[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-aws-mcp-server-goes-ga-iam-context-keys-en":3,"article-related-aws-mcp-server-goes-ga-iam-context-keys-en":30,"series-ai-agent-9bf2b35d-a4c2-46f2-a5ec-5d9556549647":83},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":23,"views":27,"created_at":28,"published_at":29,"topic_cluster_id":11},"9bf2b35d-a4c2-46f2-a5ec-5d9556549647","aws-mcp-server-goes-ga-iam-context-keys-en","AWS MCP Server goes GA with IAM context keys","\u003Cp data-speakable=\"summary\">AWS has made its \u003Ca href=\"\u002Ftag\u002Fmcp\">MCP\u003C\u002Fa> Server generally available with tighter IAM controls and better \u003Ca href=\"\u002Ftag\u002Fagent\">agent\u003C\u002Fa> tooling.\u003C\u002Fp>\u003Cp>AWS says the \u003Ca href=\"https:\u002F\u002Faws.amazon.com\u002Fmcp\u002F\" target=\"_blank\" rel=\"noopener\">AWS MCP Server\u003C\u002Fa> is now generally available, and the timing matters: the company is pitching it as a way to give \u003Ca href=\"\u002Ftag\u002Fai-agents\">AI agents\u003C\u002Fa> authenticated access to AWS without dumping the whole account into the model’s hands. The server exposes more than 15,000 AWS API operations through a small toolset, and AWS says it can keep up as new APIs launch within days.\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>Change\u003C\u002Fth>\u003Cth>What it does\u003C\u002Fth>\u003Cth>Why it matters\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>GA launch\u003C\u002Ftd>\u003Ctd>Managed remote MCP server for AWS access\u003C\u002Ftd>\u003Ctd>Moves the product from preview-style access to a supported release\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>15,000+ API operations\u003C\u002Ftd>\u003Ctd>\u003Ccode>call_aws\u003C\u002Fcode> can invoke AWS APIs with existing IAM credentials\u003C\u002Ftd>\u003Ctd>Agents can reach real AWS functionality without a huge tool list\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>2 regional endpoints\u003C\u002Ftd>\u003Ctd>US East (N. Virginia) and Europe (Frankfurt)\u003C\u002Ftd>\u003Ctd>Gives teams a clearer deployment choice\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>May 2025 cutoff\u003C\u002Ftd>\u003Ctd>Anthropic \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Fnews\u002Fclaude-4-5\" target=\"_blank\" rel=\"noopener\">Claude Opus 4.6\u003C\u002Fa> example in the post has a knowledge cutoff from May 2025\u003C\u002Ftd>\u003Ctd>Shows why live docs matter for current AWS services\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>Why AWS built this now\u003C\u002Fh2>\u003Cp>The problem AWS is trying to solve is familiar to anyone who has watched an agent fumble through cloud work. A model can know how to write code, but if its training data is stale, it will miss newer services like \u003Ca href=\"https:\u002F\u002Faws.amazon.com\u002Fs3\u002Ffeatures\u002Fvectors\u002F\" target=\"_blank\" rel=\"noopener\">Amazon S3 Vectors\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Faws.amazon.com\u002Faurora\u002Fdsql\u002F\" target=\"_blank\" rel=\"noopener\">Amazon Aurora DSQL\u003C\u002Fa>, or \u003Ca href=\"https:\u002F\u002Faws.amazon.com\u002Fbedrock\u002Fagentcore\u002F\" target=\"_blank\" rel=\"noopener\">Amazon Bedrock AgentCore\u003C\u002Fa>. It may also default to the AWS CLI when a higher-level AWS tool would be a better fit, or generate IAM policies that are broader than the task really needs.\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778375470534-73jb.png\" alt=\"AWS MCP Server goes GA with IAM context keys\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>AWS is making a clear bet here: current documentation plus authenticated API access beats model memory every time. That is a practical answer to one of the biggest weaknesses in \u003Ca href=\"\u002Ftag\u002Fagentic-coding\">agentic coding\u003C\u002Fa> today, especially in cloud environments where the difference between read-only and mutating access matters.\u003C\u002Fp>\u003Cp>The new server is part of the \u003Ca href=\"https:\u002F\u002Faws.amazon.com\u002Fai\u002Fagent-toolkit\u002F\" target=\"_blank\" rel=\"noopener\">Agent Toolkit for AWS\u003C\u002Fa>, which also includes \u003Ca href=\"\u002Ftag\u002Fskills\">skills\u003C\u002Fa> and plugins. AWS is keeping the tool surface small on purpose, because a short list is easier for agents to use correctly and easier for humans to audit.