AWS opens its cloud to AI agents
AI agents often fail with AWS because their training knowledge is outdated. The MCP server, now generally available, is intended to solve this problem.
(Image: Moritz Förster / KI / iX)
AWS has made its MCP server generally available. The service is intended to give AI agents and coding assistants controlled access to AWS resources without granting them blanket extensive rights. Via the managed remote server, agents can call AWS APIs and query current AWS documentation at runtime. The MCP server is part of the Agent Toolkit for AWS.
The Model Context Protocol (MCP) is an open standard that allows AI applications to connect to external tools, data sources, and services. With the interface, AI models can not only access their training data but also retrieve current information and use functions as needed.
Compact toolbox against outdated model knowledge
With the service, AWS aims to address a practical problem for many coding agents: For AWS tasks, they often rely on outdated model knowledge, are unaware of newer services, or generate infrastructure that is runnable but not production-ready. AWS cites examples such as overly broad IAM policies or the tendency to favor the AWS CLI over CDK or CloudFormation.
At its core, the MCP server offers a small, fixed number of tools. The call_aws tool covers more than 15,000 AWS API operations, using existing IAM credentials. Via search_documentation and read_documentation, agents can also load current AWS documentation and best practices. AWS aims to reduce hallucinations and bring answers closer to the current state of the platform.
New functions: Sandbox for Python scripts
With general availability, several new functions are added. The server now supports IAM Context Keys, allowing access to be controlled more finely via regular IAM policies. Looking up documentation will no longer require authentication. According to AWS, the token requirement per interaction also decreases – a point that is particularly relevant for longer, multi-step workflows.
Technically, the new run_script tool is the most interesting. It allows an agent to execute short Python scripts server-side in a sandbox. While the runtime environment inherits the user's IAM permissions, it has neither network access nor access to the local file system or a shell. This allows multiple API calls to be chained in a single step, results to be filtered and evaluated, instead of mapping each step individually via tool calls. This is practically useful, for example, when an agent needs to merge configuration, inventory, and tagging data from multiple AWS services.
Skills replace Agent SOPs
From AWS's perspective, the shift from Agent SOPs to Skills is the most important conceptual change. Skills are curated operational guides and best practices for typical tasks where agents frequently make mistakes. The respective AWS service teams maintain them. AWS aims to guide agents to correct results faster, keep the list of available tools lean, and thus reduce errors, hallucinations, and token consumption.
For companies, AWS is emphasizing governance and compliance aspects. The service clearly separates human user permissions from agent rights. Via IAM policies or Service Control Policies, it can be specified, for example, that a user is allowed to change resources, while the same access via the MCP server is restricted to read operations. For monitoring, AWS provides its CloudWatch metrics in the AWS-MCP namespace; CloudTrail logs the API calls in addition.
Videos by heise
Demo with S3 Vectors shows the difference
AWS demonstrates how the service works in practice in a vendor demo with Claude Code. A model with a knowledge cutoff of May 2025 initially answers the question of how embeddings can be stored on S3 without referring to Amazon S3 Vectors – a service that only launched as a preview in July 2025 and became generally available in December 2025. With the MCP server connected, the agent, according to AWS, retrieves current documentation and then refers to S3 Vectors. The demo primarily illustrates the difference between static model knowledge and runtime access to current product documentation.
The MCP server is initially available in the US East (N. Virginia) and Europe (Frankfurt) regions, but can make API calls to any AWS region. There are no additional fees for the service itself; only the used AWS resources and any data transfer are billed. AWS lists Claude Code, Kiro, and Cursor among others as compatible clients in the announcement; fundamentally, any MCP-capable client works.
(fo)
