Prometheus MCP Server

Overview Schema Related Servers Score Discussions

iam.tf•2.92 kB

# IAM roles for Prometheus MCP Pod Identity (IRSA) # IAM role for Prometheus MCP pods resource "aws_iam_role" "prometheus_mcp" { name = "${var.project_name}-pod-role" assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [ { Effect = "Allow" Principal = { Federated = module.eks.oidc_provider_arn } Action = "sts:AssumeRoleWithWebIdentity" Condition = { StringEquals = { "${replace(module.eks.cluster_oidc_issuer_url, "https://", "")}:sub" = "system:serviceaccount:prometheus-mcp:prometheus-mcp" "${replace(module.eks.cluster_oidc_issuer_url, "https://", "")}:aud" = "sts.amazonaws.com" } } } ] }) tags = { Name = "${var.project_name}-pod-role" } } # IAM policy for querying AWS Managed Prometheus resource "aws_iam_policy" "prometheus_query" { name = "${var.project_name}-prometheus-query" description = "Allows querying AWS Managed Prometheus" policy = jsonencode({ Version = "2012-10-17" Statement = [ { Effect = "Allow" Action = [ "aps:QueryMetrics", "aps:GetLabels", "aps:GetSeries", "aps:GetMetricMetadata" ] Resource = aws_prometheus_workspace.main.arn } ] }) } # Attach the policy to the role resource "aws_iam_role_policy_attachment" "prometheus_mcp" { role = aws_iam_role.prometheus_mcp.name policy_arn = aws_iam_policy.prometheus_query.arn } # IAM role for bastion host (to access EKS) resource "aws_iam_role" "bastion" { name = "${var.project_name}-bastion-role" assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [ { Effect = "Allow" Principal = { Service = "ec2.amazonaws.com" } Action = "sts:AssumeRole" } ] }) tags = { Name = "${var.project_name}-bastion-role" } } # IAM policy for bastion to access EKS resource "aws_iam_policy" "bastion_eks" { name = "${var.project_name}-bastion-eks" description = "Allows bastion to describe and access EKS cluster" policy = jsonencode({ Version = "2012-10-17" Statement = [ { Effect = "Allow" Action = [ "eks:DescribeCluster", "eks:ListClusters" ] Resource = "*" } ] }) } # Attach policies to bastion role resource "aws_iam_role_policy_attachment" "bastion_eks" { role = aws_iam_role.bastion.name policy_arn = aws_iam_policy.bastion_eks.arn } resource "aws_iam_role_policy_attachment" "bastion_ssm" { role = aws_iam_role.bastion.name policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } # IAM instance profile for bastion resource "aws_iam_instance_profile" "bastion" { name = "${var.project_name}-bastion" role = aws_iam_role.bastion.name }

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Pyda-AI/prometheus-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

iam.tf•2.92 kB