AWS Infrastructure as Code MCP Server

by AWS Labs

AWS Labs server for Infrastructure as Code lifecycle. Validates CloudFormation templates with cfn-lint, checks compliance via cfn-guard against AWS Guard Rules and Control Tower controls, troubleshoots failed deployments with pattern-matched analysis, searches CloudFormation and CDK documentation.

★ 8,894·7 tools·Released DEC 2024·Apache-2.0

uvx awslabs.aws-iac-mcp-server@latest

“This server is the safety net for agent-generated infrastructure code. It runs cfn-lint against CloudFormation templates, cfn-guard against AWS Guard Rules and Control Tower proactive controls, and pattern matches deployment failures against 30+ known cases with CloudTrail deep links for the postmortem. The CDK side searches AWS-approved code samples and the official CDK best practices; this is the difference between an agent that drafts CDK that compiles and one that drafts CDK that compiles and is also correct. The honest weakness is that pure validation pairs with the deployment, with runtime verification staying mandatory: cfn-lint catches schema errors, cfn-guard catches policy violations, and a logic error in a custom resource still surfaces at deploy time. Use this server before deployment, then use CloudFormation deploy events and CloudTrail to verify the actual outcome.”
Reviewed by M. Nouriel · APR 2026

// Connect

INSTALL THIS SERVER

{
  "mcpServers": {
    "awslabs.aws-iac-mcp-server": {
      "command": "uvx",
      "args": [
        "awslabs.aws-iac-mcp-server@latest"
      ],
      "env": {
        "AWS_PROFILE": "your-aws-profile",
        "AWS_REGION": "us-east-1",
        "FASTMCP_LOG_LEVEL": "ERROR"
      }
    }
  }
}

PrereqmacOS path: ~/Library/Application Support/Claude/claude_desktop_config.json. Requires uvx (install via `uv tool install awslabs.mcp`) and AWS CLI credentials.

{
  "mcpServers": {
    "awslabs.aws-iac-mcp-server": {
      "command": "uvx",
      "args": [
        "awslabs.aws-iac-mcp-server@latest"
      ],
      "env": {
        "AWS_PROFILE": "your-aws-profile",
        "AWS_REGION": "us-east-1",
        "FASTMCP_LOG_LEVEL": "ERROR"
      }
    }
  }
}

{
  "mcpServers": {
    "awslabs.aws-iac-mcp-server": {
      "command": "uvx",
      "args": [
        "awslabs.aws-iac-mcp-server@latest"
      ],
      "env": {
        "AWS_PROFILE": "your-aws-profile",
        "AWS_REGION": "us-east-1",
        "FASTMCP_LOG_LEVEL": "ERROR"
      }
    }
  }
}

{
  "mcpServers": {
    "awslabs.aws-iac-mcp-server": {
      "command": "uvx",
      "args": [
        "awslabs.aws-iac-mcp-server@latest"
      ],
      "env": {
        "AWS_PROFILE": "your-aws-profile",
        "AWS_REGION": "us-east-1",
        "FASTMCP_LOG_LEVEL": "ERROR"
      }
    }
  }
}

{
  "mcpServers": {
    "awslabs.aws-iac-mcp-server": {
      "command": "uvx",
      "args": [
        "awslabs.aws-iac-mcp-server@latest"
      ],
      "env": {
        "AWS_PROFILE": "your-aws-profile",
        "AWS_REGION": "us-east-1",
        "FASTMCP_LOG_LEVEL": "ERROR"
      }
    }
  }
}

// Tools

7 TOOLS AVAILABLE

validate_cloudformation_template

Validate CloudFormation template syntax, schema, and resource properties using cfn-lint

Read

check_cloudformation_template_compliance

Validate CloudFormation templates against security and compliance rules using cfn-guard

Read

analyze_cloudformation_failure

Pattern-match deployment failures with CloudTrail deep links

Read

search_cloudformation_documentation

Search CloudFormation documentation for resource types and syntax

Read

search_cdk_documentation

Search AWS CDK documentation, API references, and best practices

Read

find_cdk_code_sample

Find CDK code samples and community constructs for common patterns

Read

// Editorial Review

OUR ASSESSMENT

Strengths

cfn-lint integration provides syntax and schema validation with line-numbered fix suggestions.
cfn-guard checks against AWS Guard Rules Registry and Control Tower proactive controls, catching security posture issues before deployment.
Failure analysis pattern-matches against 30+ known CloudFormation deployment failures with CloudTrail deep links.
CDK documentation search returns AWS-approved code samples; reduces hallucination risk versus asking the LLM directly.

Weaknesses

Validation is structural and policy-based; logic errors in custom resources still require runtime verification.
Coverage is CDK and CloudFormation; Terraform users need a separate tool.
The CDK best-practices search is bounded to AWS-approved patterns; community patterns and emerging idioms appear later than they do in the broader CDK ecosystem.

