Setting up the Agent Toolkit for AWS in Kiro (and Codex, Claude Code, and Cursor)

If you've let a coding agent loose on AWS, you've watched it guess. It invents API parameters that don't exist, or hands you an S3 bucket a security review will bounce on sight. The Agent Toolkit for AWS is built to stop that. By the end of this post you'll have it running in whatever editor you use, plus a tour of what's in it and three workflows worth pointing it at.

I use Kiro day to day, so I'll walk through that setup first. It also works with Codex, Claude Code, Cursor, and any other agent that speaks MCP, the Model Context Protocol, which is the open standard agents use to connect to outside tools and data. I'll cover those too.

What is the Agent Toolkit for AWS?

The Agent Toolkit for AWS is a free, AWS-supported set of tools that gives AI coding agents secure access to AWS, current documentation they can read mid-task, and tested procedures for the work they tend to fumble. It plugs into the agent you already use rather than asking you to switch. In practice, that shows up in a few ways, all detailed in the AWS user guide.

The agent stops guessing about APIs it never saw. The models behind these agents trained on data that's months or years old, so anything AWS shipped recently is missing or wrong in their heads, and the toolkit hands them current docs and references at request time. For multi-step work like least-privilege IAM or a production serverless stack, it follows a vetted skill instead of reconstructing the steps from half-memory. Every call goes through your own IAM credentials, shows up in CloudWatch, and gets logged to CloudTrail, so you can scope an agent to read-only even when your role can write. And the toolkit costs nothing on its own; you pay only for the AWS resources the agent creates.

It's the successor to the MCP servers, skills, and plugins AWS shipped under AWS Labs in 2025. Two things make me reach for it over a raw MCP setup: condition keys that let a policy tell an agent apart from a human, and skills that have been evaluated end to end rather than thrown over the wall.

What's included: the MCP server, skills, plugins, and rules files

Four components work together (reference).

The AWS MCP Server is the access layer, a single endpoint that reaches 300+ AWS services. It runs in two modes depending on what you ask for. Searching AWS docs, pulling service info, and discovering skills need no credentials at all, so the server is useful the moment you connect it. Anything that touches your account, real API calls and the sandboxed Python run_script tool, runs as you through your local AWS credentials. It also stamps two condition keys on every request, aws:ViaAWSMCPService and aws:CalledViaAWSMCP, so your policies can single out agent traffic.

Skills are curated packages of instructions, scripts, and reference material for one task. The agent loads a skill only when it needs it, so they barely touch your context until they're relevant.

Plugins bundle the MCP config and a curated skill set into one install. They're available for Claude Code, Codex, and Cursor; Kiro and other MCP agents connect to the server directly instead, which I cover in the setup steps below. Four ship today:

Plugin	Covers
aws-core	Service selection, CDK/CloudFormation, serverless, containers, storage, observability, billing, SDK usage, deployment. Start here.
aws-agents	Building AI agents on AWS with Amazon Bedrock and AgentCore.
aws-data-analytics	Data lake, analytics, and ETL with S3 Tables, AWS Glue, and Athena.
aws-agents-for-devsecops	Incident investigation, code review, UAT, vulnerability scanning, and pen testing with AWS DevOps Agent and AWS Security Agent.

Rules files are project-level config that sets guardrails: use the MCP Server, find a skill before acting, check the docs, prefer infrastructure-as-code. Rules decide how the agent behaves; skills supply what it does for a given job.

Which skills does the Agent Toolkit include?

The skills are the part I underestimated at first. There are around 64 today (browse the skills/ directory for the live list), split into core and specialized.

Core skills, which ship with aws-core:

amazon-bedrock, aws-billing-and-cost-management, aws-blocks, aws-cdk, aws-cloudformation, aws-containers, aws-iam, aws-messaging-and-streaming, aws-observability, aws-sdk-js-v3-usage, aws-sdk-python-usage, aws-sdk-swift-usage, aws-serverless, signing-in-to-aws.

Specialized skills, grouped by domain (a few from each):

• Serverless (9): connecting-lambda-to-api-gateway, connecting-lambda-to-dynamodb, debugging-lambda-timeouts, processing-s3-uploads-with-step-functions
• Analytics (10): querying-data-lake, ingesting-into-data-lake, managing-amazon-msk, amazon-opensearch-service
• Database (8): amazon-aurora-postgresql, amazon-elasticache, exporting-rds-to-s3, rds-db2
• Networking (5): creating-production-vpc-multi-az, routing-traffic-with-route53-and-cloudfront
• Storage (5): securing-s3-buckets, creating-data-lake-table, storing-and-querying-vectors
• EC2 (3), Operations (3), System table (3), Migration (2), Security and identity (1), Web and mobile (1)

Don't memorize the list. When you ask for "a Lambda behind API Gateway writing to DynamoDB," the agent pulls the matching skills on its own.

