AWS Launches MCP Server: Giving AI Agents Secure, Authenticated Access to the Cloud

For developers integrating AI agents into their workflows, a persistent challenge has been the “keys to the kingdom” dilemma: how do you grant an agent enough access to be useful without compromising the security of your entire AWS environment? Until now, AI coding assistants often relied on outdated training data or overly broad IAM policies that were unsuitable for production.

AWS has addressed this gap with the general availability of the AWS MCP Server. As part of the broader Agent Toolkit for AWS, this managed remote Model Context Protocol (MCP) server allows AI agents and coding assistants to interact with AWS services through a secure, authenticated, and streamlined set of tools.

Bridging the Gap Between AI Agents and AWS

While AI coding agents are proficient at general tasks, they often struggle with the depth and velocity of AWS updates. Agents relying solely on training data may be unaware of recently launched services—such as Amazon S3 Vectors or Amazon Aurora DSQL—and frequently default to the AWS Command Line Interface (CLI) rather than more robust infrastructure-as-code tools like the AWS Cloud Development Kit (CDK) or AWS CloudFormation.

The AWS MCP Server solves these issues by providing a compact set of tools that keep the model’s context window clear while ensuring the agent has the most current information and capabilities.

Core Toolset Capabilities

• API Execution: The call_aws tool enables agents to execute over 15,000 AWS API operations using existing IAM credentials. New APIs are typically supported within days of launch.
• Real-Time Documentation: The search_documentation and read_documentation tools retrieve the latest AWS documentation and best practices at query time. This ensures agents don’t rely on stale training data.
• Sandboxed Scripting: The run_script tool allows agents to write and execute short Python scripts in a server-side sandboxed environment. This sandbox inherits IAM permissions but lacks network access, allowing the agent to process data without accessing the local file system or shell.

From SOPs to Skills: Reducing Hallucinations

One of the most significant updates in the general availability release is the transition from Agent Standard Operating Procedures (SOPs) to Skills. Skills are curated guidance and best practices maintained by AWS service teams for common tasks where agents typically err.

By using Skills, agents can complete work faster and with fewer errors. This curated approach keeps the tool list short and predictable, which directly reduces the likelihood of AI hallucinations and keeps the agent focused on the task at hand, ultimately saving developers time and reducing token consumption.

Enterprise-Grade Security and Governance

For enterprise environments, the AWS MCP Server introduces critical boundaries between human and agent permissions. Security teams can utilize IAM policies or Service Control Policies (SCPs) to enforce strict access controls—for example, allowing a human user to perform mutating operations while restricting the MCP server to read-only actions.

Auditability and Monitoring:

• Amazon CloudWatch: Metrics published under the AWS-MCP namespace allow organizations to observe MCP server calls separately from direct human interactions.
• Amazon CloudTrail: Every API call is captured, providing a complete audit trail for compliance requirements.
• IAM Context Keys: The server now supports IAM context keys, allowing for fine-grained access expression within standard IAM policies without requiring a separate permission to use the server.

Implementation and Compatibility

The AWS MCP Server is designed to work with any MCP-compatible client, including Claude Code, Cursor, and Kiro. Because the AWS MCP Server uses IAM and IAM SigV4 authentication—while MCP natively supports OAuth 2.1—AWS provides an open-source MCP Proxy for AWS. This proxy runs locally to bridge the authentication gap between the agent and the AWS server.

Quick Setup Requirements

To get started, users must have uv installed. The configuration involves adding the MCP JSON to the agent, specifying the regional endpoint (such as https://aws-mcp.us-east-1.api.aws/mcp) and the target AWS region via metadata.

Availability and Pricing

The AWS MCP Server is currently available in the US East (N. Virginia) and Europe (Frankfurt) regions, though it can make API calls to any AWS region.

There is no additional charge for the AWS MCP server itself. Users only pay for the AWS resources they create and any applicable data transfer costs. For detailed implementation steps, developers can refer to the AWS MCP Server User Guide.