enhanced-cfn-mcp-server

shantgup/enhanced-cfn-mcp-server

3.2

If you are the rightful owner of enhanced-cfn-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The Enhanced CloudFormation MCP Server is a sophisticated tool designed to improve AWS CloudFormation management through intelligent prompting, autonomous fixing, and comprehensive resource management.

Tools

  1. get_resource_schema_information

    Get schema information for AWS resource types

  2. list_resources

    List AWS resources of a specified type

  3. get_resource

    Get detailed information about a specific resource

  4. create_resource

    Create new AWS resources

  5. update_resource

    Update existing AWS resources using JSON Patch

  6. delete_resource

    Delete AWS resources

  7. get_resource_request_status

    Check status of long-running operations

  8. deploy_cloudformation_stack

    Deploy stacks with comprehensive configuration

  9. get_stack_status

    Get detailed stack status with operational analysis

  10. delete_cloudformation_stack

    Safely delete stacks with resource retention options

  11. detect_stack_drift

    Detect and analyze configuration drift

  12. generate_cloudformation_template

    Generate templates from natural language with intelligent conversation flow

  13. create_template

    Generate templates from existing AWS resources

  14. analyze_template_structure

    Comprehensive template analysis with security and compliance checks

  15. detect_template_capabilities

    Analyze templates for required IAM capabilities

  16. troubleshoot_cloudformation_stack

    Expert troubleshooting with systematic investigation

  17. fix_and_retry_cloudformation_stack

    Intelligent fix-and-retry with detailed guidance

  18. autonomous_fix_and_deploy_stack

    Fully autonomous deployment with iterative fixing

  19. generate_template_fixes

    Generate and optionally apply template fixes

  20. cloudformation_best_practices_guide

    Expert best practices guidance for infrastructure issues

  21. prevent_out_of_band_changes

    Prevent manual changes to CloudFormation-managed resources

Enhanced CloudFormation MCP Server

An enhanced AWS CloudFormation Model Context Protocol (MCP) server that provides intelligent prompting, autonomous fixing, and comprehensive AWS resource management capabilities for AI assistants like Amazon Q.

Table of Contents

πŸš€ What is this?

This is an enhanced version of the AWS CloudFormation MCP server that extends the original functionality with:

  • Intelligent Prompt Generation: Creates expert-level prompts that guide AI assistants to provide comprehensive CloudFormation analysis and solutions
  • Autonomous Template Fixing: Automatically detects and fixes common CloudFormation template issues
  • Enhanced Troubleshooting: Provides detailed error analysis with step-by-step resolution guidance
  • Best Practices Integration: Built-in AWS best practices and security recommendations
  • Comprehensive Resource Management: Full CRUD operations for AWS resources via CloudFormation types

✨ Key Features & Differentiators

🧠 Intelligent AI Guidance

  • Expert Prompt Engineering: Transforms simple requests into comprehensive, expert-level prompts
  • Context-Aware Analysis: Provides detailed investigation workflows with specific CLI commands
  • Multi-Stage Conversations: Guides through discovery, refinement, validation, and generation phases

πŸ”§ Autonomous Problem Solving

  • Auto-Fix Templates: Automatically identifies and fixes common CloudFormation issues
  • Iterative Deployment: Continues fixing and redeploying until successful
  • Smart Error Recovery: Analyzes failures and applies appropriate fixes

πŸ“Š Enhanced Troubleshooting

  • Root Cause Analysis: Deep investigation of CloudFormation failures
  • CloudWatch Integration: Automatic log analysis and error correlation
  • CloudTrail Analysis: API call investigation for comprehensive debugging

πŸ›‘οΈ Security & Best Practices

  • Security Vulnerability Detection: Identifies potential security issues in templates
  • Compliance Framework Alignment: Supports HIPAA, PCI, SOX, GDPR compliance checks
  • Cost Optimization: Provides cost-aware recommendations