Prerequisites

A handful of things need to be in place first. None take long.

• An AWS account. Anything that touches AWS needs one. Sign up here if you don't have one yet.
• AWS credentials on your machine, for the parts that act on your account. The server still connects and answers documentation and skill questions without them, but API calls and run_script need them. The proxy reads the standard AWS credential chain, so aws configure, an SSO login, a named profile, or the usual environment variables all work. New to this? Configuring the AWS CLI is the simplest path. The CLI is the common way to set credentials, not a hard requirement.
• uv, a Python package tool that runs the MCP proxy. Install it with brew install uv on macOS, or the official installer elsewhere. The uvx command in the Kiro config below comes bundled with it.
• Node.js, which gives you the npx command used to install skills. If npx --version prints nothing, install it from nodejs.org.
• AWS CLI 2.35.0 or later, but only if you use the one-command wizard below. Check with aws --version.

How to set up the Agent Toolkit for AWS

The quickest route is the AWS CLI wizard, which configures every agent you have at once. Prefer to do it by hand, or only use one editor? Skip to the per-agent steps below.

Set up every agent at once with the AWS CLI

On a recent AWS CLI, one command detects your installed agents, installs default skills, and configures the MCP Server for all of them:

aws configure agent-toolkit

One gotcha worth calling out, because I hit it. On an older CLI you'll see:

aws: [ERROR]: argument subcommand: Found invalid choice 'agent-toolkit'

That means your AWS CLI predates 2.35.0. Update it (instructions), confirm with aws --version, and rerun. Restart your agent afterward so it picks up the new MCP config.

If you only use one agent, or you want to see exactly what gets wired up, the per-agent steps below do the same thing by hand.

Kiro

Open your Kiro MCP config and add the AWS server. Use .kiro/settings/mcp.json for the current project, or ~/.kiro/settings/mcp.json to turn it on everywhere. Create the file if it doesn't exist yet:

{
  "mcpServers": {
    "aws": {
      "command": "uvx",
      "args": [
        "mcp-proxy-for-aws@1.6.3",
        "https://aws-mcp.us-east-1.api.aws/mcp",
        "--metadata", "AWS_REGION=us-west-2"
      ]
    }
  }
}

If your config already lists other servers under mcpServers, add the aws entry next to them instead of replacing the block, and keep the JSON valid (mind the commas). Change AWS_REGION to the region you work in.

Pin the proxy version rather than tracking latest. You get reproducible behavior and a guard against a bad release. Check PyPI every few weeks and bump it on purpose.

Then install the skills:

npx skills add aws/agent-toolkit-for-aws/skills

Open Kiro's MCP Server view (the Kiro panel in the sidebar, or search "MCP" in the command palette), reconnect the aws server, and you're live.

Codex

Add the marketplace, then install from inside Codex:

codex plugin marketplace add aws/agent-toolkit-for-aws

Launch Codex, run /plugins, and install aws-core.

Claude Code

The plugins live on the official Anthropic marketplace, included by default:

/plugin install aws-core@claude-plugins-official

Hit Plugin not found? Refresh the index with /plugin marketplace update claude-plugins-official and try again. Add aws-agents, aws-data-analytics, or aws-agents-for-devsecops the same way.

Cursor

Add the repo as a team marketplace: Settings → Plugins → Team Marketplaces → Add Marketplace → Import from Repo, pointed at aws/agent-toolkit-for-aws. Open the Plugins panel and install aws-core first, then the others as needed.

Other agents (Windsurf, Cline, and more)

Anything that speaks MCP works, including Windsurf and Cline. Configure the AWS MCP Server directly (see the server setup guide), then run npx skills add aws/agent-toolkit-for-aws/skills.

How do I check it's working?

Start a fresh conversation and ask: "What AWS Regions are available?" If the agent returns a list, the MCP Server is connected. For a skill check, ask it to "secure an S3 bucket" and watch it load securing-s3-buckets before it writes anything. An authentication error instead means your local credentials aren't reaching the server; see Prerequisites for how to set them up.

Three workflows that show the payoff

Setup is the boring part. The workflows below are where it pays off, and each one names the skills and components doing the work.

1. Stand up a serverless API, end to end

Prompt: "Build a REST API: API Gateway in front of a Lambda that reads and writes a DynamoDB table, deployed with CDK."

This is the kind of task agents usually botch, because it spans four services and the IAM glue between them. The agent pulls aws-serverless, connecting-lambda-to-api-gateway, connecting-lambda-to-dynamodb, and aws-cdk, then uses the MCP Server's API tools to provision and the run_script sandbox for multi-step setup. The skills carry the wiring, so the Lambda role scopes to your specific table instead of granting access to everything (*), and the CDK stack follows current patterns instead of a 2023 blog post the model half-remembers.

