Build Aiops with Amazon Q Developer Clie and MCP Server

nimda August 1, 2025

0 0 9 minutes read

Build Aiops with Amazon Q Developer Clie and MCP Server

Its groups face increasing challenges as they treat more difficult infrastructure and applications, usually spending many hours pointing to work, problem solving, and recycling. This active responsibility deviates the important technical resources from new medicines and strategic plans. The articulation of its transmission (AIOPS) reflects a variable solution, using AI to exchange the effective functioning of work, see anomomalies, and resolve events through a minimum human intervention. Organizations may prepare their active performance while storing safety as they treat their infrastructure and applications.

You can use the Amazon Q Developer ClickOCOL Protocol Protocol Protocol Protocol (MCP) to create powerful Aiops solutions that can reduce the manual effort through environmental teaming. Amazon Q developer can help developers and specialists with their many tasks – in the testing, testing and testing, for the application of the AWS, and construction of data engineering. The MCP extends these skills by enabling the Amazon Q to connect custom custom and services using a limited interface, allowing additional valid conversion.

In this post, we discuss how we can use the low-down unoos of anoops solution that helps, identify, and resolve work events while storing their safety events. We show how this technology is working together to perform repeated tasks, the response of functions, and improve your organization's performance throughout your organization.

This is the third post in a series of AIOPS using the products of AI generating AIs. See the following posts to build aiops using Amazon Bedrock and Amazon Q business:

Looking for everything

The MCP servers are acting as a universal connector of AI models, enabling them to contact foreign programs, buy live data, and are combined with various tools without seamless tools. This helps amazon strong with the more appropriate help by reaching the information you need in real time. The next design drawing shows how to use one configuration file, mcp.jsonTo stop the MCP servers in Amazon Q Developer CLI to connect to external programs.

The spending of the work contains the following steps:

User prepares the MCP client to Amazon Q Developer CLI using mcp.json file.
The user logs in the Amazon Q developer clli and asks work questions in natural language.
According to your question, the Amazon q decides which MCP servers are determined or tools available to request work.
The MCP server contacts the external third party for a live data used by the Amazon q to do the necessary work.

In this post, we show how to use Amazon Q Developer CDI to deal with the following operating problems:

Requirements

Complete these following requirements before starting Shortmen:

Prepare MCP in Amazon Q Developer CLI

MCP configuration in Amazon Q Developer CLI is managed with JSON files. You will prepare Amazon Bedrock Information of Rechieval Server for MCP. At the time of writing, only the improvement of the Amazon Q Developer CLI.

Amazon Q Developer CLI supports two MCP configuration levels:

World Configuration – Use ~/.aws/amazonq/mcp.json and it works in all facilities
The Configuration of Workplace – Use .amazonq/mcp.json and is specified in the current operating area

In this post, we use the configuration of the work area, but you have the option to use any of them.

Create a new working folder, and within that folder, create a file .amazonq/mcp.json For the following content:

{
  "mcpServers": {
    "awslabs.bedrock-kb-retrieval-mcp-server": {
      "command": "uvx",
      "args": ["awslabs.bedrock-kb-retrieval-mcp-server@latest"],
      "env": {
        "AWS_PROFILE": "your-profile-name ",
        "AWS_REGION": "your-region",
        "FASTMCP_LOG_LEVEL": "ERROR",
        "KB_INCLUSION_TAG_KEY": "name=aiops-knowledge-base",
        "BEDROCK_KB_RERANKING_ENABLED": "false"
      },
      "disabled": false,
      "autoApprove": []
    }  
  }
}

See the AWS MCP Servers Gitity GitChub Repository of the revised list of MCP servers available.

Open the terminal, navigate to the operating function folder, and run the following command to log in to Amazon Q Developer CLI:

Follow the login instructions in Zamon Q Developer in the command line.
Start the chat session with work q then run /tools To ensure that the Amazon Bedrock Informal Fourstrace Retraival MCP Server is configured.

Tools permission has two possible locations:

Reliable – Amazon q can use a tool without asking verification each time
Each request – Amazon q must request your verification each time before using the instrument

Automatically, this tool will not be honest.

Amazon Q Engineering CLI

5. Run /tools trust awslabsbedrock_kb_retrieval_mcp_server___QueryKnowledgeBases Trust the MCP server.

6. Run /tools dictates and confirming it.

Amazon Q Engineering CLI

Submit AWS services

Use the following AWS template for sending AWS services to use AWOPS. You can send this template to any us-east-1 either us-west-2 The AWS District. You can send to other regions by renewing my active IDs in the promise. This template will use two EC2 times and three buckets of S3.

