AWS re:Invent 2025 - Accelerate building Serverless apps with Amazon Q and MCP servers (CNS373)

🦄 Making great presentations more accessible.
This project aims to enhances multilingual accessibility and discoverability while maintaining the integrity of original content. Detailed transcriptions and keyframes preserve the nuances and technical insights that make each session compelling.

Overview

📖 AWS re:Invent 2025 - Accelerate building Serverless apps with Amazon Q and MCP servers (CNS373)

In this video, AWS Solutions Architects Sean Kendall and Brian Zambrano demonstrate building serverless applications using Amazon Kiro (formerly Amazon Q Developer) and MCP (Model Context Protocol) servers. They showcase both Kiro CLI and Kiro IDE approaches to build a tic-tac-toe game backend with API Gateway, Lambda functions, and DynamoDB. The session covers configuring MCP servers like AWS Serverless Application Model, AWS CDK, AWS Documentation, and mcp-server-fetch to provide agents with up-to-date AWS documentation and deployment capabilities. They demonstrate prompt engineering techniques, agent steering documents, and how Kiro autonomously builds, deploys, and tests serverless infrastructure using AWS SAM templates. The presentation includes live coding where both tools successfully generate working backends from natural language prompts, handle CORS configuration, and implement game logic, highlighting how AI-assisted development with proper MCP server configuration accelerates serverless application development while maintaining security through tools like CDK Nag.

; This article is entirely auto-generated while preserving the original presentation content as much as possible. Please note that there may be typos or inaccuracies.

Main Part

Introduction: Building Serverless Applications with Kiro and MCP Servers

Welcome to Reinvent. We're bright and early on a Monday morning, so I'm very grateful that you all showed up here with us. Thank you. I'm Sean Kendall, a Principal Solutions Architect at AWS specializing in serverless and generative AI. I've been with AWS for just over six years, working out of Calgary, Alberta in Canada. Thanks, Brian. Would you like to introduce yourself?

Yes, my name is Brian Zambrano. I've also been around for a bit, almost seven years at AWS. I was a solutions architect like Sean for many years with a developer background, and I currently work in a group called the Generative AI Innovation Center. Has anyone heard about the Gen AI Innovation Center? No one? Well, you need to because what we do right now is we are building generative AI proof of concepts, more like MVPs frankly, for customers for free. So if you have an AWS account team and have some idea of how generative AI could help you and your organization, you should definitely talk to your account team because that's what we do. It's a pretty awesome deal for all of you in the audience.

Alright, so today we're going to be talking about accelerating building your serverless applications with Kiro and MCP servers. Show of hands here, who's heard of Kiro in the room? Quite a few people. That's pretty good. Who has used Kiro? Okay, fewer hands. So we're going to be focusing on that technology. Kiro is our generative AI that enables you to build a lot faster. We are also going to be focusing on serverless here today. Another show of hands, who is building serverless apps here in the room today? A lot of hands. That's good because we're going to be building serverless apps and showing you how to build those better and faster using Kiro, but we're not going to be focusing too much on serverless patterns and whatnot.

Session Overview: Building a Tic-Tac-Toe Game Backend

What you're going to get out of here today is we're going to go over a developer tool overview first and then a target architecture on a tic-tac-toe game. That's what we're going to be building here in this code talk. We've already built the front end of the tic-tac-toe game because we figured we don't want Kiro to sit there building too much stuff within this short period of time. We've built that and deployed it. There's an OpenAPI spec that's available on the UI just so that you know, to help the back end and Kiro figure out how to build it better and faster.

I'm going to show you some prompt engineering, so what's the prompt that I'm going to use to actually build the back end. That prompt's going to be provided to Kiro so we can go ahead and do all the things with AI. After I show you that, we're going to get into the coding. You're going to see myself using the Kiro CLI, which I'll tell you more about here in a bit. Within that Kiro CLI you'll see how I can build that back end, and then I'll hand it over to Brian who's going to use the IDE version of Kiro so you can see both flavors of Kiro.

Developer Tool Overview: Amazon Kiro CLI and IDE

For the developer tool overview, the first thing we're going to be using here today is Amazon Kiro, and with Amazon Kiro we have the Amazon Kiro CLI. This is my preference when I'm building. There's no real right or wrong here, but the Kiro CLI allows me to open up a terminal and type in my prompt. I can actually just chat if I really want to, but it allows me to be extremely hands off. I give it a prompt, I hit enter, and I just let it go. It doesn't have to bother me at all. I don't have to use a UI. That's what I prefer.

Then the other way of doing it is the Kiro IDE. If you prefer a nice IDE experience, then this is another option for you. We're also going to be talking about MCP servers. Another show of hands, who here has heard of MCP? Most of the group, that's really good. Who's using MCP today? Wow, okay. Who could explain what an MCP server is to their friends? I got you on that one. We got one. That's great.

We're going to get into that. What's that? Like they're five, exactly. They're five. That's good. I'm going to be showing you some of the serverless MCP servers that we have within AWS Labs today. So after the session, if you want to go use these on your own, there's a full library of MCP servers, basically tools you can use to help with your development.

So the first thing we're going to focus on here is the Amazon Kiro CLI. What you're seeing up on the screen right now is basically what it looks like if you're using the CLI. You'll type in Kiro CLI and this is how it opens. You get this nice little graphic. Within here, you can basically just start typing prompts and it'll respond within the terminal.