πŸ› οΈ Available Tools

Core Resource Management

ToolDescription
get_resource_schema_informationGet schema information for AWS resource types
list_resourcesList AWS resources of a specified type
get_resourceGet detailed information about a specific resource
create_resourceCreate new AWS resources
update_resourceUpdate existing AWS resources using JSON Patch
delete_resourceDelete AWS resources
get_resource_request_statusCheck status of long-running operations

CloudFormation Stack Management

ToolDescription
deploy_cloudformation_stackDeploy stacks with comprehensive configuration
get_stack_statusGet detailed stack status with operational analysis
delete_cloudformation_stackSafely delete stacks with resource retention options
detect_stack_driftDetect and analyze configuration drift

Template Generation & Analysis

ToolDescription
generate_cloudformation_templateGenerate templates from natural language with intelligent conversation flow
create_templateGenerate templates from existing AWS resources
analyze_template_structureComprehensive template analysis with security and compliance checks
detect_template_capabilitiesAnalyze templates for required IAM capabilities

Enhanced Troubleshooting & Fixing

ToolDescription
troubleshoot_cloudformation_stackExpert troubleshooting with systematic investigation
fix_and_retry_cloudformation_stackIntelligent fix-and-retry with detailed guidance
autonomous_fix_and_deploy_stackFully autonomous deployment with iterative fixing
generate_template_fixesGenerate and optionally apply template fixes

Best Practices & Guidance

ToolDescription
cloudformation_best_practices_guideExpert best practices guidance for infrastructure issues
prevent_out_of_band_changesPrevent manual changes to CloudFormation-managed resources

πŸ“‹ Prerequisites

  • Python 3.10+
  • AWS CLI configured with appropriate credentials
  • Amazon Q CLI (for integration)
  • AWS Account with necessary permissions

Required AWS Permissions

Your AWS credentials need permissions for:

  • CloudFormation operations (cloudformation:*)
  • CloudControl API operations (cloudcontrol:*)
  • Resource-specific permissions (e.g., s3:*, ec2:*)
  • CloudWatch Logs access (logs:*)
  • CloudTrail access (cloudtrail:LookupEvents)

πŸš€ Installation & Setup

1. Install the Package

# Clone the repository
git clone https://github.com/shantgup/enhanced-cfn-mcp-server.git
cd enhanced-cfn-mcp-server

# Install the package
pip install -e .

2. Configure AWS Credentials

# Configure AWS CLI
aws configure

# Or set environment variables
export AWS_ACCESS_KEY_ID=your_access_key
export AWS_SECRET_ACCESS_KEY=your_secret_key
export AWS_DEFAULT_REGION=us-east-1

3. Integration with Amazon Q CLI

If you run q in the root directory of this project, the enhanced_cfn_mcp_server should be loaded automatically, it's configured in the .amazonq directory.

Optionally, you can add the MCP server to your Q CLI configuration like below:

{
  "mcpServers": {
    "enhanced-cfn": {
      "command": "enhanced-cfn-mcp-server",
      "args": [],
      "env": {}
    }
  }
}

4. Verify Installation

# Test through Q CLI
q chat
# Then ask: "Use the enhanced cfn mcp server to create a robust web server architecture cloudformation template. Then deploy it, and if it fails, troubleshoot it, fix the template and redeploy until successful."

πŸ’‘ Usage Examples

πŸ”₯ One-shot Prompt

🌟 Generate template, deploy, troubleshoot, fix and redeploy until successful 🌟

# Generate template, deploy, troubleshoot, fix and redeploy until successful
"Use the enhanced cfn mcp server to create a <INSERT USE CASE HERE>. Then deploy it, and if it fails, troubleshoot it, fix the template and redeploy until successful."

