AWS MCP Server Goes GA: AI Agents Now Get Secure, Authenticated Access to AWS Services

Breaking News

Amazon Web Services today announced the general availability of the AWS MCP Server, a managed remote Model Context Protocol server that gives AI agents and coding assistants secure, authenticated access to all AWS services through a small, fixed set of tools. The announcement was made during a press briefing, marking a significant step in enabling AI to work with cloud infrastructure safely.

“We’ve heard from developers that giving AI agents access to AWS without compromising security was a major pain point,” said Dr. Werner Vogels, CTO of Amazon.com. “The AWS MCP Server solves that by using existing IAM credentials and fine-grained context keys, so agents get just the permissions they need—nothing more.”

The server is part of the Agent Toolkit for AWS, a suite that includes skills and plugins to help coding agents build more effectively on AWS. With GA, the MCP Server introduces several new capabilities, including IAM context keys, sandboxed script execution, and documentation retrieval without authentication.

Background

AI coding agents have struggled with AWS due to outdated training data and a tendency to default to the AWS CLI instead of infrastructure-as-code tools like AWS CDK or CloudFormation. This often results in overly broad IAM policies and infrastructure that works in demos but fails in production.

Without access to current documentation, agents miss new services such as Amazon S3 Vectors, Amazon Aurora DSQL, and Amazon Bedrock AgentCore. The AWS MCP Server addresses these issues by providing tools that retrieve up-to-date documentation at query time and execute any of the 15,000+ AWS API operations using existing IAM credentials.

New Capabilities at GA

The call_aws tool lets agents invoke any AWS API, with new APIs supported within days of launch. The search_documentation and read_documentation tools fetch current best practices without consuming the model’s context window.

IAM context keys now allow fine-grained access policies without requiring a separate IAM permission to use the server itself. Documentation retrieval no longer requires authentication, reducing friction for agents.

The most significant addition is the run_script tool, which lets an agent write a short Python script that runs server-side in a sandboxed environment. The sandbox inherits IAM permissions but has no network access—preventing agents from accessing local file systems or shells. This enables chaining multiple API calls and data processing in a single round-trip, saving time and context.

What This Means

For developers, the AWS MCP Server removes a major barrier: handing an AI agent access to AWS without handing over the “keys to the kingdom.” By using standard IAM roles and context keys, agents can operate within strict security boundaries while still performing complex, multi-step workflows.

The shift from Agent SOPs to Skills provides curated guidance for common tasks, further reducing errors and speeding up development. As AI agents become more integrated into cloud operations, this level of secure, authenticated access is critical for production-ready infrastructure.

Early adopters report that the run_script tool alone has cut workflow times by up to 40%, and the context-efficient design allows longer, more complex agent interactions. With GA, AWS is positioning the MCP Server as a foundational piece for the next generation of cloud-native AI tools.

Additional Context

The AWS MCP Server is available immediately in all commercial AWS regions. Pricing follows standard AWS API call rates, with no additional cost for the server itself. For more details, see the Background section above or the official documentation.