Get started with this MCP server for creating and troubleshooting AWS infrastructure as code. Tools include CloudFormation template validation, compliance checking, deployment troubleshooting, CloudFormation documentation search, AWS CDK documentation search with official CDK knowledge bases, CDK code samples and constructs, and CDK and CloudFormation best practices.
- Validate CloudFormation templates before deployment to catch errors early
- Debug failed CloudFormation deployments with intelligent failure analysis and resolution guidance
- Ensure security compliance of your CloudFormation templates against AWS best practices
- Search CloudFormation documentation for resource types, properties, and template syntax
- Search CDK documentation and find AWS approved code examples for AWS CDK development
- Find CDK code samples and community constructs for common implementation patterns
- Access CDK best practices for secure and efficient infrastructure development
- Get specific fix suggestions with line numbers for CloudFormation template validation errors
- Access CloudTrail deep links for CloudFormation deployment troubleshooting
- Syntax and Schema Validation - Validate CloudFormation templates using cfn-lint
- Catch syntax errors, invalid properties, and schema violations with specific fix suggestions
- Security and Compliance Rules - Validate templates against security standards using cfn-guard
- Check against AWS Guard Rules Registry and Control Tower proactive controls
- Intelligent Failure Analysis - Analyze and resolve CloudFormation deployment failures
- Pattern matching against 30+ known failure cases with CloudTrail deep links
- CloudFormation Knowledge Access - Search official CloudFormation documentation for resource types, properties, and syntax
- Find implementation guidance and examples for CloudFormation templates
- CDK Knowledge Access - Search AWS CDK documentation, API references, and best practices
- Access to CDK API Reference, Best Practices Guide, Code Samples & Patterns, and CDK-NAG security checks
- Working Code Examples - Find CDK code samples and community constructs for common patterns
- Search across multiple programming languages (TypeScript, Python, Java, C#, Go)
- Security and Development Guidelines - Access comprehensive CDK best practices for application configuration, coding, constructs, security, and testing
- Follow AWS-recommended patterns for secure and efficient infrastructure
Fetches and converts any Infrastructure as Code (CDK or CloudFormation) documentation page to markdown format.
Use this tool to:
- Read complete CDK documentation pages rather than just excerpts
- Read complete CloudFormation resource type documentation and property references
- Get detailed CloudFormation template syntax and examples
- Access CloudFormation API reference documentation
- Read CloudFormation hooks and lifecycle management guides
- Review CFN Guard policy validation rules and syntax
- Access CloudFormation CLI documentation and usage patterns
Validates CloudFormation template syntax, schema, and resource properties using cfn-lint.
Use this tool to:
- Validate AI-generated CloudFormation templates before deployment
- Get specific fix suggestions with line numbers for each error
Parameters:
template_content(required): CloudFormation template as stringregions(optional): List of AWS regions to validate againstignore_checks(optional): List of cfn-lint check IDs to ignore
Validates CloudFormation templates against security and compliance rules using cfn-guard.
Use this tool to:
- Ensure templates meet security and compliance requirements
- Get detailed remediation guidance for violations
Parameters:
template_content(required): CloudFormation template as stringcustom_rules(optional): Custom cfn-guard rules to apply
Analyzes failed CloudFormation stacks and provides resolution guidance.
Use this tool to:
- Diagnose deployment failures with pattern matching against 30+ known cases
- Get CloudTrail deep links and specific resolution steps
Parameters:
stack_name(required): Name of the failed CloudFormation stackregion(required): AWS region where the stack existsinclude_cloudtrail(optional): Whether to include CloudTrail analysis (defaults to true)
Searches AWS CloudFormation documentation knowledge bases and returns relevant best practices.
Returns instructions for CloudFormation's pre-deployment validation feature that validates templates during change set creation.
Parameters: None - returns JSON with CLI commands and remediation guidance.
Searches AWS CDK documentation knowledge bases and returns relevant excerpts.
Use this tool to:
- Find specific information about CDK constructs, APIs, and implementation patterns
- Get implementation guidance from official CDK documentation
- Look up syntax and examples for CDK patterns
- Research best practices and architectural guidelines
Documentation Sources:
- AWS CDK API Reference
- AWS CDK Best Practices Guide
- AWS CDK Code Samples & Patterns
- CDK-NAG validation rules
Parameters:
query(required): Search query for CDK documentation
Search Tips:
- Use specific construct names (e.g., "aws-lambda.Function", "aws-s3.Bucket")
- Include service names for better targeting (e.g., "S3 AND encryption")
- Use boolean operators: "DynamoDB AND table", "Lambda OR Function"
- Search for specific properties: "bucket encryption", "lambda environment variables"
Parameters:
url(required): URL from search results to read the full page contentstarting_index(optional): Starting character index for pagination (default: 0)
Searches CDK code samples, examples, constructs, and patterns documentation.
