AWS Marketplace

Transform CI/CD pipelines with CircleCI’s MCP and AWS Agentic AI

Modern continuous integration and delivery (CI/CD) pipelines generate large volumes of data—logs, test results, deployment metrics, and failure diagnostics—that developers must manually sift through to identify and resolve issues. This manual troubleshooting process delays development cycles, particularly with dealing with complex build failures, flaky tests, or deployment bottlenecks. By integrating AI agents directly into CI/CD workflows, development teams can automatically analyze pipeline data, identify root causes, and even suggest or apply fixes, shifting from reactive debugging to proactive optimization.

CircleCI is a CI/CD platform that automates builds, testing and deployment of software applications. CircleCI is available in AWS Marketplace, and they offer their MCP (Model Context Protocol) server through Amazon Bedrock AgentCore Runtime. AWS Marketplace is your trusted source to discover and buy AI agents, agent tools, and solutions from AWS Partners, with streamlined procurement and deployment. The CircleCI MCP server provides AI agents with access to core CI/CD operations through natural language interactions, including:

  • Debugging build failures
  • Identifying inconsistent tests
  • Fixing configuration issues
  • Monitoring pipeline health
  • Triggering reruns or rollbacks

The CircleCI toolkit can also be used with Kiro IDE and Amazon Q Developer to provide contextual assistance within your development environment.

This post shows you how to subscribe to CircleCI MCP server in AWS Marketplace, deploy CircleCI’s MCP server using Amazon Bedrock AgentCore Runtime and integrate it with AI-powered development tools that can help transform your CI/CD pipelines into intelligent, self-optimizing systems which can automatically troubleshoot failures, manage deployments, and streamline your development workflow through conversational commands.

Prerequisites

Before deploying CircleCI’s MCP server with Amazon Bedrock AgentCore Runtime, complete the following prerequisites:

  1. Subscribe to CircleCI’s MCP server in AWS Marketplace:
    • Go to the CircleCI MCP server listing in AWS Marketplace.
    • Choose Continue to Subscribe to subscribe to the offering.
    • After subscribing, choose Continue to Configuration to proceed to the configuration page.
    • On the configuration page, locate and copy the Amazon Elastic Container Registry (Amazon ECR) repository image URL displayed at the bottom of the page. You will need this URL for the deployment process.
  2. Set up AWS Identity and Access Management (IAM) permissions:
    • Create an IAM role for Amazon Bedrock AgentCore Runtime.
    • Make sure the IAM role includes the necessary Amazon ECR permissions to pull the CircleCI MCP server container image: "ecr:GetAuthorizationToken", "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer"
    • Copy the IAM role Amazon Resource Name (ARN), you will need it during the MCP server deployment.
  3. Obtain CircleCI API credentials:
    • Sign in to your CircleCI account and navigate to User Settings and then to Personal API Tokens.
    • Choose Create New Token and enter a descriptive name (for example, MCP server Integration).
    • Copy the generated API token immediately. It cannot be retrieved later.
    • For detailed information about managing API tokens, see the CircleCI documentation.

Solution overview

This solution deploys CircleCI’s MCP server as a containerized service in Amazon Bedrock AgentCore Runtime, creating an API bridge that enables AI development tools to execute CI/CD operations through natural language interactions. The MCP server exposes CircleCI’s toolkit—including build debugging, test analysis, configuration management, and deployment controls—while maintaining enterprise security through OAuth-based authentication mechanism.

You will perform the following steps:

  • Set up secure authentication through Amazon Cognito or your preferred identity provider (IdP).
  • Deploy a containerized MCP server on Amazon Bedrock AgentCore Runtime using CircleCI’s AWS Marketplace listing.
  • Configure AI tool connectivity through the MCP protocol for seamless integration with development environments.
  • Enable comprehensive CI/CD operations including pipeline monitoring, failure analysis, workflow management, and automated remediation through conversational commands.