This cloudformation template is only for demo intentions and have not intended for production use.

AWSTemplateFormatVersion: '2010-09-09'
Description: >-
  This template creates the necessary AWS resources which will be used to test AIOps using 
  Amazon Q Developer CLI with MCP server integration.
Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
      - Label:
          default: Network
        Parameters:
          - SecurityGroupIngressCidrIp
      - Label:
          default: General
        Parameters:
          - Prefix
    ParameterLabels:
      SecurityGroupIngressCidrIp:
        default: Security group ingress CIDR IP
Parameters:
  Prefix:
    Type: String
    Description: Unique name prefix for resources that are created by the stack.
    ConstraintDescription: >-
      must not start with a dash, and must only contain lowercase a-z, digits,
      and a dash.
    AllowedPattern: ^[a-z0-9][a-z0-9-]+$
    MinLength: 1
    MaxLength: 30
    Default: aiops-qdevcli
  SecurityGroupIngressCidrIp:
    Type: String
    Description: >-
      IPv4 address in CIDR format for allowed incoming traffic to the EC2 instance. Defaults to allowing all IPs.
    ConstraintDescription: >-
      must be in the form x.x.x.x/s, where x is 0-255, and s is 0-32.
    AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$
    Default: 0.0.0.0/0
Resources:
  # AIOps Amazon S3 bucket1
  AIOpsQDeveloperCliS3Bucket1:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: Private
      BucketName:
        Fn::Sub: ${Prefix}-bucket1-${AWS::AccountId}
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
  # AIOps Amazon S3 bucket2
  AIOpsQDeveloperCliS3Bucket2:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: Private
      BucketName:
        Fn::Sub: ${Prefix}-bucket2-${AWS::AccountId}
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
  # AIOps Amazon S3 bucket3
  AIOpsQDeveloperCliS3Bucket3:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: Private
      BucketName:
        Fn::Sub: ${Prefix}-bucket3-${AWS::AccountId}
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
  # AIOps Knowledgebase S3 bucket
  AIOpsQDeveloperKBS3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: Private
      BucketName:
        Fn::Sub: ${Prefix}-kb-${AWS::AccountId}
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
  # AIOps VPC resources
  AIOpsQDeveloperCliVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      Tags:
        - Key: Name
          Value: AIOpsQDeveloperCliVPC
  AIOpsQDeveloperCliSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      CidrBlock: 10.0.1.0/24
      VpcId:
        Ref: AIOpsQDeveloperCliVPC
      AvailabilityZone: !Select 
        - 0
        - !GetAZs 
          Ref: 'AWS::Region'
      Tags:
        - Key: Name
          Value: AIOpsQDeveloperCliSubnet1
  AIOpsQDeveloperCliSubnet2:
    Type: AWS::EC2::Subnet
    Properties:
      CidrBlock: 10.0.3.0/24
      VpcId:
        Ref: AIOpsQDeveloperCliVPC
      AvailabilityZone: !Select 
        - 1
        - !GetAZs 
          Ref: 'AWS::Region'
      Tags:
        - Key: Name
          Value: AIOpsQDeveloperCliSubnet2
  AIOpsQDeveloperIGW:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: AIOpsQDeveloperIGW
  AIOpsQDeveloperCliVPCGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId:
        Ref: AIOpsQDeveloperIGW
      VpcId:
        Ref: AIOpsQDeveloperCliVPC
  AIOpsQDeveloperCliRT:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId:
        Ref: AIOpsQDeveloperCliVPC
      Tags:
        - Key: Name
          Value: AIOpsQDeveloperCliRT
  AIOpsRoute:
    Type: AWS::EC2::Route
    DependsOn:
      - AIOpsQDeveloperCliVPCGatewayAttachment
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId:
        Ref: AIOpsQDeveloperIGW
      RouteTableId:
        Ref: AIOpsQDeveloperCliRT
  AIOpsQDeveloperCliSubnetRouteTableAssociation1:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId:
        Ref: AIOpsQDeveloperCliRT
      SubnetId:
        Ref: AIOpsQDeveloperCliSubnet1
  AIOpsQDeveloperCliSubnetRouteTableAssociation2:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId:
        Ref: AIOpsQDeveloperCliRT
      SubnetId:
        Ref: AIOpsQDeveloperCliSubnet2
