CloudWatch Integration
The CloudWatch integration connects MCP Express to Amazon CloudWatch Logs Insights so tools can execute scoped log queries through consistent JSON-RPC contracts. It supports static and templated query inputs while preserving operational controls for production workloads.
Capabilities
- Logs Insights Query Execution: Run CloudWatch Logs Insights queries against approved log groups and time windows.
- Templated Runtime Inputs: Parameterize Log Group, Start Time, End Time, and Query fields with validated
{{ }}variables. - Cost-Aware Query Controls: Bound result volume with query limits and constrained time ranges.
- Secure AWS Access: Authenticate with AWS Access Key and AWS Secret Key stored through protected integration credentials.
Technical Resources
Use the following modules to configure connection details, tool behavior, and security patterns for CloudWatch.
📄️ Integration
Configure CloudWatch connectivity so MCP Express can perform a secure handshake with AWS and validate runtime query execution settings. This process establishes authenticated access to log data while keeping query scope explicit.
📄️ Configuration
Configuration maps CloudWatch query behavior into callable MCP tools so runtime prompts produce validated, bounded log operations. In this step, you configure only the Logs Insights Query field; Region, credentials, Log Group, Start Time, and End Time are defined in the Integration setup.
📄️ Security and Patterns
Use these controls to run CloudWatch-backed MCP tools safely in production. The goal is to preserve read-only observability access, bounded query behavior, and consistent governance over log data exposure.