Enhancing Infrastructure as Code Development and Operations with Amazon Q, MCP, and the Thoth Framework

Level 300

With each phase of digital transformation, new approaches are introduced for developing and implementing solutions. Beginning with scripting tools such as Ansible and Chef, and progressing through innovations like Terraform, CDK, Pulumi, and today’s AI-driven agentic and autonomous systems, methodologies continually evolve. Some practices become obsolete, while fresh strategies emerge—challenging engineers to adapt, innovate, and drive progress in solution creation and maintenance.

It is common for DevOps professionals to upgrade Infrastructure as Code (IaC) regularly; maintaining clean infrastructure dependencies at scale can be challenging, but many processes are now automated. Thoth framework simplifies dependency management, automates template generation and integrates seamlessly with existing workflows, reducing manual effort and minimizing errors in large-scale infrastructure projects building and managing IaC templates created with tools such as Terraform or Tofu, leveraging wrappers like Terragrunt and Terramate.

Let me show you how common tasks can be automatically accelerated using traditional approaches and modern practices with custom agents like Amazon Q.

The left side: Development

Things are constantly evolving; tasks like coding are being redefined by tools from developer assistants to agentic AI, moving us closer to fully autonomous development. Soon, writing code may seem as outdated as using an abacus, but human interaction is important and necessary for critical thinking, architecture decisions, continuous improvement and alignment with business strategies. As a cloud architect, developer, or engineer, it is essential to define the infrastructure composition with careful consideration of application-driven design and operational models. Adhering to best practice consistent with the well-architected framework and internal guidelines—is necessary to ensure optimal performance and reliability.

So, How can I do this with minimal effort, time, and resources?

Companies use internal developer platforms with blueprints and quick starts to reduce toil, lower the learning curve, and enable self-service through established paths. Developers must interact using the correct interfaces. AI agents now serve as intuitive interfaces, exposing platform capabilities via MCP and allowing for tailored agents for each SDLC task.

Let’s begin with the code. 👽

Start by creating a custom agent with Amazon Q for IaC, including platform context via MCP and a custom CLI. This approach manages tasks like infrastructure composition, compliance, scanning, and reporting, while maintaining traditional practices such as git best practices.

The following picture depicts this setup.

The system interfaces directly with AWS services via the AWS SDK and leverages OpenTofu for infrastructure provisioning, ensuring consistent and reproducible deployments across multiple environments.

You can add any complementary MCP service from list but be careful verify the source:

awslabs / mcp

AWS MCP Servers — helping you get the most out of AWS, wherever you use MCP.

AWS MCP Servers

A suite of specialized MCP servers that help you get the most out of AWS, wherever you use MCP.

Table of Contents

• AWS MCP Servers
  • Table of Contents
  • What is the Model Context Protocol (MCP) and how does it work with AWS MCP Servers?
  • Server Sent Events Support Removal
  • Why AWS MCP Servers?
  • Available MCP Servers: Quick Installation
    • 🚀Getting Started with AWS
    • Browse by What You're Building
      • 📚 Real-time access to official AWS documentation
      • 🏗️ Infrastructure & Deployment
        • Infrastructure as Code
        • Container Platforms
        • Serverless & Functions
        • Support
      • 🤖 AI & Machine Learning
      • 📊 Data & Analytics
        • SQL & NoSQL Databases
        • Search & Analytics
        • Caching & Performance
      • 🛠️ Developer Tools & Support
      • 📡 Integration & Messaging
      • 💰 Cost & Operations
      • 🧬 Healthcare & Lifesciences
    • Browse by How You're Working
      • 👨‍💻 Vibe Coding & Development
        • Core Development Workflow
        • Infrastructure as Code
        • Application Development
        • Container & Serverless Development
        • Testing &…

View on GitHub

modelcontextprotocol / servers

Model Context Protocol Servers

Model Context Protocol servers

This repository is a collection of reference implementations for the Model Context Protocol (MCP), as well as references to community-built servers and additional resources.

