Skip to content

feat(cloudwatch-mcp-server): Add Anomaly Detection Alarm recommendation to AWS CloudWatch MCP server #1454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

feat(cloudwatch-mcp-server): Add Anomaly Detection Alarm recommendation to AWS CloudWatch MCP server #1454

wants to merge 7 commits into from

Conversation

abarkley123
Copy link

feat(cloudwatch-mcp-server): Add Anomaly Detection Alarm recommendation to AWS CloudWatch MCP server

Summary

This PR enhances the CloudWatch MCP server with a new metric analysis tool, allowing customers to better understand their metrics. The existing alarm recommendation system leverages these new metric analysis capabilities, allowing the tool to provide CloudWatch Anomaly Detection Alarm recommendations. These Anomaly Detection alarm recommendations also come with CloudFormation templates to make customer's lives easier when onboarding.

Changes

This PR enhances the server with metric analysis tooling and enhanced alarm recommendation capabilities:

Architecture:

  • New analyze_metric tool added that performs metric analysis. The results identify a metric's trend, seasonality, data quality, and statistical measures.
  • Existing get_recommended_metric_alarms tool leverages analyze_metric tool to provide Anomaly Detection Alarm recommendations.

Anomaly Detection Alarm Recommendations:

  • Automatically recommends CloudWatch Anomaly Detection Alarms for metrics with strong seasonality
  • Generates CloudFormation templates for alarm deployment
  • Maintains backward compatibility with existing pre-baked recommendations. Existing recommendations are not overridden

Metric Analyser:

  • Built SeasonalDetector component using STL decomposition to detect multiple patterns (e.g. hourly, daily, weekly)
  • Implemented trend detection using Ordinary Least Squares (OLS) regression with statistical significance
    testing
  • Added data density analysis using metric period to assess metric publishing consistency and identify gaps
  • Calculated statistical measures using standard Python libraries including min/max, median, standard deviation, and
    coefficient of variation

CloudFormation Template Generation:

  • Generates valid CloudFormation YAML for Anomaly Detection Alarms based on the metric definition
  • Limited to Anomaly Detection Alarms in this PR; future PRs can extend template generation to static alarms.

User experience

Before this change:

  • Metric data could be retrieved via GetMetricData
  • Static Alarm recommendations could be generated for specific set of AWS Vended metrics
    • No recommendations for custom metrics
    • No recommendations suggesting Anomaly Detection Alarms

After this change:

  • Intelligent Metric Analysis: Users can analyze any CloudWatch metric to understand its behavior patterns, including:

    • Seasonality detection (identifies daily, weekly, or other periodic patterns)
    • Trend analysis (detects increasing, decreasing, or stable trends)
    • Data quality assessment (evaluates metric publishing consistency)
    • Statistical properties (min, max, median, standard deviation, coefficient of variation)

  • Metric characteristic based Alarm Recommendations: The server automatically recommends:

    • Backwards compatible: Static threshold alarms for a set of non-seasonal AWS Vended metrics
    • Anomaly Detection alarms for metrics with strong seasonal patterns, including custom metric
    • Context-aware alarm descriptions explaining the detected patterns

  • CloudFormation templates: Users receive:

    • Valid CloudFormation templates ready for deployment
    • Pre-configured anomaly detectors with optimised default settings
    • Alarms with appropriate evaluation periods and comparison operators

Example workflow (backwards compatible):

  1. User requests analysis of an AWS vended metric: analyze_metric for AWS/DynamoDB/UserErrors
  2. Server matches metric namespace and dimensions to existing recommendation
  3. Server recommends static alarm, with threshold guidance:
  • Set the threshold according to the expected write traffic for the DynamoDB table

Example workflow:

  1. User requests analysis of a custom metric: analyze_metric for CustomNamespace/MCP/NewMetric
  2. Server detects weekly seasonality pattern with high confidence, trend, statistical measures etc.
  3. User requests alarm generation: get_recommended_metric_alarms for AWS/EC2/CPUUtilization
  4. Server recommends CloudWatch Anomaly Detection alarm based on the weekly seasonality pattern
  5. User receives CloudFormation template ready to deploy
  6. Alarm automatically adapts to metric's seasonal behavior

Checklist

  • I have reviewed the contributing guidelines
  • I have performed a self-review of this change
  • Changes have been tested (277 tests passing, 115+ new tests added)
  • Changes are documented

Is this a breaking change? N

The changes maintain backward compatibility. All existing CloudWatch MCP server functionality remains unchanged. New analysis and recommendation capabilities are additive enhancements.

RFC issue number: 1453

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.

feat: add comprehensive CloudWatch metric analysis with anomaly detec…
ea2ca6a 
…tion alarm recommendations

- Add MetricAnalyzer with seasonal pattern detection using FFT analysis
- Add SeasonalDetector supporting hourly, daily, weekly patterns
- Add comprehensive metric analysis including trend, seasonality, and data quality
- Generate anomaly detection alarms for seasonal metrics automatically
- Fix early return issue for custom metrics without metadata
- Fix trend detection bug for flat metrics (zero std deviation)
- Add CloudFormation templates and CLI commands for alarm deployment
- Add comprehensive test coverage with strengthened assertions
- Support both existing metadata recommendations and dynamic analysis

SIM: https://i.amazon.com/CWP-13586
cr: https://code.amazon.com/reviews/CR-223169200
@abarkley123 abarkley123 force-pushed the cloudwatch-metric-analysis-enhanced branch from 1b5a74c to f6f39bc Compare October 6, 2025 17:09
@abarkley123 abarkley123 marked this pull request as ready for review October 6, 2025 17:12
gcacace
gcacace requested changes Oct 6, 2025
View reviewed changes
refactor: replace Jinja2 with Python dict approach for CloudFormation…
00155e1 
… template generation, add input validation, improve naming conventions, and reorganize constants
gcacace
gcacace requested changes Oct 10, 2025
View reviewed changes
goranmod
goranmod reviewed Oct 10, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shri-tambe shri-tambe Awaiting requested review from shri-tambe shri-tambe is a code owner

@agiuliano agiuliano Awaiting requested review from agiuliano agiuliano is a code owner

@gcacace gcacace Awaiting requested review from gcacace gcacace is a code owner

@goranmod goranmod Awaiting requested review from goranmod goranmod is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

awslabs/mcp Project
Status: To triage

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@abarkley123 @gcacace @goranmod