Managing cloud infrastructure through an AI agent is not theoretical anymore. The MCP servers listed here connect agents to real cloud providers and real deployment pipelines. Spin up containers, push production deploys, run Terraform plans, inspect Kubernetes clusters. If your agent workflow touches infrastructure, at least one of these belongs in your stack.
What to look for
Not every cloud MCP server works the same way. A few things to check before you pick one:
Auth model. Some require API keys with broad permissions. Others work with existing IAM roles or local credentials. Know what level of access you are granting before connecting an agent to production infrastructure.
Scope of operations. Some servers are read-only or limited to inspection. Others let agents create, modify, and delete resources. Match the server’s capabilities to what you actually want the agent doing unsupervised.
Audit trail. For anything touching production, you want a record of what the agent did. Servers backed by platforms with built-in logging (AWS CloudTrail, Terraform Cloud) have an advantage here.
Top MCP servers for cloud infrastructure
1. AWS API MCP
Official AWS Labs server. Covers the full breadth of AWS services through CLI commands, with IAM-based permissions controlling what the agent can touch. Every action logs to CloudTrail automatically. If your infrastructure lives on AWS, this is the starting point.
Best for: Teams running production workloads on AWS who want agents to query resources, check configurations, and execute validated operations with a full audit trail.
Install: uvx awslabs.aws-api-mcp-server
Auth: API key (IAM credentials)
2. Cloudflare MCP
Manages the Cloudflare side of your stack. Workers deployments, DNS record updates, analytics queries, and general API access. Useful for teams that deploy edge functions or manage DNS through Cloudflare and want agents to handle routine operations without opening the dashboard.
Best for: Deploying and managing Cloudflare Workers, updating DNS, and pulling analytics data from agents.
Install: npx @cloudflare/mcp-server-cloudflare
Auth: API key
3. Terraform MCP
Official HashiCorp server. Runs Terraform plans, applies changes, manages workspaces, and queries resource state through HCP Terraform. This is infrastructure-as-code from inside an agent session. The agent can review a plan diff before applying, which matters when you are making real changes to real infrastructure.
Best for: Teams using Terraform for IaC who want agents to plan, review, and apply infrastructure changes with workspace-level control.
Install: npx @hashicorp/terraform-mcp-server
Auth: API key
4. Kubernetes MCP
Connects agents to Kubernetes clusters through kubectl. Pod management, deployment inspection, log retrieval, and cluster-level queries. Auth runs through your existing kubeconfig, so the agent inherits whatever access your local context has.
Best for: Inspecting cluster state, debugging pods, and managing deployments from within agent workflows without switching to a terminal.
Install: npx -y mcp-server-kubernetes
Auth: None (uses local kubeconfig)
5. Vercel MCP
Official Vercel server. Handles deployments, project management, domain configuration, environment variables, and log access. If your frontend ships through Vercel, this server lets agents manage the full deployment lifecycle without the web UI.
Best for: Frontend teams deploying through Vercel who want agents to trigger builds, manage domains, and pull deployment logs.
Install: npx -y @vercel/mcp-adapter
Auth: API key
6. Docker MCP
Manages local Docker containers, images, and volumes through natural language commands. No auth required since it operates against the local Docker daemon. Good for development workflows where agents need to spin up, inspect, or tear down containers during a session.
Best for: Local development environments where agents manage containers as part of build and test workflows.
Install: npx -y mcp-server-docker
Auth: None (local Docker daemon)
7. Fly.io MCP
Fly.io infrastructure management. Deploy apps, manage machines, inspect logs, and scale services across Fly’s global network. Covers the full lifecycle from initial deploy to production scaling.
Best for: Teams deploying to Fly.io who want agents to handle deploys, scaling, and log inspection without the CLI.
Install: npx @fly-apps/mcp-server
Auth: API key
How to choose
Start with where your infrastructure actually runs. If you are on AWS, the AWS API MCP server is the obvious first pick. If your deploys go through Vercel or Fly.io, start there. Terraform and Kubernetes servers layer on top of any cloud provider, so they work alongside the platform-specific ones.
For local development, Docker MCP fills the gap. For edge and CDN work, Cloudflare. Most real stacks will use two or three of these together.
The main decision is how much authority to give the agent. Read-only inspection (checking pod status, reading logs, reviewing Terraform state) is low-risk. Creating and deleting resources is not. Start with read access and expand as you build trust in the workflow.
FAQ
Q: Can I use multiple cloud MCP servers at the same time? A: Yes. Most agent frameworks support multiple MCP servers in a single session. Running AWS API alongside Terraform and Docker in the same workflow is common for teams with multi-service stacks.
Q: How do I limit what an agent can do with these servers? A: Use the platform’s own permission system. IAM policies for AWS, API token scopes for Vercel and Cloudflare, kubeconfig contexts for Kubernetes. The MCP server inherits whatever access the credentials provide.
Q: Are these safe for production use? A: The official servers from AWS, HashiCorp, Cloudflare, and Vercel are maintained by those companies and follow their security practices. For production, use scoped credentials with minimum necessary permissions and enable audit logging where available.