Lambdaless OTLP proxy to Amazon CloudWatch. Routes OpenTelemetry (OTLP/HTTP) telemetry — metrics, traces, and logs — through API Gateway REST API to CloudWatch OTLP endpoints using AWS Service Integration with SigV4 signing.
No Lambda. No collector. No code.
AI Coding Tool (OTEL SDK)
↓ OTLP/HTTP + x-api-key
API Gateway REST API (API Key auth)
├→ POST /v1/metrics → SigV4 → CloudWatch Metrics
├→ POST /v1/traces → SigV4 → X-Ray
└→ POST /v1/logs → SigV4 → CloudWatch Logs
CloudWatch OTLP metrics ingestion is in public preview (Apr 2, 2026). Traces and logs OTLP endpoints are GA in most regions. Deploy to a supported region:
| Region | Deploy |
|---|---|
| US East (N. Virginia) |  |
| US West (Oregon) | |
| Asia Pacific (Singapore) | |
| Asia Pacific (Sydney) | |
| Europe (Ireland) | |
Traces and logs work in additional regions. See CloudWatch OTLP Endpoints for the full list.
- Get your API key:
# From CloudFormation outputs
aws cloudformation describe-stacks \
--stack-name otlp-cloudwatch-proxy \
--query "Stacks[0].Outputs[?OutputKey=='GetApiKeyCommand'].OutputValue" \
--output text | bash- Get your endpoint:
aws cloudformation describe-stacks \
--stack-name otlp-cloudwatch-proxy \
--query "Stacks[0].Outputs[?OutputKey=='OtlpEndpoint'].OutputValue" \
--output textexport CLAUDE_CODE_ENABLE_TELEMETRY=1
export OTEL_METRICS_EXPORTER=otlp
export OTEL_LOGS_EXPORTER=otlp
export OTEL_EXPORTER_OTLP_PROTOCOL=http/json
export OTEL_EXPORTER_OTLP_ENDPOINT=https://xxx.execute-api.us-west-2.amazonaws.com/prod
export OTEL_EXPORTER_OTLP_HEADERS=x-api-key=your-api-key
export OTEL_SERVICE_NAME=claude-codeConfigure via Admin Settings → Cowork → Monitoring in claude.ai:
- OTLP endpoint: your APIGW URL
- OTLP protocol:
http/json - OTLP headers:
x-api-key=your-api-key
# Copilot CLI 1.0.4+ supports OTel natively
export COPILOT_OTEL_ENDPOINT=https://xxx.execute-api.us-west-2.amazonaws.com/prod
export COPILOT_OTEL_HEADERS=x-api-key=your-api-keyexport GEMINI_CLI_OTEL_EXPORT_ENDPOINT=https://xxx.execute-api.us-west-2.amazonaws.com/prodexport OTEL_EXPORTER_OTLP_ENDPOINT=https://xxx.execute-api.us-west-2.amazonaws.com/prod
export OTEL_EXPORTER_OTLP_HEADERS=x-api-key=your-api-key
export OTEL_EXPORTER_OTLP_PROTOCOL=http/jsonThe execution role follows least-privilege:
- Metrics:
cloudwatch:PutMetricDatawithcloudwatch:namespacecondition key — only writes to namespaces you specify (default:OTLPMetrics,claude-code,copilot-cli,gemini-cli,cursor) - Traces:
xray:PutTraceSegments+xray:PutTelemetryRecords— X-Ray doesn't support resource-level restrictions - Logs:
logs:PutLogEvents+logs:DescribeLogStreams+logs:CreateLogStream— scoped to the specific log group you configure
| Parameter | Default | Description |
|---|---|---|
StageName |
prod |
API Gateway stage name |
OtlpLogGroupName |
otlp-logs |
CloudWatch Logs log group for OTLP logs |
MetricNamespaces |
OTLPMetrics,claude-code,... |
Allowed metric namespaces (comma-separated) |
| Component | Cost |
|---|---|
| API Gateway | ~$3.50 / million requests |
| CloudWatch Metrics | Free during OTel preview; standard pricing after GA |
| CloudWatch Logs | Standard pricing |
| Lambda | $0 (there is none) |
- XRay traces need CloudWatch Logs as destination. Run
aws xray update-trace-segment-destination --destination CloudWatchLogsbefore sending traces. - REST API only. HTTP API doesn't support the
AWSintegration type needed for SigV4 service proxying. - OTLP JSON recommended. Set
OTEL_EXPORTER_OTLP_PROTOCOL=http/json. Protobuf also works but JSON is easier to debug in APIGW execution logs. - Region matters. OTLP metrics are preview-only in 5 regions. Traces and logs are available in most regions.
- CloudWatch OTLP Endpoints
- CloudWatch OTel metrics announcement (Apr 2, 2026)
- Introducing OpenTelemetry & PromQL in CloudWatch
- API Gateway AWS Service Integration
MIT
