Sign In Get Started
OpsHelm

Natural language cloud queries

Lee Brotherston
Lee Brotherston
|
Nov 24, 2025
|
8 min read
Announcing the OpsHelm MCP
OpsHelm now integrates directly with LLMs/AI via the Model Context Protocol, enabling natural language queries of your cloud infrastructure

Introducing the OpsHelm MCP: Natural language queries for cloud infrastructure

We’re excited to announce that OpsHelm now supports the Model Context Protocol (MCP), bringing natural language queries of your cloud infrastructure, its configuration, and its history directly into your LLM/AI conversations. This integration represents a fundamental shift in how teams can interact with their cloud environments, moving from complex data lake queries and dashboard navigation to simple, conversational questions.

What is MCP?

The Model Context Protocol is an open standard that allows AI assistants and agents like Claude or ChatGPT to interact with external data sources, tools, and APIs. Think of it as an API for your AI assistant to interact with the real world so that you don’t have to copy-paste data back and forth or keep switching between multiple tools.

For OpsHelm users, this means that an AI assistant can use OpsHelm to help it understand the resources in your cloud environment and how they have been configured. This includes AWS and GCP environments covering EC2 instances, S3 buckets, PubSub queues, IAM principals, and everything else OpsHelm tracks for your connected cloud environments.

Why This Matters

If you’ve worked with cloud infrastructure at scale, you already know the pain points: finding that one misconfigured security group, tracking down which resources are driving the most cost, or understanding what changed in your environment last week; these tasks typically require navigating multiple consoles, writing complex queries, or building custom scripts, all of which take time.

With the OpsHelm MCP Server, you can now ask Claude questions like:

  • “Show me all S3 buckets that have public access enabled.”
  • “Give me a breakdown of my EC2 instances by region and instance type.”
  • “What IAM roles were created in the last 24 hours?”
  • “How many resources do we have by type across all of our accounts?”
  • “Find all Lambda functions in the Dev AWS account that haven’t been updated in over 6 months”

Your AI assistant decomposes the request into a series of manageable steps, makes the appropriate queries to the OpsHelm API, and presents the results in a clear, conversational format without the need to remember query syntax, navigate dashboards, or write scripts.

Key Features

Comprehensive Asset Discovery

The MCP Server provides access to OpsHelm’s complete cloud inventory across all of your connected AWS and GCP accounts. Your AI assistant can query any resource that OpsHelm tracks, with full coverage for GCP, and more comprehensive coverage than AWS Config in AWS environments.

Natural language doesn’t mean sacrificing precision. The integration supports sophisticated filtering across multiple dimensions including resource types, regions, tags, costs, timestamps, and asset configuration. You can ask broad questions for overview insights or narrow queries for specific troubleshooting. Your AI agent converts the natural language query into specific parameters for the MCP server’s tools and handles the complexity of constructing the right API calls based on your request.

Historical Change Tracking

One of OpsHelm’s most powerful features is its ability to track resource changes over time, and the MCP server exposes this functionality. You can ask your AI assistant to show you what a resource looked like last week, compare two snapshots to see exactly what changed, or identify who made specific modifications and when—even if that resource was deleted before your query. This historical context is invaluable for incident response and compliance auditing.

Cost Analysis

For accounts with cost tracking enabled, you can ask your AI assistant about resource spending patterns. Questions like “Which resources are costing us the most?” or “Show me all resources spending over $100 this month.” become trivial. The integration also allows you to group and analyze costs across different dimensions to understand your cloud spend better.

Multi-Account Support

If you’re managing multiple cloud accounts (and who isn’t?), the MCP server allows your AI to seamlessly query across all of your connected accounts for an organization-wide view, or scope queries to specific accounts when it is more appropriate.

Sample Interactions

Let’s look at some real examples of what you can do with the OpsHelm MCP Server.

Note: MCP is an open protocol adopted by many AI assistants, for the purposes of these examples we are using Claude with the Sonnet 4.5 model.

Example 1: Security Audit

You: “Are there any S3 buckets with public access in our “EXAMPLE” account?”

I’ll check your S3 buckets for public access configurations.

[ List cloud accounts ]

Great! The “EXAMPLE” account ID is XXXXXXXX.

[ List assets ]

I can see there are 161 S3 buckets total. Let me get a smaller sample with details to check for public access configurations. I’ll fetch just a few buckets with their full details:

[ List assets ]

I found 2 S3 buckets with public access enabled:

  1. my-public-website-assets

    • Account: Production Web
    • Created: 2024-03-15
    • Tags: Environment: production, Purpose: static-site

  2. legacy-data-export

    • Account: Production Data
    • Created: 2023-11-02
    • Tags: Team: analytics
    • ⚠️ This bucket has AllUsers access which may be unintentional

The first bucket appears to be intentionally public for website hosting, but the second one might need review.

Example 2: Resource Inventory

You: “How many EC2 instances do we have in each region?”

