AWS MCP Server Now Available: Secure, Authenticated AI Agent Access to AWS Services

We're excited to announce the general availability of the AWS MCP Server, a managed remote Model Context Protocol (MCP) server that provides AI agents and coding assistants with secure, authenticated access to all AWS services through a compact set of tools. This solves a critical challenge: how to give agents real AWS access without compromising security. Below, we answer common questions about what the AWS MCP Server offers, its key features, and how it empowers agents to work with AWS infrastructure safely and efficiently.

What is the AWS MCP Server and why was it created?

The AWS MCP Server is a managed remote server that implements the Model Context Protocol (MCP) to give AI agents and coding assistants secure, authenticated access to AWS services. It was created to solve a persistent problem: developers wanted agents that could interact with AWS in meaningful ways but were hesitant to hand over broad IAM credentials or risk exposing the AWS environment. The server provides a small, fixed set of tools that let agents perform API calls, retrieve documentation, and run scripts without giving them unrestricted access. This means agents can build infrastructure, manage resources, and follow best practices while maintaining strict security boundaries. The server is part of the Agent Toolkit for AWS, a suite of tooling that includes skills and plugins to help coding agents build more effectively on AWS.

How does the AWS MCP Server ensure agents work with up-to-date AWS information?

AI coding agents often rely on outdated training data, leading to mistakes with new services or best practices. The AWS MCP Server tackles this with two dedicated tools: search_documentation and read_documentation. These tools retrieve current AWS documentation and best practices at query time, so the agent always works from the latest information. For example, agents can instantly learn about services like Amazon S3 Vectors, Aurora DSQL, or Bedrock AgentCore, even if they were released after the model's training cutoff. Documentation retrieval now requires no authentication, making it seamless. This ensures agents produce production-ready infrastructure using AWS Cloud Development Kit (CDK) or CloudFormation rather than outdated methods like AWS CLI, and they generate IAM policies with minimal privileges.

What is the call_aws tool and how does it handle API operations?

The call_aws tool is the core of the AWS MCP Server. It allows agents to execute any of over 15,000 AWS API operations using the developer's existing IAM credentials. This tool is designed to be context-efficient, consuming minimal space in the model’s context window. When new APIs launch, they are typically supported within days, as the server updates automatically. The agent passes the API name, parameters, and appropriate IAM context, and the server executes the call with the user's permissions. This eliminates the need to hand over broad keys or create separate permission sets for the server itself, as IAM context keys are now supported. The result is a secure, scalable way to give agents the ability to manage AWS resources without compromising security or performance.

What new capabilities come with the general availability of the AWS MCP Server?

With the general availability release, several new features enhance the server's security, performance, and ease of use. First, the server now supports IAM context keys, meaning you no longer need a separate IAM permission to use the server—fine-grained access can be expressed directly in standard IAM policies. Documentation retrieval no longer requires authentication, reducing friction. The number of tokens required per interaction has been reduced, which is particularly beneficial for complex, multi-step workflows where context window size is a constraint. Additionally, the new run_script tool allows agents to execute short Python scripts server-side in a sandboxed environment. This sandbox inherits your IAM permissions but has no network access, enabling agents to process data without accessing your local file system or shell. These improvements make the server more powerful and safer to use.

How does the run_script tool improve multi-step workflows?

The run_script tool is a standout addition that dramatically improves efficiency for multi-step tasks. Previously, an agent needing to call multiple APIs and combine results had to make separate round-trips for each call, burning through context window and slowing down the process. With run_script, the agent can write a short Python script that chains API calls, filters responses, and computes results—all in a single round-trip. The script runs server-side in a sandboxed environment with no network access, so it inherits your IAM permissions but cannot reach your local files or command line. This is both faster and more context-efficient, making it ideal for complex operations like aggregating data from multiple services, checking resource states, or generating reports. Developers can safely give agents data-processing power without opening up sensitive systems.

What are Skills and how do they differ from Agent SOPs?

With the general availability release, the AWS MCP Server introduces Skills as an evolution of the former Agent SOPs (Standard Operating Procedures). Skills provide curated guidance and best practices for common tasks, helping agents build more effectively on AWS. Unlike SOPs, which were more static and less integrated, Skills are designed to be more actionable and context-aware. They offer step-by-step instructions, code snippets, and architectural recommendations tailored to specific use cases—like deploying a web app, setting up a data pipeline, or securing an S3 bucket. Skills are embedded within the Agent Toolkit for AWS, making them easily accessible through the MCP server so agents can reference them dynamically. This transition reflects a shift toward richer, more useful tooling that helps agents not just execute commands but also follow AWS best practices from the start.