\u003C\u002Fp>\u003Cul>\u003Cli>\u003Ccode>call_aws\u003C\u002Fcode> can invoke any of 15,000+ AWS API operations\u003C\u002Fli>\u003Cli>\u003Ccode>search_documentation\u003C\u002Fcode> and \u003Ccode>read_documentation\u003C\u002Fcode> pull live docs at query time\u003C\u002Fli>\u003Cli>\u003Ccode>run_script\u003C\u002Fcode> executes short Python code in a sandbox with no network access\u003C\u002Fli>\u003Cli>Skills replace older Agent SOPs and are maintained by AWS service teams\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>The new controls are the real story\u003C\u002Fh2>\u003Cp>The most interesting part of the GA release is not the headline launch itself. It is the control plane around the launch. AWS says the server now supports IAM context keys, so you do not need a separate IAM permission just to use the server. That makes access easier to express in a normal IAM policy, which is exactly where enterprise teams want this kind of control to live.\u003C\u002Fp>\u003Cp>Documentation retrieval also no longer requires authentication. That sounds small, but it removes friction from the exact workflow where agents need current facts fast. AWS also says it reduced the number of tokens needed per interaction, which matters when an agent is chaining together several API calls and reasoning steps.\u003C\u002Fp>\u003Cblockquote>“The AWS MCP Server is now generally available” — Sébastien Stormacq, AWS News Blog\u003C\u002Fblockquote>\u003Cp>The sandboxed \u003Ccode>run_script\u003C\u002Fcode> tool is the other smart move. It lets an agent write and run short Python code on the server side, using the caller’s IAM permissions but without network access. That gives the agent a place to combine API results, filter data, and compute outputs without touching your local machine or asking for shell access.\u003C\u002Fp>\u003Cp>For teams worried about overprivileged agents, AWS is also drawing a line between human and agent permissions. The blog says you can use IAM policies or Service Control Policies to allow a human to mutate resources while keeping the MCP server read-only. That is the kind of split security teams can actually reason about.\u003C\u002Fp>\u003Ch2>What the demo shows in practice\u003C\u002Fh2>\u003Cp>AWS used \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Fclaude-code\" target=\"_blank\" rel=\"noopener\">Claude Code\u003C\u002Fa> for the demo, but the company says the server works with any MCP-compatible client, including \u003Ca href=\"https:\u002F\u002Fcursor.com\u002F\" target=\"_blank\" rel=\"noopener\">Cursor\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Fclaude-code\" target=\"_blank\" rel=\"noopener\">Kiro\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fopenai\u002Fcodex\" target=\"_blank\" rel=\"noopener\">Codex\u003C\u002Fa>. The demo is useful because it shows the failure mode first. With a model that has a May 2025 cutoff, a question about storing embeddings on S3 produces decent but outdated answers that do not use S3 Vectors.\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778375465066-3lou.png\" alt=\"AWS MCP Server goes GA with IAM context keys\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>Once the AWS MCP Server is connected, the agent can ask for the live documentation and answer with the current service. That is the point: the model does not need to remember every AWS launch, because the server can fetch the right answer on demand.\u003C\u002Fp>\u003Cp>AWS also explains how it bridges local IAM credentials to MCP’s OAuth 2.1 world using an open source proxy, the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fawslabs\u002Fmcp-proxy-for-aws\" target=\"_blank\" rel=\"noopener\">MCP Proxy for AWS\u003C\u002Fa>. In the example, the proxy runs locally and forwards requests to one of the regional AWS MCP endpoints.