  AIOpsQDeveloperCliSG1:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: >-
        Allows incoming traffic on port 5080 and denies all outgoing traffic.
      SecurityGroupEgress:
        - Description: Denies all outgoing traffic.
          IpProtocol: -1
          CidrIp: 0.0.0.0/32
      SecurityGroupIngress:
        - Description: Allows incoming TCP traffic on port 22.
          IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp:
            Ref: SecurityGroupIngressCidrIp        
      VpcId:
        Ref: AIOpsQDeveloperCliVPC
      Tags:
        - Key: Name
          Value: AIOpsQDeveloperCliSG1
  AIOpsQDeveloperCliSG2:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: >-
        Allows incoming traffic on port 5080 and denies all outgoing traffic.
      SecurityGroupEgress:
        - Description: Denies all outgoing traffic.
          IpProtocol: -1
          CidrIp: 0.0.0.0/32
      SecurityGroupIngress:
        - Description: Allows incoming TCP traffic on port 5080.
          IpProtocol: tcp
          FromPort: 5080
          ToPort: 5080
          CidrIp:
            Ref: SecurityGroupIngressCidrIp
        - Description: Allows incoming TCP traffic on port 22.
          IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp:
            Ref: SecurityGroupIngressCidrIp        
      VpcId:
        Ref: AIOpsQDeveloperCliVPC
      Tags:
        - Key: Name
          Value: AIOpsQDeveloperCliSG2
  EC2KeyPair:
    Type: AWS::EC2::KeyPair
    Properties:
      KeyName: 
        Fn::Sub: ${Prefix}-keypair-${AWS::AccountId}
  # EC2 instance to demo high CPU Utilization AIOps  
  EC2InstanceHighCPUUtilDemo:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.micro
      KeyName: !Ref EC2KeyPair      
      ImageId: !FindInMap [RegionMap, !Ref 'AWS::Region', AL2023]
      NetworkInterfaces:
        - AssociatePublicIpAddress: true
          DeviceIndex: 0
          SubnetId: !Ref AIOpsQDeveloperCliSubnet1
          GroupSet: 
            - !Ref AIOpsQDeveloperCliSG1
      Tags:
        - Key: Name
          Value:
            Fn::Sub: ${Prefix}-high-cpu-util
  # EC2 instance to demo unwanted open port detection AIOps  
  EC2InstanceOpenPortDemo:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.micro
      KeyName: !Ref EC2KeyPair      
      ImageId: !FindInMap [RegionMap, !Ref 'AWS::Region', AL2023]
      NetworkInterfaces:
        - AssociatePublicIpAddress: true
          DeviceIndex: 0
          SubnetId: !Ref AIOpsQDeveloperCliSubnet1
          GroupSet: 
            - !Ref AIOpsQDeveloperCliSG2
      Tags:
        - Key: Name
          Value:
            Fn::Sub: ${Prefix}-open-port-demo
  CPUUtilizationAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: 
        Fn::Sub: ${Prefix}-EC2-Instance-CPU-Utilization
      AlarmDescription: Alarm when server CPU exceeds 70%
      ComparisonOperator: GreaterThanThreshold
      EvaluationPeriods: 1
      MetricName: CPUUtilization
      Namespace: AWS/EC2
      Period: 60
      Statistic: Average
      Threshold: 70.0
      ActionsEnabled: false
      Dimensions:
        - Name: InstanceId
          Value: !Ref EC2InstanceHighCPUUtilDemo
      Unit: Percent
Mappings:
  RegionMap:
    us-east-1:
      AL2023: ami-085ad6ae776d8f09c
    us-west-2:
      AL2023: ami-0005ee01bca55ab66
Outputs:
  AIOpsQDeveloperCliS3Bucket1:
    Description: S3 bucket created for testing AIOps
    Value:
      Ref: AIOpsQDeveloperCliS3Bucket1
  AIOpsQDeveloperCliS3Bucket2:
    Description: S3 bucket created for testing AIOps
    Value:
      Ref: AIOpsQDeveloperCliS3Bucket2
  AIOpsQDeveloperCliS3Bucket3:
    Description: S3 bucket created for testing AIOps
    Value:
      Ref: AIOpsQDeveloperCliS3Bucket3
  AIOpsQDeveloperKBS3Bucket:
    Description: S3 bucket created for testing AIOps
    Value:
      Ref: AIOpsQDeveloperKBS3Bucket
  EC2InstanceHighCPUUtilDemo:
    Description: EC2 instance for testing AIOps
    Value:
      Ref: EC2InstanceHighCPUUtilDemo
  EC2InstanceOpenPortDemo:
    Description: EC2 instance for testing AIOps
    Value:
      Ref: EC2InstanceOpenPortDemo

Make sure the template sent two EC2 conditions, which are available Unbry the situation.

