The new ControlMonkey MCP Server connects AI assistants like Cursor, Claude Code, and Windsurf directly to your ControlMonkey platform – so you can operate Terraform automation using natural language, without sacrificing governance and audit

AI is changing how teams write code. Now it’s changing how they operate infrastructure at scale. But infrastructure isn’t just code. It’s your production  uptime. It’s the risk you report to your board about . It’s your compliance.

Introducing the ControlMonkey MCP Server

The MCP Server connects your AI assistant directly to the ControlMonkey API.
Once connected, your AI assistant can operate across your ControlMonkey platform:

• Namespaces & Stacks – Create, update, query, and delete namespaces and Terraform stacks
• Plans & Deployments – Trigger Terraform plans and deployments, review states, approve or cancel runs
• Templates – Manage ephemeral and persistent templates, create stacks from templates
• Variables – Create and manage Terraform input variables across scopes
• Control Policies – Create policies and policy groups, map them to governance targets
• Notifications – Configure Slack, Teams, and email notification endpoints and subscriptions
• Disaster Recovery – Set up and manage DR and daily backups configurations

How does the MCP Server works?

The ControlMonkey MCP Server connects your AI assistant to the ControlMonkey API.

1. Your AI assistant (Cursor or Claude Code) sends a request through MCP.
2. The MCP server forwards that request to the ControlMonkey API using your API token.
3. ControlMonkey validates permissions based on the token’s role.
4. If authorized, the requested action is executed (plan, deployment, policy creation, query, etc.).
5. The result is returned to the AI assistant.
6. The action is logged in the audit trail.

5 Example AI Queries You Can Run Today

1. The last deployment on stack “payments-service” failed – Show me the Terraform apply logs and explain what went wrong.
2. List my AWS resources in my production account and show which are managed by Terraform and which are not.
3. Create a control policy that requires “team” and “environment” tags and apply it to the production namespace.
4. Are there any resources in production that are not managed by Terraform? Show potential drift.
5. Run a Terraform plan on the “billing-service” stack and summarize the expected changes before approval.
6. Many more..

Stay Ahead with Governed AI Cloud Operations

The ControlMonkey MCP Server lets them operate Terraform directly from tools like Cursor and Claude Code – without switching to the ControlMonkey UI.

At the same time:

• All actions run through the ControlMonkey API
• Permissions are enforced based on the API token
• Control policies are applied automatically
• Every action is logged in audit
• Terraform execution remains centralized

Your team gets AI-assisted operations inside their editor – while you keep governance, visibility, and control.

Learn how to scale cloud governance with AI and our MCP Server – without forcing teams into new workflows.

Connect with our team to get started.

Use AI With Caution –  ControlMonkey integrates with third-party LLM providers but does not control the underlying models or their outputs. AI-generated suggestions – including code changes, remediation steps, and infrastructure modifications – should always be reviewed by a qualified team member before being applied to your environment.AI is changing how teams write code. Now it’s changing how they operate infrastructure at scale. But infrastructure isn’t just code. It’s your production  uptime. It’s the risk you report to your board about . It’s your compliance.

As cloud operations scale, the skills gap – not tooling – often becomes a bottleneck. Modern DevOps teams need more than automation; they need an assistant that understands their codebase, cloud state, and guardrails and can help them with shipping infra with confidence, without sacrificing speed. Today we are lunching ControlMonkey AI IaC CoPilot to answer those challenges.

Introducing KoMo: First AI IaC Copilot

ControlMonkey, the industry’s only fully end-to-end IaC cloud automation platform, today announced KoMo, an AI-powered copilot designed to eliminate one of the biggest blockers in infrastructure delivery: the Infrastructure-as-Code (IaC) skills gap.

The Problem: The Skills Gap

Infrastructure delivery bottlenecks often trace back to one place: the skills gap. Teams can only move as fast as their least experienced engineer, slowing throughput, inflating costs, and introducing compliance risk. Senior DevOps become gatekeepers instead of innovators, while less-experienced contributors hesitate over Terraform syntax, plans, and reviews that can take a time and create toil.

KoMo: The Evolution of Self-Service

Traditional self-service relies on static blueprints. That’s fine for provisioning a single resource, but brittle when real-world requirements change. Our new AI IaC Copilot evolves self-service into something dynamic: AI-driven, context-aware, and compliant by design.

