A step-by-step walkthrough for building infrastructure with AI agents safely and effectively.
Context: This tutorial accompanies the Massdriver + Claude Code fireside chat "Making Infrastructure Safe for Agents" with Kelsey Hightower (March 18, 2026).
Tip
Live Session PR — Want to see exactly what was built during the fireside chat? Check out the pull request from the live session against the Massdriver Catalog — real bundles, built live with Claude Code. Don't have 10 minutes to do this whole tutorial?! Really??? Come on‽ Well if you really don't, here is the full dry-run PR.
Note
Watch the Recording — Missed the live session? Watch Kelsey Hightower and the Massdriver team build production-grade infrastructure bundles from scratch with Claude Code — full recording on YouTube.
A TODO API consisting of:
- DynamoDB table - Custom Massdriver bundle with artifact definition exposing ARN and IAM policies
- Lambda function - Custom bundle that consumes the DynamoDB artifact to serve the TODO app
AI can generate Infrastructure as Code, but that doesn't automatically make it production-ready or trustworthy. This tutorial demonstrates how Massdriver acts as a harness between AI agents and your cloud - providing the guardrails, context, and isolation that make agentic infrastructure practical.
- Docker installed locally
- Anthropic API key (for Claude Code)
- AWS account (for deploying infrastructure)
Visit app.massdriver.cloud and sign up with GitHub or Gmail. Create your organization during signup.
The service account provides API access for CLI and agent authentication.
- Navigate to Service Accounts in the sidebar
- Click Create service account
- Name it (e.g.,
claude-agent) - Copy and save the API key securely
Hover over your organization logo in the Massdriver UI to find your organization's short identifier (e.g., acme-corp).
brew install massdrivermkdir -p ~/.config/massdriver
cat > ~/.config/massdriver/config.yaml << EOF
version: 1
profiles:
default:
organization_id: YOUR_ORG_ID
api_key: YOUR_SERVICE_ACCOUNT_API_KEY
EOFReplace YOUR_ORG_ID and YOUR_SERVICE_ACCOUNT_API_KEY with your values from Part 1.
The massdriver-catalog is your platform foundation. It contains artifact definitions, bundle templates, and cloud platform integrations.
git clone https://github.com/massdriver-cloud/massdriver-catalog.gitThis defines how Massdriver authenticates with AWS using IAM roles.
cd massdriver-catalog
make publish-platformsThis publishes the platform definitions to your Massdriver instance.
Important: After publishing, you'll see AWS IAM Assume Role in the credential type selector. Use this one, not the deprecated AWS IAM Role (massdriver/aws-iam-role) that exists on SaaS instances.
Now add your AWS credential using the platform you just published:
- Navigate to Credentials in the sidebar
- Click Add credential and select AWS IAM Assume Role
- Follow the guided setup to create an IAM role with the required permissions
- Enter the Role ARN and External ID
cd ..
git clone https://github.com/massdriver-cloud/agentic-infrastructure-tutorial.git
cd agentic-infrastructure-tutorialCopy your Massdriver config for the agent container:
mkdir -p .massdriver
cp ~/.config/massdriver/config.yaml .massdriver/config.yamlOptional Add your API key here, or Claude will prompt for login at startup.
export ANTHROPIC_API_KEY="your-anthropic-api-key"docker compose up -d
docker compose exec claude-code bashThe container includes:
- Claude Code CLI
- Massdriver CLI (with your service account credentials)
- The massdriver-catalog mounted at
/catalog
Verify everything works:
mass project listStart Claude Code and install the plugin:
claudeFollow the Claude login prompt.
Then inside Claude Code:
/plugin marketplace add massdriver-cloud/claude-plugins
/plugin install massdriver@massdriver-cloud-claude-plugins
The plugin gives Claude structured context about your infrastructure - artifact contracts, dependency graphs, and IAM relationships.
Inside the container, run Claude Code and execute the development workflow:
/massdriver:develop Create an "aws-dynamodb-table" module with a fairly simple interface for managing a table. Make dangerous-to-change fields immutable, hard code most compliance recommendations from the Massdriver provisioner. Note, nothing in this git repo has been published besides the AWS platform.
Claude Code will scaffold the bundle, define the artifact schema, run Checkov compliance checks (iterating until they pass), and publish with --development.
Now create a Lambda function that consumes the DynamoDB artifact:
/massdriver:develop Create an "aws-lambda-todo-api" bundle — a Node.js Lambda behind API Gateway HTTP API that implements a TODO REST API. Connect to the DynamoDB artifact to get the table name and attach one of its exposed IAM policies. Bundle manages its own S3 deployment bucket. No custom domain, no VPC, no Route 53.
The Lambda doesn't define its own DynamoDB permissions - it pulls them from the artifact. This is the contract in action.
A tofu plan is a promise made by a machine that has never actually tried the thing it's promising. Real validation requires deployment against actual infrastructure. But you can't let agents touch production.
Massdriver solves this with disposable environments - isolated, temporary clones where agents can deploy, test, and iterate against real infrastructure feedback.
The plugin operates in isolated test environments only. Agent failures impact disposable infrastructure, never production. The workflow:
- Clone - Agent gets a low-scale replica with separate IAM boundaries
- Test - Agent deploys and runs real compliance checks
- Validate - Agent reports deployment logs and compliance results
- Approve - Human reviews the infrastructure module
- Execute - Developers deploy the vetted artifact to production
- Destroy - Test resources torn down; artifact persists
Bundles cannot be published without the --development flag. Agent-created infrastructure is clearly marked as experimental until human review.
Every bundle runs through Checkov security scanning. The agent iterates on failures until all checks pass. Security isn't optional - it's built into the feedback loop.
The plugin understands your infrastructure as queryable data:
- Artifact contracts - What infrastructure exposes and consumes
- Dependency graphs - How components connect
- IAM relationships - Least-privilege access from artifact definitions
This context lets the agent make informed decisions without exploratory API calls.
Every deployment includes a message via the -m flag, creating a record of what was deployed and why.
See the actual PR with generated bundles from running this tutorial.
The two bundles generated total ~850 lines of code:
DynamoDB bundle (~330 lines):
- OpenTofu config with point-in-time recovery, encryption at rest, and deletion protection hardcoded
- Dangerous fields (table name, hash key, billing mode) marked immutable so they can't be changed through the UI
- Read-only and read-write IAM policies auto-generated and exposed through the artifact
Lambda bundle (~520 lines):
- S3 deployment bucket with versioning, KMS encryption, and public access blocks
- IAM execution role with least-privilege policies
- CloudWatch log groups with configurable retention
- API Gateway HTTP API with access logging
- DynamoDB permissions pulled directly from the artifact - no manual IAM authoring
The Lambda doesn't define its own DynamoDB permissions. It consumes them from the DynamoDB artifact's policy list. Change the DynamoDB bundle's policies, redeploy, and every consumer gets the update.
Writing this from scratch - with proper compliance controls, IAM policies scoped correctly, immutability guards, and working artifact contracts - would take an experienced engineer a day or two. The agent produced it in the time it took to answer a few clarifying questions.
Developers never touch this workflow. The AI helps platform engineers translate intent into IaC. Once you're happy with compliance and developer experience, you approve the bundle into a stable release. From there, developers get an interactive canvas that governs their cloud - all your compliance and non-negotiables intact, fully reproducible, repeatable, and auditable. Everything is backed by open source: OpenTofu, OCI, and Docker for maximum portability and zero lock-in. The IaC becomes the deterministic contract. AI understood your intent; developers consume the result.
- Massdriver Agentic Harness & Context Engine - Give AI agents the guardrails, structured context, and blast radius containment they need to ship production-grade infrastructure autonomously
- Development Environments for Agentic Infrastructure - Deep dive on disposable environments and blast radius containment
| Topic | URL |
|---|---|
| Getting Started | https://docs.massdriver.cloud |
| CLI Reference | https://docs.massdriver.cloud/reference/cli/overview |
| Artifacts | https://docs.massdriver.cloud/concepts/artifacts |
| Artifact Definitions | https://docs.massdriver.cloud/concepts/artifact-definitions |
| Bundle Development | https://docs.massdriver.cloud/bundles/development |
| Claude Plugin | https://github.com/massdriver-cloud/claude-plugins |
| Massdriver Catalog | https://github.com/massdriver-cloud/massdriver-catalog |