Get prescriptive CDK advice, explain CDK Nag rules, check suppressions, generate Bedrock Agent schemas, and discover AWS Solutions Constructs patterns.
MCP server for AWS Cloud Development Kit (CDK) best practices, infrastructure as code patterns, and security compliance with CDK Nag.
BedrockAgentResolver
from AWS Lambda Powertoolsbedrock.ApiSchema.fromLocalAsset()
in your CDK codeThis diagram provides a comprehensive view of the recommended CDK implementation workflow:
graph TD
Start([Start]) --> A["CDKGeneralGuidance"]
A --> Init["cdk init app"]
Init --> B{Choose Approach}
B -->|"Common Patterns"| C1["GetAwsSolutionsConstructPattern"]
B -->|"GenAI Features"| C2["SearchGenAICDKConstructs"]
B -->|"Custom Needs"| C3["Custom CDK Code"]
C1 --> D1["Implement Solutions Construct"]
C2 --> D2["Implement GenAI Constructs"]
C3 --> D3["Implement Custom Resources"]
%% Bedrock Agent with Action Groups specific flow
D2 -->|"For Bedrock Agents<br/>with Action Groups"| BA["Create Lambda with<br/>BedrockAgentResolver"]
%% Schema generation flow
BA --> BS["GenerateBedrockAgentSchema"]
BS -->|"Success"| JSON["openapi.json created"]
BS -->|"Import Errors"| BSF["Tool generates<br/>generate_schema.py"]
BSF -->|"Missing dependencies?"| InstallDeps["Install dependencies"]
InstallDeps --> BSR["Run script manually:<br/>python generate_schema.py"]
BSR --> JSON["openapi.json created"]
%% Use schema in Agent CDK
JSON --> AgentCDK["Use schema in<br/>Agent CDK code"]
AgentCDK --> D2
%% Conditional Lambda Powertools implementation
D1 & D2 & D3 --> HasLambda{"Using Lambda<br/>Functions?"}
HasLambda --> UseLayer{"Using Lambda<br/>Layers?"}
UseLayer -->|"Yes"| LLDP["LambdaLayerDocumentationProvider"]
HasLambda -->|"No"| SkipL["Skip"]
%% Rest of workflow
LLDP["LambdaLayerDocumentationProvider"] --> Synth["cdk synth"]
SkipL --> Synth
Synth --> Nag{"CDK Nag<br/>warnings?"}
Nag -->|Yes| E["ExplainCDKNagRule"]
Nag -->|No| Deploy["cdk deploy"]
E --> Fix["Fix or Add Suppressions"]
Fix --> CN["CheckCDKNagSuppressions"]
CN --> Synth
%% Styling with darker colors
classDef default fill:#424242,stroke:#ffffff,stroke-width:1px,color:#ffffff;
classDef cmd fill:#4a148c,stroke:#ffffff,stroke-width:1px,color:#ffffff;
classDef tool fill:#01579b,stroke:#ffffff,stroke-width:1px,color:#ffffff;
classDef note fill:#1b5e20,stroke:#ffffff,stroke-width:1px,color:#ffffff;
classDef output fill:#006064,stroke:#ffffff,stroke-width:1px,color:#ffffff;
classDef decision fill:#5d4037,stroke:#ffffff,stroke-width:1px,color:#ffffff;
class Init,Synth,Deploy,BSR cmd;
class A,C1,C2,BS,E,CN,LLDP tool;
class JSON output;
class HasLambda,UseLayer,Nag decision;
cdk-nag://rules/{rule_pack}
aws-solutions-constructs://{pattern_name}
genai-cdk-constructs://{construct_type}/{construct_name}
lambda-powertools://{topic}
uv
from Astral or the GitHub READMEuv python install 3.10
npm install -g aws-cdk
(Note: The MCP server itself doesn't use the CDK CLI directly, but it guides users through CDK application development that requires the CLI)Configure the MCP server in your MCP client configuration (e.g., for Amazon Q Developer CLI, edit ~/.aws/amazonq/mcp.json
):
{
"mcpServers": {
"awslabs.cdk-mcp-server": {
"command": "uvx",
"args": ["awslabs.cdk-mcp-server@latest"],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR"
},
"disabled": false,
"autoApprove": []
}
}
}
or docker after a successful docker build -t awslabs/cdk-mcp-server .
:
{
"mcpServers": {
"awslabs.cdk-mcp-server": {
"command": "docker",
"args": [
"run",
"--rm",
"--interactive",
"--env",
"FASTMCP_LOG_LEVEL=ERROR",
"awslabs/cdk-mcp-server:latest"
],
"env": {},
"disabled": false,
"autoApprove": []
}
}
}
When using this MCP server, you should consider:
Before applying CDK NAG Suppressions, you should consider conducting your own independent assessment to ensure that your use would comply with your own specific security and quality control practices and standards, as well as the local laws, rules, and regulations that govern you and your content.
Integrates with the Uberall API to manage business listings, locations, and social media presence.
Deploy, configure & interrogate your resources on the Cloudflare developer platform (e.g. Workers/KV/R2/D1)
Automate Akamai resource actions using a conversational AI client. Requires Akamai API credentials.
Interact with Stripe API
List and analyze Netbird network peers, groups, policies, and more.
A cloud infrastructure from Alibaba Cloud for AI Agents, featuring one-click configuration and serverless execution.
Server for using HuggingFace Spaces, supporting Images, Audio, Text and more. Claude Desktop mode for ease-of-use.
Get up-to-date EC2 pricing information with one call. Fast. Powered by a pre-parsed AWS pricing catalogue.
Provides safe, read-only access to Kubernetes cluster resources for debugging and inspection.
Manage secrets from Doppler, a secret management platform. Requires a Doppler API token.