Unlike generic AI chat solutions like ChatGPT or Perplexity that are based on public knowledge KoMo operates with full organizational context thanks to Controlmonkey Integration to the Cloud accounts and to the Git.

KoMo Understand:

• Code across every IaC repository
• Cloud resources currently running in the environment
• Policies and guardrails that enforce compliance, security, and cost standards
• Deployment history, including approvals, rollbacks, and failures
• Modules and best practices shared across the organization
  

KoMo doesn’t generate generic Terraform. It generates Terraform code for YOUR organization – that is compliant, contextual, and safe to deploy. Engineers can request exactly what they need, and KoMo builds the stack the way your organization specifies.

KoMo: AI IaC Copilot Key Capabilities

• Generate Terraform for new resources and stacks aligned to org modules and policies
• Explain Terraform plans in clear, human-readable language
• Trace dependencies, module usage, and historical context instantly
• Flag risk before deployment in context from older outcomes.
• Enforce module usage to prevent drift and “left-behind” resources
• Cover multi-repo environments to eliminate blind spots
• Provision dynamic, on-demand stacks without static templates
  

“KoMo closes the cloud skills gap by evolving self-service. Because it sees not just your code, but your running cloud, policies, and history, it generates Terraform that’s truly yours. That’s how enterprises finally get compliant self-service at scale.”

Aharon Twizer

CEO and co-founder of ControlMonkey

Turn Every Engineer into Your Best Engineer

KoMo transforms how teams deliver infrastructure by eliminating the skills bottleneck. Instead of relying on a handful of senior DevOps engineers to review every line, debug every error, or rewrite every plan, KoMo gives every contributor the context and confidence to ship infrastructure that meets enterprise standards.

Real-World Uses for AI IaC Copilot

KoMo can answer the questions and requests that traditionally block engineers or overload DevOps experts:

• “Help me write Terraform to spin up a new service for periscope-app in dev using our naming conventions.”
• “Where do we use our S3 bucket module – and is it following best practices?”
• “Explain this Terraform plan in human-readable terms and flag risks.”
• “Analyze our Terraform/OpenTofu error and suggest a fix.”
• “Create a new-hire write-up of our Terraform layout: providers, modules, naming, and policies.”
• “Find references to Glue crawlers across repos and summarize the differences.”
• And many many more
  

See it in action? 

Ready to turn every engineer into your best engineer? Explore AI IaC Copilot in our next Product Showdown

With customers like Rapyd, Coralogix, and ReasonLabs already benefiting from compliance visibility, ControlMonkey is raising the bar for proactive cloud governance.

For teams managing their Terraform, OpenTofu, or Terragrunt environments, compliance is often a moving target. The new Cloud Compliance Dashboard in ControlMonkey delivers a unified, drill-down view into your compliance posture across AWS, Azure, and GCP helping you identify gaps before they turn into risks.

Introducing Cloud Compliance Dashboarding

The Compliance Dashboard gives DevOps and Cloud managers the ability to select relevant standards, track consolidated scores, and drill down into failed controls and resources.

Supported frameworks include:

• CIS Benchmarks (2.0, 2.1, 3.0)
• PCI DSS 4.0
• HIPAA Security Rule
• MITRE ATT&CK
• ENS_RD2022 (Spanish National Security Framework)
• DORA Regulation
• And more – Full List below

Teams can move from high-level compliance scores down to specific failed checks, pinpoint which resources triggered non-compliance (for example, an exposed EC2 instance), and shift compliance from reactive audits to proactive prevention.

Stay Ahead with Cloud Governance and Infrastructure Control

The dashboard provides decision-makers with measurable clarity. I Teams can continuously check compliance instead of just reacting to audit findings. They can enforce IaC policies on a large scale and strengthen infrastructure pipelines. This means:

• Improved visibility into your compliance score
• Reduced risk with drill-down checks at the resource level
• IaC alignment through proactive enforcement
• Scalable governance across multi-cloud environments

“When teams gain full visibility and proactive compliance controls, they stop reacting to problems and start preventing them. That’s how you consistently raise your compliance score.” said Ori Yemini, CTO, ControlMonkey

Customer Perspectives

2 of Control monkey customers already enjoying full IaC coverage visibility:

More IaC coverage means fewer security issues — period. What stood out with ControlMonkey was how easy it became to do things the right, modern way. When infrastructure and security teams can finally collaborate by design, that’s when security actually works

Nir Rothenberg

CISO

As a company that manages huge clusters of AWS resources, the ControlMonkey Platform and specifically its GitOps pipeline capabilities is an integral part of our infrastructure deployment process, enabling us to shift left our infrastructure policies, best practices, and guardrails to make sure our production environment is stable, compliant and secure

Yoni Farin

Coralogix

See it for yourself

Join our next Product Showdown to experience the Cloud Compliance Dashboard in action.

