prometheus-remote-mcp-CDK
Verified Safeby MohamedSherifAbdelsamiea
Overview
Serves Prometheus Model Context Protocol (MCP) data via AWS Lambda and API Gateway with Cognito authentication for querying Amazon Managed Prometheus.
Installation
python -m mcp.cli run awslabs.prometheus_mcp_server.server:mcp_server --host 0.0.0.0 --port 8000Environment Variables
- AMP_WORKSPACE_ARN
- PROMETHEUS_ENDPOINT
- AWS_DEFAULT_REGION
- AWS_PROFILE
- USER_POOL_ID
Security Notes
The architecture utilizes AWS Lambda, API Gateway, and Cognito, which are robust AWS services for security. JWT validation is handled by a dedicated Lambda authorizer. The core MCP Lambda processes requests using pydantic models, reducing common injection vulnerabilities. The primary security concern is the `update-mcp-config-cloudshell.sh` script, which retrieves and writes `CLIENT_SECRET` to a local `mcp-server-config.json` file. While intended for secure setup in CloudShell, this file needs to be securely managed and ideally deleted post-configuration to prevent exposure of credentials if the deployment environment is compromised. No direct 'eval' or obvious malicious patterns were found in the application logic; `jq` is used for safe JSON manipulation in scripts. IAM roles for Lambda accessing AMP are assumed to be properly configured by the CDK.
Similar Servers
prometheus-mcp-server
A Model Context Protocol (MCP) server that enables AI assistants to query and analyze Prometheus metrics for monitoring and insights.
prometheus-mcp-server
Serves as an MCP (Model Context Protocol) gateway, enabling Large Language Models (LLMs) to interact with and analyze a running Prometheus instance through its API.
alertmanager-mcp-server
Enables AI assistants and tools to query and manage Prometheus Alertmanager resources programmatically and securely.
prometheus-mcp
A Model Context Protocol (MCP) server that enables AI agents and CLI users to query and discover metrics from Prometheus, with built-in features like retries, caching, and an optional metrics exporter.