Fbhchile

2026-05-17 22:54:04

AWS MCP Server Now Generally Available: Secure, Up-to-Date AI Agent Access to AWS Services

The AWS MCP Server is now generally available, providing AI agents secure, authenticated access to AWS services via compact tools, real-time documentation, IAM context keys, and a sandboxed run_script for efficient multi-API tasks.

Fbhchile · Cloud Computing

The Challenge: Why AI Agents Struggle with AWS

AI coding agents have become powerful allies in software development, yet they often stumble when working with Amazon Web Services (AWS). Two primary issues stand out. First, these agents rely on training data that can be months or even years old. When asked about newer services like Amazon S3 Vectors, Amazon Aurora DSQL, or Amazon Bedrock AgentCore, they draw a blank because those details weren't in their original training sets. Second, when agents need to build infrastructure, they default to the AWS Command Line Interface (AWS CLI) instead of modern infrastructure-as-code tools like the AWS Cloud Development Kit (AWS CDK) or AWS CloudFormation. As a result, they generate overly broad AWS Identity and Access Management (IAM) policies that work in a demo but fall short of production-grade security and best practices.

AWS MCP Server Now Generally Available: Secure, Up-to-Date AI Agent Access to AWS Services
Source: aws.amazon.com

Security is another major concern. Granting an AI agent direct access to AWS credentials risks handing over the "keys to the kingdom." Without a controlled, authenticated mechanism, organizations are left balancing productivity with risk.

Introducing the AWS MCP Server

Today, we announce the general availability of the AWS MCP Server, a managed remote Model Context Protocol (MCP) server designed to give AI agents and coding assistants secure, authenticated access to all AWS services through a compact, fixed set of tools. This server is part of the broader Agent Toolkit for AWS, which also includes skills and plugins to help coding agents build more effectively on AWS.

Core Tools: Call AWS API and Real-Time Documentation

The AWS MCP Server provides three core tools that do not consume unnecessary tokens from your model's context window:

  • call_aws – Executes any of over 15,000 AWS API operations using your existing IAM credentials. New APIs are typically supported within days of launch.
  • search_documentation – Retrieves current AWS documentation and best practices at query time, ensuring the agent always works with up-to-date information.
  • read_documentation – Fetches the full content of a given documentation page, again using live data rather than stale training material.

These tools allow agents to perform complex operations without requiring pre-loaded knowledge and without bloating the context window.

New Capabilities in General Availability

With this GA release, we've introduced several important enhancements.

IAM Context Keys for Fine-Grained Access

The AWS MCP Server now supports IAM context keys. This means you no longer need a separate IAM permission to use the server itself. Instead, you can express fine-grained access policies using standard IAM policies, making security management simpler and more consistent with existing AWS practices.

AWS MCP Server Now Generally Available: Secure, Up-to-Date AI Agent Access to AWS Services
Source: aws.amazon.com

Simplified Documentation Retrieval

Documentation retrieval no longer requires authentication. Agents can look up AWS documentation without additional credential overhead, speeding up the workflow while maintaining security for actual API calls.

Reduced Token Consumption

We've optimized the server to reduce the number of tokens required per interaction. This is especially valuable for complex, multi-step workflows where every token saved helps maintain focus and reduce costs.

The run_script Tool: Efficient Data Processing

A standout addition is the run_script tool. This tool lets the agent write a short Python script that runs server-side in a sandboxed environment. The sandbox inherits your IAM permissions but has no network access. This means you can give an agent the ability to process data without granting access to your local file system or a shell.

When an agent needs to call multiple APIs and combine results, doing them one at a time is slow and burns context. With run_script, the agent chains API calls, filters responses, and computes results in a single round-trip. This is both faster and more context-efficient, enabling agents to handle complex tasks like aggregating data from Amazon S3, Amazon DynamoDB, and AWS Lambda in one seamless operation.

From Agent SOPs to Skills

We've transitioned from Agent SOPs to Skills. Skills provide curated guidance and best practices for the tasks where agents need extra context—such as deploying a three-tier architecture or setting up a CI/CD pipeline. This shift makes it easier to manage and update agent instructions as AWS evolves, ensuring that your AI agents stay productive and aligned with current best practices.

With the AWS MCP Server now generally available, developers and organizations can confidently give their AI agents secure, up-to-date access to AWS. The combination of real-time documentation, fine-grained IAM policies, and efficient tooling like run_script means agents can build production-ready infrastructure without compromising security or accuracy.

More Stories

Partner Publications

How to Choose Between CommonJS and ESM for Your JavaScript Project6 Critical Facts About GLiGuard: The Tiny Safety Model That Outperforms GiantsFranklinWH Launches Enhanced 15kWh aPower Battery in Australia and New ZealandHow to Bridge Non-HomeKit Devices to Apple Home Using Homebridge 2.0 and MatterAmazon's 30-Minute Delivery Service Expands to Select US Cities