{"id":165730,"date":"2025-11-29T08:59:14","date_gmt":"2025-11-29T08:59:14","guid":{"rendered":"https:\/\/www.newsbeep.com\/ie\/165730\/"},"modified":"2025-11-29T08:59:14","modified_gmt":"2025-11-29T08:59:14","slug":"introducing-the-aws-infrastructure-as-code-mcp-server-ai-powered-cdk-and-cloudformation-assistance","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/ie\/165730\/","title":{"rendered":"Introducing the AWS Infrastructure as Code MCP Server: AI-Powered CDK and CloudFormation Assistance"},"content":{"rendered":"

Streamline your AWS infrastructure development with AI-powered documentation search, validation, and troubleshooting<\/p>\n

Today, we\u2019re excited to introduce the AWS Infrastructure-as-Code (IaC) MCP Server<\/a>, a new tool that bridges the gap between AI assistants and your AWS infrastructure development workflow. Built on the Model Context Protocol (MCP), this server enables AI assistants like Kiro CLI<\/a>, Claude or Cursor to help you search AWS CloudFormation<\/a> and\u00a0Cloud Development Kit (CDK)<\/a> documentation, validate templates, troubleshoot deployments, and follow best practices \u2013 all while maintaining the security of local execution.<\/p>\n

Whether you\u2019re writing AWS CloudFormation templates or AWS Cloud Development Kit (CDK) code, the IaC MCP Server acts as an intelligent companion that understands your infrastructure needs and provides contextual assistance throughout your development lifecycle.<\/p>\n

The\u00a0Model Context Protocol (MCP)<\/a>\u00a0is an open standard that enables AI assistants to securely connect to external data sources and tools. Think of it as a universal adapter that lets AI models interact with your development tools while keeping sensitive operations local and under your control.<\/p>\n

The IaC MCP Server provides nine specialized tools organized into two categories:<\/p>\n

Remote Documentation Search Tools<\/p>\n

These tools connect to the AWS Knowledge MCP backend to retrieve relevant, up-to-date information:<\/p>\n

\u00a0search_cdk_documentation
\n
Search the AWS CDK knowledge base for APIs, concepts, and implementation guidance.
\n search_cdk_samples_and_constructs
\n
Discover pre-built AWS CDK constructs and patterns from the AWS Construct Library.
\n search_cloudformation_documentation
\n
Query CloudFormation documentation for resource types, properties, and intrinsic functions.
\n read_cdk_documentation_page
\n
Retrieve and read full documentation pages returned from searches or provided URLs.<\/p>\n

Local Validation and Troubleshooting Tools<\/p>\n

These tools run entirely on your machine<\/p>\n

cdk_best_practices
\n
Access a curated collection of AWS CDK best practices and design principles.
\n validate_cloudformation_template
\n
Perform syntax and schema validation using\u00a0cfn-lint\u00a0to catch errors before deployment.
\n check_cloudformation_template_compliance
\n
Run security and compliance checks against your templates using AWS Guard rules and\u00a0cfn-guard.
\n troubleshoot_cloudformation_deployment
\n
Analyze CloudFormation stack deployment failures with integrated CloudTrail event analysis. This tool will use your AWS credentials to analyze your stack status.
\n get_cloudformation_pre_deploy_validation_instructions
\n
Returns instructions for CloudFormation\u2019s pre-deployment validation feature, which validates templates during change set creation.<\/p>\n

Key Use Cases<\/p>\n

Intelligent Documentation Assistant<\/p>\n

Instead of manually searching through documentation, ask your AI assistant natural language questions:<\/p>\n

\u201cHow do I create an S3 bucket with encryption enabled in CDK?\u201d<\/p>\n

The server searches CDK best practic and samples, returning relevant code examples and explanations.<\/p>\n

\u00a0 \u00a0 \u00a02. Proactive Template Validation<\/p>\n

Before deploying infrastructure changes:<\/p>\n

User: \u201cValidate my CloudFormation template and check for security issues\u201d<\/p>\n

AI Agent: [Uses validate_cloudformation_template and check_cloudformation_template_compliance]<\/p>\n