The servers in this repository showcase the versatility and extensibility of MCP, demonstrating how it can be used to give Large Language Models (LLMs) secure, controlled access to tools and data sources Typically, each MCP server is implemented with an MCP SDK:

• C# MCP SDK
• Go MCP SDK
• Java MCP SDK
• Kotlin MCP SDK
• PHP MCP SDK
• Python MCP SDK
• Ruby MCP SDK
• Rust MCP SDK
• Swift MCP SDK
• TypeScript MCP SDK

Note

Lists in this README are maintained in alphabetical order to minimize merge conflicts when adding new items.

🌟 Reference Servers

These servers aim to demonstrate MCP features and the official SDKs.

• Everything - Reference / test server with prompts, resources, and tools.
• Fetch - Web content fetching and conversion…

View on GitHub

Hands On

Requirements

• WSL or ubuntu 24.04
• python >= 3.12
• thothctl >= 0.5.3
• opentofu >= 1.10.6
• terragrunt >= 0.88.0

Preparing the local environment

Bootstrap you environment with the necessary tools following the next steps:

a. Download and install thothctl from pypi official repository.

pipx install thothcl

b. Install amazon Q agent and Amazon Q for your IDE, terragrunt, tofu, uv, and pipx and other tools running or just runs the devtocontainers environment.

thothctl init environment  #environment for interactive mode

Select the tools according to the recommended versions. If you already have the tools installed, please run.

thothctl check environment

Creating custom Amazon Q agent (thoth agent)

Please create the AWS Builder Id

a. Use thothctl to initialize the project with the scaffold template or clone the repository.

The Custom agent configuration files are stored as JSON files in specific directories:

Project-level custom agents .amazonq/cli-agents/{agent-name}.json
Available only within the specific project directory and its subdirectories.

The Amazon Q Developer CLI searches for a custom agent by following a defined order of precedence:
• Local custom agents first - Checks for custom agents in the current working directory
• Global custom agents second - Falls back to custom agents in your home directory
• Built-in default - Uses the default agent if no custom agent is found

ℹ️ Please visit for best practices and deep knowledge: 👉 Custom Agents Management 👈

For this scenario the scaffold project template looks like:

├── LICENSE
├── README.md
├── common
│   ├── common.hcl
│   ├── common.tfvars
│   └── variables.tf
├── docs
│   └── catalog
│       ├── catalog-info.yaml
│       ├── docs
│       │   ├── general
│       │   ├── guidelines
│       │   │   ├── architecture-definition.md
│       │   │   └── iac-composition-guidelines.md
│       │   ├── images
│       │   │   ├── DiagramArchitecture.png
│       │   │   └── graph.svg
│       │   └── index.md
│       └── mkdocs.yml
├── root.hcl
└── stacks
    ├── application
    │   ├── compute
    │   │   ├── alb
    │   │   │   ├── README.md
    │   │   │   └── terragrunt.hcl
    │   │   └── asg
    │   └── storage
    │       ├── efs
    │       └── s3
    ├── foundation
    │   ├── iam
    │   │   ├── policies
    │   │   └── roles
    │   │       └── terragrunt.hcl
    │   └── network
    │       ├── security-groups
    │       └── vpc
    │           ├── README.md
    │           └── terragrunt.hcl
    ├── observability
    │   └── monitoring
    │       ├── cloudwatch
    │       └── prometheus
    └── platform
        ├── containers
        │   ├── ecr
        │   ├── eks-control-plane
        │   │   └── terragrunt.hcl
        │   └── eks-nodegroups
        └── data
            ├── elasticache
            └── rds

You can find it in:

thothforge / terragrunt_project_scaffold

Scaffold for terragrun projects using thoth framework

Terragrunt Project Scaffold

A production-ready Terragrunt template for AWS infrastructure deployment with GitOps integration and best practices.

