AWS CloudWatch MCP server

Amazon CloudWatch is the primary monitoring and observability service for AWS resources and applications, providing metrics, logs, and alarms for all your cloud infrastructure. With this MCP server, AI agents can query metrics, search logs, create alarms, manage dashboards, and monitor resource health through natural language commands.

Setting up an MCP server

This article covers the standard steps for creating an MCP server in AI Gateway and connecting it to an AI client. The steps are the same for every integration — application-specific details (API credentials, OAuth endpoints, and scopes) are covered in the individual application pages.

Before you begin

You'll need:

• Access to AI Gateway with permission to create MCP servers
• API credentials for the application you're connecting (see the relevant application page for what to collect)

Create an MCP server

Find the API in the catalog

1. Sign in to AI Gateway and select MCP Servers from the left navigation.
2. Select New MCP Server.
3. Search for the application you want to connect, then select it from the catalog.

Configure the server

1. Enter a Name for your server — something descriptive that identifies both the application and its purpose (for example, "Zendesk Support — Prod").
2. Enter a Description so your team knows what the server is for.
3. Set the Timeout value. 30 seconds works for most APIs; increase to 60 seconds for APIs that return large payloads.
4. Toggle Production mode on if this server will be used in a live workflow.
5. Select Next.

Configure authentication

Enter the authentication details for the application. This varies by service — see the Authentication section of the relevant application page for the specific credentials, OAuth URLs, and scopes to use.

Configure security

1. Set any Rate limits appropriate for your use case and the API's own limits.
2. Enable Logging if you want AI Gateway to record requests and responses for auditing.
3. Select Next.

Deploy

Review the summary, then select Deploy. AI Gateway provisions the server and provides a server URL you'll use when configuring your AI client.

---

Connect to an AI client

Once your server is deployed, you'll need to add it to the AI client your team uses. Select your client for setup instructions:

• Claude Desktop
• Claude Code
• Cursor
• VS Code
• Windsurf

Tips

• You can create multiple MCP servers for the same application — for example, a read-only server for reporting agents and a read-write server for automation workflows.
• If you're unsure which OAuth scopes to request, start with the minimum read-only set and add write scopes only when needed. Most application pages include scope recommendations.
• You can edit a server's name, description, timeout, and security settings after deployment without redeploying.

Authentication

CloudWatch uses AWS Signature V4 authentication via IAM credentials. Configure an IAM user or role with CloudWatch permissions.

• Service: monitoring (metrics and alarms) and logs (log groups)
• Region: Your AWS region(s)
• Required permissions: cloudwatch:* and logs:* or specific actions
• Credential types: IAM user access keys or assumed role credentials

Available tools

The CloudWatch MCP server exposes metrics, alarms, logs, dashboards, and event rule management APIs.

Tool	Purpose
Metrics	Query metrics; get metric statistics; put custom metrics; retrieve metric metadata
Alarms	Create and manage alarms; set alarm thresholds; configure alert actions; track alarm history
Logs	Search log streams; filter log events; create metric filters; manage log groups and retention
Dashboards	Create custom dashboards; add widgets; visualize metrics; organize dashboard layouts
Events	Create event rules; manage targets; trigger actions based on AWS events; set up schedules
Insights	Run log queries; analyze patterns; perform statistical analysis across log data

Tips

Use consistent naming conventions and dimensions for custom metrics.

Leverage CloudWatch Insights for ad-hoc analysis.

Set appropriate time intervals for metric granularity.

Use dashboard variables for cross-region visualization.

Set thresholds based on baseline metrics and historical patterns.

Use composite alarms to combine multiple alarms with AND/OR logic.

Configure appropriate evaluation periods to reduce false positives.

Include context in alarm descriptions.

Use log groups to organize logs by application or service.

Set appropriate retention periods to balance cost and compliance.

Use metric filters to extract key metrics from logs.

Leverage log patterns to identify common issues.

Create service-specific dashboards for different teams.

Use consistent widget types and layouts.

Include both performance and availability metrics.

Regularly update thresholds based on changing requirements.

Use log group retention policies to automatically delete old logs.

Leverage CloudWatch Insights for one-time analysis rather than permanent metric collection.

Aggregate metrics at appropriate time intervals.

Monitor your API call usage.

---