Rohini Gaonkar, an AWS developer, transitioned from community-based MCP (Model Context Protocol) servers to the official Agent Toolkit for AWS to improve security and observability for AI coding agents. The new toolkit provides a managed remote server environment for interacting with AWS APIs, replacing earlier local setups that lacked granular permission controls. The Agent Toolkit includes four core components: the AWS MCP Server for secure API access, curated Skills for step-by-step infrastructure workflows, Plugins for IDE integration, and Rules files to guide agent behavior.

A primary driver for the switch was enhanced security. The managed MCP Server supports IAM condition keys, such as 'aws:CalledViaAWSMCP', allowing developers to restrict agent actions independently of their own user permissions. This enables specific deny policies for sensitive operations like bucket deletion. Additionally, the toolkit features a sandboxed Python runtime with boto3 access, allowing agents to execute multi-step scripts and process data remotely without local machine exposure.

Observability is integrated directly into the toolkit, with all API calls flowing through CloudTrail and CloudWatch for auditing. Each MCP-initiated call is identified in logs by the source 'aws-mcp.amazonaws.com'. The suite also consolidates documentation search and provides multi-profile support, which was not natively supported in previous community implementations. The toolkit is available at no additional cost, though users incur standard fees for the AWS resources their agents provision or interact with. Usage is subject to default quotas of 3 requests per second per account.

To implement the switch, users must have AWS CLI v2.32.0+ and the 'uv' package manager installed. Developers should disable conflicting legacy servers and configure the new toolkit via their agent's settings file, such as the mcp.json file for Kiro. The setup involves connecting to the mcp-proxy-for-aws version 1.6.0. The toolkit provides a standardized interface for agents like Claude Code and Cursor to perform tasks across multiple AWS accounts efficiently while maintaining a clear, secure audit trail of all actions performed.

Rohini Gaonkar, an AWS developer, transitioned from community-based MCP (Model Context Protocol) servers to the official Agent Toolkit for AWS to improve security and observability for AI coding agents. The new toolkit provides a managed remote server environment for interacting with AWS APIs, replacing earlier local setups that lacked granular permission controls. The Agent Toolkit includes four core components: the AWS MCP Server for secure API access, curated Skills for step-by-step infrastructure workflows, Plugins for IDE integration, and Rules files to guide agent behavior.

A primary driver for the switch was enhanced security. The managed MCP Server supports IAM condition keys, such as 'aws:CalledViaAWSMCP', allowing developers to restrict agent actions independently of their own user permissions. This enables specific deny policies for sensitive operations like bucket deletion. Additionally, the toolkit features a sandboxed Python runtime with boto3 access, allowing agents to execute multi-step scripts and process data remotely without local machine exposure.

Observability is integrated directly into the toolkit, with all API calls flowing through CloudTrail and CloudWatch for auditing. Each MCP-initiated call is identified in logs by the source 'aws-mcp.amazonaws.com'. The suite also consolidates documentation search and provides multi-profile support, which was not natively supported in previous community implementations. The toolkit is available at no additional cost, though users incur standard fees for the AWS resources their agents provision or interact with. Usage is subject to default quotas of 3 requests per second per account.

To implement the switch, users must have AWS CLI v2.32.0+ and the 'uv' package manager installed. Developers should disable conflicting legacy servers and configure the new toolkit via their agent's settings file, such as the mcp.json file for Kiro. The setup involves connecting to the mcp-proxy-for-aws version 1.6.0. The toolkit provides a standardized interface for agents like Claude Code and Cursor to perform tasks across multiple AWS accounts efficiently while maintaining a clear, secure audit trail of all actions performed.