There are other ways of using it, such as the Kiro IDE. Let me hand this over to Brian so we can talk through how this one works.

Clarifying the Transition from Amazon Q to Kiro

Before I get into this, I want to mention a couple of things we forgot to cover. First, this session should be interactive. As we're coding and talking about this, feel free to raise your hand or shout out a question, and we'll do our best to answer it. We have our first question now.

Someone asked about something that took them by surprise. When they reserved this session, it was called "Building Serverless Applications with Amazon Q and MCP Server." However, Kiro has replaced Amazon Q in this session. They're wondering if the same thing is going to happen to the service. That's actually my second point. So step one is to ask questions, and step two is that you've segued perfectly into it. Who here has heard about Amazon Q? Most people, okay. So Q as a brand is moving to Kiro now. What Sean is going to be talking about, what I'm going to be talking about, the CLI went from Q CLI to Kiro CLI. From a functional standpoint, they're basically the same thing. Do you have anything else to add on that?

Actually, there's a progression here. Has anyone here used Code Whisperer? A few less people. So it actually started as Code Whisperer, which was the agentic AI that then turned into Amazon Q Developer, and now that has turned into Kiro. We just keep renaming things. Whereas if you were using Q yesterday on the CLI, for example, you would type Q and hit enter, which I loved by the way. Now you type Kiro CLI, which is a little more annoying.

Do you have a follow-up question? Yes, I have a follow-up since this session is going to have a Kiro IDE card. Does all the features and practices that you're going to show on Kiro IDE apply to the Amazon Q extension on Visual Studio Code? Those are different things. You're asking about the VS Code plugin. Yes, so they're going to be different. I'll try as we get into this to make it more obvious, and I'll try to talk through it a bit.

I have a question regarding how we handle payment. Because in Kiro, some time ago, it went from a regular payment option into a separate subscription. And now that Q has been grounded into Kiro CLI, I wonder whether the same applies. I think for now, let's hold that for after the talk. We want to get into the technical parts of this, and then for any questions like that, we can do our best to answer them outside.

Exploring the Kiro IDE Interface and Features

Let me just go through this real quick. Sean talked about Kiro CLI. This is the IDE. If you've used things like Cursor, it's a fork of VS Code, so it's going to look very similar if you're using VS Code. A couple of things here to call out: on the left there's a little ghost icon, the Kiro icon. When you click on that, other things start showing up. At the top there's something called Specs. I'm not going to talk about that today unless we have extra time, but if you've heard about spec-driven development, that is something that is unique to Kiro. It's pretty interesting. Then there's a section called Agent Steering Docs, which I will talk about. And finally, the MCP Server configuration down there at the bottom.

On the right is where you have your interface to talk with your agents and coding assistants. Again, this is unique to Kiro, at least as far as I'm aware. You can do what's called a Vibe Session, which is just what you're used to—chat with your agent and tell it to do something. Then on the right there's spec-driven chat, which is a little bit different, which we won't get into.

Understanding MCP Servers: Model Context Protocol Explained

Let me just get into this at a very high level: what is an MCP server? MCP stands for Model Context Protocol. If you think about you as developers, you're going to go and interact with an agent to do something, right? Like build me a React UI or go and update my service application to do this, whatever. So you're interacting with some agent. The agent has a model behind the scenes that's going to have some internal knowledge based on whenever it was trained. New things pop up. There are other pieces of data that could be really useful for your agent to know about, but it doesn't know about, or you might want to enable it to actually perform actions on your behalf. You do that by integrating with other systems. Here as an example, you could be integrating with a third-party API or your own company's internal API.

This morning, Shawn's customer was building a proof of concept to have an agent place an order for their customer's customers. There are all these things, information, and features that you would like your agent to be aware of and actually have access to. So how do you do that? The answer is now these MCP servers. Think about MCP servers as a common interface to back-end systems to either get new knowledge or perform actions, but it's a standard interface. It's a protocol, and so you could literally build an MCP server like shown on the screen to do these things right: interact with my third-party API, go and figure out the business logic of my internal application, or reach into a database and read or write information.

However, what we're seeing over and over now is that there are purpose-built MCP servers that have specific duties, doing one thing or a set of things that are all wrapped around a given job. For example, there might be a database MCP server that is going to be running database queries for you. The overall idea here is that MCP servers are a way to give the models access to new, up-to-date information that they don't know about inherently. That's the big thing there.

So some examples of MCP servers that you might see: one that we're going to be using here today within the actual coding session is up-to-date AWS documentation. The models you're using when you are coding and building these solutions through AI understand AWS and the documentation, but only up to a specific date when that training ended. Now adding in the AWS documentation MCP server, it's going to be able to reference the latest documentation. For example, all the new features that are coming out this week, you'll be able to build those as they get released and published onto the documentation. That's another good use case for these MCP servers and a good example of what we use today.

If you're developing production apps that are now going to connect to MCP servers, up-to-date stock prices would be another good example, weather data, anything to do with any API integrations, right? Now you can just have an MCP server execute those integrations for you through AI, and then basically any of your company's internal API or internal documentation as well. Really any types of data lookup that you need in real time without using the model's training data is a really good way to see that.

