aws-samples/sample-cfm-tips-mcp
3.5
If you are the rightful owner of sample-cfm-tips-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.
A comprehensive Model Context Protocol (MCP) server for AWS cost analysis and optimization recommendations, designed to work seamlessly with Amazon Q CLI and other MCP-compatible clients.
Tools
5
Resources
0
Prompts
0
CFM Tips - Cost Optimization MCP Server
A comprehensive Model Context Protocol (MCP) server for AWS cost analysis and optimization recommendations, designed to work seamlessly with Kiro CLI and other MCP-compatible clients.
✅ Features
Core AWS Services Integration
- Cost Explorer - Retrieve cost data and usage metrics
- Cost Optimization Hub - Get AWS cost optimization recommendations
- Compute Optimizer - Right-sizing recommendations for compute resources
- Trusted Advisor - Cost optimization checks and recommendations
- Performance Insights - RDS performance metrics and analysis
Cost Optimization Playbooks
- 🔧 EC2 Right Sizing - Identify underutilized EC2 instances with 12 specialized analysis tools
- 💾 EBS Optimization - Find unused and underutilized volumes
- 🗄️ RDS Optimization - Identify idle and underutilized databases
- ⚡ Lambda Optimization - Find overprovisioned and unused functions
- 🪣 S3 Optimization - Comprehensive S3 cost analysis and storage class optimization with 11 specialized tools
- 📋 CloudTrail Optimization - Analyze and optimize CloudTrail configurations
- 📊 CloudWatch Optimization - Optimize monitoring costs across logs, metrics, alarms, and dashboards
- 💰 Database Savings Plans - Analyze and optimize database commitment plans for Aurora, RDS, DynamoDB, and more
- 🌐 NAT Gateway Optimization - Identify underutilized, redundant, and unused NAT Gateways
- 📈 Comprehensive Analysis - Multi-service cost analysis
Advanced Features
- Real CloudWatch Metrics - Uses actual AWS metrics for analysis
- Multiple Output Formats - JSON and Markdown report generation
- Cost Calculations - Estimated savings and cost breakdowns
- Actionable Recommendations - Priority-based optimization suggestions
📁 Project Structure
sample-cfm-tips-mcp/
├── playbooks/ # CFM Tips optimization playbooks engine
│ ├── ec2/ # EC2 optimization with 12 specialized tools
│ │ └── ec2_optimization.py # EC2 right-sizing and comprehensive analysis
│ ├── ebs/ # EBS volume optimization
│ │ └── ebs_optimization.py # EBS volume optimization playbook
│ ├── rds/ # RDS database optimization
│ │ ├── rds_optimization.py # RDS database optimization playbook
│ │ └── database_savings_plans.py # Database Savings Plans analysis
│ ├── aws_lambda/ # Lambda function optimization
│ │ └── lambda_optimization.py # Lambda function optimization playbook
│ ├── s3/ # S3 storage optimization with 11 tools
│ │ └── s3_optimization_orchestrator.py # S3 cost optimization orchestrator
│ ├── cloudtrail/ # CloudTrail optimization
│ │ └── cloudtrail_optimization.py # CloudTrail optimization playbook
│ ├── cloudwatch/ # CloudWatch optimization with 8 tools
│ │ └── cloudwatch_optimization.py # CloudWatch cost optimization playbook
│ ├── nat_gateway/ # NAT Gateway optimization
│ │ └── nat_gateway_optimization.py # NAT Gateway optimization playbook
│ └── comprehensive_optimization.py # Multi-service analysis
├── services/ # AWS Services as datasources for the cost optimization
│ ├── s3_service.py # S3 API interactions and metrics
│ ├── s3_pricing.py # S3 pricing calculations and cost modeling
│ ├── cost_explorer.py # Cost Explorer API integration
│ ├── compute_optimizer.py # Compute Optimizer API integration
│ └── optimization_hub.py # Cost Optimization Hub integration
├── utils/ # Cross-cutting utilities and analyzers
│ ├── analyzers/ # Analysis engines for different optimization types
│ ├── logging_config.py # Centralized logging configuration
│ ├── session_manager.py # Session management for analysis results
│ └── parallel_executor.py # Parallel execution utilities
├── mcp_server_with_runbooks.py # Main MCP server with 50+ tools
├── runbook_functions.py # NAT Gateway and additional optimization functions
├── mcp_runbooks.json # Template file for MCP configuration file
├── requirements.txt # Python dependencies
├── tests/ # Comprehensive test suite
├── diagnose_cost_optimization_hub_v2.py # Diagnostic utilities
├── RUNBOOKS_GUIDE.md # Detailed usage guide
└── README.md # Project ReadMe
🔐 Security and Permissions - Least Privileges
Security Best Practices
The CFM Tips MCP server follows AWS security best practices and requires only read-only permissions. Here are the key security principles:
Core Security Principles
- Read-Only Access: All operations are read-only - no create, update, or delete permissions
- Least Privilege: Grant only the minimum permissions required for cost analysis
- No Resource Modification: The tool cannot modify, terminate, or create AWS resources
- Audit Trail: All API calls are logged via CloudTrail for security monitoring
- Credential Security: Supports multiple secure credential methods (IAM roles, profiles, etc.)