Supported Frameworks include:

Find below full list of framework support by cloud provider:

AWS

• CISA
• SOC 2
• CIS Benchmarks (1.4, 1.5, 2.0, 3.0, 4.0.1, 5.0)
• MITRE ATT&CK
• GDPR
• AWS Foundational Security Best Practices
• ISO/IEC 27001:2013 & 2022
• KISA ISMS-P 2023 (incl. Korean version)
• HIPAA Security Rule
• GxP 21 CFR Part 11
• GxP EU Annex 11
• NIST 800-171 Rev 2
• NIST 800-53 Rev 4 & Rev 5
• PCI DSS 4.0 & PCI DSS 3.2.1
• AWS Well-Architected Framework (Security & Reliability Pillars)
• AWS Account Security Onboarding
• AWS Foundational Technical Review
• AWS Audit Manager Control Tower Guardrails
• NIST Cybersecurity Framework (CSF) 1.1
• ENS_RD2022
• RBI Cyber Security Framework
• FFIEC Cybersecurity Assessment
• FedRAMP (Low & Moderate, Rev 4)
• NIS2 Directive

Azure

• PCI DSS 4.0
• SOC 2
• ISO/IEC 27001:2022
• CIS Benchmarks (2.0, 2.1, 3.0, 4.0)
• ENS_RD2022
• MITRE ATT&CK
• NIS2 Directive

GCP

• MITRE ATT&CK
• SOC 2
• CIS Benchmarks (2.0, 3.0, 4.0)
• ENS_RD2022
• PCI DSS 4.0
• ISO/IEC 27001:2022
• NIS2 Directive

Azure Organization Integration is now available in ControlMonkey, making it easier than ever for enterprises to govern and scale their Azure environments. For teams managing their Terraform, OpenTofu, or Terragrunt deployments across multiple subscriptions, this integration eliminates the need to onboard subscriptions one by one – delivering instant visibility, compliance, and automation at scale.

Introducing Azure Organization Integration

With Azure Organization Integration, ControlMonkey now supports seamless onboarding across dozens—or even hundreds—of Azure subscriptions in just a click.
You can also control what subscriptions to connect to ControlMonkey by choosing one or more Azure Management Groups.

Top benefits include:

• One-click onboarding for all Azure subscriptions
• Unified cloud inventory across the entire Azure footprint
• Automated backups spanning every subscription
• Consistent IaC governance across cloud environments
• Enterprise-ready scale to support regulated and governed organizations

“For enterprises operating Azure at scale, onboarding and governance must be frictionless. With Azure Organization Integration, we’re giving customers complete visibility, backup, and IaC governance across every subscription in just one step"

Ori Yemini

CTO, ControlMonkey

ControlMonkey for Cloud Governance 

By extending our multi-cloud enterprise capabilities, Azure Integration ensures teams:

• Gain visibility across all Azure subscriptions without manual setup
• Reduce risk with governed, consistent controls across accounts
• Strengthen IaC adoption and compliance at enterprise scale
• Confidently operate in regulated environments with full coverage

Ready to take control?

Explore Azure Organization today and bring order to your multi-subscription cloud – Lean More in our Product Showdown Next Week.

We are excited to announce that we have reinforced our Cloud Inventory Dashboard‘s organization view. We added the option to aggregate accounts by predefined labels.

IaC Posture Overview

The ControlMonkey’s dashboard organization view provides a 30K feet IaC Posture overview. It encompasses the entire organization’s AWS accounts, GCP Projects, and Azure Subscriptions.

ControlMonkey’s IaC posture overview shows the user at any given time their IaC Coverage, # of unmanaged resources, # of Terraform, OpenTofu or Terragrunt Drifts, and # of Console Operations (ClickOps)

Starting today, ControlMonkey users can aggregate the IaC Posture overview on a labeled set of accounts. They can filter by those accounts, such as Production, Staging, Networking, etc.

