feat: add observability (APPLICATION_LOGS + USAGE_LOGS + X-Ray + Identity) to MCP server runtimes (#83)#86
Open
sdlc-ai-developer[bot] wants to merge 1 commit into
Open
feat: add observability (APPLICATION_LOGS + USAGE_LOGS + X-Ray + Identity) to MCP server runtimes (#83)#86sdlc-ai-developer[bot] wants to merge 1 commit into
sdlc-ai-developer[bot] wants to merge 1 commit into
Conversation
8 tasks
|
ASH Security Scan | Commit: ASH Security Scan Report
Scan Metadata
SummaryScanner ResultsThe table below shows findings by scanner, with status based on severity thresholds and dependencies:
Report generated by Automated Security Helper (ASH) at 2026-06-08T20:48:15+00:00 |
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Extends the
RuntimeObservabilityconstruct (introduced in PR #80 for the coding assistant) to all MCP server runtimes — source-control, project-management, and every developer MCP server. Each MCP runtime now gets the same 5 delivery pipelines: Runtime APPLICATION_LOGS + USAGE_LOGS + X-Ray TRACES, and Identity APPLICATION_LOGS + TRACES.Why
Closes #83
How
lib/constructs/runtime/mcp-server.ts: added the two IAM statements the vended-log delivery pipeline requires on the runtime execution role —bedrock-agentcore:AllowVendedLogDeliveryForResourceandcloudwatch:PutMetricData(scoped to thebedrock-agentcorenamespace), mirroring the coding-assistant construct. The existingAwsSolutions-IAM5suppression reason was updated to cover AgentCore observability.runtimeIdwas already exposed by the construct, so no change was needed there.lib/nested/source-control-stack.tsandlib/nested/project-management-stack.ts: instantiateRuntimeObservabilityafter theMcpServer, withlogRetentionDays: 30andenableIdentityLogsleft at its default (true) — matching the assistant stack.lib/nested/developer-mcp-stack.ts: instantiateRuntimeObservabilityonce per server inside the existing loop, with a unique construct id per server (Observability+ server name).The shared Identity log group is created idempotently by the existing custom-resource Lambda, so multiple runtimes deploying the construct do not conflict. Delivery source/destination names stay within the 60-char limit (runtimeId truncated to 49 chars + suffix).
Testing
npx cdk synth --quietpasses (no TypeScript or cdk-nag errors).npm testpasses.🤖 Generated with Claude Code