Recommended Security Setup
1. Create Dedicated IAM Role (Recommended)
# Create a dedicated role for CFM Tips
aws iam create-role --role-name CFMTipsCostAnalysis --assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::YOUR-ACCOUNT-ID:user/YOUR-USERNAME"
},
"Action": "sts:AssumeRole"
}
]
}'
# Attach the CFM Tips policies to the role
aws iam attach-role-policy --role-name CFMTipsCostAnalysis --policy-arn arn:aws:iam::YOUR-ACCOUNT-ID:policy/CFMTipsComprehensiveReadOnly
2. Enable CloudTrail Monitoring
# Ensure CloudTrail is enabled for API monitoring
aws cloudtrail describe-trails --query 'trailList[*].[Name,IsLogging]'
# Create CloudTrail if not exists
aws cloudtrail create-trail --name cfm-tips-audit --s3-bucket-name your-cloudtrail-bucket
aws cloudtrail start-logging --name cfm-tips-audit
3. Use IAM Profiles (Alternative)
# Create AWS CLI profile for CFM Tips
aws configure --profile cfm-tips
export AWS_PROFILE=cfm-tips
Security Validation
Verify Read-Only Access
# Test that no write operations are possible
aws iam simulate-principal-policy \
--policy-source-arn arn:aws:iam::YOUR-ACCOUNT-ID:role/CFMTipsCostAnalysis \
--action-names ec2:TerminateInstances s3:DeleteBucket rds:DeleteDBInstance \
--resource-arns "*"
# Should return "implicitDeny" for all write operations
Monitor API Usage
# Monitor CFM Tips API calls via CloudTrail
aws logs filter-log-events \
--log-group-name CloudTrail/CFMTips \
--start-time $(date -d '1 hour ago' +%s)000 \
--filter-pattern "{ $.userIdentity.type = \"AssumedRole\" && $.userIdentity.arn = \"*CFMTipsCostAnalysis*\" }"
Network Security
VPC Endpoint Configuration (Optional) For enhanced security in private networks:
# Create VPC endpoints for AWS services (optional)
aws ec2 create-vpc-endpoint \
--vpc-id vpc-12345678 \
--service-name com.amazonaws.us-east-1.cost-optimization-hub \
--route-table-ids rtb-12345678
Firewall Rules
# Required outbound HTTPS access to AWS APIs
# Allow outbound to: *.amazonaws.com on port 443
# No inbound connections required
Credential Management
Environment Variables (Development)
export AWS_ACCESS_KEY_ID=AKIA...
export AWS_SECRET_ACCESS_KEY=...