Not all Cloud Account Labels are created equal.

Production and Development environments fundamentally differ in how they are managed and governed.

A drift or ClickOps in production is way more severe than in dev environments. Furthermore, high Terraform coverage in staging is more significant than in QA.

Hence, this capability lets our customers get a better IaC posture overview of important selected accounts.

Cloud Account Labels enables infrastructure teams

• Easily group accounts with custom labels.

• Have an aggregated view of labeled groups.
  

Organizations that manage large-scale cloud environments with dozens or hundreds of accounts can now logically group them. They can have selective visibility into that group’s IaC posture.

If you have a large-scale cloud environment with multiple accounts and are struggling to get an accurate, real-time IaC Posture view, we would love to chat!

Today, we are excited to announce that we have enhanced our Terraform or OpenTofu Orchestration Engine to execute Introducing Terraform and OpenTofu Stack Dependencies in any specific order/hierarchy dependent on other related Stacks’ output.

Why Terraform and OpenTofu Stack Dependencies matters?

Stack Dependencies allow ControlMonkey users to create a flow of interdependent stacks that run in a custom-defined order, with critical information passed from one to another.

This provides a deeper granularity and control over what triggers each Terraform and OpenTofu Stack and the inputs and outputs required for a successful execution.

Real life Example for Stack Dependencies

Example: Let’s take a company with a complex infrastructure comprising multiple cloud environments with few Terraform/OpenTofu Stacks strongly linked to one another to deploy the entire infrastructure.

Building the infrastructure is a linear process in which these stacks must be orchestrated precisely, starting with Account Configuration, Access Control & Authentication, Networking, Databases, Compute, Alerting, Monitoring, etc.
Moreover, the information generated in each Stack has to be passed along to the next Stack in the execution Queue.

A typical scenario would involve passing along critical networking information from the ‘network’ stack to the ‘compute resources’ stack so they can have the right network configuration, for example.

Controlmonkey Terraform and OpenTofu Stack Dependencies

With ControlMonkey Stack Dependencies, you can now easily define the order, triggers, inputs, and outputs of each Terraform and OpenTofu Stack to customize your infrastructure orchestration.

Cloud engineering teams no longer need to manually collect the data produced in each stack deployment to configure the next stack. ControlMonkey collects the stack’s required outputs in runtime and automatically inserts the data into the next stack in the deployment flow.

The Benefits of Stack Dependencies:

• Link Terraform or OpenTofu Stacks. Users can tightly manage stacks when closely connected due to interdependencies.
• Direct Information Transfer.Variables can now be passed directly from one stack to another. There is no need to fetch this information within the stack; you can simply use it as the value of a variable. This shortens execution times and eliminates the possibility of misconfiguration.

To summarize, with Stack Dependencies, you now have the option to connect two stacks to execute one after another and pass information created in the runtime of one stack to another.

This enables stronger interconnection between stacks and saves time by building the infrastructure automatically without the need to manually trigger pipeline executions.

Managing Terraform/OpenTofu at scale?

Our Experts are available for a quick call so you can learn more about the future of Terraform/OpenTofu Automation.

We are excited to announce another milestone in our support for multiple cloud providers, this time with a major enhancement to our Terraform CI/CD solution.
Starting today, ControlMonkey’s Managed Security Policies are also available for Google Cloud users!

These Security Policies are predefined, managed, and maintained by ControlMonkey.
Rather than writing and maintaining common security policies with OPA, which also requires understanding the Terraform Plan output internals, you get managed security policies that are enforced whenever someone changes your Terraform code, right out of the box.

Cloud Engineering teams can granularly select on which unit of deployment the Security Policy will be enforced, and also the enforcement level (warning or block).
So if you need to separate and divide your policy enforcement across environments, you can easily do that with ControlMonkey.

The benefits of Managed Security Policies:

• You get a library of pre-defined security policies to choose from, straight out of the box.
• Save time on writing, managing, and maintaining these policies, ControlMonkey does all the heavy lifting for you.
• By shifting left your security, you are:
  • Preventing security issues before they reach production
  • Saving time on manual code review.
  • Enable a proactive operations mode Vs. reacting to security misconfigurations.
  • Educating Cloud Engineering teams on the organization’s security standards.

If you’re using GCP today and looking to turn on your proactive mode, let’s talk.

