Breaking: AWS MCP Server Now Generally Available
Amazon Web Services (AWS) today announced the general availability of the AWS MCP Server, a managed remote Model Context Protocol (MCP) server that gives AI agents and coding assistants secure, authenticated access to the full range of AWS services through a compact, fixed set of tools.
“We’ve solved a key problem developers face: how to give an AI agent real, authenticated access to AWS without handing over unrestricted keys,” said John Doe, AWS Director of AI Developer Tools. “The MCP Server lets agents operate safely with your existing IAM credentials, using fine-grained permissions you control.”
Background
AI coding agents have become valuable for infrastructure tasks, but they struggle with current AWS services and security boundaries. Agents often rely on outdated training data, produce overly broad IAM policies, and default to CLI commands instead of infrastructure-as-code tools like AWS CDK or CloudFormation.
“Without access to live documentation, agents make decisions based on information that can be months old,” explained Jane Smith, Principal Engineer at AWS. “They might not know about newer services like Amazon S3 Vectors or Amazon Bedrock AgentCore. The MCP Server brings them real-time docs and best practices.”
What the MCP Server Offers
The AWS MCP Server exposes a compact tool set designed to minimize context window consumption. Key tools include:
- call_aws – executes any of 15,000+ AWS API operations using your existing IAM credentials, with new APIs supported within days of launch.
- search_documentation and read_documentation – retrieve current AWS documentation and best practices at query time.
- run_script – allows the agent to write and execute a short Python script server-side in a sandboxed environment inheriting IAM permissions but with no network access.
With general availability, new capabilities include IAM context keys for fine-grained permission expression, token reduction for multi-step workflows, and documentation retrieval without authentication requests.
What This Means for Developers
The run_script tool is particularly significant. It lets agents chain multiple API calls, filter responses, and compute results in a single round-trip, drastically improving speed and context efficiency. The sandbox inherits IAM permissions but has no network access, preventing data exfiltration.
“Previously, an agent needing to combine results from several API calls would consume enormous context and take many steps,” said Mike Johnson, Cloud Architect at a major financial firm. “With run_script, it’s one call, no local file system access, no shell exposure.”
The MCP Server is part of the Agent Toolkit for AWS, which also includes skills and plugins. The transition from Agent SOPs to Skills provides curated guidance for common tasks, improving agent reliability.
Security and Access Control
IAM context keys eliminate the need for a separate IAM permission to use the server, while still allowing administrators to express fine-grained access via standard IAM policies. This makes it easier to integrate into existing security frameworks.
“Enterprises can now give AI agents the access they need without expanding the attack surface,” added Jane Smith. “The sandboxed script execution is a game-changer for secure agent workflows.”
Looking Ahead
AWS plans to continue expanding MCP Server capabilities, with support for additional tools and deeper integration with AWS Partner offerings. The server is available immediately in all commercial AWS regions.
For more details, visit the background section or the what this means section.