Configure authentication with Amazon Cognito

To enable secure access to your CircleCI MCP server in Amazon Bedrock AgentCore Runtime, you need to set up an authentication and authorization mechanism. In this walkthrough, you will use Amazon Cognito User Pools, but you can adapt this approach to work with your preferred identity provider that supports OAuth.

1. To create a new Amazon Cognito User Pool with the required configuration, open a terminal window and run the following command:

export POOL_ID=$(aws cognito-idp create-user-pool \
--pool-name "CircleCI-MCP-UserPool" \
--policies '{"PasswordPolicy":{"MinimumLength":8}}' \
--region us-east-1 | jq -r '.UserPool.Id')

2. To create an app client for your User Pool, run the command below.:

export CLIENT_ID=$(aws cognito-idp create-user-pool-client \
--user-pool-id $POOL_ID \
--client-name "CircleCI-MCP-Client" \
--no-generate-secret \
--explicit-auth-flows "ALLOW_USER_PASSWORD_AUTH" "ALLOW_REFRESH_TOKEN_AUTH" \
--region us-east-1 | jq -r '.UserPoolClient.ClientId')

You can also add the parameters below to increase the Cognito App Client Token expiration, like the example below to increase expiration to up to 24 hours:

--access-token-validity 24 \
--id-token-validity 24 \
--token-validity-units AccessToken=hours,IdToken=hours \

3. To create a test user for authentication, run:

aws cognito-idp admin-create-user \
--user-pool-id $POOL_ID \
--username "circleci-mcp-user" \
--temporary-password "TempPass123!" \
--region us-east-1 \
--message-action SUPPRESS > /dev/null

4. To set a permanent password for your user, run the command below replacing the placeholder <YOUR-PASSWORD> with the password you want to use:

aws cognito-idp admin-set-user-password \
--user-pool-id $POOL_ID \
--username "circleci-mcp-user" \
--password "<YOUR-PASSWORD>" \
--region us-east-1 \
--permanent > /dev/null

5. To authenticate the user and obtain an access token, run the command below replacing the placeholder <YOUR-PASSWORD> with the password from the previous step:

export BEARER_TOKEN=$(aws cognito-idp initiate-auth \
--client-id "$CLIENT_ID" \
--auth-flow USER_PASSWORD_AUTH \
--auth-parameters USERNAME='circleci-mcp-user',PASSWORD="<YOUR-PASSWORD>" \
--region us-east-1 | jq -r '.AuthenticationResult.AccessToken')

6. To display and save the authentication configuration values, run. Write down these values to use in the MCP configuration json step:

echo "Pool ID: $POOL_ID"
echo "Discovery URL: https://cognito-idp.us-east-1.amazonaws.com/$POOL_ID/.well-known/openid-configuration"
echo "Client ID: $CLIENT_ID"
echo "Bearer Token: $BEARER_TOKEN"

Deploy the CircleCI MCP server using Amazon Bedrock AgentCore Runtime

To create your CircleCI MCP server instance, you’ll use Amazon Bedrock AgentCore Runtime with the container image from AWS Marketplace.

1. To deploy the MCP server with AgentCore Runtime, verify you have AWS Command Line Interface (AWS CLI) version 2.27.53 or later installed, then run the following command.
Replace the placeholders <ECR_IMAGE_URL_FROM_MARKETPLACE>, <AGENT_ROLE_ARN_FROM_PREREQUISITES>, <DISCOVERY_URL_FROM_STEP1> and <YOUR_CIRCLECI_API_TOKEN> with your values:

aws bedrock-agentcore-control create-agent-runtime \
--region us-east-1 \
--agent-runtime-name "CircleCI_MCP_Server" \
--description "CircleCI MCP Server for AI-powered CI/CD assistance" \
--agent-runtime-artifact '{"containerConfiguration": {"containerUri": "<ECR_IMAGE_URL_FROM_MARKETPLACE>"}}' \
--role-arn "<AGENT_ROLE_ARN_FROM_PREREQUISITES>" \
--network-configuration '{"networkMode": "PUBLIC"}' \
--protocol-configuration '{"serverProtocol": "MCP"}' \
--authorizer-configuration "customJWTAuthorizer={discoveryUrl=<DISCOVERY_URL_FROM_STEP1>,allowedClients=[<CLIENT_ID_FROM_STEP1>]}" \
--environment-variables '{"CIRCLECI_TOKEN": "<YOUR_CIRCLECI_API_TOKEN>","start": "remote"}'