export AWS_DEFAULT_REGION=us-east-1
IAM Role (Production - Recommended)
# No credentials needed when running on EC2/ECS/Lambda with IAM role
# Role automatically provides temporary credentials
AWS CLI Profile (Multi-Account)
# ~/.aws/config
[profile cfm-tips-prod]
role_arn = arn:aws:iam::PROD-ACCOUNT:role/CFMTipsCostAnalysis
source_profile = default
[profile cfm-tips-dev]
role_arn = arn:aws:iam::DEV-ACCOUNT:role/CFMTipsCostAnalysis
source_profile = default
Service-Specific Security Notes
Cost Optimization Hub
- Requires enrollment in AWS Cost Optimization Hub
- No additional security considerations beyond IAM permissions
Trusted Advisor
- Requires Business or Enterprise support plan
- Some checks may require additional permissions
Performance Insights
- Must be enabled on RDS instances
- Provides database performance metrics (no sensitive data)
S3 Analysis
- Only accesses bucket metadata and configuration
- Does not read object contents or data
- Respects bucket policies and ACLs
Compliance Considerations
Data Privacy
- Tool analyzes only AWS service metadata and metrics
- No application data or user content is accessed
- All analysis is based on AWS service configurations and usage patterns
Audit Requirements
- All API calls are logged via CloudTrail
- Tool provides detailed logging of all operations
- Supports compliance reporting through AWS Config integration
Multi-Account Security
# For cross-account analysis, use cross-account roles
aws iam create-role --role-name CFMTipsCrossAccountRole --assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::MANAGEMENT-ACCOUNT:role/CFMTipsCostAnalysis"
},
"Action": "sts:AssumeRole"
}
]
}'
IAM Policy Requirements
The CFM Tips MCP server requires comprehensive read-only permissions across multiple AWS services. Below are the complete IAM policies needed:
Core Cost Optimization Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CostAnalysisServices",
"Effect": "Allow",
"Action": [
"cost-optimization-hub:ListEnrollmentStatuses",
"cost-optimization-hub:ListRecommendations",
"cost-optimization-hub:GetRecommendation",
"cost-optimization-hub:ListRecommendationSummaries",
"ce:GetCostAndUsage",
"ce:GetCostForecast",
"ce:GetUsageReport",
"ce:GetCostCategories",
"compute-optimizer:GetEC2InstanceRecommendations",
"compute-optimizer:GetEBSVolumeRecommendations",
"compute-optimizer:GetLambdaFunctionRecommendations",
"compute-optimizer:GetAutoScalingGroupRecommendations",
"compute-optimizer:GetECSServiceRecommendations",
"support:DescribeTrustedAdvisorChecks",
"support:DescribeTrustedAdvisorCheckResult",
"pricing:GetProducts",
"pricing:DescribeServices",
"pricing:GetAttributeValues"
],
"Resource": "*"
}
]
}
EC2 and Network Optimization Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EC2AndNetworkAnalysis",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstanceStatus",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"ec2:DescribeImages",
"ec2:DescribeAddresses",
"ec2:DescribeNatGateways",
"ec2:DescribeRouteTables",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeReservedInstances",
"ec2:DescribeReservedInstancesOfferings",
"ec2:DescribeCapacityReservations",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSpotPriceHistory",
"ec2:GetEbsEncryptionByDefault",
"ec2:GetEbsDefaultKmsKeyId"
],
"Resource": "*"
}
]
}
Storage and Database Services Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "StorageAndDatabaseAnalysis",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListObjectsV2",
"s3:GetBucketLocation",
"s3:GetBucketVersioning",
"s3:GetBucketLifecycleConfiguration",
"s3:GetBucketNotification",
"s3:GetBucketTagging",
"s3:GetBucketPolicy",
"s3:GetBucketAcl",
"s3:GetBucketEncryption",
"s3:ListMultipartUploads",
"s3:GetStorageLensConfiguration",
"s3:GetAnalyticsConfiguration",
"s3:GetInventoryConfiguration",
"rds:DescribeDBInstances",
"rds:DescribeDBClusters",
"rds:DescribeDBSnapshots",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeReservedDBInstances",
"rds:DescribeReservedDBInstancesOfferings",
"pi:GetResourceMetrics",
"pi:DescribeDimensionKeys",
"pi:GetDimensionKeyDetails"
],
"Resource": "*"
}
]
}
Lambda and CloudWatch Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "LambdaAndMonitoringAnalysis",
"Effect": "Allow",
"Action": [
"lambda:ListFunctions",
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:ListTags",
"cloudwatch:GetMetricStatistics",
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetDashboard",
"cloudwatch:ListDashboards",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:DescribeMetricFilters",