Overview

This scaffold provides a standardized project structure for managing AWS infrastructure using Terragrunt, with built-in support for:

• Multi-environment deployments
• Remote state management with S3 and DynamoDB
• Code quality tools (TFLint, pre-commit hooks)
• GitOps workflows
• Modular architecture

Project Structure

#{project_name}#/
├── .thothcf.toml              # Template configuration
├── .gitignore                 # Git ignore rules
├── .tflint.hcl               # TFLint configuration
├── .pre-commit-config.yaml   # Pre-commit hooks
├── root.hcl                  # Root Terragrunt configuration
├── common/
│   ├── common.hcl            # Common variables and provider config
│   └── variables.tf          # Shared variable definitions
├── stacks/
│   ├── foundation/           # Core infrastructure layer
│   │   ├── network/vpc/      # VPC, subnets, routing
│   │   └── iam/roles/        # Service roles and policies
│   ├── platform/             # Shared services layer
│   │   └── containers/
│   │       └── eks-control-plane/  # EKS cluster
│   ├── application/          #

…

View on GitHub

So, the custom agent provides the minimum mcp servers, context and tools. Agents can be created based on environment, technology, specialty or for specific projects for example when using a monorepo structure to store both application and infrastructure code.

Here is the baseline agent setup:

{
  "name": "thoth",
  "description": "IaC and GitOps specialist THOTH agent for IaC deployments",
  "mcpServers": {
     "thothctl": {
      "command": "thothctl",
      "args": ["mcp", "server", "--stdio"]
    },

    "git": {
       "command": "uvx",
      "args": ["mcp-server-git"],
      "timeout": 30000
    },
    "terraform": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "hashicorp/terraform-mcp-server"
      ]
    },
    "awslabs.aws-diagram-mcp-server": {
      "command": "uvx",
      "args": [
        "awslabs.aws-diagram-mcp-server"
      ],
      "env": {
        "FASTMCP_LOG_LEVEL": "ERROR"
      },
      "autoApprove": [],
      "disabled": false
    }
  },
  "tools": [
    "fs_read",
    "fs_write",
    "execute_bash",
    "use_aws",
    "@git",
    "@thothctl",
    "@terraform"
  ],
  "allowedTools": [
    "fs_read",
    "use_aws",
    "@git/git_status",
    "@git/git_log",
    "@git/git_diff"
  ],
  "toolAliases": {
    "@git/git_status": "status",
    "@git/git_log": "log",
    "@git/git_diff": "diff"
  },
  "toolsSettings": {

    "fs_write": {
      "allowedPaths": [
        "stacks/**",
        "common/**",
        "modules/**",
        "*.hcl",
        "*.tf",
        "*.tfvars",
        "*.yaml",
        "*.yml",
        "*.toml",
        "*.md",
        "docs/**"
      ]
    }

  },
  "resources": [
    "file://README.md",
    "file://LICENSE",
    "file://.thothcf.toml",
    "file://root.hcl",
    "file://common/common.hcl",
    "file://common/variables.tf",
    "file://.tflint.hcl",
    "file://.pre-commit-config.yaml",
    "file://.gitignore",
    "file://stacks/**/*.hcl",
    "file://stacks/**/*.tf",
    "file://docs/**/*.md"
  ]

}

The agent has the resources definition block:

In docs/catalog/docs/guidelines we include two guidelines, one for architecture definitions and other for IaC composition guidelines.

b. Finally, start a chat with the agent in project folder and create some stacks :

➜  q chat --agent thoth
✓ terraform loaded in 1.05 s
✓ git loaded in 1.81 s
✓ awslabs.aws-diagram-mcp-server loaded in 2.02 s
✓ thothctl loaded in 2.12 s

For example:

Thanks for reading and sharing! 🤠

The next blogs offer more examples and explains how traditional and agentic AI can be combined for optimal results. 🥸