AWS IaC MCP Server

raw JSON →
1.0.17 verified Fri May 01 auth: no python

An MCP (Model Context Protocol) server for Infrastructure as Code (IaC) that provides CloudFormation template validation, compliance checking, and deployment troubleshooting. Version 1.0.17, released irregularly on GitHub (awslabs/mcp). Requires Python >=3.10.

pip install awslabs-aws-iac-mcp-server

Common errors

error ModuleNotFoundError: No module named 'awslabs_aws_iac_mcp_server'
cause Incorrect package name or not installed.
fix
Install with 'pip install awslabs-aws-iac-mcp-server' and import with underscores: 'from awslabs_aws_iac_mcp_server import mcp'.
error botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the DescribeStacks operation
cause AWS credentials lack CloudFormation read permissions.
fix
Grant iam:PassRole, cloudformation:DescribeStacks, cloudformation:ValidateTemplate, cloudformation:GetTemplate permissions.

Warnings

breaking mcp.run() will block and start an MCP server on stdio by default. Do not call mcp.run() in an async context without understanding the I/O model.
fix Run only as a standalone script, or use mcp.run(transport='stdio') explicitly.
gotcha The server expects AWS credentials with CloudFormation DescribeStacks, ValidateTemplate, and GetTemplate permissions. Missing permissions cause cryptic boto3 errors.
fix Attach AWS managed policy 'AWSCloudFormationReadOnlyAccess' or equivalent custom policy.
deprecated The package uses the deprecated 'mcp' library (0.x) under the hood. Future versions may migrate to the new 'mcp' library (1.x).
fix Watch the GitHub repo for migration guides when mcp 1.0 is released.

Imports

Quickstart

Run the MCP server. Requires AWS credentials (e.g., AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) configured in environment or ~/.aws/credentials.

from awslabs_aws_iac_mcp_server import mcp

if __name__ == "__main__":
    mcp.run()
last verified Fri May 01
next check Thu Jul 30