AWS MCP Servers for Serverless Development

Now today within the coding session, here are some of the MCP servers we're going to be using. The first one is the AWS Serverless Application Model MCP server. This MCP server deals with SAM integration, so it understands SAM and all the commands of how to use SAM, and it will actually execute those for you within your own environment. It can do local testing and it gives you serverless guidance. So for any serverless app, this is a really good one to add into your coding agent.

Then we have the AWS CDK MCP server, which is a personal preference of mine because I like to build everything within CDK. I like to write all my own code in Python, and so this will allow it to now write my applications within that Python code in CDK. One of the things I also get out of this is when you're using the AWS CDK MCP server, it will actually add in a library called CDK Nag. Within CDK Nag, it makes sure that whatever I'm building is secure. It will actually fail a build if it's not secure. One thing that you might find your agent doing is it might say, well, serverless apps must have WAF enabled, right? But then it might say, well, I'm not going to add WAF. You're just building a demo, so it'll put an exception in there, and then you can view those exceptions.

If you really wanted it to have WAF, you can remove the exception manually and then tell the agent, well, no, please add WAF back into it, and it'll go and add that to make sure it's not an exception. I really like that about the CDK MCP server because it does make it more secure. I have seen a lot of people build very insecure things using AI, so that's one thing to really watch out for. It will also integrate Lambda Powertools. So if any of you are building things with Lambda today and you're using the Lambda Powertools library, it has all knowledgeable Lambda Powertools. So we'll be able to add that in there as well to make your observability a little bit better.

And all the different patterns that come with the power tools. Then we have the AWS Core MCP Server. I would say this is a really good one to have pretty much all the time. It has prompt understanding inside of it. So if you're not the best at prompt engineering yet, and I would say like when I first started, you don't really know how to create a prompt. You just kind of talk to the thing and hopefully it's good, and over time I got a lot better.

Well, the prompt understanding will take your input and turn it into something that's a little bit better for building software on AWS, so it is tailored towards that. That's what comes with the AWS Core MCP Server, but it also has a router for other MCP servers. I don't personally use it because I like to be very specific on the MCP servers I use, but there's an environment variable you can pass in to the AWS Core MCP Server for a persona. So I can say I'm a developer persona or an architect, and for those personas it'll add a set of other MCP servers with it. So if you don't know which ones to use, that's another good way to get started.

The AWS Documentation MCP Server is what I was referring to before. It has basically access to all up-to-date information on the AWS services, best practices, limits, APIs, and all that kind of stuff. And then finally, a non-AWS MCP server I'm going to be using today is the mcp-server-fetch, which is an Anthropic MCP server. Basically, it just gives you the ability to reach out to the Internet and load a page. So within our Tic-Tac-Toe application that we'll be building today, the front end has an OpenAPI spec attached to it that you can actually visualize within the UI, and so I'm going to tell my prompts to basically go and pull that OpenAPI spec and make a back end that matches it. That's how I'm going to be using the fetch MCP server today.

Any questions before we go forward on here? You might cover this in a second. When you're using Kiro CLI, do these things you just already have them, or do you have to opt in? So with both experiences, Kiro CLI or the Kiro IDE, I believe comes prepackaged with fetch. Is that correct? I think fetch is in there. You have to enable it. It's disabled. If you create a brand new project in Kiro, there'll be one MCP server there that's disabled, which is Fetch, and so you can go in and you can remove it completely. You can enable it globally. You can do whatever you want.

Yeah, so then everything else basically you have to add it. There's a website I'm going to show you what it looks like. It's a GitHub page that we maintain all of our MCP servers on, which of course you can use all the AWS ones, but you can use any MCP server from anywhere. If you purchase some SaaS software, a lot of SaaS solutions are now coming out with their own MCP servers. You just have to download whatever definition they give you and put it into the IDE.

Target Architecture: Serverless Tic-Tac-Toe Backend Design

OK, so the target architecture we're looking for today is something like this, right? This is, and just for full transparency, we built the app. I actually used Kiro to build the app, and then I told it to generate a diagram because there is a diagram MCP server as well, which I can show you later if you want. This is the diagram it came up with. So first it built the code, it deployed the code, and then it built this diagram. So today, I mean, I'm not actually going to feed this diagram into the prompt. I could, but I'm not going to. I'm going to let it kind of figure out whatever it wants to do by itself.

If I really want to stick to something like this, then I would actually give this to the agents and I would say, you know, follow this image, see how I want the architecture, and build this exact architecture, and it would just give it a little more guidance to follow exactly what this is. Now the one thing that you won't see us building today is the left hand side of this, right? So the CloudFront with the origin access control with the S3 bucket, that's just hosting the website. So I want to show that on the diagram, but everything on the right hand side is what we'll be building here today.

And just one quick shout out to the serverless part of this. Good luck doing this with Kubernetes in 45 minutes, right? Honestly, so our pitch here is that serverless you can go really fast. Serverless with AI tooling and MCP servers, you can go really, really, really fast. It's crazy how fast Sean and I were able to do this. We were even talking before this about what if we finish early, what are we going to do next, because we can go so fast with this. So just again a shout out to the serverless parts of this talk.

Prompt Engineering: Crafting Effective Instructions for Kiro

OK, prompt engineering. So this is the prompt I'm going to be feeding in to at least the Kiro CLI piece of this. It's probably going to be different from the prompt that Brian's going to use on the Kiro IDE. Now again, this is from me working for months. It's almost a lifetime in ages of AI in learning prompt engineering. So the first thing I tell it is build and deploy a working serverless back end for the Tic-Tac-Toe game hosted at a URL.