Parameters:
query(required): Search query for CDK samples and constructslanguage(optional): Programming language filter (default: "typescript")
Provides CDK best practices for application configuration, coding, constructs, security, and testing.
Parameters:
- None
Validate this CloudFormation template:
[paste your template content]
Check this template for security and compliance issues:
[paste your template content]
Troubleshoot my CloudFormation stack named "my-app-stack" in us-east-1
Search CloudFormation documentation for AWS::Lambda::Function properties
Search CDK documentation for S3 bucket encryption best practices
Find CDK examples for Lambda function with VPC configuration
Show me CDK constructs for DynamoDB table with encryption
Read the full CDK documentation for aws-s3.Bucket from this URL: [URL from search results]
Read the complete CloudFormation documentation for AWS::S3::Bucket from this URL: [URL from search results]
Find CDK code samples for serverless API with TypeScript
Show me Python CDK examples for API Gateway with Lambda integration
Suggest improvements to my CDK setup based on the best practices
What are the CDK security best practices for S3 buckets?
- Install
uvfrom Astral or the GitHub README - Install Python using
uv python install 3.10 - Configure AWS credentials:
- Via AWS CLI:
aws configure - Or set environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION)
- Via AWS CLI:
- Ensure your IAM role or user has the necessary permissions for CloudFormation and CloudTrail access
| Kiro | Cursor | VS Code |
|---|---|---|
 |
 |
 |
Configure the MCP server in your MCP client configuration (e.g., for Kiro, edit ~/.kiro/settings/mcp.json):
{
"mcpServers": {
"awslabs.aws-iac-mcp-server": {
"command": "uvx",
"args": ["awslabs.aws-iac-mcp-server@latest"],
"env": {
"AWS_PROFILE": "your-named-profile",
"FASTMCP_LOG_LEVEL": "ERROR"
},
"disabled": false,
"autoApprove": []
}
}
}For Windows users, the MCP server configuration format is slightly different:
{
"mcpServers": {
"awslabs.aws-iac-mcp-server": {
"disabled": false,
"timeout": 60,
"type": "stdio",
"command": "uv",
"args": [
"tool",
"run",
"--from",
"awslabs.aws-iac-mcp-server@latest",
"awslabs.aws-iac-mcp-server.exe"
],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR",
"AWS_PROFILE": "your-aws-profile",
"AWS_REGION": "us-east-1"
}
}
}
}or docker after a successful docker build -t awslabs/aws-iac-mcp-server .:
# fictitious `.env` file with AWS temporary credentials
AWS_ACCESS_KEY_ID=ASIAIOSFODNN7EXAMPLE
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
AWS_SESSION_TOKEN=AQoEXAMPLEH4aoAH0gNCAPy...truncated...zrkuWJOgQs8IZZaIv2BXIa2R4Olgk
NOTE: Docker installation is optional
{
"mcpServers": {
"awslabs.aws-iac-mcp-server": {
"command": "docker",
"args": [
"run",
"--rm",
"--interactive",
"--env",
"AWS_PROFILE=your-aws-profile",
"--env",
"FASTMCP_LOG_LEVEL=ERROR",
"--volume",
"${HOME}/.aws:/root/.aws:ro",
"awslabs/aws-iac-mcp-server:latest"
],
"env": {},
"disabled": false,
"autoApprove": []
}
}
}NOTE: Your credentials will need to be kept refreshed from your host
The MCP server requires the following AWS permissions:
For Template Validation and Compliance:
- No AWS permissions required (local validation only)
For Deployment Troubleshooting:
cloudformation:DescribeStackscloudformation:DescribeStackEventscloudformation:DescribeStackResourcescloudtrail:LookupEvents(for CloudTrail deep links)
Example IAM policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResources",
"cloudtrail:LookupEvents"
],
"Resource": "*"
}
]
}# Clone the repository
git clone https://github.com/awslabs/mcp.git
cd mcp/src/aws-iac-mcp-server
# Install dependencies
uv sync
# Run the server
uv run awslabs.aws-iac-mcp-server# Run all tests
uv run pytest
# Run with coverage
uv run pytest --cov=awslabs.aws_iac_mcp_server --cov-report=term-missingSee CONTRIBUTING.md for guidelines on how to contribute to this project.
This project is licensed under the Apache-2.0 License - see the LICENSE file for details.