\u201cFound 2 issues: Missing encryption on EBS volumes,<\/p>\n

and S3 bucket lacks public access block configuration\u201d<\/p>\n

\u00a03. Rapid Deployment Troubleshooting<\/p>\n

When a stack deployment fails:<\/p>\n

User: \u201cMy stack \u2018stack_03\u2019 in us-east-1 failed to deploy. What happened?\u201d<\/p>\n

AI Agent: [Uses troubleshoot_stack_deployment with CloudTrail integration]<\/p>\n

\u201cThe deployment failed due to insufficient IAM permissions.<\/p>\n

CloudTrail shows AccessDenied for ec2:CreateVpc.<\/p>\n

You need to add VPC permissions to your deployment role.\u201d<\/p>\n

\u00a0 \u00a0 \u00a04. Learning and Exploration<\/p>\n

New to AWS CDK? The server helps you discover constructs and patterns:<\/p>\n

User: \u201cShow me how to build a serverless API\u201d<\/p>\n

AI Agent: [Searches CDK constructs and samples]<\/p>\n

\u201cHere are three approaches using API Gateway + Lambda\u2026\u201d<\/p>\n

Security Design<\/p>\n

Local Execution: The MCP server runs entirely on your local machine using uv (the fast Python package manager). No code or templates are sent to external services except for documentation searches.<\/p>\n

AWS Credentials: The server uses your existing AWS credentials (from\u00a0~\/.aws\/credentials, environment variables, or IAM roles) to access CloudFormation and CloudTrail APIs. This follows the same security model as the AWS CLI.<\/p>\n

stdio Communication: The server communicates with AI assistants over standard input\/output (stdio), with no network ports opened.<\/p>\n

Minimal Permissions: For full functionality, the server requires read-only access to CloudFormation stacks and CloudTrail events\u2014no write permissions needed for validation and troubleshooting workflows.<\/p>\n

Prerequisites<\/p>\n

Python 3.10 or later
\n
uv\u00a0package manager
\n
AWS credentials configured locally
\n
MCP-compatible AI client (e.g., Kiro CLI, Claude Desktop)<\/p>\n

Configuration<\/p>\n

Configure the MCP server in your MCP client configuration. For this blog we will focus on Kiro CLI. Edit\u00a0.kiro\/settings\/mcp.json):<\/p>\n

{
\n “mcpServers”: {
\n “awslabs.aws-iac-mcp-server”: {
\n “command”: “uvx”,
\n “args”: [“awslabs.aws-iac-mcp-server@latest”],
\n “env”: {
\n “AWS_PROFILE”: “your-named-profile”,
\n “FASTMCP_LOG_LEVEL”: “ERROR”
\n },
\n “disabled”: false,
\n “autoApprove”: []
\n }
\n }
\n}<\/p>\n

Security Considerations<\/p>\n

Privacy Notice: This MCP server executes AWS API calls using your credentials and shares the response data with your third-party AI model provider (e.g., Amazon Q, Claude Desktop, Cursor, VS Code). Users are responsible for understanding your AI provider\u2019s data handling practices and ensuring compliance with your organization\u2019s security and privacy requirements when using this tool with AWS resources.<\/p>\n

IAM Permissions<\/p>\n

The MCP server requires the following AWS permissions:<\/p>\n

For Template Validation and Compliance:<\/p>\n

No AWS permissions required (local validation only)<\/p>\n

For Deployment Troubleshooting:<\/p>\n

cloudformation:DescribeStacks
\n cloudformation:DescribeStackEvents
\n cloudformation:DescribeStackResources
\n cloudtrail:LookupEvents (for CloudTrail deep links)<\/p>\n

Example IAM policy:<\/p>\n

{
\n “Version”: “2012-10-17”,
\n “Statement”: [
\n {
\n “Effect”: “Allow”,
\n “Action”: [
\n “cloudformation:DescribeStacks”,
\n “cloudformation:DescribeStackEvents”,
\n “cloudformation:DescribeStackResources”,
\n “cloudtrail:LookupEvents”
\n ],
\n “Resource”: “*”
\n }
\n ]
\n}<\/p>\n

