feat(aws-observability): add aws-observability power

[gcacace]

Description of changes:

This PR introduces the AWS Observability Power, a comprehensive observability platform that integrates CloudWatch Logs, Metrics, Alarms, Application Signals (APM), CloudTrail security auditing, and AWS Documentation access into a unified Kiro power.

Key Components:

1. Power Configuration (POWER.md)

   • Comprehensive documentation covering all observability capabilities
   • Integration of 4 MCP servers: CloudWatch, Application Signals, CloudTrail, and AWS Documentation
   • Detailed setup instructions with prerequisites and configuration examples
   • Quick start examples and common workflow patterns
   • Codebase observability analysis capability for identifying instrumentation gaps
   • "When to load" guidance for each steering file moved into POWER.md for discoverability

2. MCP Server Configuration (mcp.json)

   • CloudWatch MCP server for logs, metrics, and alarms
   • Application Signals MCP server for APM and distributed tracing
   • CloudTrail MCP server for security auditing
   • AWS Documentation MCP server for reference access
   • Configurable AWS profile and region settings

3. Steering Files (8 comprehensive guides):

   • incident-response.md - Complete incident response framework with 6 phases (detection, investigation, mitigation, recovery, RCA, postmortem)
   • alerting-setup.md - Intelligent alarm configuration with recommended thresholds and best practices
   • application-signals-setup.md - Application Signals enablement guide and setup workflows
   • log-analysis.md - CloudWatch Logs Insights query patterns and syntax reference
   • performance-monitoring.md - Application Signals APM monitoring, SLO management, and trace analysis
   • security-auditing.md - CloudTrail security monitoring, compliance auditing, and incident investigation
   • observability-gap-analysis.md - Automated codebase analysis to identify observability gaps across logging, metrics, tracing, and error handling with multi-language support
   • cloudtrail-data-source-selection.md - Decision tree and priority strategy for CloudTrail data source selection (CloudTrail Lake → CloudWatch Logs → Lookup Events API), including query translation examples across all three sources

Features:

• Unified observability across logs, metrics, traces, and security events
• Automated pattern detection and anomaly analysis
• SLO-based monitoring and alerting
• Comprehensive incident response workflows
• Security auditing and compliance tracking
• Integration patterns for correlating multiple data sources
• Codebase observability gap analysis with multi-language support (Python, Java, JS/TS, Go, Ruby, C#/.NET)
• CloudTrail data source priority strategy for optimal query performance and cost

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[syed-ahsan-ishtiaque]

I dont know much about CloudTrail's MCP Server. So, I'll leave that to you to figure it out. But, this is what I found as well

query_event_data_store does not exist in the awslabs.cloudtrail-mcp-server.

The 5 real tools in the CloudTrail MCP server are:

• lookup_events — event lookup (last 90 days)
• lake_query — SQL queries against CloudTrail Lake
• list_event_data_stores — list available Lake data stores
• get_query_status — check Lake query status
• get_query_results — get Lake query results

Source: cloudtrail-mcp-server README

This same issue also appears on line 111 of this file.

[syed-ahsan-ishtiaque]

query_event_data_store is not a real tool. This also appears on line 137 of this file.

[syed-ahsan-ishtiaque]

nit: The cloudwatch-applicationsignals-mcp-server also supports an AUDITOR_LOG_PATH environment variable (defaults to /tmp) that controls where audit tools write their log files. Might be worth documenting alongside the other env vars in the configuration section.