AWS Launches Managed MCP Server for Secure AI Agent Access to Cloud Services

Breaking: AWS MCP Server Now Generally Available

SEATTLE, WA – March 21, 2025 – Amazon Web Services today announced the general availability of the AWS MCP Server, a managed remote Model Context Protocol server that gives AI agents and coding assistants secure, authenticated access to all AWS services.

AWS Launches Managed MCP Server for Secure AI Agent Access to Cloud Services — Source: aws.amazon.com

The server is part of the Agent Toolkit for AWS, a suite of tooling aimed at helping AI agents build more effectively on the cloud platform. It addresses a long-standing challenge: how to let AI interact with AWS without granting excessive permissions.

“We heard from developers that AI agents were either locked out of critical AWS services or given too much access,” said Dr. Sarah Chen, Vice President of AWS Agent Services. “The MCP Server solves this by offering a tiny but powerful set of tools that work with existing IAM credentials.”

Why This Matters

AI coding agents have struggled with AWS for months. Without current documentation, they rely on outdated training data – missing newer services like Amazon S3 Vectors, Aurora DSQL, or Bedrock AgentCore. They also default to AWS CLI over AWS CDK or CloudFormation, and generate overly permissive IAM policies.

The result? Infrastructure that works in a demo but fails in production. The MCP Server fixes this through three core tools: call_aws for any of the 15,000+ API operations, and search_documentation/read_documentation for real-time, up-to-date AWS best practices.

What’s New with General Availability

Key Features

IAM Context Keys: No separate permission needed to use the server – fine-grained access expressed in a standard IAM policy.
Documentation Without Auth: Documentation retrieval now works without authentication, reducing friction.
Reduced Token Consumption: Fewer tokens per interaction, critical for complex, multi-step workflows.
run_script Tool: Agents can execute short Python scripts in a sandboxed, no-network environment – inheriting IAM permissions but without file system or shell access.

The run_script tool is particularly impactful. It lets agents chain multiple API calls, filter results, and compute in a single round-trip – speeding up workflows and preserving context window space.

From Agent SOPs to Skills

Another major shift: the transition from Agent SOPs to Skills. Skills provide curated, best-practice guidance for specific tasks, making it easier for agents to follow recommended patterns.

“Skills are like a playbook for the agent – they tell it which AWS services to use and how to combine them,” explained Markus Leung, Senior Product Manager at AWS. “This dramatically reduces errors and improves production readiness.”

Background

The problem the MCP Server solves is rooted in the limitations of large language models. They are trained on snapshots of data – often months old – and lack awareness of the fast-moving AWS ecosystem. Without a live documentation feed, agents hallucinate configurations, create insecure IAM policies, and misuse APIs.

Previous solutions required either giving the agent full admin access or building elaborate, brittle permission boundaries. The MCP Server provides a managed, scalable, and secure middle ground.

What This Means

For developers building with AI, this release means they can now trust agents to handle real AWS infrastructure tasks – from provisioning S3 buckets to configuring Bedrock agents – without constant human oversight. The combination of fine-grained IAM keys, sandboxed scripting, and real-time documentation access makes production-grade automation feasible.

“This isn’t just another tool – it’s a shift in how we think about AI and cloud security,” added Dr. Chen. “We expect to see agents handling entire deployment pipelines within months.”

For more on implementing the MCP Server, see the setup guide and best practices in the official documentation.