I'm going to be plugging in a deployed URL that we already have. You'll notice I say "build and deploy," and I put that in here because I wanted to build all the code and deploy it without coming back to me. Usually, before bed I think of an idea, write a prompt, hit go, and then go to bed. It builds my thing overnight, and I wake up with a fully built application. That's why I'm always saying "build and deploy."

The next piece of this is I'm guiding it to use the Fetch MCP server to view the website, then open the API spec, and then I give it the direct URL with the URI to the OpenAPI spec. I'm giving it a little more guidance here. I'm even guiding it to use the specific MCP server so it doesn't have to guess that as well. I'm now telling it to build the code and deploy to my default AWS account. I put this in there because I've learned that if I don't tell it that, it says "I don't know where to deploy it." I do have an AWS account preconfigured on my laptop, so I want to make sure that it understands that it's allowed to use that. If I don't put that in there, I find it just doesn't do it. It'll build everything, come back to me, and say "OK, what do you want to do?" So this stops it from doing that.

I also tell it to test the API because when this thing's building, I'm probably sleeping. I wanted to make sure it deploys and comes back and runs all the tests to make sure whatever it deployed is working and working as expected. On this next section that you see here, I'm going to call it a few things. Handle the CORS headers. I find with this AI stuff, it never handles CORS headers. It's probably the biggest issue I always see coming back where it can't actually communicate with my backend because the headers were not added correctly. In fact, I tested this a few times this morning, and even though I put this in there, every once in a while it still doesn't do it. So that is some guidance that I do give it.

I also always tell it to handle tagging. I tag all my projects with a project name. You see there "project equals," and then it's going to come up with a project name. I'm not even going to give it a project name. It'll figure that out by itself. And then "auto-delete false," which is just an internal AWS thing. On all of our internal AWS accounts as employees, we have a script that runs every night and deletes all of our resources if we don't tag it with this value. I do that so everything doesn't get deleted overnight.

This final paragraph is something I don't actually usually include in a lot of my prompts. However, I've built this thing so many times that I've identified certain places where it could potentially fail, and I want to make sure it doesn't fail. So I add these few items in here just to make sure that it really understands a few things that it continuously fails on. As you're building in the future your applications, if there's certain things that the AI is just not able to do, you'll probably come up with some of these items yourself. As you're building apps, you'll just natively put those in at the bottom of your prompt.

Live Coding with Kiro CLI: Building and Deploying the Backend

So let's get to coding. Let me switch over to this one here. Of course it didn't load the right screen, but that's okay. I can fix that. What you're seeing here is the Tic-Tac-Toe game that we built. It's very simple. Right now you can't really see anything on the screen. There's no Tic-Tac-Toe board because nothing's configured. But I actually do have a previously configured game backend that I have not yet deleted. Let me push this in here to show you what should work.

If I put this URL in here, this is the URL to the backend deployed to API Gateway, driven by Lambda functions. When I add that in here, I can register a player. There you go, so it works. There are no errors on here. I can start a new game. Then I can start playing and I'll let the computer win this time. There you go, so that's basically the entire thing that it does. Now that backend was built through AI. I'm going to show you how I built that through AI. Let me clear this so that when we get our new game it's just nice and empty in here.

Here is my CLI, and the first thing I'm going to do is add some agents into here. Those MCP servers, I already have a pre-built agent. I'll show you how I built that. Once you install Kiro, you're going to find what you have is a file located inside of your home directory. Let me open this up in Kiro. So Kiro, it's in your .kiro directory. It's in your home directory, .kiro, and there's a directory that'll be placed inside of there. Then there's an agents subdirectory.

Within that subdirectory, they're going to give you a sample JSON file, which is like a default agent that you can build yourself. I've created one here called Reinvent, so I'm going to open that one to show you how I built it. A lot of this stuff will come out of the box, so the schema, for example, will already be there.

You're going to want to give it a name of something, so whenever you want to call this agent, this coding agent, that's how you're going to refer to it by. Right now whenever I start my Kiro CLI, I'll always say that with the minus minus agent flag set to reinvent. I give it a description, which is really just for me. This is basically saying that this agent is able to build AWS serverless backends using best practices. Then I give it a prompt, and the prompt is a system prompt. So just imagine that every time you want to build something, this system prompt is going to be there to guide the AI to build in a certain way.

For most of this config, as soon as you install Kiro, you're going to get that template file. I would say just take that template file and keep copying and pasting it for every agent you want. Right now I have about ten agents. For example, I have one that uses the AWS Canvas MCP server for generating images, and I split my agents like that. So I would just say that once you install Kiro, just copy that example multiple times and then keep making new agents based off of that.

There is also a Kiro CLI command that can generate the agent for you, and then it'll generate this whole spec. So once you're in the Kiro CLI, you can also run the generate agent command. There is a repo here where I have different MCP servers. I have the core MCP server that we talked about, I have the Fetch MCP server, the AWS documentation MCP server, and so far that's it. I already know that I want to add a few more based on that list I was showing you, so I'm going to add those in.