Ever since it was announced GA, OpenTofu migration has seen rapid adoption by DevOps teams  around the world to keep their IaC framework open-source.
Hashicorp’s Terraform license change and IBM’s recent acquisition have pushed more and more DevOps to migrate their stacks from Terraform to OpenTofu.

If you have come to the decision that OpenTofu is the right IaC framework for your team and you’re planning to migrate, then the release of our ‘OpenTofu 1-Click Migration’ solution is exactly for you.
ControlMonkey users who want to migrate their stacks to OpenTofu can now easily do it via the ControlMonkey platform in a few clicks.

How hard is it to migrate from Terraform to OpenTofu at scale?

It’s pretty straightforward to migrate a couple of Terraform stacks to OpenTofu on your own.
But what if you have hundreds or thousands of stacks that you wish to migrate?

That’s when OpenTofu migration becomes complex and risky—especially at scale.

When you have big-scale environments or a large terraform codebase, manually inspecting and preparing your code to be migration-compatible can be a long, daunting, and error-prone process.
So, if you have many Terraform Stacks, you can now seamlessly migrate them to OpenTofu using ControlMonkey.

Here is how we do it:

OpenTofu Readiness Assessment

As always the first step is visibility – Gain complete visibility into your code readiness with a clear assessment report and understand your migration gaps and dependencies.
See exactly which stacks are not ready to shift to OpenTofu, and whether your Terraform Stacks are OpenTofu compatible.

1-Click OpenTofu Migration

Shift your IaC engine binary to OpenTofu with minimal effort. 
ControlMonkey provides a 1-click migration where we automatically change your Infrastructure CI/CD IaC framework to OpenTofu.

Fix Code Gaps and Dependencies

ControlMonkey scans your code to search for HashiCorp’s registry references in your Modules or providers definitions.
If your Terraform code was written with the fully qualified name of HashiCorp’s registry, ControlMonkey will automatically generate a PR that fixes the code pointing to the OpenTofu registry. 

Quick Wrap Up

Migrating from Terraform to OpenTofu is more of a management challenge than a technical one.
When you have large environments with many stacks, manually assessing and preparing thousands of lines of Terraform Code is counterproductive and error-prone.

With ControlMonkey, you get the automation that scans and assesses all of your Terraform Stacks, runs compatibility tests, and helps you seamlessly fix any gaps or dependencies in your code.
Don’t spend your DevOps team’s time preparing your stacks for migration.
We are providing the easiest and safest way to migrate from Terraform to OpenTofu.

Interested in learning more about how ControlMonkey supports OpenTofu Migration and makes the migration a walk in the park?
Our Terraform Experts are waiting to jump on a quick call and show you.

We are happy to announce that we have upgraded our permission management and added support for custom roles.

Up until today, our users had the option to grant permissions to certain namespaces based on a predefined system role (Viewer, Deployer, or Admin).
We’ve identified our customers’ needs to have more granularity with their permissions management by adding more customization options.

Now, ControlMonkey users can create a custom role with permissions that are based on Stacks, Deployments, or Plans.

The custom role can then be granularly applied on a user/team in a specific namespace for that additional layer of customization.

With the option to limit certain users’ actions, our customers are reducing the risk of misconfigurations, allowing for better control mechanism in their environments by preventing certain users from performing ‘high-risk’ actions such as ‘Approve Deployment’ or ‘Delete Resources’.

Today, we are happy to announce that we have reinforced our Self-service infrastructure solution with support for Terragrunt and OpenTofu Iac frameworks.

ControlMonkey’s solution for self-service enables DevOps teams to allow other teams to spin up secure and compliant cloud environments on their own in minutes by using predefined Terraform templates.
Self-service Infrastructure enables agility without sacrificing governance and frees DevOps teams from responding to tickets for infrastructure provisioning.

ControlMonkey users that use Terragrunt or OpenTofu IaC frameworks can now allow other teams to launch cloud environments using our Self-service solution, which promotes engineering autonomy and increases team productivity while maintaining governance.

As supporters of the OpenTofu project, we are excited to see more of the ControlMonkey capabilities support the OpenTofu code, and we have a lot more coming your way.

Are you using OpenTofu and want to learn more about how the ControlMonkey platform can help you with your Day 2 challenges? Our team is waiting to hear from you; we promise we will blow your mind.