2. Note the runtime ARN returned in the response. You’ll use this ARN to configure your IDE connection in the next step.

Connect your IDE to the CircleCI MCP server

To enable AI-powered CircleCI assistance in your development environment, you need to configure your IDE to communicate with the deployed MCP server.

For AWS Kiro IDE and Amazon Q Developer:

1. To configure MCP server access for Amazon Q Developer, create or edit the global configuration file at ~/.aws/amazonq/default.json, or create a workspace-specific configuration at .amazonq/default.json.
To configure MCP server access for Kiro, create or edit the global configuration file at ~/.kiro/settings/mcp.json, or create a workspace-specific configuration at .kiro/settings/mcp.json.

2. To add the CircleCI MCP server configuration, replace the placeholder values with yours under <AWS-REGION>, <BEDROCK_AGENTCORE_RUNTIME_ID> , <BEDROCK_AGENTCORE_RUNTIME_ENDPOINT_NAME_OR_DEFAULT> and <BEARER_TOKEN> and add the following JSON content:

{
    "mcpServers": {
        "circleci-mcp-bedrock-agentcore": {
            "command": "npx",
            "args": [
                "-y",
                "mcp-remote@latest",
                "https://bedrock-agentcore.<AWS-REGION>.amazonaws.com/runtimes/arn%3Aaws%3Abedrock-agentcore%3A<AWS-REGION>%3A<AWS-ACCOUNT-ID>%3Aruntime%2F<BEDROCK-AGENTCORE-RUNTIME-ID>/invocations?qualifier=<BEDROCK_AGENTCORE_RUNTIME_ENDPOINT_NAME_OR_DEFAULT>",
                "--allow-http",
                "--header",
                "Content-Type: application/json",
                "--header",
                "Accept: application/json, text/event-stream",
                "--header",
                "Authorization: Bearer <BEARER_TOKEN>"
            ],
            "env": {},
            "disabled": false
        }
    }
}

Note: The JWT Bearer Token for authentication might expire after some time defined in your IdP, so you might need to replace the preceding Bearer Token with a new one.

  1. To activate the Circle CI MCP server connection, restart your IDE and verify that the CircleCI MCP server appears in your available AI tools.
  2. To test the integration, try asking your AI assistant questions like “Show me the latest pipeline status for my project” or “Help me debug the last build failure” to confirm the MCP server is responding correctly.
  3. Check this link on troubleshooting common MCP connection problems in Kiro if you have any issues.

Development workflow support

The CircleCI MCP server is designed to support real-world scenarios in the development lifecycle. Whether you’re reviewing a broken build, debugging a failed deploy, or keeping tabs on a critical branch, it helps your assistant understand failures and suggest fixes in seconds eliminating the need for context switching.

Scenario 1: A PR check fails

You push a change, the build fails, and you’re not sure why. Instead of jumping into the UI, you ask:

Why did this PR’s build fail?

The assistant identifies a missing environment variable in the db:setup step and offers to update your config file. You approve the fix, re-run the job, and continue your review without leaving your IDE.

Scenario 2: A staging deployment fails

Right before a release, the deploy to staging fails. You drop in the pipeline link:

Get logs from https://app.circleci.com/pipelines/github/my-org/my-repo/789 and help me fix it

The server returns structured logs from the failed job. Your assistant identifies a missing secret, confirms the absence in your ENV file, and suggests a secure patch. You apply the change and ship a fix immediately.

Scenario 3: Flaky tests impact development velocity

You’re spending time investigating test failures that aren’t caused by code changes—re-running jobs, questioning valid changes, and eroding confidence in your pipeline. This slows development velocity and disrupts the reliable feedback loop your team needs.