There are a few other things in here. There's something like allowed tools, right? This allowed tools list. One thing that Kiro is going to do is it's always going to come back if it wants to run a command, and it's going to say, do you want to run this command? I would say if you're doing anything in a sensitive environment, keep that on so that every time something comes back to you, you can make sure it's not doing something like an rm minus rf on a directory you want to keep. You'll have to actually allow that. Everything I work on is kind of for demo purposes, so I always start Kiro CLI with a minus a flag, which means just allow everything and never ask me. I would just say, you know, be a little wary on that one. If you're doing anything that could potentially damage your AWS account or your machine, you probably want that permission placed in there.

Then there's tool settings. So when you start adding MCP servers and tools, when you read the documentation for those MCP servers, a lot of times it'll come back and say within the documentation that you can have, for example, a timeout. There's a bash timeout on execute bash, which is a tool. I can say you have a timeout of 300 seconds. That's one thing that I've added into mine, so that's where you would put it within here.

Now I'll show you how to add a different MCP server. This is more of the CLI way, which I think is actually similar to the IDE way. But there's an AWS Labs GitHub. I'm going to show you all a QR code at the end where you can link to this, but basically this has all of the AWS MCP servers. Of course, there are thousands of MCP servers out on the internet, but these are just the ones that AWS has curated.

In here I'm going to search for Serverless. I have this AWS Serverless MCP server. Once I come in here, I can quickly add it by clicking these buttons. So if I want to add it to Cursor or VS Code, I can do that from here. Now because I'm doing it the CLI way, I'm simply going to copy the JSON from in here, come back into my IDE, scroll up to my MCP server list, and paste it. Because I use a default configured profile, I'm just going to delete this environment stuff because that's where I can add a specific profile or region if I need that. If I get rid of that, it'll use my default one.

The next thing I'm going to do is come here. Right now I'm sitting within a directory on my machine that has nothing inside of it. If I show you here, all I have is a prompt.txt, and that's just so I can easily access that prompt I showed you. There's nothing else in here, and this is the directory where I'm going to start building everything. I'm going to start with Kiro CLI. I use a command chat, which means I can use additional flags. So this is giving me the ability to use this minus a flag.

This flag says just do anything and never ask me for permissions. That's because I'm eventually going to hand this off to Brian so my computer can keep working and then his can start building on the IDE. Then I use minus minus agent and type in reinvent, which is the name of the agent that I created within that JSON file. As soon as I open this, you're going to see it's going to load my different MCP servers. I did validate that I have four in there: the core MCP server, Fetch, and Documentation. So that is correct.

Within here there are a whole bunch of commands you can run. If you type slash, you can see all these different commands. For one, if you want to manage your agents and you have multiple agents, you can do the slash agent command, which then has that generation feature inside of it. But the other thing you can do is just start typing your prompt. I have a prompt saved over here, and you can see I've prefilled in the website address to our Tic Tac Toe game. I'm simply going to push this in here, and that's really it.

I am using some experimental features within the Kiro CLI. If you ever type slash experiment, you'll see there are about six different features in there. One of them is a to-do list, and you're going to notice after it starts loading, right now it's actually fetching out to the Internet and loading that website. It's saying now I understand the requirements, and now I created that to-do list. That's actually an experimental feature. If you want to use that, I find it's really good because it gives it more of that chain of thought process to build an application. I actually personally enable all experimental features. There are things like checkpoints in there, so it's kind of like almost a git commit, but it's local to Kiro. Anyway, we're going to let this build. It's going to go off and do everything that it needs to do. Now we'll switch over here to Brian so he can show you how to build it within the IDE.

Is there any questions while we're just switching laptops here? The question is whether it's persistent. It's actually using a git repository behind the scenes. That's what the tool is actually doing, so it is persistent. If you were to exit out of Kiro and then come back in, whenever you come into the Kiro CLI a second time after leaving, you use a minus resume flag, and that resumes back from where it ended. It'll pick up on those checkpoints. Also, the conversations are stored in a directory within that dot kiro in your home directory, so your conversation history is all stored within there. Every time you type minus minus resume in a folder that you're currently in, it loads your conversation from there. So everything is persistent in there.

Live Coding with Kiro IDE: Agent Steering Docs and MCP Configuration

Now I'll pass it over to Brian. This is the Kiro IDE. So real quick tour, just like VS Code or any other IDEs, up navigation on the left here are my files and my file system. In the upper right, click on that and that is our chat interface to our agents. Like I said at the beginning, over here on the left there's this Kiro icon. If you click on that, is this large enough? Can you guys see this okay? There are these spec things on top which we will get into if we have time. Agent hooks, we also won't cover this, but I can talk to that. And then agent steering docs, which I'll show you how to create something there, and then the MCP servers down here on the left. You can see I already have four of these that are set up.

If I click on this icon that says open MCP config, there are two parts to this. One is the user config, so this is laptop-wide. Like Sean said, the documentation MCP server enable that one globally. There's really no reason to have that per project, so you can see in here the first one, there are two of them: there's Knowledge MCP and the AWS documentation MCP server. That's under my user configuration. So whenever I'm logged into my laptop, those two things are going to be enabled all the time. And then the workspace config, and actually I changed directories so that one's empty, so there's nothing. The things that you see on the left now are on my laptop no matter what project I'm working on. So to enable, I'll just do it real quick with AWS MCP. I'll do just what Sean did. I make this bigger serverless.

