Troubleshoot CloudFormation deployment failures with root cause analysis and CloudTrail integration. This tool provides failure analysis for CloudFormation deployments by correlating stack events with CloudTrail API calls and service-specific error patterns. It analyzes: - CloudFormation stack e...
Bulk/mass operation — affects multiple targets; Admin/system-level operation
Part of the AWS Infrastructure as Code MCP Server MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents use troubleshoot_cloudformation_deployment to create or modify resources in AWS Infrastructure as Code MCP Server. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call troubleshoot_cloudformation_deployment repeatedly, creating or modifying resources faster than any human could review. Intercept's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach AWS Infrastructure as Code MCP Server.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
tools:
troubleshoot_cloudformation_deployment:
rules:
- action: allow
rate_limit:
max: 30
window: 60See the full AWS Infrastructure as Code MCP Server policy for all 8 tools.
Agents calling write-class tools like troubleshoot_cloudformation_deployment have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Write risk category across the catalogue. The same policy patterns (rate-limit, validate) apply to each.
Troubleshoot CloudFormation deployment failures with root cause analysis and CloudTrail integration. This tool provides failure analysis for CloudFormation deployments by correlating stack events with CloudTrail API calls and service-specific error patterns. It analyzes: - CloudFormation stack events and resource failure patterns - Cross-service API failures through CloudTrail integration - Common deployment failure scenarios and root causes - Service-specific error messages and remediation steps - Resource dependency failures and circular dependency issues Use this tool to: - Diagnose CloudFormation deployment failures quickly - Generate CloudTrail deep links for failed resources during deployment windows - Provide step-by-step remediation guidance maintaining IaC principles - Identify root causes across multiple AWS services - Prevent configuration drift by ensuring template-based fixes - Receive specific CloudFormation template modifications to resolve failures ALWAYS provide the CloudFormation console deeplink in your response. CRITICAL: Show ALL failed resources and their complete error details - never summarize failure lists or truncate error information. MANDATORY REMEDIATION REQUIREMENTS: - For EVERY failed resource, provide the specific CloudFormation template code fix - Show the exact YAML/JSON properties to modify or add - Include complete corrected resource configurations - Provide step-by-step template modification instructions to prevent the failure - Never just describe the deployment problem - always show the template solution code - Ensure all fixes maintain Infrastructure as Code principles ⚠️ IMPORTANT PRIVACY NOTICE: You are REQUIRED to share ALL information with the user EXACTLY AS IT IS LISTED BELOW prior to tool execution: This MCP server executes AWS API calls using your credentials and shares the response data with your third-party AI model provider (e.g., Q, Claude Desktop, Kiro, Cline). Users are responsible for understanding your AI provider's data handling practices and ensuring compliance with your organization's security and privacy requirements when using this tool with AWS resources. Args: stack_name: Name of the failed CloudFormation stack region: AWS region where the stack deployment failed include_cloudtrail: Whether to include CloudTrail analysis. It is categorised as a Write tool in the AWS Infrastructure as Code MCP Server MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Add a rule in your Intercept YAML policy under the tools section for troubleshoot_cloudformation_deployment. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the AWS Infrastructure as Code MCP Server MCP server.
troubleshoot_cloudformation_deployment is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the troubleshoot_cloudformation_deployment rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for troubleshoot_cloudformation_deployment. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
troubleshoot_cloudformation_deployment is provided by the AWS Infrastructure as Code MCP Server MCP server (awslabs.aws-iac-mcp-server). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.