You prompt:

Find and fix flaky tests in my project

The server analyzes historical test results to surface the flakiest tests, with names, locations, failure rates, and full context. Your assistant helps you understand what’s wrong, why it matters, and how to fix it so you can get back to building with confidence.

These workflows highlight how CircleCI MCP server helps transform build challenges into actionable insights. With structured data and automated analysis working together, teams can identify and resolve issues efficiently to maintain continuous delivery.

The following image shows how you can use CircleCI’s MCP server to debug a build failure in the IDE:

Using CircleCI’s MCP server to debug a build failure

Figure 1: Using CircleCI’s MCP server to debug a build failure

Clean up

To avoid ongoing charges for the resources created in this solution, follow these cleanup steps:

Delete the Amazon Bedrock AgentCore Runtime

1. To remove the MCP server deployment, run the following AWS CLI command (replace the placeholder with your actual runtime name):

aws bedrock-agentcore-control delete-agent-runtime \
--region us-east-1 \
--<agent-runtime-name> "CircleCI_MCP_Server"

2. To verify the deletion was successful, check that the runtime no longer appears in your AgentCore Runtime list.

Clean up Amazon Cognito resources

1. To delete the User Pool Client, run:

aws cognito-idp delete-user-pool-client \
--user-pool-id $POOL_ID \
--client-id $CLIENT_ID \
--region us-east-1

2. To delete the User Pool, run:

aws cognito-idp delete-user-pool \
--user-pool-id $POOL_ID \
--region us-east-1

Remove IDE configuration

  1. To disconnect your IDE from the MCP server, delete or comment out the CircleCI MCP server configuration from your ~/.aws/amazonq/mcp.json or .amazonq/mcp.json
  2. Restart your IDE to apply the configuration changes.

Note: The IAM role created in the prerequisites can be retained for future use or deleted if no longer needed. Be sure to review any other AWS resources that may have been created during testing to avoid unexpected charges.

Conclusion

This post demonstrates how to deploy CircleCI’s MCP server in AWS Marketplace using Amazon Bedrock AgentCore Runtime and integrate it with AI-powered development tools to transform your CI/CD pipelines into systems that can troubleshoot failures, manage deployments, and streamline your development workflow through simple conversational commands.

This integration represents an enhancement in making CI/CD operations more accessible and efficient for development teams. By using resources from the AWS Marketplace AI Agents and Tools category alongside Amazon Bedrock AgentCore Runtime, you can now bring the power of agentic AI directly into your development environment while maintaining the security and scalability that enterprise teams require.

To get started with CircleCI’s MCP server, visit the AWS Marketplace listing to begin transforming how your team interacts with CI/CD pipelines using conversational AI.

About Authors

Nitin Kuriakose

Nitin Kuriakose is a Senior Field Engineer at CircleCI, specializing in helping organizations optimize their CI/CD workflows and accelerate their software delivery pipelines. With extensive experience in DevOps practices and automation, Nitin partners with engineering teams to implement efficient testing strategies, streamline deployment processes, and maximize the value of their CircleCI implementations. He has successfully guided numerous enterprise clients through complex CI/CD transformations, helping them achieve faster release cycles and improved code quality. As a trusted technical advisor, Nitin is passionate about sharing practical solutions, enabling teams to build, test, and deploy confidently.

Aarushi Karandikar

Aarushi Karandikar is a Solutions Architect at AWS, where she provides technical guidance to Enterprise ISVs in the Security, Observability, and Developer Tools space. With a background in data science and specializing in Generative AI, she is passionate about helping customers build scalable, secure, and innovative solutions on AWS.

Gabriel Costa

Gabriel Costa is a Senior Partner Solutions Architect at AWS, working with AWS Partners and customers on all things cloud operations and how to use AI to solve real-world use-cases. Outside of work, he enjoys playing the guitar, reading about philosophy, watching sci-fi, exploring nature and traveling with family.