\u003C\u002Fp>\u003Cul>\u003Cli>Available in US East (N. Virginia) and Europe (Frankfurt)\u003C\u002Fli>\u003Cli>No additional charge for the MCP Server itself\u003C\u002Fli>\u003Cli>You still pay for AWS resources and data transfer\u003C\u002Fli>\u003Cli>Works with any MCP-compatible client, not just AWS tools\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>How this compares with the old agent workflow\u003C\u002Fh2>\u003Cp>The old pattern for cloud agents was simple: ask the model, hope the training data is fresh enough, then patch the result by hand. AWS is trying to replace that with a loop that is more grounded in live services and policy-aware access. That matters because the cost of a wrong answer in cloud infrastructure is not just a bad suggestion; it can become a bad deployment.\u003C\u002Fp>\u003Cp>Here is the practical comparison:\u003C\u002Fp>\u003Cul>\u003Cli>Model-only answer: fast, but often stale when AWS ships new services\u003C\u002Fli>\u003Cli>MCP-backed answer: slower by a few seconds, but tied to current docs and real IAM permissions\u003C\u002Fli>\u003Cli>CLI-heavy workflow: powerful, but often too low-level for an agent to choose well\u003C\u002Fli>\u003Cli>Server-side script execution: useful for multi-step API work without exposing your local shell\u003C\u002Fli>\u003C\u002Ful>\u003Cp>That tradeoff is why this release matters more for enterprise teams than hobbyist demos. The value is not that an agent can now “talk to AWS.” The value is that it can do so with current documentation, scoped permissions, audit trails in \u003Ca href=\"https:\u002F\u002Fdocs.aws.amazon.com\u002FAmazonCloudWatch\u002Flatest\u002Fmonitoring\u002FWhatIsCloudWatch.html\" target=\"_blank\" rel=\"noopener\">Amazon CloudWatch\u003C\u002Fa>, and records in \u003Ca href=\"https:\u002F\u002Fdocs.aws.amazon.com\u002Fawscloudtrail\u002Flatest\u002Fuserguide\u002Fcloudtrail-user-guide.html\" target=\"_blank\" rel=\"noopener\">AWS CloudTrail\u003C\u002Fa>.\u003C\u002Fp>\u003Ch2>What builders should do next\u003C\u002Fh2>\u003Cp>If you are already experimenting with AI agents on AWS, this is worth testing now rather than later. The combination of live docs, authenticated API access, and sandboxed server-side scripts gives agents a much better shot at producing useful cloud work without wandering into stale advice or unsafe permissions.\u003C\u002Fp>\u003Cp>The next question is whether teams will trust agents enough to let them move beyond lookups and into real operational workflows. My guess is the first wins will come from infrastructure discovery, documentation lookup, and controlled read-only automation. If AWS keeps tightening the policy model and the tool surface stays small, the MCP Server could become the default bridge between AI assistants and AWS accounts.\u003C\u002Fp>\u003Cp>For now, the actionable takeaway is simple: if your agents are still guessing at AWS services, connect them to the \u003Ca href=\"https:\u002F\u002Faws.amazon.com\u002Fblogs\u002Faws\u002Fthe-aws-mcp-server-is-now-generally-available\u002F\" target=\"_blank\" rel=\"noopener\">AWS MCP Server\u003C\u002Fa> and see how much of that guesswork disappears.\u003C\u002Fp>","AWS made its MCP Server generally available, adding IAM context keys, unauthenticated docs access, and sandboxed script execution.","aws.amazon.com","https:\u002F\u002Faws.amazon.com\u002Fblogs\u002Faws\u002Fthe-aws-mcp-server-is-now-generally-available\u002F",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778375470534-73jb.png","ai-agent","en","8311ae8c-8644-42b9-bcda-9dc372f98a14",[17,18,19,20,21,22],"AWS MCP Server","MCP","IAM context keys","Claude Code","Amazon CloudWatch","CloudTrail",[24,25,26],"AWS MCP Server is generally available with IAM context keys and unauthenticated docs access.","The server exposes 15,000+ AWS API operations, plus live docs and sandboxed script execution.","AWS is aiming for safer agent access with read-only controls, CloudWatch metrics, and CloudTrail logs.",12,"2026-05-10T01:10:48.459829+00:00","2026-05-10T01:10:48.445+00:00",{"tags":31,"relatedLang":42,"relatedPosts":46},[32,34,36,38,40],{"name":21,"slug":33},"amazon-cloudwatch",{"name":17,"slug":35},"aws-mcp-server",{"name":18,"slug":37},"mcp",{"name":20,"slug":39},"claude-code",{"name":19,"slug":41},"iam-context-keys",{"id":15,"slug":43,"title":44,"language":45},"aws-mcp-server-goes-ga-iam-context-keys-zh","AWS MCP Server 正式 GA，IAM 