Example Use Case With Kiro CLI<\/p>\n

IMPORTANT: Ensure you have satisfied all prerequisites before attempting these commands.<\/p>\n

1. With the\u00a0mcp.json\u00a0file correctly set, try to run a sample prompt. In your terminal, run kiro-cli chat to start using Kiro-cli in the CLI.<\/p>\n

\"Figure<\/p>\n

Figure 1: Kiro-CLI with AWS IaC MCP server<\/p>\n

Scenarios:<\/p>\n

\u201cWhat are the CDK best practices for Lambda functions?\u201d<\/p>\n

\"Figure<\/p>\n

Figure 2: Search the CDK best practices for Lambda functions<\/p>\n

\u201cSearch for CDK samples that use DynamoDB with Lambda\u201d<\/p>\n

\"Figure<\/p>\n

Figure 3: Search for CDK samples that use DynamoDB with Lambda<\/p>\n

\u201cValidate my CloudFormation template at .\/template.yaml\u201d<\/p>\n

\"Figure<\/p>\n

Figure 4: Validate my CloudFormation template with AWS IaC MCP Server<\/p>\n

\u201cCheck if my template complies with security best practices\u201d<\/p>\n

\"Figure<\/p>\n

Figure 5: Check if my template complies with security best practices with AWS IaC MCP Server<\/p>\n

Best Practices<\/p>\n

Start with Documentation Search: Before writing code, search for existing constructs and patterns
\n Validate Early and Often: Run validation tools before attempting deployment
\n Check Compliance: Use check_template_compliance to catch security issues during development
\n Leverage CloudTrail: When troubleshooting, the CloudTrail integration provides detailed failure context
\n Follow CDK Best Practices: Use the cdk_best_practices tool to align with AWS recommendations<\/p>\n

What\u2019s Next?<\/p>\n

The IAC MCP Server represents a new paradigm in the AI agentic workflow infrastructure development \u2013 one where AI assistants understand your tools, help you navigate complex documentation, and provide intelligent assistance throughout the development lifecycle.<\/p>\n

Get Involved<\/p>\n

The AWS IaC MCP Server is available now:<\/p>\n

Documentation and GitHub Repository: aws-iac-mcp-server<\/a>
\n Feedback: We welcome issues and pull requests! Or respond to our IaC survey here.<\/p>\n

Ready to supercharge your infrastructure as code development? Install the IaC MCP Server today and experience AI-powered assistance for your AWS CDK and CloudFormation workflows.<\/p>\n

Have questions or feedback? Reach out to the blog authors on the AWS Developer Forums.<\/p>\n

About Authors<\/p>\n

\"\"<\/p>\n

Idriss Laouali Abdou<\/p>\n

Idriss is a Sr. Product Manager Technical on the AWS Infrastructure-as-Code team based in Seattle. He focuses on improving developer productivity through AWS CloudFormation and StackSets Infrastructure provisioning experiences. Outside of work, you can find him creating educational content for thousands of students, cooking, or dancing.<\/p>\n

\"\"<\/p>\n

Brian Terry<\/p>\n

Brian Terry, Senior WW Data & AI PSA, is an innovation leader with more than 20 years of experience in technology and engineering. Brian is pursuing a PhD in computer science at the University of North Dakota and has spearheaded generative AI projects, optimized infrastructure scalability, and driven partner integration strategies. He is passionate about leveraging technology to deliver scalable, resilient solutions that foster business growth and innovation.<\/p>\n","protected":false},"excerpt":{"rendered":"Streamline your AWS infrastructure development with AI-powered documentation search, validation, and troubleshooting Today, we\u2019re excited to introduce the…\n","protected":false},"author":2,"featured_media":165731,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[220,218,219,61,60,80],"class_list":{"0":"post-165730","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-artificial-intelligence","8":"tag-ai","9":"tag-artificial-intelligence","10":"tag-artificialintelligence","11":"tag-ie","12":"tag-ireland","13":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/posts\/165730","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/comments?post=165730"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/posts\/165730\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/media\/165731"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/media?parent=165730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/categories?post=165730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ie\/wp-json\/wp\/v2\/tags?post=165730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}