"logs:DescribeRetentionPolicy",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudtrail:GetEventSelectors",
"cloudtrail:LookupEvents"
],
"Resource": "*"
}
]
}
Consolidated Single Policy (Alternative)
For simplified management, you can use this single comprehensive policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CFMTipsComprehensiveReadOnly",
"Effect": "Allow",
"Action": [
"cost-optimization-hub:*",
"ce:Get*",
"ce:List*",
"compute-optimizer:Get*",
"support:DescribeTrustedAdvisor*",
"pricing:*",
"ec2:Describe*",
"ec2:Get*",
"s3:List*",
"s3:Get*",
"rds:Describe*",
"lambda:List*",
"lambda:Get*",
"cloudwatch:Get*",
"cloudwatch:List*",
"cloudwatch:Describe*",
"logs:Describe*",
"pi:Get*",
"pi:Describe*",
"cloudtrail:Describe*",
"cloudtrail:Get*",
"cloudtrail:LookupEvents"
],
"Resource": "*"
}
]
}
🛠️ Installation
System Requirements
Minimum Requirements
- Operating System: Linux, macOS, or Windows 10/11
- Python: 3.11+ recommended for best performance
- Network: Outbound HTTPS access to AWS APIs (*.amazonaws.com:443)
Python Dependencies
# Core dependencies (automatically installed)
boto3>=1.28.0 # AWS SDK
botocore>=1.31.0 # AWS core library
mcp>=0.1.0 # Model Context Protocol
asyncio # Async support (built-in)
json # JSON handling (built-in)
logging # Logging (built-in)
Quick Start
1. Clone and Setup
# Clone the repository
git clone https://github.com/aws-samples/sample-cfm-tips-mcp.git
cd sample-cfm-tips-mcp
# Install dependencies
pip install -r requirements.txt
2. AWS Configuration
Choose one of the following methods:
Option A: AWS CLI Configuration
aws configure
# Enter your AWS Access Key ID, Secret Access Key, and default region
Option B: Environment Variables
export AWS_ACCESS_KEY_ID=your_access_key
export AWS_SECRET_ACCESS_KEY=your_secret_key
export AWS_DEFAULT_REGION=us-east-1
Option C: IAM Role (for EC2/ECS/Lambda)
# No additional configuration needed if running on AWS compute with IAM role
3. Apply IAM Permissions
Create and attach the IAM policies from the Security section above to your AWS user or role.
4. Install MCP Configuration
python3 setup.py
Integration Options
Option 1: Kiro CLI Integration
# Start Kiro CLI chat
kiro-cli chat
# Example queries
"Show me cost optimization recommendations"
"Analyze my EC2 instances for right-sizing opportunities"
Option 2: Kiro IDE Integration
- Open Kiro IDE or Kiro Developer Plugin
- Navigate to Chat → 🛠️ Configure MCP Servers → ➕ Add new MCP
- Use the following configuration:
- Scope: Global - Name: cfm-tips - Transport: stdio - Command: python3 - Arguments: /full/path/to/cfm-tips-mcp/mcp_server_with_runbooks.py - Timeout: 60
🔧 Available Tools
Cost Analysis Tools
get_cost_explorer_data- Retrieve AWS cost and usage datalist_coh_enrollment- Check Cost Optimization Hub enrollmentget_coh_recommendations- Get cost optimization recommendationsget_coh_summaries- Get recommendation summariesget_compute_optimizer_recommendations- Get compute optimization recommendations
EC2 Optimization
ec2_rightsizing- Analyze EC2 instances for right-sizing opportunitiesec2_report- Generate detailed EC2 optimization reportsec2_stopped_instances- Identify stopped instances that could be terminatedec2_unattached_eips- Identify unattached Elastic IP addressesec2_old_generation- Identify old generation instances for upgradeec2_detailed_monitoring- Find instances without detailed monitoring enabledec2_graviton_compatible- Identify instances compatible with Graviton processorsec2_burstable_analysis- Analyze burstable instances for credit usage optimizationec2_spot_opportunities- Identify instances suitable for Spot pricingec2_unused_reservations- Identify unused On-Demand Capacity Reservationsec2_scheduling_opportunities- Find instances suitable for scheduling optimizationec2_commitment_plans- Analyze Reserved Instance and Savings Plans opportunitiesec2_governance_violations- Detect governance violations and policy non-complianceec2_comprehensive_report- Generate comprehensive EC2 optimization reports
EBS Optimization
ebs_optimization- Analyze EBS volumes for optimizationebs_unused- Identify unused EBS volumesebs_report- Generate EBS optimization reports
RDS Optimization
rds_optimization- Analyze RDS instances for optimizationrds_idle- Identify idle RDS instancesrds_report- Generate RDS optimization reports
Lambda Optimization
lambda_optimization- Analyze Lambda functions for optimizationlambda_unused- Identify unused Lambda functionslambda_report- Generate Lambda optimization reports
S3 Optimization