Security Notes

The server reads templates and queries documentation; deployment of resources stays out of scope. This makes its security model simpler than the deploying servers in awslabs/mcp. Credentials follow the standard boto3 chain when calling AWS APIs for documentation lookups. Templates submitted for validation stay on the local server.

Best For

Teams using CDK or CloudFormation who want pre-deployment validation and post-failure analysis baked into their agent workflow.

// Technical

TECHNICAL DETAILS

Language

python

Transport

stdio

Clients

Claude DesktopClaude CodeCursorVS CodeWindsurf

License

Apache-2.0

GitHub

awslabs/mcp · ★ 8,894

npm

awslabs.aws-iac-mcp-server

Last Release

1.2.0APR 22, 2026

First Released

DEC 4, 2024

// Adoption

ADOPTION METRICS

// GitHub Stars

8,894

// Reading thisShares the awslabs/mcp 8.9k star base. The IaC server is the validation layer that other AWS servers rely on for pre-deployment checks.

// Popularity Rank

#12

Globally · #3 in Dev Tools

// Reading thisTop dev-tools MCP for IaC workflows. The combination of cfn-lint, cfn-guard, and CDK documentation search has no equivalent in the directory.

// How we found this server

SOURCES & VERIFICATION

We don't take any single directory's word for it. Before scoring, we cross-reference 4 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.

Discovered

Manual submission

First indexed APR 28, 2026

Cross-referenced

4 directories

PulseMCP, Official MCP Registry, Awesome MCP Servers, Smithery

Verified against

Claude Desktop, Cursor, VS Code

Installed and tested across clients

Last re-checked

APR 28, 2026

Weekly re-verification

// How other directories see it

The same server, 4 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.

Source	Their rating	Their star count	Their downloads	Last synced
AutomationSwitch This page	4editorial	8,894	—	APR 28, 2026
PulseMCP	— unrated	unavailable	unavailable	APR 28, 2026
Official MCP Registry	— unrated	unavailable	unavailable	APR 28, 2026
Awesome MCP Servers	— unrated	unavailable	unavailable	APR 28, 2026
Smithery	— unrated	unavailable	unavailable	APR 28, 2026

// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.

// Alternatives

OTHER DEV TOOLS MCP SERVERS

Official5

GitHub

Codebase awareness layer for accessing repositories, pull requests, issues, code search, and GitHub Actions. Fine-grained PAT scopes keep access minimal.

24 tools★ 18,000

Vendor4.5

OpenSpec

Fission-AI

The leading spec-driven development workflow for AI agents. Implements the /opsx:propose → /opsx:apply → /opsx:archive cycle that scaffolds proposals, specs, design docs, and task checklists, then applies them and archives once shipped.

7 tools★ 43,650

Vendor4.5

Chrome DevTools for Agents

Google · Chrome DevTools team

Vendor-official Chrome DevTools MCP server from the Chrome DevTools team at Google. Lets agents control and inspect a live Chrome browser for automation, debugging, and performance analysis.

6 tools★ 37,543

Vendor4.5

Terraform MCP Server

HashiCorp

Vendor-official Terraform MCP server from HashiCorp. Integrates with the public Terraform Registry (providers, modules, policies) and HCP Terraform / Terraform Enterprise (workspace management, organisation listing, run management, private registry access).

7 tools★ 1,346

Vendor4.2

Browserbase MCP Server

Browserbase

Vendor-built Browserbase MCP server combining cloud browser automation (Browserbase) with natural-language-to-action mapping (Stagehand). 6 tools: start, end, navigate, act, observe, extract. Available as a hosted endpoint at https://mcp.browserbase.com/mcp (LLM costs covered for Gemini) or self-hostable via @browserbasehq/mcp.

6 tools★ 3,295

Vendor4

Context7

Upstash

Documentation quality layer that fetches current, version-specific library documentation. Resolves library IDs and returns focused doc sections so your agent works with accurate API references.

2 tools★ 8,500

// Get in touch

DISCUSS YOUR
MCP REQUIREMENTS.

Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.

Discuss Your MCP Requirements →

AWS Infrastructure as Code MCP Server

INSTALL THIS SERVER

7 TOOLS AVAILABLE

OUR ASSESSMENT

TECHNICAL DETAILS

ADOPTION METRICS

SOURCES & VERIFICATION

OTHER DEV TOOLS MCP SERVERS

GitHub

OpenSpec

Chrome DevTools for Agents

Terraform MCP Server

Browserbase MCP Server

Context7

DISCUSS YOURMCP REQUIREMENTS.

DISCUSS YOUR
MCP REQUIREMENTS.