2. Troubleshoot a production issue you can't reproduce

Prompt: "My checkout Lambda times out intermittently and error rates spiked this morning. Help me find why."

Point the agent at the symptom and it follows a real diagnostic path. debugging-lambda-timeouts and troubleshooting-application-failures give it the procedure, while aws-observability and querying-aws-cloudwatch let it read the actual logs and metrics through the MCP Server. It checks the configured timeout against duration metrics, looks for cold starts, and inspects downstream calls that block, then tells you what it found. You get an actual investigation rather than a guess.

3. Hand an agent production access without losing sleep

Prompt: "Audit this account's S3 buckets and secrets, and flag anything risky."

This is the workflow that separates the toolkit from wiring up a raw MCP server. Before you run it, scope the agent's IAM role to read-only with the condition keys the MCP Server attaches, aws:ViaAWSMCPService and aws:CalledViaAWSMCP, so it can inspect and plan but cannot change anything, even though your own role can. Writing that policy is an advanced step, and the user guide explains how the condition keys fit in; you can skip it the first time through and still get value from the audit. The agent uses securing-s3-buckets and creating-secrets-using-best-practices as its rubric for what counts as risky, and every call lands in CloudTrail for you to review later.

How to update and remove skills

On AWS CLI 2.35.0+, the aws agent-toolkit command group manages skills across all your agents from the terminal:

aws agent-toolkit list-installed-skills
aws agent-toolkit add-skill --skill-name aws-serverless
aws agent-toolkit update-skill --skill-name aws-serverless
aws agent-toolkit remove-skill --skill-name aws-cdk --agent kiro

There's also search-skills, list-available-skills, and get-skill-metadata for browsing the catalog from the terminal. Without the CLI, re-run npx skills add aws/agent-toolkit-for-aws/skills to pull new skills, and remove them with npx skills remove <skill-name>. The MCP Server itself is AWS-hosted, so its API coverage and docs stay current on their own. The one thing you pin and bump yourself is the proxy version in your config.

Frequently asked questions

Is the Agent Toolkit for AWS free?
Yes. The toolkit costs nothing to install or use. You pay only standard AWS rates for the resources your agent creates or calls.

Which AWS CLI version do I need for aws configure agent-toolkit?
Version 2.35.0 or later. Older versions don't recognize the command and fail with Found invalid choice 'agent-toolkit'. Check yours with aws --version.

How do I fix "Found invalid choice 'agent-toolkit'"?
Upgrade the AWS CLI to 2.35.0 or later, since the command shipped in that release. On macOS with Homebrew, run brew upgrade awscli, then confirm with aws --version.

Do I need an AWS account and credentials?
Credentials are needed only for actions that touch your account, like API calls and run_script. Documentation search and skill discovery work with no credentials. Anything that provisions or reads real resources needs an AWS account.

Which coding agents does it work with?
Kiro, Claude Code, Codex, and Cursor have first-class setups, and any MCP-compatible agent works too, including Windsurf and Cline. Plugins cover Claude Code, Codex, and Cursor; Kiro and the rest connect to the MCP server directly.

How is it different from the AWS Labs MCP servers?
It's the successor to AWS Labs. The differences that matter: IAM condition keys that separate agent actions from human ones, CloudWatch and CloudTrail on every request, and skills evaluated end to end.

How do I give a coding agent read-only access to AWS?
Scope its IAM role with the condition keys the MCP server attaches, aws:ViaAWSMCPService and aws:CalledViaAWSMCP, to allow reads and deny writes. The agent can inspect and plan but not change anything, even when your own role can.

How do I update or remove skills?
On AWS CLI 2.35.0+, use aws agent-toolkit update-skill and aws agent-toolkit remove-skill. Otherwise re-run npx skills add aws/agent-toolkit-for-aws/skills to update, and npx skills remove <skill-name> to remove.

What to try next

• Build the serverless API above, then ask the agent to add a CloudWatch alarm with setting-up-cloudwatch-alarm-notifications and watch it connect the alarm to an SNS topic.
• Set up the read-only profile from workflow 3, hand it a real account, and confirm the agent can plan a change but not apply one. That's what makes me comfortable letting one near production.

Further reading

• Agent Toolkit for AWS repo. The source, every skill, and the plugin definitions.
• What is the Agent Toolkit for AWS?. Components and capabilities.
• Getting started. Install and verify.
• AWS CLI for the toolkit. The setup wizard and the skill commands.
• AWS MCP Server tools. Every tool the server exposes.

About the author

Saurabh Dahal is a developer advocate at AWS, working with the latest agentic and AI tools for developers to help boost developer productivity. He set up the Agent Toolkit for AWS across Kiro, Codex, Claude Code, and Cursor for this guide.

Published June 30, 2026. Last updated June 30, 2026.