Back to MCP Servers

Pulumi MCP Server

Official Pulumi MCP server for AI-assisted infrastructure as code, with Pulumi Cloud queries, Registry access, and Neo task delegation.

Developer Tools by Pulumi OAuth2 active
Connect (Remote Server) GitHub Docs npm: @pulumi/mcp-server
Overview

The Pulumi MCP server is the official bridge between AI assistants and Pulumi's infrastructure as code platform. It is available in two flavors: a remote hosted server at https://mcp.ai.pulumi.com/mcp that uses OAuth and a Pulumi Access Token to authenticate against your Pulumi Cloud organization, and a local @pulumi/mcp-server npm package (also available as a Docker image) that runs the Pulumi CLI through the Automation API.

In remote hosted mode the server exposes tools for querying Pulumi Cloud (listing stacks, searching resources with Lucene syntax, fetching policy violations, listing organization members), browsing the Pulumi Registry for resource and function schemas across 170+ providers, and delegating multi-step infrastructure work to Pulumi Neo, Pulumi's autonomous agent that plans changes, generates code across stacks, runs tests, and opens pull requests in Pulumi Cloud. The local mode adds direct CLI tools such as pulumi preview, pulumi up, and stack output inspection so an assistant can drive deployments from the developer's machine.

Because credentials live in Pulumi Cloud rather than on each developer laptop, the remote server gives teams a consistent way to wire Cursor, Claude Code, Claude Desktop, Windsurf, and similar clients into the same governed infrastructure surface without per-machine setup.

Tools

Tool Description
get-stacks List all Pulumi stacks in the organization with names, descriptions, last update times, and resource counts
resource-search Search Pulumi-managed cloud resources across stacks using Lucene query syntax (type, name, tags, properties)
get-policy-violations Return policy violations detected by Pulumi's policy-as-code engine for stacks in the organization
get-users List members of the Pulumi organization with their roles and details
neo-bridge Launch an autonomous Pulumi Neo task to plan and execute multi-step infrastructure changes
neo-get-tasks Display the status of running and completed Neo tasks
neo-continue-task Continue or steer an in-progress Neo task
neo-reset-conversation Reset the conversation context for a Neo task
get-type Fetch JSON schema for a Pulumi Registry type reference
get-resource Get detailed information about a Pulumi Registry resource (properties, inputs, outputs, docs)
get-function Get schema and documentation for a Pulumi Registry function
list-resources Browse the available resources within a Pulumi provider package
list-functions Browse the available functions within a Pulumi provider package
deploy-to-aws Auto-generate Pulumi infrastructure code from an application and provision AWS resources
Setup Guide

Option A: Remote hosted server (recommended)

The hosted server lives at https://mcp.ai.pulumi.com/mcp. Connecting it opens a browser window where you sign in, paste a Pulumi Access Token from app.pulumi.com/account/tokens, and pick the organization to use.

Cursor

Add to ~/.cursor/mcp.json or .cursor/mcp.json in your project:

{
  "mcpServers": {
    "pulumi": {
      "transport": "http",
      "url": "https://mcp.ai.pulumi.com/mcp"
    }
  }
}

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "pulumi": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.ai.pulumi.com/mcp"]
    }
  }
}

Windsurf

{
  "pulumi": {
    "serverUrl": "https://mcp.ai.pulumi.com/mcp"
  }
}

Option B: Local server via npm

For driving the Pulumi CLI on your machine (e.g. running pulumi up against local projects):

{
  "mcpServers": {
    "pulumi": {
      "command": "npx",
      "args": ["-y", "@pulumi/mcp-server@latest", "stdio"]
    }
  }
}

Prerequisites: Node.js and the Pulumi CLI installed and authenticated locally (pulumi login).

Option C: Docker

docker run -i --rm pulumi/mcp-server:latest stdio

Mount a project directory if you want the server to operate on local Pulumi programs:

docker run -i --rm -v ~/projects/app:/app/project pulumi/mcp-server:latest stdio
Use Cases
  • Ask an assistant to inventory every S3 bucket, RDS instance, or IAM role across all stacks in a Pulumi organization without leaving the editor.
  • Triage policy-as-code violations across stacks and have the agent draft fixes referenced against the Pulumi Registry schema.
  • Delegate a multi-stack migration (for example, bumping all Lambda runtimes) to Pulumi Neo, which plans, codes, tests, and opens a PR autonomously.
  • Generate new Pulumi infrastructure code for an application by pointing deploy-to-aws at a project and letting the model wire up the AWS resources.
  • Run pulumi preview and pulumi up from within an IDE assistant using the local stdio mode while keeping credentials managed by Pulumi Cloud.
Example Prompts
  • "List every stack in our org and flag any that have not been updated in over 90 days."
  • "Use resource-search to find all aws:s3/bucket:Bucket resources tagged env:prod and show their public access settings."
  • "Show current policy violations across stacks and group them by severity."
  • "Delegate to Neo: tighten any security group that exposes port 22 to 0.0.0.0/0, run tests, and open a PR."
  • "Generate Pulumi TypeScript code that deploys this Node.js app to AWS Fargate behind an ALB."
Pros
  • Official server maintained by Pulumi, distributed via the @pulumi/mcp-server npm package, a Docker image, and a remote hosted endpoint.
  • Remote mode keeps Pulumi Access Tokens in Pulumi Cloud instead of on every developer laptop, simplifying team rollout.
  • Broad coverage across Pulumi Cloud, the Pulumi Registry (170+ providers), local CLI execution, and Neo agent delegation.
  • Works with major MCP clients including Cursor, Claude Code, Claude Desktop, and Windsurf.
Limitations
  • Most powerful features (resource search, Neo delegation, policy violations) require a Pulumi Cloud organization, which is a paid product for teams beyond individual use.
  • Neo task execution is an autonomous agent making infrastructure changes, so it needs careful policy and review guardrails before being given broad scope.
  • Local stdio mode still requires Node.js and a configured Pulumi CLI on the host running the server.
Alternatives
  • Terraform MCP server for HashiCorp Terraform / HCP workflows.
  • AWS MCP servers for cloud-native AWS resource and CDK interactions without an IaC tool layer.
  • Community Pulumi MCP forks such as dogukanakkaya/pulumi-mcp-server for narrower, self-hosted CLI wrappers.
More Developer Tools MCP Servers
AWS API
Bridge that lets AI assistants manage AWS infrastructure by executing validated AWS CLI commands across every AWS service.
AWS CDK
Official AWS Labs MCP server that guides agents through AWS CDK development with prescriptive patterns, CDK Nag security validation, and Solutions Constructs discovery.
AWS CloudWatch
Official AWS Labs MCP server for CloudWatch. Query metrics, analyze logs, investigate alarms, and run PromQL queries for AI-powered root cause analysis.
Aiven
Official MCP server for the Aiven cloud data platform. Manage PostgreSQL, Apache Kafka, and other Aiven services from AI assistants.