The dirty secret of AI coding agents working on AWS has always been the credential problem: give the agent too much access and you've handed over the keys; give it too little and it's useless.
AWS just shipped its answer.
The Problem It's Solving
AI coding agents working with AWS have two compounding failure modes. First, their training data goes stale fast. Without access to current AWS documentation, agents rely on training data that may be months out of date and may not know about services like Amazon S3 Vectors, Amazon Aurora DSQL, or Amazon Bedrock AgentCore. Second, when they do reach for AWS tooling, their instincts are wrong: they tend to reach for the AWS CLI rather than AWS CDK or CloudFormation, and they produce IAM policies that are far broader than necessary. The result is infrastructure that clears a demo and breaks in production.
The deeper issue is structural. Before this release, connecting an AI agent to AWS meant either injecting broad credentials into a prompt context — a governance nightmare — or building custom middleware that quickly becomes a maintenance burden. Neither solution scales in an enterprise setting where audit trails and least-privilege access aren't optional.
How the AWS MCP Server Actually Works
The AWS MCP Server is now part of the recently announced Agent Toolkit for AWS, a set of tools, plugins, and workflows that help AI coding agents work with AWS services. The toolkit's open-source codebase is available on GitHub.
The server exposes a compact, fixed tool set rather than dumping the entire AWS surface area into the agent's context window. The call_aws tool covers all 15,000+ AWS API operations using existing IAM credentials. The search_documentation and read_documentation tools pull current AWS docs at query time, bypassing the model's knowledge cutoff entirely. And the newest addition, run_script, lets the agent execute short Python scripts server-side in a sandboxed environment — no local filesystem access, no shell, IAM permissions inherited but network-isolated.
When an agent needs to call multiple APIs and combine the results, making them one at a time is slow and burns context. With run_script, the agent chains API calls, filters responses, and computes results in a single round-trip, which is both faster and more context-efficient.
On authentication: the AWS MCP Server uses IAM and SigV4 authentication. As the MCP server currently supports only OAuth 2.1, local AWS credentials can be used through the open-source MCP Proxy for AWS, which runs locally and translates IAM-based authentication into OAuth-compatible requests. It's a thin bridge, not a workaround — the IAM trust model stays intact end-to-end.
The call_aws configuration for Claude Code is a single command:
claude mcp add-json aws-mcp --scope user \
'{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
What Teams Are Actually Using It For
The stale-documentation problem is the most immediately visible win. AWS's own demo illustrates it cleanly: ask Claude Code (backed by Opus 4.6, knowledge cutoff May 2025) how to store embeddings on S3 without the MCP server, and you get five technically correct answers — none of which mention Amazon S3 Vectors, which launched in preview July 2025. Connect the MCP server, ask the same question, and the agent searches live AWS documentation and surfaces S3 Vectors directly.
Beyond documentation freshness, the enterprise governance story is significant. You can use IAM policies or Service Control Policies to specify that a given user can perform mutating operations while the MCP server is restricted to read-only actions. Amazon CloudWatch metrics published under the AWS-MCP namespace let you observe MCP server calls separately from direct human calls, giving you the audit trail that compliance teams require. Amazon CloudTrail captures all API calls for a complete record.
Documentation search and skill discovery can now be used without requiring AWS credentials — a deliberate decision to lower the barrier for read-only exploration without relaxing the security posture on mutating operations.
Why This Is a Bigger Deal Than It Looks
The Skills system — curated guidance and best practices for the tasks where agents most commonly make mistakes — is the part of this release that deserves more attention than it's getting. Skills are contributed and maintained by AWS service teams, which means the agent's guidance on IAM policy scoping, CDK patterns, or CloudFormation structure comes from the people who own those services, updated when those services change. That's a fundamentally different posture than baking best practices into a system prompt and hoping the model generalizes correctly.
The governance architecture also matters at an industry level. Darryl Ruggles, principal cloud solutions architect at Ciena, notes that the AWS MCP Server takes "a measured approach" to the long-standing tension between usefulness and safety in giving AI agents access to AWS. That measured approach — IAM context keys, CloudWatch namespacing, CloudTrail integration — is the kind of governance scaffolding that turns an interesting prototype into something a CISO will actually approve.
The open question raised by practitioners is fair: some question whether there are gateways to restrict certain actions or operations. Fine-grained operation-level blocking beyond standard IAM is still on the community's wishlist.
Availability and Access
The AWS MCP Server is currently available only in two regions, Northern Virginia and Frankfurt. It is free to use, although charges apply to the resources consumed by agents.
The MCP Server can be integrated with any AI agent that supports MCP, including Claude Code, Kiro, Cursor, and Codex. The full setup guide lives in the AWS MCP Server User Guide. You'll need uv installed (curl -LsSf https://astral.sh/uv/install.sh | sh) before wiring up the proxy.
The Agent Toolkit for AWS is the broader container this fits into — worth watching as AWS continues adding skills and plugins from individual service teams.
Every major cloud provider is now racing to become the default infrastructure layer for agentic AI. AWS isn't winning that race on documentation freshness alone — they're winning it by being the only provider that's built IAM governance directly into the MCP layer from day one.
Follow for more coverage on MCP, agentic AI, and AI infrastructure.
Top comments (0)