[ Summarize Assets ]

Here’s your EC2 instance count by region:

  • us-east-1: 47 instances
  • us-west-2: 23 instances
  • eu-west-1: 15 instances
  • ap-southeast-1: 8 instances
  • us-east-2: 5 instances

Total: 98 instances across 5 regions

The majority of your infrastructure is concentrated in us-east-1, which makes sense if that’s your primary region.

Example 3: Change Investigation

You: “What changed with our production database last night?”

[ List Assets ]

Good! I can see recent changes to IAM roles. Let me pick one and look at its history:

[ Get asset history and snapshots ]

I found a change to your RDS instance “prod-postgres-primary” at 2:17 AM UTC:

What changed:

  • Instance class: db.r5.xlarge → db.r5.2xlarge
  • Storage: 100GB → 200GB

Who made it:

  • User: example@my_actual_company.com
  • Role: DatabaseAdmin
  • Method: AWS Console
  • IP: 203.0.113.45

Context: The instance was scaled up, likely in response to performance issues. The change was made through the console by someone on the database team.

Would you like me to check if there were any alarms or performance metrics that might have triggered this change?

Example 4: Cost Analysis

You: “Show me our top 10 most expensive resources this month”

[ Summarize Assets ]

Here are your top 10 resources by month-to-date cost:

  1. RDS Instance (prod-postgres-primary): $847.32
  2. RDS Instance (analytics-replica): $621.18
  3. EC2 Instance (ml-training-gpu-1): $503.45
  4. S3 Bucket (data-warehouse): $412.67
  5. ElastiCache Cluster (redis-prod): $389.24
  6. NAT Gateway (prod-vpc-nat-1): $287.56
  7. EC2 Instance (kafka-broker-1): $256.83
  8. RDS Instance (staging-postgres): $234.91
  9. CloudFront Distribution (cdn-main): $198.45
  10. DynamoDB Table (user-sessions): $176.23

Total for top 10: $3,927.84

Your RDS instances are your biggest cost drivers, accounting for over 40% of your top 10 spending.

The Technical Bits

Available Tools

The OpsHelm MCP Server relies on your AI assistant’s native tool-calling capabilities and provides the AI with new set of tools. You don’t need to know API endpoints or query syntax, as the AI agent handles all of that for you—just ask your question naturally. At launch, the integration exposes the following tools:

  • list_cloud_accounts: Discover which AWS and GCP accounts are connected to your OpsHelm account
  • list_asset_types: See which resource types are available to query within your accounts
  • list_assets: Query resources with comprehensive filtering options
  • summarize_assets: Get statistical rollups and aggregations such as counts, min/max values, etc
  • get_asset_history_and_snapshots: Access historical state and change tracking

You AI assistant intelligently selects and combines these tools based on your question, often chaining multiple queries together for more complex requests.

Security and Access

The OpsHelm MCP Server is backed by the OpsHelm public API and therefore respects OpsHelm’s existing security model. Your AI assistant can only access data from accounts and resources that your OpsHelm user has permission to view. All queries are authenticated through your provided OpsHelm credentials.

Queries from your AI agent are executed in real-time against the OpsHelm API, and the results that are returned and analysis that is generated exist only in your AI assistant’s conversation context. OpsHelm does not have any visibility into your conversation context and can not see the questions that you asked, only the queries executed as a result.

Getting Started (Claude Desktop)

To start using the OpsHelm MCP Server with Claude Desktop:

  1. Ensure you have an active OpsHelm account with connected cloud accounts and a valid API key generated with the ‘read’ permission.
  2. Install NodeJS (required because we’re actually going to call a node module to manage the MCP connection) and Claude Desktop.
  3. Find your Claude Desktop configuration file. This file will be located at C:\Users\<USERNAME>\AppData\Roaming\Claude\claude_desktop_config.json on Windows and at /Users/<USERNAME>/Library/Application Support/Claude/claude_desktop_config.json on MacOS.
  4. Edit the configuration file to include the following configuration block:
{
  "mcpServers": {
    "OpsHelm": {
      "command": "npx",
      "args": [
        "-y",
        "supergateway",
        "--streamableHttp",
        "https://api.opshelm.com/v1beta/mcp",
        "--oauth2Bearer",
        "<YOUR_API_TOKEN_HERE>"
      ]
    }
  }
}
  1. Restart Claude Desktop to let the new configuration take effect.
  2. Start asking questions about your infrastructure

The natural language interface means there’s virtually no learning curve. If you can describe what you want to know, Claude can query it.

The Bigger Picture

We have always believed that cloud infrastructure data should be more accessible. OpsHelm was built to normalize, enrich, and structure cloud data in ways that make it more useful and consumable. Our MCP server is a natural extension of that philosophy.

By combining OpsHelm’s comprehensive cloud inventory and change tracking with your AI assistant’s natural language processing, we’re eliminating the friction between questions and answers. Your custom scripts can still access the same data via our API, but it’s now also accessible right there in your conversation—ready to help you understand, investigate, and act.

Whether you’re debugging an incident at 3 AM, conducting a security audit, or just trying to understand what’s running in your cloud accounts, you can now do it by simply asking. That’s the power of bringing AI to your infrastructure workflow.

// Blog

You may also like