Deploy to Your AWS Account
Deploy MCP servers into your own AWS account for full control over resources, security, billing, and data residency. DarcyIQ handles the build and deployment pipeline while your infrastructure stays in your AWS environment.
Your Infrastructure, Our Pipeline: MCP servers are built and deployed directly into your AWS account. You maintain ownership of all resources and data.
Overview
By default, MCP servers deploy to DarcyIQ's managed cloud infrastructure. If your organization has data residency requirements, compliance needs, or wants to use existing AWS credits, you can configure DarcyIQ to deploy MCPs into your own AWS account instead.
DarcyIQ Managed (default)
DarcyIQ handles everything
Quick setup, no AWS experience needed
Your AWS Account (opt-in)
Resources run in your AWS account
Data residency, compliance, existing AWS credits
Once configured, the deployment experience is the same β click Deploy in MCP Studio and your integration goes live. The only difference is where it runs.
Prerequisites
Before setting up your AWS account, ensure you have:
AWS Account
An active AWS account with permissions to deploy CloudFormation stacks
IAM Permissions
Ability to create IAM roles and ECR repositories
Organization Admin
You must be an organization admin in DarcyIQ
Supported Region
Your AWS account must use one of the supported regions (see below)
Supported Regions
us-east-1
US East (N. Virginia)
us-west-2
US West (Oregon)
eu-west-1
Europe (Ireland)
ap-northeast-1
Asia Pacific (Tokyo)
Setting Up Your AWS Account
Navigate to AWS Settings Open MCP Studio and go to the AWS Account Configuration section. Click Configure AWS Account.
Select Your Region Choose the AWS region where you want MCP servers to be deployed.
Deploy the CloudFormation Stack DarcyIQ generates a pre-configured CloudFormation template URL. Click Open AWS CloudFormation Console to launch the stack creation wizard in your AWS account with all parameters pre-filled.
In the AWS Console:
Review the template parameters
Acknowledge the IAM capabilities checkbox
Click Create stack
Wait for the status to show CREATE_COMPLETE
Copy the Stack Outputs Once the CloudFormation stack completes, go to the Outputs tab and copy the following values:
AWS Account ID
Your 12-digit AWS account ID
ECR Repository URI
The container registry where MCP images are stored
AgentCore Execution Role ARN
IAM role for running MCP servers
Deployment Role ARN
IAM role that DarcyIQ uses to deploy into your account
Gateway Lambda Role ARN
IAM role for invoking MCP servers
Complete the Configuration Back in DarcyIQ, click I've Deployed the Stack and paste each of the CloudFormation output values into the form. Click Complete Setup.
DarcyIQ validates the connection to your AWS account by confirming it can assume the deployment role and access the ECR repository. If validation succeeds, your account is marked as Active.
What Gets Created in Your AWS Account
The CloudFormation stack provisions the following resources:
ECR Repository
Container image registry for your MCP server images, with a lifecycle policy to manage image retention
AgentCore Execution Role
IAM role used at runtime when MCP servers execute
Deployment Role
IAM role that allows DarcyIQ to build and push container images, and manage deployments in your account
Gateway Lambda Role
IAM role used to invoke MCP servers on your behalf
All roles follow the principle of least privilege, with separate permissions for deployment and runtime invocation.
Deploying MCPs to Your Account
Once your AWS account is configured and active, the deployment process is seamless:
Build or edit your MCP in MCP Studio as usual
Click Deploy on the Deploy tab
DarcyIQ automatically builds the container image, pushes it to your ECR repository, and deploys the MCP server in your AWS account
The integration goes live and is available in Chat, Workflows, and other features
No additional steps are required β the system routes deployments to your account automatically.
Managing Your Configuration
Checking Status
Your AWS configuration shows one of these statuses:
Pending Setup
CloudFormation stack deployed, but outputs not yet submitted
Validating
DarcyIQ is validating the connection to your AWS account
Active
Configuration is complete and deployments will route to your account
Error
Something went wrong β check the error message for details
Validating the Connection
Click Refresh Status at any time to re-validate the connection to your AWS account. DarcyIQ confirms it can still assume the deployment role and access your ECR repository.
Removing the Configuration
To disconnect your AWS account:
Click Remove Configuration in the AWS Account Configuration section
Confirm the deletion
Important: After removing the configuration from DarcyIQ, you must manually delete the CloudFormation stack in your AWS account to clean up the provisioned resources. DarcyIQ provides the stack name and a direct link to the AWS Console for convenience.
After disconnecting, any MCP servers that were deployed to your account will need to be redeployed to DarcyIQ's managed infrastructure.
Security
Least-Privilege Roles
Each IAM role has only the permissions it needs β deployment and invocation are separated
Secure Cross-Account Access
DarcyIQ uses secure cross-account role assumption with protections against confused deputy attacks
Your Resources
All container images and runtime resources stay in your AWS account
Encryption
ECR repositories support optional KMS encryption
Troubleshooting
CloudFormation Stack Failed
If the stack creation fails in AWS:
Check the Events tab in CloudFormation for the specific error
Common issues: insufficient IAM permissions, service limits reached
Delete the failed stack and try again after resolving the issue
Validation Failed
If DarcyIQ cannot validate the connection:
Verify all output values were copied correctly (no extra spaces or missing characters)
Ensure the CloudFormation stack completed successfully (status: CREATE_COMPLETE)
Confirm the IAM roles have not been modified outside of CloudFormation
Click Refresh Status to retry validation
Deployment Errors After Setup
If deployments fail after configuration:
Click Refresh Status to re-validate the connection
Check that your ECR repository exists and is accessible
Verify the IAM roles have not been deleted or modified
Review the deployment logs in MCP Studio for specific error messages
Next Steps
Deploy your first MCP
Build a custom MCP
Browse pre-built integrations
Last updated
Was this helpful?