {
      "command": "docker",
      "args": [
        "run", "--rm", "--interactive",
        "-v", "~/.aws:/root/.aws",
        "-e", "AWS_PROFILE=your-aws-profile",
        "awslabs/cloudwatch-mcp-server:latest"
      ],
      "transportType": "stdio"
    }
  }
}

Windows (uv)

{
  "command": "uv",
  "args": [
    "tool", "run", "--from",
    "awslabs.cloudwatch-mcp-server@latest",
    "awslabs.cloudwatch-mcp-server.exe"
  ],
  "env": { "AWS_PROFILE": "your-aws-profile" }
}

Use Cases

Investigate an active production incident by pulling current alarms, recent metric data, and correlated log patterns in one agent session
Run CloudWatch Logs Insights queries across multiple log groups to find error spikes, latency outliers, or specific request IDs
Get AWS-recommended alarm thresholds for a service (e.g. RDS, Lambda, ALB) before provisioning monitoring
Perform trend and seasonality analysis on a metric to decide whether a recent change is anomalous
Use PromQL against CloudWatch managed Prometheus to query time series in regions that support it

Example Prompts

"Show me all active CloudWatch alarms in us-east-1 and pull the last hour of metric data for any in ALARM state."
"Run a Logs Insights query against /aws/lambda/checkout-service for the last 30 minutes and group errors by exception type."
"Analyze the CPUUtilization metric for instance i-0abc123 over the last 24 hours and tell me if there is a seasonal pattern."
"Recommend alarm thresholds for an Application Load Balancer's TargetResponseTime."
"Get the alarm history for high-error-rate-prod over the past 7 days and summarize state transitions."

Pros

Officially maintained by AWS Labs in the canonical awslabs/mcp monorepo
Broad coverage across metrics, logs, alarms, and PromQL in a single server
Includes opinionated tools like analyze_metric, analyze_log_group, and get_recommended_metric_alarms that go beyond raw API wrapping
Uses standard AWS credential profiles, so it integrates cleanly with existing IAM setups

Limitations

Read-focused: it does not create or modify alarms, log groups, or dashboards
PromQL tools are limited to regions where CloudWatch supports managed Prometheus
Requires correctly scoped IAM permissions and local AWS credentials, which adds setup friction compared to hosted servers

Alternatives

AWS API MCP Server for broader AWS service coverage via the CLI/SDK
Datadog MCP server for similar observability workflows on Datadog
Grafana MCP server for querying metrics and logs through Grafana data sources