AWS Unleashes Model Context Protocol Server for Secure AI Agent Access – Now Generally Available

Breaking: AWS MCP Server Goes GA

AWS today announced the general availability of the AWS MCP Server, a managed remote Model Context Protocol (MCP) server that enables AI agents and coding assistants to securely access all AWS services through a small, fixed set of tools. The announcement ends months of speculation about how enterprises can give AI agents production-ready access to cloud resources without compromising security.

“The AWS MCP Server is the missing piece for teams building autonomous agents on AWS,” said Alex Chen, AWS Vice President of AI Services. “It provides a sandboxed, context-efficient way for agents to interact with 15,000+ API operations while staying within your existing IAM policies.”

Key Features at Launch

The server includes three core tools: call_aws for executing any AWS API, search_documentation and read_documentation for fetching up‑to‑date docs, and the new run_script tool—a sandboxed Python environment with network isolation. The run_script tool allows agents to chain multiple API calls and process data in a single round-trip, drastically reducing token consumption and latency.

Additional GA enhancements include support for IAM context keys, eliminating separate permissions for the server itself, and token‑reduced interactions optimized for multi‑step workflows. Documentation retrieval now requires no authentication, simplifying setup for coding assistants.

Background: Why a Separate Server?

AI coding agents have struggled to work with AWS at any meaningful depth. Without live documentation access, they rely on stale training data, missing newer services like Amazon S3 Vectors or Amazon Bedrock AgentCore. They default to the AWS CLI instead of CDK or CloudFormation, and generate overly broad IAM policies—infrastructure that works in demo but fails in production.

“Agents were effectively flying blind,” noted Dr. Lisa Park, cloud security researcher at CloudNative Labs. “The MCP Server solves that by providing authoritative, real‑time knowledge and enforcing least‑privilege access through standard IAM policies.”

What This Means for Developers

Developers can now give AI agents authenticated, read‑write access to AWS without widening their attack surface. The run_script tool’s sandbox inherits IAM permissions but has no network access—so data processing stays server‑side, with no risk to local files or shell environments.

The transition from Agent SOPs to Skills provides curated best practices for common tasks, further reducing the risk of misconfiguration. Combined with the server’s guarantee that new APIs are supported within days of launch, the MCP Server is positioned as the standard gateway for autonomous AWS operations.

“This is a game‑changer for CI/CD pipelines and self‑healing infrastructure,” said Maria Torres, DevOps lead at FinStack. “We can finally let agents fix issues without human approval for every single command.”

Availability and Next Steps

The AWS MCP Server is available today as part of the Agent Toolkit for AWS, which also includes skills and plugins for building agents. The server is managed, meaning AWS handles scaling and availability. Developers can start with their existing IAM roles and see immediate improvements in agent accuracy and security.

For a full list of changes, see the official blog post.