Introduction
As developers increasingly integrate AI agents and coding assistants into their workflows, a critical challenge emerges: how do you grant these agents real, authenticated access to AWS without exposing your environment to unnecessary risk? Today, a robust solution is available. We are excited to announce the general availability of the AWS MCP Server—a managed, remote Model Context Protocol (MCP) server that provides AI agents with secure, authenticated access to all AWS services through a small, fixed set of tools. This server is part of the Agent Toolkit for AWS, which also includes skills and plugins designed to help coding agents build more effectively on AWS.
Why AI Agents Struggle with AWS
AI coding agents are powerful, but they face specific obstacles when working with AWS at any meaningful depth:
- Outdated Knowledge: Agents rely on training data that can be months old. They may lack information about newer services like Amazon S3 Vectors, Amazon Aurora DSQL, or Amazon Bedrock AgentCore.
- Poor Infrastructure Choices: When asked to build infrastructure, agents often default to the AWS CLI instead of modern tools like AWS CDK or AWS CloudFormation.
- Overly Permissive IAM Policies: Agents tend to generate IAM policies that are far broader than necessary, creating security risks and non-production-ready infrastructure.
These issues result in solutions that work in demos but fail in production environments.
How the AWS MCP Server Addresses These Challenges
The AWS MCP Server introduces a compact set of tools that do not consume your model’s limited context window:
- call_aws tool: Executes any of over 15,000 AWS API operations using your existing IAM credentials. New APIs are supported within days of launch.
- search_documentation and read_documentation tools: Retrieve current AWS documentation and best practices at query time, ensuring the agent always works with up-to-date information.
This design keeps agents informed and productive without overwhelming their context.
New Capabilities in the General Availability Release
With general availability, several significant features have been added:
IAM Context Keys and Simplified Permissions
The AWS MCP Server now supports IAM context keys. You no longer need a separate IAM permission to use the server; fine-grained access can be expressed directly in a standard IAM policy.
Documentation Retrieval Without Authentication
Documentation lookup no longer requires authentication, streamlining the agent’s ability to fetch reliable guidance.
Reduced Token Consumption
Token usage per interaction has been minimized, which is especially important for complex, multi-step workflows that demand efficiency.
The run_script Tool: Sandboxed Python Execution
A standout addition is the run_script tool. It lets the agent write a short Python script that executes server-side in a sandboxed environment. Key characteristics:
- Inherits your IAM permissions but has no network access.
- Allows the agent to process data without accessing your local file system or a shell.
- Enables the agent to chain multiple API calls, filter responses, and compute results in a single round-trip.
This approach is both faster and more context-efficient compared to making sequential API calls.
From Agent SOPs to Skills
The most significant architectural change is the transition from Agent SOPs to Skills. Skills provide curated guidance and best practices for common tasks—such as deploying a serverless application or setting up a secure VPC—enabling agents to deliver production-ready infrastructure from the start. Skills are continuously updated and integrate seamlessly with the MCP Server tools.
Conclusion
The AWS MCP Server transforms how AI agents interact with AWS, solving long-standing problems of outdated knowledge, poor tool selection, and insecure IAM practices. By providing a secure, context-efficient, and up-to-date interface, it empowers developers to build with confidence. Explore the Agent Toolkit for AWS today and see how the MCP Server can elevate your AI-driven development workflows.