Infra as Vibe Code with AWS MCP Servers

Transcript

1. © 2025, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. #awsdevday Jakub Gaj serverless.ninja Infra as Vibe Code with AWS MCP Servers Conversational IaC

2. serverless.ninja Playlist 1. From template to dialogue 2. Model Context

   Protocol (MCP) 3. AWS MCP Servers 4. Demo: live building from Q CLI 5. Important security aspects 6. Key takeaways

3. serverless.ninja Infrastructure used to be declared, then coded, then generated.

   Now it can be simply discussed.

4. © 2025, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. #awsdevday From Template to Dialogue

5. serverless.ninja Evolution of Infrastructure as Code Declarative IaC Programmatic 


   IaC Generative 
 IaC Static templates declare resources Code generates static templates From dialogue to deployment From prompt to templates or code Conversational 
 IaC CloudFormation AWS CDK Q Developer AWS CDK MCP

6. © 2025, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. #awsdevday Model Context Protocol

7. serverless.ninja Model Context Protocol (MCP) variety of AWS services Open

   standard for providing external context to LLMs Standardized way how 
 AI models connect to data sources & tools Think of USB-C 
 for AI-powered applications Introduced by Anthropic in Nov 2024 MCP Servers expose 
 data & tools through standard protocol MCP Clients are 
 AI apps that connect 
 to these servers Universal Protocol replacing fragmented integrations

8. serverless.ninja Client-Server Architecture of MCP Your Computer Internet Host with

   
 MCP Client MCP Server A MCP Server B MCP Server C Local 
 Data Source A Remote 
 Service B Remote 
 Service C MCP Protocol MCP Protocol MCP Protocol Web APIs Web APIs

9. © 2025, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. #awsdevday AWS MCP Servers

10. serverless.ninja Examples of AWS MCP Servers AWS Diagram 
 MCP

    Server AWS CDK 
 MCP Server AWS Knowledge 
 MCP Server AWS CloudFormation 
 MCP Server AWS Terraform 
 MCP Server AWS Serverless 
 MCP Server AWS AppSync 
 MCP Server AWS Lambda Tool 
 MCP Server AWS ECS 
 MCP Server AWS Step Functions 
 MCP Server AWS API 
 MCP Server AWS Documentation 
 MCP Server

11. serverless.ninja Prerequisite Tools & Runtimes Microsoft VS Code AWS CLI

    AWS CDK AWS MCP Servers + Node.js TypeScript + 
 AWS Toolkit + Python Q Developer Q Command Line

12. serverless.ninja Amazon Q and AWS MCP Servers

13. serverless.ninja Amazon Q Developer CLI Global configuration files: ~/aws/amazonq/agents/default.json ~/aws/amazonq/cli-agents/default.json

    ~/aws/amazonq/cli-agents/{custom}.json ~/aws/amazonq/mcp.json Project-level configuration files: ./amazonq/cli-agents/{custom}.json ./amazonq/mcp.json $ qchat mcp list $ qchat agent list $ q login $ q chat --agent {agent-name} > /mcp > /tools > /model > /context show

14. © 2025, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. #awsdevday Let’s Build Something!

15. serverless.ninja Region AWS 
 Step Functions Amazon 
 EventBridge Amazon

    
 DynamoDB AWS 
 Serverless AWS CDK 
 (TypeScript) Documents Workflow Document ID Documents 
 Table Document Item Documents 
 Bus New Document Amazon Q 
 Developer Documents Flow App Account

16. serverless.ninja Custom agent resources CONTEXT.md Context about content of the

    directory (AWS CDK app in TypeScript), AWS CLI profile & region for deployments PROMPTS.md Detailed instructions what AWS resources to define in sequential order in CDK stack, with AWS CLI commands for testing README.md Default README file generated by AWS CDK framework with description of CDK Toolkit commands

17. © 2025, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. #awsdevday Live Demo

18. © 2025, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. #awsdevday Security Aspects

19. serverless.ninja Security model in Q Developer The MCP security model

    in Q CLI is designed with these principles: • Explicit Permission: Tools require explicit user permission before execution • Local Execution: MCP servers run locally on your machine • Isolation: Each MCP server runs as a separate process • Transparency: Users can see what tools are available and what they do

20. serverless.ninja Security considerations Key security considerations when using MCP: •

    Only install MCP servers from trusted sources • Review tool descriptions and annotations before approving • Use environment variables for sensitive configuration • Keep MCP servers and the Q CLI updated • Monitor MCP logs for unexpected activity

21. © 2025, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. #awsdevday Key Takeaways

22. serverless.ninja Key Takeaways Temporary AWS Credentials Principle of Least Privilege

    Use short-lived AWS credentials (AssumeRole), ideally via AWS Identity Center (AWS SSO) Run local MCP servers inside Dev Container or Docker, don’t give access to your entire fi lesystem Restrict access to invoke AWS services & execute CLI commands, require human approval (HITL) Tools Access & Capabilities Sandbox or Containerize Ensure IAM roles associated with MCP Servers have exact permissions needed (no Admin access)

23. © 2025, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. #awsdevday Thank you! Jakub Gaj https://serverless.ninja https://github.com/ServerlessNinja https://linkedin.com/in/jakubgaj https://builder.aws.com/community/@jakgaj