Generating AWS Architecture Diagrams with Kiro CLI and Agent Skills

While trying to follow the official AWS tutorial “Build AWS architecture diagrams using Amazon Q CLI and MCP” to generate architecture diagrams for my projects, I hit a wall: the MCP server awslabs.aws-diagram-mcp-server has been discontinued. All versions were yanked from PyPI. The functionality migrated to the Agent Skills system in the deploy-on-aws plugin from awslabs/agent-plugins. In this post, I share the updated path to configure everything and generate professional diagrams in .drawio format. ...

May 12, 2026 · 4 min · 826 words · Matheus Costa

Zero Trust Architecture: The Future of Corporate Security

What is Zero Trust? Zero Trust is a security model that operates under the principle “never trust, always verify.” Unlike traditional models that trust users within the network perimeter. Fundamental Principles 1. Explicit Verification Authenticate and authorize based on all available data points User identity, location, device, service, or workload Data classification and anomalies 2. Least Privilege Access Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA) Risk-based adaptive policies Data protection 3. Assume Breach Minimize blast radius and segment access Verify end-to-end encryption Use analytics to gain visibility and detect threats Architecture Components graph TD A[User] --> B[Identity Provider] B --> C[Policy Engine] C --> D[Access Gateway] D --> E[Protected Resources] F[Device Trust] --> C G[Network Security] --> C H[Data Classification] --> C Practical Implementation 1. Identity and Access Management (IAM) Multi-Factor Authentication (MFA) Single Sign-On (SSO) Privileged Access Management (PAM) 2. Network Segmentation Micro-segmentation Software-Defined Perimeter (SDP) Network Access Control (NAC) 3. Device Security Mobile Device Management (MDM) Endpoint Detection and Response (EDR) Device compliance policies Tools and Technologies Cloud Providers AWS: IAM, GuardDuty, Security Hub Azure: Azure AD, Conditional Access GCP: Identity-Aware Proxy, BeyondCorp Specialized Solutions Okta, Auth0 (Identity) Zscaler, Cloudflare (Network) CrowdStrike, SentinelOne (Endpoint) Implementation Challenges Technical Complexity ...

July 16, 2025 · 2 min · 307 words · Matheus Costa