Now I'm going to copy this and paste it here. This is the workspace-specific configuration, so it will only be enabled for this one workspace. For the workspace, the question is whether this is going to live within the repo so my team of developers all get this, or is this a per-machine configuration that each of them has to do? Yes, so you can see right here, this is in a directory, a .kiro directory in this project. As long as you commit that and as long as everyone's using Kiro, yes. Now here I need to put in this, which is just the name of my profile. I'm going to save that, and as I save that, you'll see it's spinning over here on the left, and assuming I got the typing correct, that should be enabled next.

While that's going, I'm going to talk about steering docs. Sean has his setup for the Kiro CLI. A steering doc is something that the agent will reference back to whenever it's given a task, and you can tell it to look at these steering docs based on file extension. I don't know all the different ways to configure it in terms of telling the agent when to look at it, but I'm going to create a couple of steering docs that inform the agent how to build this application. These are really tips and tricks to help guide the agent when it's doing some work. I'm going to do that by clicking this. This literally changed last week, so this is a little bit new to me. I'm going to create a steering document from scratch, and it says here it only applies within this specific workspace, which is what I want. I'm just going to call this AWS SAM.

You can see here it says I'm going to include this always. There's a link to which I haven't read, but you guys should definitely read this. These are some rules about what to do while the agent is working. I'm going to delete this stuff and I have something on my clipboard. Let me go and find it. Yeah, AWS SAM. That's what I want. If you look here, this is pretty terse. There's not much here. It says this is a project built with Python 3.13 and AWS SAM. Here are some instructions to test the build: run this. To deploy it, run this. If there are any code changes, you can run SAM sync. It's really sparse. There's not a lot here. The code here is literally all I did was run AWS SAM init. I said init, it's a Hello World application, it does nothing other than print out Hello World, but it does deploy. That's all I did. I mean, it took me two minutes.

What I'm going to do now, and I think this is a nice feature of the IDE, you'll notice there's this refine button in the upper right. I'm going to click that, and what that's going to do is ask the agent to take this prompt here. The steering document is also going to look at the code that I have in the project and it's going to refine or improve my steering document. That's what it's going through now. So now we are done. If you look at it now, it's much more verbose, it's a little bit more thorough, and it's more complete. I'll just pick some random stuff. So here it's saying what to do with sync, the project structure. It looked at the file system, so it realizes the template is the template for the SAM app. The source directory contains all the function code.

What I have found is that oftentimes with a small project like this, a lot of the work involved is telling it what not to do. If you don't tell it to skip the unit test, skip the integration test, don't worry about that, oftentimes these agents will start creating a lot of things that you don't want or need. That's just one thing that I've noticed over time, so be aware of that. I created one, so now in the steering documents we have one which is AWS SAM. I'm going to copy another one.

I'm going to call it "say this product." So same thing, there's not a lot here, but these are just some tips. Sean mentioned cores, and we saw that the agents didn't get that right. So there's a specific instruction on there to handle it. I've got something specific for Lambda Powertools, and I say I want you to use Lambda Powertools, but install it as a layer. So I will hit refine and then answer your question.

Will this feature provide a way for the agent to not read environment variables, for instance, from secret credentials? Is there a better way on Kiro to prevent this? So the question is, are steering documents a good way to have the agent not read environment variables? Yes, I would say so. These steering documents are a way to guide the agent to behave how you want it to behave. So if you don't want it to do something, that's absolutely what I would recommend putting in here.

I would assume that all these instructions consume tokens since they go on each request that we make to the underlying model. Yes, and if you look here, it says "inclusion always," right? So in this case, yes, every instruction is included. Let me start this and then I'll move on to the next question. So to bring us back, I have my MCP servers configured and I have two agent steering documents, so that's great. I'm going to close these and now I'm going to get my prompt, which is going to be "PB copy." It's also fairly short, so I'm going to create a new session here. I could go on with a new session, but I think it's easier to just do this.

This is not a spec-driven prompt. This is going to be a vibe, which is just a regular prompt like what Sean's doing. So I'm going to paste this in here. I need to help implement a serverless tic-tac-toe backend that abides by the OpenAPI spec which is hosted here. Build this backend for me using the ABISSA application in this repository. Make sure to keep the implementation simple. I do not need unit tests or integration tests. So that's all I'm going to say. I'm going to hit enter and then switch over here so we can see the files that it's creating, and then I will answer the next question.

I saw the Kiro CLI and the IDE, and basically what I'm trying to say is that I saw the recline option which maybe it's available as part of Kiro CLI. Whatever you can do with Kiro CLI and the IDE uses the same underlying infrastructure. So I can actually do that with both. So the question is, are the CLI and the IDE at parity? The short answer right now is they're not. There are features that are starting to come to both, and the intent is in the future, though I don't have a timeline for this, but they will be at parity. One thing we noticed this morning is within my experimental features on the CLI, there was a feature which just came to the IDE.

Checkpoints, right? Checkpoints just came to the IDE recently. That's been in the CLI for a little bit and it is actually still experimental in the CLI. So they are coming to parity. The underlying service is the same, however, right? You are using the same models. They're using the Anthropic models, and by default they all use a router to get to the best model for whatever you're trying to do, or you can actually specify an exact model. The models do have different tokens that they take. So if you're going to use the Anthropic Claude 3.5 Sonnet, I think that's like a 1.3 multiplier. Don't quote me on that exactly, but it's something like 1.3, whereas if you use Sonnet 4, it's only a 1 times multiplier, right? So you use more tokens on the higher ones, and of course tokens cost money, right?

