Kiro with MCP for GitHub Integration, Docs, Diagrams and AWS Recommendations

How I Used Kiro + MCP to Document, Analyze, Improve and Visualize My AWS Linktree-Style Project

As an AWS Community Builder, I love experimenting with new developer workflows that combine automation, cloud architecture and AI tooling. This article describes how I used Kiro equipped with Model Context Protocol (MCP) servers to automatically analyze, document, diagram, audit and improve a real production project I run on AWS.

My Personal Project: A Fully Serverless "Linktree-Style" Website on AWS

Before diving into MCP, here’s the context.

I maintain a personal production project:

a Linktree-style website built entirely by me, deployed on AWS with:

• S3 (static hosting, private bucket)
• CloudFront (global delivery)
• OAC (Origin Access Control)
• CloudFront Functions (routing logic)
• Route 53 (DNS and ALIAS records)
• ACM Certificate (TLS)
• GitHub Actions CI/CD
• Terraform IaC (complete infrastructure automation)

This project has grown over time, and I wanted a faster — and smarter — way to:

• Understand and document the system
• Validate architecture decisions
• Receive AWS best-practice recommendations
• Generate diagrams using official AWS icons
• Improve Terraform (security, cost and performance)
• Inspect GitHub workflows and suggest enhancements

That’s when Kiro + MCP changed everything.

What Kiro + MCP Did for This Project

After installing five MCP servers, Kiro became a full cloud architecture assistant.

Here is exactly what it did:

1. Generated a complete Spec File

Kiro analyzed my GitHub repo, Terraform code, static files and folder structure.

Then it produced a clear, structured Spec File describing:

• System purpose
• AWS services used
• CI/CD workflow
• Deployment strategy
• Security posture
• Future improvements

This Spec became a “living blueprint” for the project.

2. Created a full AWS architecture diagram (Draw.io) by itself

Using the diagram MCP, Kiro generated a .drawio file with:

• Official AWS icons (mxgraph.aws4)
• S3, CloudFront, Route 53, IAM, OAC
• Data flows with arrow labels
• Component descriptions
• Legend and grouping

The diagram opens perfectly in app.diagrams.net.

3. Produced complete documentation using AWS official MCPs

Using:

• awslabs.aws-documentation-mcp-server
• awslabs.core-mcp-server
• mcp-server-fetch
• github MCP
• diagram-ai MCP

Kiro:

• Looked up AWS best practices
• Compared my architecture to AWS recommendations
• Generated docs in clear, well-structured English
• Validated my CloudFront, S3 and Route 53 setup
• Suggested improvements using AWS Well-Architected

All with citations and references to AWS documentation pages.

4. Identified improvements and generated new Spec Files to implement them

Examples Kiro suggested (and generated code/specs for):

Security

• Add AWS WAF to CloudFront
• Enforce TLS 1.3
• Ensure S3 bucket has encryption + private access
• IAM improvements for GitHub OIDC

Logging

• Enable CloudFront logging
• Optimize TTLs
• Split long-cache and short-cache assets (I implemented this)

Performance

• Gzip/Brotli checks
• Image resizing recommendations
• Use CloudFront Functions instead of Lambda@Edge when possible

Kiro even generated Terraform snippets to apply each change.

My MCP Config (Workspace)

{
  "mcpServers": {
    "fetch": {
      "command": "uvx",
      "args": [
        "mcp-server-fetch"
      ],
      "env": {
        "PYTHONIOENCODING": "utf-8",
        "UV_PYTHON": "python3.12",
        "UV_NO_LAUNCH": "1"
      },
      "disabled": false,
      "autoApprove": [
        "*",
        "fetch"
      ]
    },
    "aws-docs": {
      "command": "uv",
      "args": [
        "tool",
        "run",
        "--from",
        "awslabs.aws-documentation-mcp-server@latest",
        "awslabs.aws-documentation-mcp-server.exe"
      ],
      "env": {
        "FASTMCP_LOG_LEVEL": "ERROR",
        "AWS_DOCUMENTATION_PARTITION": "aws",
        "PYTHONIOENCODING": "utf-8",
        "UV_PYTHON": "python3.12",
        "UV_NO_LAUNCH": "1"
      },
      "disabled": false,
      "autoApprove": [
        "search_documentation"
      ]
    },
    "awslabs.core-mcp-server": {
      "command": "uv",
      "args": [
        "tool",
        "run",
        "--from",
        "awslabs.core-mcp-server@latest",
        "awslabs.core-mcp-server.exe"
      ],
      "env": {
        "FASTMCP_LOG_LEVEL": "ERROR",
        "PYTHONIOENCODING": "utf-8",
        "UV_PYTHON": "python3.12",
        "UV_NO_LAUNCH": "1"
      },
      "disabled": false
    },
    "github": {
      "command": "C:\\Program Files\\nodejs\\npx.cmd",
      "args": [
        "-y",
        "@modelcontextprotocol/server-github"
      ],
      "env": {},
      "disabled": false,
      "autoApprove": [
        "*",
        "search_repositories",
        "list_commits"
      ]
    },
    "diagram-ai": {
      "command": "<!-- replace-here-->
![ ](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7nko510nmh5rk0xyn3b3.png)\\python.exe",
      "args": [
        "-m",
        "src.application.mcp.server_modular"
      ],
      "env": {
        "DIAGRAM_OUTPUT_DIR": "<!-- replace-here-->\\diagrams",
        "PYTHONIOENCODING": "utf-8"
      },
      "disabled": false,
      "autoApprove": ["*"]
    }
  }
}

AWS WAF Example (from the recommendations)

hcl
resource "aws_wafv2_web_acl" "site" {
  provider = aws.us_east_1
  name     = "site-waf"
  scope    = "CLOUDFRONT"

  rule {
    name     = "AWS-AWSManagedRulesCommonRuleSet"
    priority = 1
    override_action { none {} }

    statement {
      managed_rule_group_statement {
        vendor_name = "AWS"
        name        = "AWSManagedRulesCommonRuleSet"
      }
    }
    visibility_config {
      cloudwatch_metrics_enabled = true
      metric_name                = "common-rules"
      sampled_requests_enabled   = true
    }
  }
}