AWS Observability MCP Server
A Model Context Protocol server that gives AI agents safe access to AWS CloudWatch, secured with Cognito OAuth 2.0 and JWT validation.
AI agents needed access to AWS observability data. Exposing CloudWatch to an LLM without identity and scoping is a security risk.
An MCP server built with FastMCP that puts CloudWatch tooling behind Amazon Cognito OAuth 2.0 and JWT validation, so agents get scoped, auditable access.
A reusable observability surface for agents that is authenticated, scoped, and safe to put in front of an autonomous system.
Why MCP
The Model Context Protocol gives agents a standard way to call tools. Wrapping CloudWatch as an MCP server makes observability a swappable capability instead of custom glue.
Security model
Cognito issues OAuth 2.0 tokens, and the server validates the JWT on every call before it runs a CloudWatch query. Access is tied to an identity and logged.