AWS has recently made its managed Model Context Protocol (MCP) server generally available, giving AI coding agents controlled access to AWS APIs, documentation, and operational workflows through a standard interface. It provides a safer and more auditable way to connect AI agents to AWS services without handing over broad credentials.
The MCP server provides IAM-based access controls, CloudWatch metrics, and CloudTrail logging, enabling organizations to govern and audit agent activity independently. Since its preview at the annual re:Invent conference, AWS has expanded support to cover all AWS APIs, including long-running operations and file uploads, and added sandboxed Python execution for multi-step tasks.
The MCP server is now part of the recently announced Agent Toolkit for AWS, a set of tools, plugins, and workflows that help AI coding agents work with AWS services. The open source toolkit provides agents with up-to-date AWS documentation, controlled API access, and operational guidance to reduce errors, retries, and token usage. Sébastien Stormacq, principal developer advocate at AWS, writes:
AI coding agents are already useful for many tasks, but they run into real trouble when working with AWS at any meaningful depth. Without access to current AWS documentation, agents rely on training data that may be months out of date and may not know about services like Amazon S3 Vectors, Amazon Aurora DSQL, or Amazon Bedrock AgentCore.
Sandboxed execution allows agents to run Python code for multi-step AWS tasks without access to the local filesystem or shell. In addition, documentation search and skill discovery can now be used without requiring AWS credentials.
Source: AWS blog
The MCP Server can be integrated with any AI agent that supports MCP, including Claude Code, Kiro, Cursor, and Codex. In the following example, the setup connects Claude Code to the MCP server through a local configuration command:
claude mcp add-json aws-mcp --scope user \
'{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
The AWS MCP Server uses IAM and SigV4 authentication. As the MCP server currently supports only OAuth 2.1, local AWS credentials can be used through the open-source MCP Proxy for AWS, which runs locally and translates IAM-based authentication into OAuth-compatible requests. Stormacq adds:
The combination of current documentation, authenticated API access, and sandboxed script execution in a single server changes what an agent can actually do on AWS.
Darryl Ruggles, principal cloud solutions architect at Ciena, comments:
You don't hear quite as much about MCP servers these days but they are still important. Giving AI agents access to AWS has always been a balancing act between usefulness and safety (...) The AWS MCP Server is now GA and it seems to take a measured approach.
While some practitioners question the MCP server's value proposition, others discuss security and governance concerns. Kunal Parsewar, DevOps engineer at ReliaQuest, comments:
I am using this with Claude but major concern with it there are no gateways to restrict certain actions or operations.
Jeremy Daly, founder of Ampt, writes:
AWS is trying really hard to be the default platform for AI coding agents. Giving devs an opinionated, authenticated entry point seems like the smart play, but AWS doesn't have the same head start they did with serverless.
The AWS MCP Server is currently available only in two regions, Northern Virginia and Frankfurt. It is free to use, although charges apply to the resources consumed by agents.