s3_general_spend_analysis- Analyze overall S3 spending patterns and usages3_storage_class_selection- Get guidance on choosing cost-effective storage classess3_storage_class_validation- Validate existing data storage class appropriatenesss3_archive_optimization- Identify and optimize long-term archive data storages3_api_cost_minimization- Minimize S3 API request charges through optimizations3_multipart_cleanup- Identify and clean up incomplete multipart uploadss3_governance_check- Implement S3 cost controls and governance compliances3_comprehensive_analysis- Run comprehensive S3 cost optimization analysiss3_comprehensive_optimization_tool- Unified comprehensive S3 optimization with parallel executions3_quick_analysis- Fast 30-second analysis for spending overview and quick winss3_bucket_analysis- Analyze specific S3 buckets for optimization opportunities
CloudTrail Optimization
get_management_trails- Get CloudTrail management trailsrun_cloudtrail_trails_analysis- Run CloudTrail trails analysis for optimizationgenerate_cloudtrail_report- Generate CloudTrail optimization reports
CloudWatch Optimization
cloudwatch_general_spend_analysis- Analyze CloudWatch spending patterns across logs, metrics, alarms, and dashboardscloudwatch_metrics_optimization- Identify custom metrics cost optimization opportunitiescloudwatch_logs_optimization- Optimize log retention and ingestion costscloudwatch_alarms_and_dashboards_optimization- Improve monitoring efficiency and reduce alarm costscloudwatch_comprehensive_optimization_tool- Run comprehensive CloudWatch analysis with intelligent orchestrationquery_cloudwatch_analysis_results- Query stored CloudWatch analysis results using SQLvalidate_cloudwatch_cost_preferences- Validate cost preferences and get functionality coverage estimatesget_cloudwatch_cost_estimate- Get detailed cost estimates for CloudWatch optimization analysis
Database Savings Plans
database_savings_plans_analysis- Comprehensive analysis for Aurora, RDS, DynamoDB, ElastiCache, DocumentDB, Neptune, Keyspaces, Timestream, and DMSdatabase_savings_plans_purchase_analyzer- Model custom commitment scenarios with user-specified hourly amountsdatabase_savings_plans_existing_analysis- Analyze existing Database Savings Plans utilization and coverage
NAT Gateway Optimization
nat_gateway_optimization- Comprehensive NAT Gateway optimization analysis for underutilized, redundant, and unused gatewaysnat_gateway_underutilized- Identify underutilized NAT Gateways based on data transfer metricsnat_gateway_redundant- Find potentially redundant NAT Gateways in the same availability zonenat_gateway_unused- Identify NAT Gateways not referenced by any route tables
Comprehensive Analysis
comprehensive_analysis- Multi-service cost analysis
Additional Tools
get_trusted_advisor_checks- Get Trusted Advisor recommendationsget_performance_insights_metrics- Get RDS Performance Insights data
📊 Example Usage
Basic Cost Analysis
"Get my AWS costs for the last month"
"Show me cost optimization recommendations"
"What are my biggest cost drivers?"
Resource Optimization
"Find underutilized EC2 instances in us-east-1"
"Show me unused EBS volumes that I can delete"
"Identify idle RDS databases"
"Find unused Lambda functions"
"Analyze my S3 storage costs and recommend optimizations"
"Find incomplete multipart uploads in my S3 buckets"
"Recommend the best S3 storage class for my data"
"Identify stopped EC2 instances I can terminate"
"Find unattached Elastic IP addresses"
"Show me old generation instances that need upgrading"
"Identify instances compatible with Graviton processors"
"Find opportunities for EC2 Spot pricing"
"Analyze my NAT Gateway utilization and costs"
"Identify redundant NAT Gateways in my VPC"
CloudWatch and Monitoring Optimization
"Analyze my CloudWatch spending and identify cost optimization opportunities"
"Find expensive custom metrics I can optimize"
"Optimize my CloudWatch log retention policies"
"Identify unused or inefficient CloudWatch alarms"
"Run comprehensive CloudWatch cost analysis"
"Show me CloudWatch cost estimates for different optimization scenarios"
Database Cost Optimization
"Analyze my database costs for Savings Plans opportunities"
"Model a $10/hour Database Savings Plans commitment"
"Review my existing Database Savings Plans utilization"
"Find cost optimization opportunities for Aurora and RDS instances"
"Analyze DynamoDB and ElastiCache costs for commitment plans"
Report Generation
"Generate a comprehensive cost optimization report"
"Create an EC2 right-sizing report in PDF format"
"Generate an EBS optimization report with cost savings"
