AWS MCP Server Reaches General Availability with Enhanced Security and Efficiency for AI Agents

Introduction

As AI agents and coding assistants become more powerful, developers face a persistent challenge: how can these tools interact with Amazon Web Services (AWS) in a secure, authenticated manner without granting them excessive permissions? This question has been a growing concern for teams building agent-based workflows. The answer is now here with the general availability of the AWS MCP Server—a managed remote Model Context Protocol (MCP) server that provides AI agents with a limited, fixed set of tools to access AWS services safely and efficiently.

The Challenge of AI Agents on AWS

AI coding agents have proven useful for automating tasks, but they often struggle when working with AWS at depth. Without access to the latest documentation, agents rely on training data that can be months old, missing updates about new services like Amazon S3 Vectors, Amazon Aurora DSQL, or Amazon Bedrock AgentCore. When agents build infrastructure, they tend to default to the AWS Command Line Interface (AWS CLI) instead of modern tools like AWS Cloud Development Kit (AWS CDK) or AWS CloudFormation. They also generate excessively broad Identity and Access Management (IAM) policies. The result is infrastructure that works in a demo but isn’t ready for production.

Introducing the AWS MCP Server

The AWS MCP Server is a core component of the Agent Toolkit for AWS, a suite that includes the MCP server, skills, and plugins designed to help coding agents build more effectively on AWS. The server solves the security and accuracy problem by offering a compact set of tools that do not consume the model’s context window. Instead of giving agents unrestricted access to AWS, the server exposes only a few carefully designed tools that perform specific operations.

Key Features and Tools

The call_aws Tool

This tool enables agents to execute any of the 15,000+ AWS API operations using your existing IAM credentials. When new APIs launch, they become available within days, ensuring agents always have access to the latest capabilities. This approach eliminates the need for agents to know a vast number of API calls—they only need to use one tool.

Documentation Retrieval Tools

The search_documentation and read_documentation tools retrieve current AWS documentation and best practices at query time. This means agents always work from up-to-date information, avoiding reliance on outdated training data. In the general availability release, documentation retrieval no longer requires authentication, simplifying setup.

The run_script Tool

One of the most powerful additions is the run_script tool, which allows agents to write short Python scripts that execute server-side in a sandboxed environment. The sandbox inherits your IAM permissions but has no network access, so agents can process data without gaining access to your local file system or a shell. This tool is especially useful for multi-step workflows where an agent needs to call multiple APIs and combine results. Instead of making individual calls that are slow and consume context, the agent chains API calls, filters responses, and computes results in a single round-trip—faster and more context-efficient.

New Capabilities in General Availability

The general availability release introduces several key improvements beyond the base tools:

• IAM context keys support: You no longer need a separate IAM permission to use the server. Fine-grained access can now be expressed in a standard IAM policy using context keys.
• Reduced token consumption: The server now uses fewer tokens per interaction, which is critical for complex, multi-step workflows where context windows are limited.
• Documentation retrieval without authentication: The read_documentation and search_documentation tools no longer require authentication, streamlining agent setup.

Skills: Curated Guidance for Agents

Another significant advancement is the transition from Agent SOPs to Skills. Skills provide curated guidance and best practices for specific tasks, helping agents build infrastructure that follows AWS recommended patterns. Unlike SOPs, which were more rigid, Skills offer a dynamic way to inject expertise into agent workflows, ensuring that the infrastructure created is production-ready from the start.

Conclusion

The AWS MCP Server’s general availability marks a milestone for developers who want to leverage AI agents securely on AWS. By providing a controlled set of tools that access current documentation and APIs, the server addresses the major pitfalls of agent-driven development—outdated knowledge, overly permissive IAM policies, and inefficient context usage. With features like the run_script tool, Skills, and improved authentication, teams can now build with confidence that their AI agents are both powerful and safe.

To get started, visit the Agent Toolkit for AWS page and explore how the AWS MCP Server can transform your agent workflows.