# Use case examples:
- robust web server architecture
- secure VPC with public and private subnets
- serverless API with Lambda and API Gateway
- multi-AZ RDS database setup
- static website hosting with S3 and CloudFront
- auto-scaling application with ALB
- containerized application using ECS
- serverless data processing pipeline
- high-availability WordPress site
- CI/CD pipeline with CodePipeline
- cross-region backup solution
- ElasticSearch cluster
- EKS cluster with worker nodes
- real-time data streaming architecture
- multi-region active-active setup

Basic Resource Management

# In Q CLI chat
q chat

# List all S3 buckets
"List all my S3 buckets"

# Get details of a specific bucket
"Show me details of my bucket named 'my-app-bucket'"

# Create a new S3 bucket
"Create an S3 bucket named 'my-new-bucket' with versioning enabled"

CloudFormation Operations

# Generate a template from description
"Create a CloudFormation template for a web application with ALB, ECS, and RDS"

# Deploy a stack
"Deploy a CloudFormation stack named 'my-web-app' using the template in ./template.yaml"

# Troubleshoot a failed deployment
"My CloudFormation stack 'my-app-stack' failed to deploy. Help me troubleshoot it."

# Autonomous fixing and deployment
"Automatically fix and deploy my CloudFormation stack 'problematic-stack'"

Advanced Analysis

# Analyze template for issues
"Analyze my CloudFormation template for security vulnerabilities and best practices"

# Detect stack drift
"Check if my production stack has any configuration drift"

# Get best practices guidance
"I need to implement a HIPAA-compliant data processing pipeline. What are the best practices?"

πŸ—οΈ Architecture

Enhanced CFN MCP Server
β”œβ”€β”€ Core MCP Server (FastMCP)
β”œβ”€β”€ AWS Client Management
β”œβ”€β”€ CloudFormation Stack Manager
β”œβ”€β”€ Resource Schema Manager
β”œβ”€β”€ Intelligent Prompt Generator
β”œβ”€β”€ Template Analysis Engine
β”œβ”€β”€ Autonomous Fixing Engine
└── Best Practices Database

Key Components

  • FastMCP Framework: Provides the MCP server foundation
  • AWS Integration: Boto3-based AWS service clients
  • CloudControl API: Unified resource management interface
  • Template Generator: Natural language to CloudFormation conversion
  • Error Analysis: Comprehensive failure analysis and resolution
  • Prompt Engineering: Expert-level prompt generation for AI guidance

πŸ”§ Configuration

Environment Variables

# AWS Configuration
AWS_REGION=us-east-1
AWS_PROFILE=default

# Server Configuration
MCP_SERVER_PORT=3000
LOG_LEVEL=INFO

# Feature Flags
ENABLE_AUTO_FIX=true
ENABLE_SECURITY_ANALYSIS=true
MAX_FIX_ITERATIONS=5

πŸ§ͺ Development

Setup Development Environment

# Clone and setup
git clone https://github.com/shantgup/enhanced-cfn-mcp-server.git
cd enhanced-cfn-mcp-server

# Install development dependencies
pip install -e ".[dev]"

# Setup pre-commit hooks
pre-commit install

Running Tests

# Run all tests
pytest

# Run with coverage
pytest --cov=awslabs

# Run only unit tests (skip live AWS tests)
pytest -m "not live"

Code Quality

# Format code
ruff format .

# Lint code
ruff check .

# Type checking
pyright

πŸ“š Examples

See the directory for comprehensive usage examples:

  • - Simple resource management
  • - Complex deployment scenarios
  • - Amazon Q specific examples
  • - Natural language to CloudFormation
  • - Error resolution workflows

🀝 Contributing

We welcome contributions! Please see for guidelines.

Development Workflow

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Add tests
  5. Run the test suite
  6. Submit a pull request

πŸ“„ License

This project is licensed under the Apache License 2.0 - see the file for details.

πŸ†˜ Support

πŸ™ Acknowledgments

πŸ—ΊοΈ Roadmap

  • Enhanced Template Generation: More sophisticated natural language processing
  • Multi-Account Support: Cross-account resource management
  • Advanced Security Analysis: Integration with AWS Security Hub
  • Cost Optimization: Real-time cost analysis and recommendations
  • Infrastructure Visualization: Automatic architecture diagram generation
  • Compliance Automation: Automated compliance checking and reporting

Made with ❀️ for the AWS community