AWS MCP Server General Availability: Secure Agent Access to AWS Services

The AWS MCP Server, now generally available, provides AI agents with secure, authenticated access to AWS services. It addresses common agent challenges like outdated documentation and overly broad permissions. Here are key questions answered.

What is the AWS MCP Server and why was it created?

The AWS MCP Server is a managed remote Model Context Protocol (MCP) server that gives AI agents and coding assistants secure, authenticated access to all AWS services through a compact set of tools. It was created to solve a critical problem: agents often need real AWS access but cannot be trusted with full account keys. Without the server, agents rely on stale training data, produce overly permissive IAM policies, and default to the AWS CLI instead of modern tools like AWS CDK. The server provides a secure bridge, using existing IAM credentials and offering fine-grained access control. It is part of the Agent Toolkit for AWS, which includes skills and plugins to help agents build effectively on AWS.

AWS MCP Server General Availability: Secure Agent Access to AWS Services — Source: aws.amazon.com

How does the server address outdated AWS knowledge?

Agents often work with training data that is months out of date, missing new services like Amazon S3 Vectors or Amazon Aurora DSQL. The AWS MCP Server solves this through two documentation tools: search_documentation and read_documentation. These retrieve current AWS documentation and best practices at query time, ensuring the agent always acts on up-to-date information. Additionally, the call_aws tool executes any of 15,000+ AWS API operations using the agent's existing IAM credentials. When new APIs are launched, they become available within days, so the agent never falls behind. This combination keeps the agent's knowledge fresh and its actions aligned with the latest AWS services and recommendations.

What are the major new features in the general availability release?

The general availability release introduces several enhancements. First, IAM context keys are now supported, eliminating the need for a separate IAM permission to use the server. This allows administrators to express fine-grained access directly in standard IAM policies. Second, documentation retrieval no longer requires authentication, simplifying setup. Third, the number of tokens required per interaction has been reduced, which is critical for complex, multi-step workflows where context windows are limited. The most significant addition is the run_script tool, which lets the agent execute short Python scripts in a sandboxed environment. Also, the server transitions from Agent SOPs to Skills, providing curated guidance for common tasks. These features collectively enhance security, efficiency, and usability.

How does the run_script tool work and what are its benefits?

The run_script tool allows an agent to write and execute short Python scripts server-side in a sandboxed environment. The sandbox inherits the agent's IAM permissions but has no network access, preventing it from accessing local files or shells. This means you can give the agent data processing capabilities without risking your local environment. When an agent needs to call multiple AWS APIs and combine results, doing so one at a time is slow and consumes context tokens. With run_script, the agent chains API calls, filters responses, and computes results in a single round-trip, which is both faster and more context-efficient. This tool is ideal for complex workflows like aggregating metrics or transforming data.

How does the server ensure security and fine-grained access control?

Security is built into the AWS MCP Server from the ground up. It uses your existing IAM credentials, so agents only have the permissions you explicitly grant. With IAM context keys, you can define precise access conditions in standard IAM policies without needing separate server permissions. The run_script tool's sandbox further limits risk: scripts run without network access, so agents cannot exfiltrate data or access local resources. Documentation retrieval now requires no authentication, reducing credential exposure. Additionally, the toolset is intentionally compact to minimize attack surface. All API calls are made through the call_aws tool, which respects your IAM policies. This approach ensures agents can perform real work while preventing the broad access that would come from handing out account keys.

What is the transition from Agent SOPs to Skills?

The general availability release marks a shift from Agent SOPs (Standard Operating Procedures) to Skills. While SOPs provided static instructions, Skills offer curated guidance and best practices for common tasks like building infrastructure or writing IAM policies. Unlike SOPs, Skills are designed to be more adaptable and context-aware, allowing agents to apply the right procedures based on the user's specific request. Skills are integrated into the AWS MCP Server and work alongside the documentation tools to ensure agents follow modern patterns, such as using AWS CDK over AWS CLI or generating least-privilege IAM policies. This transition makes it easier for agents to produce production-ready infrastructure that follows AWS well-architected frameworks.

Tags: