AWS MCP Server Now Generally Available: Secure Agent Access to AWS Services

The AWS MCP Server is now generally available, providing AI agents and coding assistants with secure, authenticated access to all AWS services through a compact set of tools. This server, part of the Agent Toolkit for AWS, addresses key challenges like outdated documentation, overly broad IAM policies, and inefficient API calls. Below, we answer common questions about its features, benefits, and how it transforms agent-based AWS interactions.

What is the AWS MCP Server and how does it work?

The AWS MCP Server is a managed remote Model Context Protocol (MCP) server that enables AI agents and coding assistants to securely interact with AWS services. It uses a fixed set of tools, such as call_aws to execute over 15,000 API operations with existing IAM credentials, search_documentation and read_documentation to fetch up-to-date AWS documentation in real time. This ensures agents always use current best practices rather than outdated training data. The server is part of the Agent Toolkit for AWS, designed to enhance agent productivity on AWS. By leveraging IAM context keys, it enforces fine-grained access policies without requiring additional permissions. The run_script tool allows agents to run Python scripts in a sandboxed environment, chaining multiple API calls in a single round-trip for efficiency.

Why was the AWS MCP Server needed for AI agents?

AI coding agents often struggle when working with AWS deeply due to several issues. Without real-time access to AWS documentation, they rely on training data that can be months old, missing newer services like Amazon S3 Vectors or Amazon Aurora DSQL. When building infrastructure, they default to the AWS Command Line Interface (AWS CLI) instead of using the AWS Cloud Development Kit (AWS CDK) or AWS CloudFormation, and they frequently generate overly permissive IAM policies. This leads to infrastructure that works in demos but fails production requirements. The AWS MCP Server solves these problems by providing up-to-date documentation and enforcing secure, scoped access through IAM, ensuring agents produce production-ready code with appropriate permissions.

What are the key new capabilities in the general availability release?

The general availability release introduces several improvements. First, IAM context keys are now supported, eliminating the need for a separate IAM permission to use the server and allowing fine-grained access control via standard IAM policies. Second, documentation retrieval no longer requires authentication, simplifying setup. Third, the token consumption per interaction has been reduced, which is critical for complex, multi-step workflows. Additionally, the run_script tool allows agents to run Python scripts server-side in a sandboxed environment that inherits IAM permissions but has no network access. This enables agents to chain multiple API calls, filter results, and compute outcomes in a single round-trip, saving context and improving speed. Finally, the transition from Agent SOPs to Skills provides curated guidance and best practices for various tasks.

How does the run_script tool improve agent efficiency?

The run_script tool is a standout feature. It allows an agent to write a short Python script that executes server-side in a sandboxed environment. The sandbox inherits the user's IAM permissions but has no network access, ensuring agents can process data without accessing local files or a shell. Traditionally, when an agent needs to call multiple AWS APIs and combine results, making individual calls is slow and consumes considerable context. With run_script, the agent chains API calls, filters responses, and computes results in a single round-trip. This drastically reduces latency and token usage, making complex multi-step workflows more efficient. For example, an agent could query multiple AWS services, aggregate data, and return a summary without repeated context resets.

What is the Agent Toolkit for AWS?

The Agent Toolkit for AWS is a suite of tooling that includes the AWS MCP Server, along with skills and plugins, all designed to help coding agents build more effectively and efficiently on AWS. While the MCP Server provides secure API access, the Toolkit’s skills offer curated guidance and best practices for common tasks. The plugins extend functionality further. This integrated approach ensures that agents not only have the right tools but also follow AWS-recommended patterns, leading to production-ready infrastructure. The toolkit is a key part of AWS's strategy to empower AI agents with secure, context-aware capabilities, reducing the friction of building on the cloud.

How do Skills replace Agent SOPs in the AWS MCP Server?

The most significant addition in the general availability release is the transition from Agent SOPs to Skills. Skills provide curated guidance and best practices for specific tasks, such as deploying resources, managing permissions, or optimizing costs. Unlike SOPs, which were static and required manual updates, Skills are dynamic and integrated directly into the server. They allow agents to access step-by-step instructions and recommended workflows in real time, ensuring they follow current best practices. This shift makes the agent more autonomous and accurate, as it can adapt to evolving AWS standards without external intervention. Skills are a key differentiator, enabling agents to handle complex scenarios like multi-region deployments or compliance audits with confidence.