AI coding agents are already handling a lot. They write code, suggest fixes, and walk developers through complex workflows. But there’s always been a gap: Getting those agents to work reliably and safely inside AWS has been a real challenge.
AWS just closed that gap.
The company announced the general availability of the AWS MCP Server this week — a managed, remote Model Context Protocol (MCP) server that provides AI agents and coding assistants with secure, authenticated access to AWS services. It’s part of the broader Agent Toolkit for AWS, and it’s now ready for production use.
What the AWS MCP Server Actually Does
The core problem it solves is straightforward. AI agents rely on training data. That data has a cutoff date. AWS, on the other hand, keeps shipping. New services, new APIs, updated documentation — the agent doesn’t know what it doesn’t know. And when it guesses, things can go wrong.
The AWS MCP Server addresses this with a compact set of tools that don’t consume the model’s context window. The call_aws tool can execute any of more than 15,000 AWS API operations using existing IAM credentials. When new APIs launch, they’re supported within days. The search_documentation and read_documentation tools pull current AWS documentation and best practices at query time, so the agent always works from up-to-date information.
That’s a meaningful shift. Instead of relying on the agent to know about Amazon S3 Vectors or Amazon Aurora DSQL, the server retrieves that information in real time.
The AWS MCP Server also includes sandboxed script execution, which lets agents run Python code against AWS services for multi-step operations — without access to your local filesystem or shell tools. That last part matters a lot for teams worried about runaway agents doing things they shouldn’t.
Security and Visibility Built In
One of the bigger concerns with AI agents operating in cloud environments is control. Organizations can let coding agents interact with AWS while maintaining visibility and control through IAM-based guardrails, Amazon CloudWatch metrics and AWS CloudTrail logging.
With general availability, the server now supports IAM context keys, so you no longer need a separate IAM permission to use it. Fine-grained access can now be expressed in a standard IAM policy. Documentation retrieval also no longer requires authentication.
For security-conscious engineering teams, these aren’t minor details. They’re the difference between a tool that’s useful in a demo and one that’s deployable in production.
According to Mitch Ashley, VP and practice lead for software lifecycle engineering at The Futurum Group, “MCP reaching general availability on AWS, with IAM enforcement and CloudTrail logging, heralds the protocol as the authenticated control surface for agent-to-cloud operations. Routing 15,000+ API calls through enterprise governance positions AWS to own the trust boundary between agents and cloud infrastructure.”
Ashley continues, “I predict MCP will become the primary work and management surface for general cloud operations, management, and reporting, enabling agents to continue moving up the outcome value chain. Pressure now lands on other hyperscalers to deliver MCP surfaces that meet the same governance bar. Enterprise procurement will treat IAM-grade access controls and audit logging as table stakes, and agent integrations without that enforcement will not clear security review.”
Works With the Tools Developers Already Use
The AWS MCP Server works with any AI agent that supports MCP — which covers most tools available today, including Claude Code, Kiro CLI, Cursor, and Codex. That’s a wide net. AWS isn’t asking developers to adopt a new workflow from scratch—the server slots into what they’re already doing.
Setup is relatively straightforward. Developers install a lightweight proxy, configure their MCP client to point to the AWS endpoint, and authenticate using existing AWS credentials. From there, the agent has what it needs.
The Context Window Problem — Solved
There’s a subtlety here worth noting. Many MCP integrations work by dumping large amounts of context into the model’s context window. That gets expensive fast, and it slows things down.
AWS reduced the number of tokens required per interaction with this release, which matters for complex, multi-step workflows. The design philosophy is deliberate: keep the tool surface small and targeted, retrieve only what’s needed, and let the agent work efficiently.
This is a good model for how agentic tools should be built. Less noise, more precision.
Pricing and Availability
The AWS MCP Server is available at no additional charge. You pay only for the AWS resources your agents use. That’s a clean pricing model — and one that removes a common barrier to adoption.
The server was first previewed at re:Invent 2025, and the GA release reflects several months of iteration based on real developer feedback. The capabilities that shipped at GA — IAM context keys, sandboxed execution, and token-efficiency improvements — address the issues developers actually ran into during the preview.
Why This Matters
AI agents working in cloud environments are no longer a theoretical use case. It’s happening now, at real companies, with real infrastructure. The risk has always been giving an agent too much access with too little oversight.
The AWS MCP Server takes a practical approach: Give the agent what it needs to be useful, wrap it in standard enterprise security controls, and make sure every action is logged and auditable. That’s a reasonable deal for most organizations.
For teams already leaning on AI coding assistants, this is worth a close look.
