AWS Launches Managed MCP Server for Secure AI Agent Access to Cloud Services

SEATTLE, WA — AWS today announced the general availability of the AWS MCP Server, a managed remote Model Context Protocol (MCP) server that enables AI agents and coding assistants to securely access all AWS services using a fixed set of tools.

“For months, developers building with AI agents have struggled with a fundamental question: how do you give an agent real, authenticated access to AWS without handing it the keys to the kingdom? Now we have an answer,” said an AWS product manager. The server, part of the Agent Toolkit for AWS, allows agents to perform over 15,000 AWS API operations using existing IAM credentials, while retrieving current documentation in real time.

AI coding agents often fail when working with AWS at depth, relying on outdated training data and producing overly broad IAM policies. The new MCP Server addresses these issues head-on. “Without access to current docs, agents don’t know about services like Amazon S3 Vectors or Aurora DSQL, and they default to the CLI instead of CDK,” the product manager explained.

Background

The AWS MCP Server is a managed implementation of the Model Context Protocol, an open standard for connecting AI agents to external tools and data sources. It eliminates the need for agents to store large documentation sets locally or consume precious context window space with tool definitions.

AWS Launches Managed MCP Server for Secure AI Agent Access to Cloud Services — Source: aws.amazon.com

The server exposes three primary tools: call_aws executes any AWS API operation; search_documentation and read_documentation fetch current AWS best practices at query time. Newly launched AWS APIs are supported within days of release, ensuring agents always work with up-to-date information.

With general availability, AWS has added significant capabilities. IAM context keys now eliminate the need for a separate permission to use the server, enabling fine-grained access control through standard IAM policies. Documentation retrieval no longer requires authentication, and token consumption per interaction has been reduced for complex workflows.

What This Means

The most transformative addition is the run_script tool, which allows agents to execute Python scripts server-side in a sandboxed environment. The sandbox inherits the user’s IAM permissions but has no network access, preventing agents from accessing local files or a shell. This enables agents to chain multiple API calls, filter responses, and compute results in a single round-trip, dramatically improving speed and context efficiency.

“This is a game-changer for multi-step workflows,” the product manager said. “Instead of calling APIs one at a time and burning context, an agent can now process data in a secure, sandboxed environment. It’s faster, safer, and far more context-efficient.”

The AWS MCP Server also introduces Skills, which replaces earlier Agent SOPs. Skills provide curated guidance and best practices for specific tasks, helping agents produce production-ready infrastructure. The server is now available for use with any MCP-compatible coding assistant through the Agent Toolkit for AWS.

For developers, the immediate implication is clear: AI agents can now work with AWS in a secure, authenticated, and up-to-date manner without compromising security or incurring excessive token costs. “We’re empowering agents to build infrastructure the way experienced engineers do—using CDK, following IAM best practices, and accessing the latest services,” the product manager concluded.

Tags:

AWS Launches Managed MCP Server for Secure AI Agent Access to Cloud Services

Background

What This Means

Related Articles

Recommended

Discover More