# Deploy to Your AWS Account Deploy MCP servers into your own AWS account for full control over resources, security, billing, and data residency. DarcyIQ handles the build and deployment pipeline while your infrastructure stays in your AWS environment. {% hint style="success" %} **Your Infrastructure, Our Pipeline**: MCP servers are built and deployed directly into your AWS account. You maintain ownership of all resources and data. {% endhint %} ## Overview By default, MCP servers deploy to DarcyIQ's managed cloud infrastructure. If your organization has data residency requirements, compliance needs, or wants to use existing AWS credits, you can configure DarcyIQ to deploy MCPs into your own AWS account instead. | Deployment Mode | Infrastructure | Best For | | ----------------------------- | --------------------------------- | ------------------------------------------------ | | **DarcyIQ Managed** (default) | DarcyIQ handles everything | Quick setup, no AWS experience needed | | **Your AWS Account** (opt-in) | Resources run in your AWS account | Data residency, compliance, existing AWS credits | Once configured, the deployment experience is the same — click **Deploy** in MCP Studio and your integration goes live. The only difference is where it runs. ## Prerequisites Before setting up your AWS account, ensure you have: | Requirement | Details | | ---------------------- | ---------------------------------------------------------------------- | | **AWS Account** | An active AWS account with permissions to deploy CloudFormation stacks | | **IAM Permissions** | Ability to create IAM roles and ECR repositories | | **Organization Admin** | You must be an organization admin in DarcyIQ | | **Supported Region** | Your AWS account must use one of the supported regions (see below) | ### Supported Regions | Region | Location | | -------------- | --------------------- | | us-east-1 | US East (N. Virginia) | | us-west-2 | US West (Oregon) | | eu-west-1 | Europe (Ireland) | | ap-northeast-1 | Asia Pacific (Tokyo) | ## Setting Up Your AWS Account {% stepper %} {% step %} **Navigate to AWS Settings** Open **MCP Studio** and go to the AWS Account Configuration section. Click **Configure AWS Account**. {% endstep %} {% step %} **Select Your Region** Choose the AWS region where you want MCP servers to be deployed. {% endstep %} {% step %} **Deploy the CloudFormation Stack** DarcyIQ generates a pre-configured CloudFormation template URL. Click **Open AWS CloudFormation Console** to launch the stack creation wizard in your AWS account with all parameters pre-filled. In the AWS Console: 1. Review the template parameters 2. Acknowledge the IAM capabilities checkbox 3. Click **Create stack** 4. Wait for the status to show **CREATE\_COMPLETE** {% endstep %} {% step %} **Copy the Stack Outputs** Once the CloudFormation stack completes, go to the **Outputs** tab and copy the following values: | Output | Description | | -------------------------------- | ------------------------------------------------------ | | **AWS Account ID** | Your 12-digit AWS account ID | | **ECR Repository URI** | The container registry where MCP images are stored | | **AgentCore Execution Role ARN** | IAM role for running MCP servers | | **Deployment Role ARN** | IAM role that DarcyIQ uses to deploy into your account | | **Gateway Lambda Role ARN** | IAM role for invoking MCP servers | | {% endstep %} | | {% step %} **Complete the Configuration** Back in DarcyIQ, click **I've Deployed the Stack** and paste each of the CloudFormation output values into the form. Click **Complete Setup**. DarcyIQ validates the connection to your AWS account by confirming it can assume the deployment role and access the ECR repository. If validation succeeds, your account is marked as **Active**. {% endstep %} {% endstepper %} ## What Gets Created in Your AWS Account The CloudFormation stack provisions the following resources: | Resource | Purpose | | ---------------------------- | ------------------------------------------------------------------------------------------------------- | | **ECR Repository** | Container image registry for your MCP server images, with a lifecycle policy to manage image retention | | **AgentCore Execution Role** | IAM role used at runtime when MCP servers execute | | **Deployment Role** | IAM role that allows DarcyIQ to build and push container images, and manage deployments in your account | | **Gateway Lambda Role** | IAM role used to invoke MCP servers on your behalf | All roles follow the principle of least privilege, with separate permissions for deployment and runtime invocation. ## Deploying MCPs to Your Account Once your AWS account is configured and active, the deployment process is seamless: 1. Build or edit your MCP in **MCP Studio** as usual 2. Click **Deploy** on the Deploy tab 3. DarcyIQ automatically builds the container image, pushes it to your ECR repository, and deploys the MCP server in your AWS account 4. The integration goes live and is available in Chat, Workflows, and other features No additional steps are required — the system routes deployments to your account automatically. ## Managing Your Configuration ### Checking Status Your AWS configuration shows one of these statuses: | Status | Meaning | | ----------------- | -------------------------------------------------------------------- | | **Pending Setup** | CloudFormation stack deployed, but outputs not yet submitted | | **Validating** | DarcyIQ is validating the connection to your AWS account | | **Active** | Configuration is complete and deployments will route to your account | | **Error** | Something went wrong — check the error message for details | ### Validating the Connection Click **Refresh Status** at any time to re-validate the connection to your AWS account. DarcyIQ confirms it can still assume the deployment role and access your ECR repository. ### Removing the Configuration To disconnect your AWS account: 1. Click **Remove Configuration** in the AWS Account Configuration section 2. Confirm the deletion {% hint style="warning" %} **Important**: After removing the configuration from DarcyIQ, you must manually delete the CloudFormation stack in your AWS account to clean up the provisioned resources. DarcyIQ provides the stack name and a direct link to the AWS Console for convenience. {% endhint %} After disconnecting, any MCP servers that were deployed to your account will need to be redeployed to DarcyIQ's managed infrastructure. ## Security | Security Feature | Description | | ------------------------------- | -------------------------------------------------------------------------------------------------- | | **Least-Privilege Roles** | Each IAM role has only the permissions it needs — deployment and invocation are separated | | **Secure Cross-Account Access** | DarcyIQ uses secure cross-account role assumption with protections against confused deputy attacks | | **Your Resources** | All container images and runtime resources stay in your AWS account | | **Encryption** | ECR repositories support optional KMS encryption | ## Troubleshooting ### CloudFormation Stack Failed If the stack creation fails in AWS: 1. Check the **Events** tab in CloudFormation for the specific error 2. Common issues: insufficient IAM permissions, service limits reached 3. Delete the failed stack and try again after resolving the issue ### Validation Failed If DarcyIQ cannot validate the connection: 1. Verify all output values were copied correctly (no extra spaces or missing characters) 2. Ensure the CloudFormation stack completed successfully (status: CREATE\_COMPLETE) 3. Confirm the IAM roles have not been modified outside of CloudFormation 4. Click **Refresh Status** to retry validation ### Deployment Errors After Setup If deployments fail after configuration: 1. Click **Refresh Status** to re-validate the connection 2. Check that your ECR repository exists and is accessible 3. Verify the IAM roles have not been deleted or modified 4. Review the deployment logs in MCP Studio for specific error messages ## Next Steps | Goal | Documentation | | ----------------------------- | ------------------------------------------------------------------------------------------ | | Deploy your first MCP | [Deploying & Managing](/integrations-and-configuration/mcp-studio/deploying-mcps.md) | | Build a custom MCP | [Building Custom MCPs](/integrations-and-configuration/mcp-studio/building-custom-mcps.md) | | Browse pre-built integrations | [MCP Catalog](/integrations-and-configuration/mcp-studio/mcp-catalog.md) | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.darcyiq.com/integrations-and-configuration/mcp-studio/aws-account-deployment.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.