Secure Your AI Agents with AWS MCP Server: Q&A on the New General Availability

AI coding agents have proven incredibly useful for automating tasks, but they often struggle when interacting with AWS at a meaningful depth. They may rely on outdated documentation, produce overly permissive IAM policies, or default to the AWS CLI instead of infrastructure-as-code tools. The newly generally available AWS MCP Server addresses these challenges head-on. Below, we answer key questions about how this managed remote Model Context Protocol (MCP) server provides secure, authenticated AWS access to AI agents while keeping your environment production-ready.

What is the AWS MCP Server and why is it important?

The AWS MCP Server is a managed remote MCP server that provides AI agents and coding assistants with secure, authenticated access to all AWS services through a small, fixed set of tools. It is part of the Agent Toolkit for AWS, which includes skills and plugins to help coding agents build more effectively on AWS. Its importance lies in solving a fundamental problem: giving an agent real access to AWS without handing over unrestricted permissions. Without such a layer, agents might use stale training data, write overly broad IAM policies, or rely on the AWS CLI rather than best practices like the AWS CDK or CloudFormation. The MCP Server ensures agents work with current information and follow secure, scoped access, making their output production-ready.

How does the AWS MCP Server provide secure access to AWS?

The server uses a compact set of tools that do not consume your model’s context window excessively. The primary tool, call_aws, executes any of over 15,000 AWS API operations using your existing IAM credentials. This means the agent never needs its own keys; all actions are subject to your existing permissions and policies. Additionally, the server supports IAM context keys—a new GA feature—allowing you to express fine-grained access controls in a standard IAM policy without needing a separate permission to use the server itself. The agent also cannot directly access a shell or local file system; all code execution happens in a sandboxed environment with network access disabled, inheriting only your IAM permissions.

What new features come with the general availability?

Alongside the stable release, several enhancements debut. First, IAM context keys enable more precise permission management directly within your IAM policies. Second, documentation retrieval no longer requires authentication, so agents can fetch current AWS docs without risking credential exposure. Third, the server uses fewer tokens per interaction, which is critical for complex, multi-step workflows. Finally, the new run_script tool lets agents execute short Python scripts server-side in a sandbox. This sandbox inherits your IAM permissions but has no network access, allowing data processing without local system access. These improvements make the server more efficient, secure, and easier to govern.

How does the run_script tool enhance agent capabilities?

The run_script tool allows the agent to write and execute short Python scripts on the server in a sandboxed environment. This is a game changer for tasks that require multiple API calls and result chaining. Instead of making many sequential API calls—each consuming context and time—the agent can bundle multiple AWS API calls into a single script, filter responses, and compute results in one round-trip. This dramatically reduces latency and token usage, and it prevents the agent from accessing your local file system or a shell. For example, an agent can query an Amazon DynamoDB table, process the results, and write to Amazon S3—all within one script. The sandbox inherits your IAM role, so security is maintained.

What is the difference between Agent SOPs and Skills?

With the general availability, the AWS MCP Server transitions from Agent SOPs (Standard Operating Procedures) to Skills. Skills are curated guidelines and best practices for specific tasks on AWS, designed to be more modular and composable than the earlier SOPs. While SOPs provided step-by-step instructions, Skills offer flexible, context-aware guidance that adapts to the agent’s current task. They are part of the Agent Toolkit and help agents choose the right AWS services and patterns—like using the AWS CDK over the CLI, or writing IAM policies with least privilege. This shift makes it easier for developers to extend and customize the agent’s knowledge, ensuring it always follows current best practices.

How does the server ensure agents use up-to-date AWS documentation?

The AWS MCP Server includes dedicated tools: search_documentation and read_documentation. These tools retrieve current AWS documentation and best practices at query time, rather than relying on the agent’s potentially outdated training data. Because documentation retrieval now requires no authentication (as of GA), the agent can access the latest information without any additional credential overhead. This means that even when new services launch—like Amazon S3 Vectors, Amazon Aurora DSQL, or Amazon Bedrock AgentCore—the agent can learn about them within days. This keeps the agent’s recommendations and code generation aligned with current AWS offerings, preventing it from falling back on months-old knowledge.