Multi-Service Analysis
"Run comprehensive cost analysis for all services in us-east-1"
"Analyze my AWS infrastructure for cost optimization opportunities"
"Show me immediate cost savings opportunities"
"Generate a comprehensive S3 optimization report"
"Analyze my S3 spending patterns and storage class efficiency"
"Run quick analysis to identify top cost optimization opportunities"
"Perform comprehensive CloudWatch optimization analysis"
"Analyze my network costs and NAT Gateway efficiency"
"Generate comprehensive EC2 optimization report covering all playbooks"
🔍 Troubleshooting
Installation Issues
Python Version Compatibility
# Check Python version
python3 --version
# If Python 3.11+ not available, install via package manager
# macOS with Homebrew:
brew install python@3.11
# Ubuntu/Debian:
sudo apt update && sudo apt install python3.11 python3.11-venv
# CentOS/RHEL:
sudo yum install python3.11
Dependency Installation Failures
# Upgrade pip first
python3 -m pip install --upgrade pip
# Install with verbose output for debugging
pip install -r requirements.txt -v
# If specific packages fail, install individually
pip install boto3 botocore mcp
# For M1/M2 Macs with architecture issues:
pip install --no-binary :all: boto3
AWS Configuration Issues
Credentials Not Found
# Verify AWS credentials are configured
aws sts get-caller-identity
# If credentials missing, configure them:
aws configure
# Or check environment variables:
echo $AWS_ACCESS_KEY_ID
echo $AWS_SECRET_ACCESS_KEY
echo $AWS_DEFAULT_REGION
Region Configuration Problems
# Check current region
aws configure get region
# Set region if not configured
aws configure set region us-east-1
# Or use environment variable
export AWS_DEFAULT_REGION=us-east-1
IAM Permission Errors
# Test specific permissions
aws cost-optimization-hub list-enrollment-statuses
aws ce get-cost-and-usage --time-period Start=2024-01-01,End=2024-01-02 --granularity MONTHLY --metrics BlendedCost
# Common permission error solutions:
# 1. Ensure IAM policies are attached to correct user/role
# 2. Wait 5-10 minutes for IAM changes to propagate
# 3. Check if Cost Optimization Hub is enabled in AWS Console
Service-Specific Issues
Cost Optimization Hub Not Working
# Run diagnostic script
python3 diagnose_cost_optimization_hub_v2.py
# Enable Cost Optimization Hub in AWS Console:
# 1. Go to AWS Cost Management Console
# 2. Navigate to Cost Optimization Hub
# 3. Click "Get Started" and enable the service
No CloudWatch Metrics Found
# Verify CloudWatch is enabled and has data
aws cloudwatch list-metrics --namespace AWS/EC2
# Common issues:
# - Resources must run for 14+ days to have sufficient metrics
# - Detailed monitoring must be enabled for some metrics
# - Check correct region is being analyzed
S3 Analysis Failures
# Test S3 permissions
aws s3 ls
# Common S3 issues:
# - Bucket policies may restrict access
# - Cross-region bucket access requires proper permissions
# - Large buckets may timeout - use bucket-specific analysis
RDS Performance Insights Errors
# Verify Performance Insights is enabled
aws rds describe-db-instances --query 'DBInstances[*].[DBInstanceIdentifier,PerformanceInsightsEnabled]'
# Enable Performance Insights in RDS Console if needed
MCP Integration Issues
Kiro IDE Connection Problems
# Test MCP server directly
python3 mcp_server_with_runbooks.py
# Check MCP configuration file
cat ~/.kiro/settings/mcp.json
# Verify correct path in Kiro configuration
which python3
pwd # Note full path to mcp_server_with_runbooks.py
Kiro CLI Issues
# Verify Kiro CLI MCP configuration
cat ~/.kiro/settings/mcp.json
kiro-cli --version
Performance Issues
Slow Analysis Performance
# Reduce analysis scope
# - Specify specific regions instead of all regions
# - Use quick analysis tools for initial assessment
# - Analyze specific resources instead of comprehensive scans
# Increase timeouts for large accounts
export CFM_TIPS_TIMEOUT=600
# Reduce parallel threads if hitting API limits
export CFM_TIPS_MAX_THREADS=2
API Rate Limiting
# AWS API throttling solutions:
# 1. Implement exponential backoff (built into boto3)
# 2. Reduce concurrent requests
# 3. Use pagination for large result sets
# 4. Consider AWS Support case for rate limit increases
# Check CloudTrail for throttling events
aws logs filter-log-events --log-group-name CloudTrail/APIGateway --filter-pattern "throttle"
Common Error Messages
"NoCredentialsError"
# Solution: Configure AWS credentials
aws configure
# Or set environment variables as shown above
"AccessDenied" or "UnauthorizedOperation"