So when you purchase Kiro, this maybe comes back to the other question from before on the pricing, right? You can use Kiro for free, right? You can use a builder ID to sign up for free. You can use an enterprise license, and they all have different token limits. Of course, on an enterprise license, actually I think on any license you can continuously buy more tokens or more credits. I may have that nomenclature a little bit mixed up. This stuff is quite new, but anyway, the short answer is yes.

They will eventually come to parity, not today, but eventually. A new feature is introduced to the CLI first, or has there been no one place where it starts? So far it's been that there are different teams working on them, so whoever gets to the features first, it gets released first. For example, the steering docs right now are only within the IDE. However, some of those other experimental features were only available on the CLI up until just recently, and they may not be available on the CLI anymore.

If you think about it, the refined feature in the IDE is really nice, 100 percent. I think it really depends on what you prefer in terms of your workflow. I mean, I'm old and I like using Vim and a terminal, but I also like just clicking a button. You can do the same thing in the CLI. Because all it's really doing at the end of the day is giving it a prompt, giving the model some information, and saying go and do this for me. But then including it whenever you're running a task, there are just some niceties. It's more of a quality of life thing. It just depends on what your experience and what you want to look like.

So it seems like the MCP servers that you're using are local MCP servers. Are they remote? These are all remote, yes. So there are different ways to interact with an MCP server. Most of these are using a command called UVX, which runs the UV tool, which is a Python thing. I don't know if you know that, but the folks who make Ruff also make UV. UVX is just a way to run a command locally without having to install the package. It's kind of like NPX. But yes, it's just running a command and then it connects to the remote system. It does support both remote and local MCP servers.

Testing, Debugging, and Q&A: Real-World Development Challenges

So like I do a lot of MCP development and I always run it just locally because I have the code local and I register it locally and then it just all stays on my laptop. Yes, it does support both, so pretty much anything that's just an MCP, it'll support. Now I did notice that about five minutes after I typed my prompt here, it finished, right? So I'm going to show you what it ended up doing and then we'll test it just to make sure it actually works. Mine finished too, just saying. Does yours tell you how long it took? No. Oh, I think mine does. OK. So you'll see here like it's very chatty, right? So here's basically all the output it's given me, you know, that to-do list. It was showing me a lot of the code it's writing. I'm just going to keep scrolling through this here. It did actually finish the deployment and then it ran tests itself, so you can see here it's actually running get commands using curl. So it decided that on its own. I didn't tell it what to do with testing.

It's running its own tests without actually writing a unit test. I could have also told it to write a unit test if I really wanted to replay that a bunch of times. And here I see it's even testing, you know, making sure I get different errors when I need them for when I expect them out of the application. And then finally, let's scroll all the way down. There we go. My to-do list shows it's completely done. It gives me an endpoint URL so I'm going to copy that, and then it tells me it took five minutes and eleven seconds. I don't think we're going to be able to get that out of yours, but hey, that's fine. Mine was five minutes and ten seconds. Yeah, I don't know about that.

All right, so I'll go back to the app here. I'm going to configure it, and this may fail. We'll see. In a registered player. Hey, it worked. Here we go. I've done this a few times this morning, by the way, and this is the first time it worked on the first try. It's been giving me those CORS errors every other time for some reason, so there we go. So I just came up with a validation error. I actually like that it failed on something. If it didn't, then you probably would have thought that I was faking it somehow. So I'm just going to take that error. I'm going to post it into my CLI, and then literally I didn't even get any context here, right? So all I'm doing is just giving it the error message. It's going to know that's an error message, and you can see already it says, oh, there's a validation error. It knows the issue. It found the issue that fast. It's now rewriting the code.

And it looks like yes, it's going to write that code down to a file. It's going to deploy it. It's using SAM build and SAM deploy, so it did build it using AWS SAM, and then once this is done, it may or may not rerun these tests. This is the one thing, this is all nondeterministic, so it does whatever it wants, which again is why you've got to be safe with that minus A flag because when it does whatever it wants, it might do something you don't want. And then once this is done we'll test it again. In the meantime, I guess we can answer another question. I can try mine too, but yes, answer a question while I switch over. When you mention SAM, does it automatically take care of the gateway as well, or do we have to mention the gateway separately?

The gateway and routing should be configured to the full. You mean like an API gateway? Yes, so it's building it in SAM, right? So it's using the SAM specs to build all the infrastructure code. Then it's using the SAM CLI to actually build and deploy the application as well. It did everything. Yeah, it built the gateway, it built all the Lambda functions. It wrote all the code for the Lambda functions and it deployed it. It did the whole thing. Usually I would guide it to use CDK. I didn't want to do that this time because usually with CDK it takes a little bit longer. There's just a lot more code that it'll write.

Oh, yours failed too. This worked in five minutes yesterday, honestly. Well, here, I'm going to switch back and see if it works. So it might not always be a single shot. A lot of times I can do things in a single shot, but not one hundred percent of the time. So there we go. I'm back on mine here. It fixed the error. It gave me the same endpoint name. So I'm just going to track the percentage. So I see twenty-two now. That is my context window. So that's another experimental feature. The question was there's a percentage being tracked on the CLI. That is my context window. It is managing that as it increases above the threshold, it will autocompact it. It summarizes it. The problem with summarization is sometimes I lose some of the context I want to give it. So I do notice that if I'm doing a lot of coding and it summarizes, I do have to go back and give it a little more information that it may have lost.