EC2 Console

In addition, make sure the template has created three S3 buckets in words aiops-qdevcli-bucketX- and one bucket with a word aiops-qdevcli- In your selected region.

S3 Console

Create Amazon Bedrock Information Base

Enter the RunBook at the top of the CPU high aiops-qdevcli- bucket. Create a bucket of the bucket, and notice the basic option ID to apply in the application of the first example.

Apply case 1: Point and redirect high CPU usage in the EC2 region

In this case of use, it launched CPU stress in one of EC2 positions and using Amazon Q Developer CLI to identify and repair.

In Amazon EC2 Console, Sign In to aiops-qdevcli-high-cpu-util For example using the EC2 Instance Connect.
Run the next command to install stress-ng:

sudo dnf install stress-ng

Run the following command to emphasize EC2 example in 1 hour:

stress-ng --cpu 1 --timeout 3600s

You have to wait about 10 minutes of Amazon Cloudwatch Alarm to get bank.

Return to Amazon EC2 console and check that aiops-qdevcli-high-cpu-util Example Now We Go In Alarm the situation.
From the Amazon Q Developer CLI, use environmental language question to look for functions in your account. Use a recent domain ID that you have stored in the previous section.

Amazon q Engineer CLI AutoCororts Mistakes meet while running instructions.

Watch the next video for more information.

Due to the natural FMS case of FMS, the answers you receive in Amazon Q Developer CLI may not be exactly the same as those displayed in the demo.

Apply trial 2: Identify and delete social access from S3 bucket

In this case of use, you will imitate the safety problem with the public access to one of the buckets and use Amazon Q Developer to identify and repair the problem.

On Amazon S3 Console, Open one of aiops-qdevcli-xxxx buckets, and Permissions tab, select Arrange and change Block all social access above Off.

S4-SEMO's Access to S3

Return to Amazon Q Developer CLI and ask questions about the environmental language to identify and repair the issue of app.

Watch the next video for more information.

Use Case 3: Identify and block the unwanted open port of unwanted connection in EC2

In this case of use, you will use Amazon Q Developer CLI to identify EC2 example with a direct port and close eThekwini.

In Amazon EC2 Console, note that aiops-qdevcli-open-port-demo For example we have port 5080 opening the middle connection of TCP. This is the unwanted security risk you want to get and remove it.

EC2 Console

Return to Amazon Q Developer CLI and use environmental language questions to identify EC2 example for Port 5080 Open and adjust the problem.

Watch the following video for details.

Clean

Proper AWS resources provided is a very important custom of expanding costs and improves security standing after concluding evidence of the concept and demonstrations. Complete the following steps to delete services from your AWS account:

In Amazon Bedrock Console, remove the Amazon Bedrock Information Base.
In Amazon S3 Console, take out aiops-qdevcli-kb-xxx bucket.
In AWS Cloud Cloudform Console, remove Cloudformation stack.

As a way, try the preceding steps using natural language questions in the Amazon Q developer CLI.

Finally, remove .amazonq/mcp.json File from your workout folder to remove MCP configuration of Amazon Q Developer CLI.

Store

In this case, we showed that Amazon Q Deventier CLI explains natural language questions, automatically converts them into appropriate commands, and points to the necessary execution instructions. Significant skills for analyzing flaws of remedy and makes automated repair, reducing hand intervention. By using Amazon Q Developer CLI, you can improve your team's performance, and manage people's mistakes by using a flexible interface. We encourage you to check some charges and share your answer with us. For more information about Amazon Q Developer CLI and AWS MCP servers, see the following resources:

About the authors

Briwanath Muherjee Is the construction of the highest remedies in Amazon Web Services. He works with large AWors of AWors by providing the technical guidance of the migration of the migration and their modern requests by AWS Cloud. For his widespread knowledge of the clouds and migration, partners and customers to improve new solutions that renew the skin, honesty and AW strength to meet their business needs. His technology is destroying different industries and applying cases, making customers open the full awspelling energy.

Pendra v Is the construction of the high resolutions of Amazon's web services, which take care of AI and cloud AI solutions. It helps the business customers to designate and submit the production of AI prepared, using large languages of Language (LLMS) and Agentic Ai programs, and performing cloud shipping. Strategic technology is the clouds and a mechanical learning, enables the organizations to build and measure effective apps.