也跟上了","zh",[47,53,59,65,71,77],{"id":48,"slug":49,"title":50,"cover_image":51,"image_url":51,"created_at":52,"category":13},"5efa67dd-b9f7-4a2f-8c68-3a4bc6a6b7d9","claude-code-dynamic-workflow-ai-harness-en","Claude Code 动态工作流：AI 自写 Harness","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781035372495-9czj.png","2026-06-09T20:02:22.33375+00:00",{"id":54,"slug":55,"title":56,"cover_image":57,"image_url":57,"created_at":58,"category":13},"2bd28e0e-0f4b-4987-a961-28763c1e1926","agent-orchestration-enterprise-ai-layer-en","Agent orchestration is the missing layer for enterprise AI","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780984981174-08mj.png","2026-06-09T06:02:31.384174+00:00",{"id":60,"slug":61,"title":62,"cover_image":63,"image_url":63,"created_at":64,"category":13},"95684312-23dc-4a78-a917-df14d132c5fa","ai-agents-use-blockchain-trust-layer-en","AI agents use blockchain as a trust layer","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780980506080-ki4s.png","2026-06-09T04:48:01.710214+00:00",{"id":66,"slug":67,"title":68,"cover_image":69,"image_url":69,"created_at":70,"category":13},"0208e47f-7d4c-4473-a0f9-4cd193b5c139","8-rag-patterns-demos-into-prod-en","8 RAG patterns that turn demos into prod","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780971552707-qpl7.png","2026-06-09T02:18:36.760049+00:00",{"id":72,"slug":73,"title":74,"cover_image":75,"image_url":75,"created_at":76,"category":13},"b413d484-6786-4c32-abdc-77f010ac7eba","fine-tuning-beats-rag-style-not-facts-en","Fine-tuning beats RAG when the goal is style, not facts","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780924681800-5xji.png","2026-06-08T13:17:25.701649+00:00",{"id":78,"slug":79,"title":80,"cover_image":81,"image_url":81,"created_at":82,"category":13},"57beb8b4-c233-400f-b95b-a97be1cf9d02","openclaw-small-business-ai-staff-en","OpenClaw shows how small businesses use AI staff","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780904882032-yp13.png","2026-06-08T07:47:27.730921+00:00",[84,89,94,99,104,109,114,119,124,129],{"id":85,"slug":86,"title":87,"created_at":88},"03db8de8-8dc2-4ac1-9cf7-898782efbb1f","anthropic-claude-ai-agent-task-automation-en","Anthropic's Claude AI Agent: A New Era of Task Automation","2026-03-25T16:25:06.513026+00:00",{"id":90,"slug":91,"title":92,"created_at":93},"045d1abc-190d-4594-8c95-91e2a26f0c5a","googles-2026-ai-agent-report-decoded-en","Google’s 2026 AI Agent Report, Decoded","2026-03-26T11:15:23.046616+00:00",{"id":95,"slug":96,"title":97,"created_at":98},"e64aba21-254b-4f93-aa21-837484bb52ec","kimi-k25-review-stronger-still-not-legend-en","Kimi K2.5 review: stronger, still not a legend","2026-03-27T07:15:55.385951+00:00",{"id":100,"slug":101,"title":102,"created_at":103},"30dfb781-a1b2-4add-aebe-b3df40247c37","claude-code-controls-mac-desktop-en","Claude Code now controls your Mac desktop","2026-03-28T03:01:59.384091+00:00",{"id":105,"slug":106,"title":107,"created_at":108},"254405b6-7833-4800-8e13-f5196deefbe6","cloudflare-100x-faster-ai-agent-sandbox-en","Cloudflare’s 100x Faster AI Agent Sandbox","2026-03-28T03:09:44.356437+00:00",{"id":110,"slug":111,"title":112,"created_at":113},"04f29b7f-9b91-4306-89a7-97d725e6e1ba","openai-backs-isara-agent-swarm-bet-en","OpenAI backs Isara’s agent-swarm bet","2026-03-28T03:15:27.849766+00:00",{"id":115,"slug":116,"title":117,"created_at":118},"3b0bf479-e4ae-4703-9666-721a7e0cdb91","openai-plan-automated-ai-researcher-en","OpenAI’s plan for an automated AI researcher","2026-03-28T03:17:42.312819+00:00",{"id":120,"slug":121,"title":122,"created_at":123},"fe91bce0-b85d-4efa-a207-24ae9939c29f","harness-engineering-ai-agent-reliability-2026","Harness Engineering: From Bridle to Operating System, The Missing Link in AI Agent Reliability","2026-03-31T06:36:55.648751+00:00",{"id":125,"slug":126,"title":127,"created_at":128},"7a09007d-820f-43b3-8607-8ad1bfcb94c8","mcp-explained-from-prompts-to-production-en","MCP Explained: From Prompts to Production","2026-04-01T09:24:40.089177+00:00",{"id":130,"slug":131,"title":132,"created_at":133},"116d5ee9-a4f1-4b5a-aac5-5d035dd22bbe","amazon-bedrock-agents-multi-agent-workflows-en","Amazon Bedrock Agents Gets Multi-Agent Workflows","2026-04-01T09:30:30.197685+00:00"]