Let's just quickly test this and see. Mine was CORS even though I was very clear: hey, this is how you should handle CORS. It was a CORS issue, was it? Yep. Oh, there we go. So it's working. Is it that smart? No, it's not that smart. Right now it's pretty much just randomly placing. Yeah, it's not this smart. So I would now probably go back and say, okay, I keep winning the game. You're not placing your turns where they should be. Improve your algorithm. That would be almost my next step here. In fact, here, let me just quickly do that. Improve the computer. It's impossible for me to win. There's a question over here.

The question is, does it store the infrastructure code somewhere? The answer to that is I hope so. So I don't think I actually told it to do that. No, yeah, it did. Well, let's see. Did I write everything in here? There's just the SAM stuff template. Oh, yeah. So because it's using SAM, it's just a template.yaml. So in here you're going to see I have my DynamoDB table. I have my Lambda functions. So that's going to be a Lambda function. So yeah, everything in here is infrastructure as code. Now again, like usually with the apps I like to build, I'll tell it to use CDK, then it'll do a whole CDK and NIT, and it'll write all the Python files and all that. It just takes a bit longer for that. Does yours work now? It's deploying right now. His is deploying, yep.

For your steering files, one of the things I've seen work really good is having some more generic snippets that go along with the architecture. Are you guys seeing the same for your steering files, or is it really just kind of giving the high level, just like directory structure of where to find things and guiding it that way? Are you saying that you like to give it code snippets? Yeah, right. Like, maybe not so much from the surplus angle, but like, you know, here's how we write API and the documentation that goes along with it. Here's an example of. Okay, if it needs to drill into it, then giving it, you know, the link to the additional documents so I can then go to that. Yeah, so the question is, within the steering docs, do you give it a little bit more context? Maybe it's code examples or links to a website that has better code examples, maybe a GitHub repository, something like that. That is something I do with more complex projects. So I write a lot of code to build myself Agent Core services. Does everyone know what Agent Core is? Who knows what Agent Core is? Not that many hands. Okay. Agent Core very quickly is a new AWS service that was released months ago. It is a service you can use to build and host your agents. Well, the problem with it is there's not a lot of documentation today within these models. They don't really understand.

So I often create steering docs, and you can actually add steering docs within the CLI. You put them in as read me files within your project. Or you can put them within your agent config. I often put code examples in there because I know the model doesn't know about this service yet. It's too new. I almost have to wait for the next set of models to come out so it understands it better.

There's even no great MCP service for today, so I sometimes give it code examples like, "Here's how you do this, so you can continue doing all the stuff that you know how to do." I give a little bit of guidance with that, and I usually only do that after I find out that the agent cannot build something. I always let it try the first time.

Someone asked about the four MCPs I added. The question is whether all four should be added or if only core is necessary. Really, all MCP servers are optional. But if you're building something and you need reference to, let's say if you were building this in CDK, then for this example, the CDK one I probably could have removed. In fact, I don't even know if I included it. I know I had it in my slide, but I don't know if I actually included it because I'm not building CDK. But if I was going to now build this in CDK, I would add that back in to make sure it can do that.

Be very prescriptive over the MCP servers you're using. Every MCP server you add, with all the tools that come with that MCP server, adds tokens to your context, so it becomes a little more expensive to build. The more MCP servers you have, the less capable it gets, because it has too many things to look at and too many things to decide. So curate it for what you need.

Someone asked a specific question about the IDE. They showed early a JSON definition of an agent and asked if there's a way in the IDE, if you're working on a project, to select an agent and therefore configure all the MCP servers that you will need for that use case. The MCP configs were a configuration of the IDE that can be done for the user and for the workspace. But is there a way to have something outside, like the agent file that was shown early, where you could have an agent for Python applications, an agent for Node.js applications, and whenever you work on a Node.js project, you can somehow use that agent instead of having to add it one by one?

Your question is whether there's a way to have specific MCP servers used in specific situations, like a front-end application, a Python backend application, or a Node backend. I don't know of a way of doing that for your entire system where it's really specific like that for the MCP servers. The resolution that I know about is either it's for your user or it's for a workspace. Those are the two that I know about. But since the CLI has a special command agent that you can use to manage all the agents that you have created, I was wondering if something like that also exists for the IDE. I'm not aware of anything like that. Maybe one day if it's not there already, because I'm not aware either.

All right, coming up to the last minute here. These are the QR codes to get to all that documentation I was talking about. You have the Q CLI, the Q IDE, and that MCP server repository. One other thing I will say is that I just tested the change I made, and now I'm not able to win my tic-tac-toe game, so it did fix the algorithm. Mine worked too. It was something silly. I did this one time and it used what's called the minimax algorithm, and it was unbeatable. So again, nondeterministic. You get different things depending on the day.

One last quick question about the diagram MCP server. Well, if you go to that link of the MCP, I won't be able to show it because it probably takes a few minutes, but what I would do is go to that site. There is a diagram MCP server on there. It's just the same JSON definition. You would put that in and then you literally just tell it to generate a diagram, and it'll generate a nice formatted AWS diagram for you. And then last reminder, please fill out the session survey. It really, really helps us. If you like this or even if you think something could be better, please give us feedback. We really appreciate it. Thanks a lot. All right, thanks everyone. Have a good re:Invent.

---

; This article is entirely auto-generated using Amazon Bedrock.