# Solution: Check IAM permissions
# 1. Verify policies are attached to correct user/role
# 2. Check policy syntax and permissions
# 3. Ensure services are enabled (Cost Optimization Hub, etc.)
"EndpointConnectionError"
# Solution: Check network connectivity and region
# 1. Verify internet connection
# 2. Check if region supports the service
# 3. Verify no proxy/firewall blocking AWS APIs
"ServiceNotAvailable" or "OptInRequired"
# Solution: Enable required AWS services
# 1. Cost Optimization Hub: Enable in AWS Console
# 2. Compute Optimizer: Opt-in via AWS Console
# 3. Trusted Advisor: Requires Business or Enterprise support plan
Getting Additional Help
Enable Debug Logging
export CFM_TIPS_LOG_LEVEL=DEBUG
python3 mcp_server_with_runbooks.py
# Check log files
tail -f logs/cfm_tips_mcp.log
tail -f logs/cfm_tips_mcp_errors.log
Run Diagnostic Tools
# Comprehensive diagnostics
python3 diagnose_cost_optimization_hub_v2.py
# Test individual components
python3 -c "import boto3; print('Boto3 version:', boto3.__version__)"
python3 -c "from mcp.server import Server; print('MCP imported successfully')"
Contact Support
- Check the for detailed usage instructions
- Review logs in the
logs/directory - Run integration tests:
python3 test_runbooks.py - Create GitHub issue with error logs and system information
🧩 Add-on MCPs
Add-on AWS Pricing MCP Server MCP server for accessing real-time AWS pricing information and providing cost analysis capabilities https://github.com/awslabs/mcp/tree/main/src/aws-pricing-mcp-server
# Example usage with Add-on AWS Pricing MCP Server:
"Review the CDK by comparing it to the actual spend from my AWS account's stackset. Suggest cost optimization opportunities for the app accordingly"
🎯 Key Benefits
- Immediate Cost Savings - Identify unused resources for deletion
- Right-Sizing Opportunities - Optimize overprovisioned resources across EC2, RDS, and Lambda
- Real Metrics Analysis - Uses actual CloudWatch data for accurate analysis
- Actionable Reports - Clear recommendations with cost estimates and priority rankings
- Comprehensive Coverage - Analyze EC2, EBS, RDS, Lambda, S3, CloudWatch, NAT Gateways, and more
- Advanced EC2 Optimization - 12 specialized tools covering Graviton, Spot, governance, and more
- Intelligent S3 Analysis - 11 tools for storage class optimization, lifecycle policies, and cost control
- CloudWatch Cost Control - 8 tools for optimizing monitoring, logging, and alerting costs
- Database Commitment Optimization - Comprehensive Savings Plans analysis for all database services
- Network Cost Optimization - NAT Gateway analysis and redundancy elimination
- Easy Integration - Works seamlessly with Kiro CLI and Amazon Q
📈 Expected Results
The CFM Tips cost optimization server can help you:
- Identify cost savings on average across all AWS services
- Find unused resources costing hundreds of dollars monthly
- Right-size overprovisioned instances for optimal performance/cost ratio
- Optimize storage costs through volume type and storage class recommendations
- Eliminate idle resources that provide no business value
- Reduce S3 costs by 30-60% through intelligent storage class transitions
- Clean up storage waste from incomplete multipart uploads and orphaned data
- Optimize API request patterns to minimize S3 request charges
- Reduce CloudWatch costs through log retention optimization and metrics analysis
- Optimize monitoring efficiency by identifying unused alarms and dashboards
- Maximize Database Savings Plans utilization across Aurora, RDS, DynamoDB, and more
- Eliminate network waste by optimizing NAT Gateway usage and removing redundant gateways
- Upgrade to modern instances including Graviton processors for better price-performance
- Leverage Spot pricing for suitable workloads to reduce costs by up to 90%
- Optimize Reserved Instances and Savings Plans commitments for maximum savings
🤝 Contributing
We welcome contributions! Please see our contributing guidelines:
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Submit a pull request
📄 License
This project is licensed under the MIT License - see the file for details.