AWS's Agent Toolkit gives coding agents an official backstage pass

AWS released the Agent Toolkit for AWS this week, a bundle of MCP servers, curated skills, and plugin installers designed to give AI coding agents a guided path through the company’s 300-plus services. The toolkit works with Claude Code, Codex, Cursor, and Kiro — the coding agents developers already use — and ships plugins for core AWS operations, AI agent construction on Bedrock, data analytics, and DevSecOps workflows.

The move is not a product launch in the traditional sense. It is a platform play. AWS is standardizing how agents interact with its infrastructure, and it is doing so through the Model Context Protocol, the open protocol Anthropic created in late 2024. The toolkit is the successor to the AWS Labs MCP servers and plugins released in 2025, and the company explicitly recommends it over those earlier experiments. The message to developers: use this, not the Labs stuff.

What is new here is not the MCP protocol itself. It is the packaging and the guardrails.

The toolkit bundles four plugins. The aws-core plugin covers service selection, CDK and CloudFormation, serverless, containers, storage, observability, billing, SDK usage, and deployment. The aws-agents plugin targets builders working with Amazon Bedrock and AgentCore. The aws-data-analytics plugin handles data lake, ETL, and analytics workflows through S3 Tables, AWS Glue, and Athena. The aws-agents-for-devsecops plugin runs incident investigation, code review, vulnerability scanning, and penetration testing using AWS DevOps Agent and AWS Security Agent.

Each plugin bundles an AWS MCP Server configuration and a set of agent skills. Skills are curated packages of instructions and reference materials that load on demand — the agent discovers and retrieves only what is relevant to the current task. This is a meaningful design choice. AWS is not shipping a monolithic knowledge base. It is shipping a discovery mechanism that pulls in context as needed, reducing the noise that plagues large-agent-context windows.

The toolkit also includes project-level rules files that tell agents how to use AWS effectively — for example, by searching documentation before acting or by using the MCP server for API calls instead of guessing endpoints. These rules files are a subtle but important piece of the architecture. They encode operational best practices into the agent’s behavior, effectively turning the toolkit into a training ground for how agents should interact with cloud infrastructure.

The most significant feature, however, is the IAM integration. The AWS MCP Server supports IAM condition keys that distinguish between agent actions and human actions. This lets administrators write policies that apply only to agents — for example, allowing read-only operations through the MCP server even if the user’s underlying IAM role has write permissions. Combined with CloudWatch metrics and CloudTrail audit logging for every MCP request, the toolkit gives enterprises a way to monitor and audit coding agent activity at a granularity that was previously unavailable.

This is where the platform play becomes clear. AWS is not just giving agents tools. It is giving enterprises the controls they need to let agents run autonomously. The IAM condition keys are the kind of feature that separates a toy from a production deployment. Without them, the default stance for most security teams is to block agent access to production accounts. With them, the stance shifts to “allow, but audit and constrain.”

The timing matters. Cloud providers are racing to own the agent-middleware layer. Google Cloud has its own MCP server and agent-oriented tooling. Microsoft is embedding Copilot into Azure tooling. AWS is betting that the MCP protocol becomes the standard interface between agents and infrastructure, and it is investing in making that interface work at enterprise scale.

For developers building on AWS, the toolkit lowers the barrier to agent-driven development. A developer using Claude Code can install the aws-core plugin with a single command: /plugin install aws-core@claude-plugins-official. The plugin configures the MCP server, loads the relevant skills, and applies the rules files. The agent can then provision infrastructure, deploy code, diagnose issues, and manage costs — all through natural language commands, all under the enterprise controls the toolkit provides.

The toolkit also signals a shift in how AWS thinks about developer tooling. The company has historically favored its own SDKs, CLIs, and console. The Agent Toolkit represents a bet that the next generation of developers will interact with AWS primarily through AI agents, and that those agents will need a standardized, secure, and well-documented interface. The MCP protocol, created by Anthropic, is an open standard, and AWS is embracing it fully rather than building a proprietary alternative.

The open question is whether the toolkit’s curated skills and plugins will keep pace with the rapid evolution of both AWS services and AI agent capabilities. AWS releases new services and features at a relentless pace. Keeping the skills current requires a dedicated team and a continuous evaluation pipeline. The toolkit’s documentation notes that the skills have “undergone thorough end-to-end evaluations,” but that guarantee is only as good as the update cadence behind it.

For now, the Agent Toolkit for AWS is the most complete, production-ready package for connecting AI coding agents to cloud infrastructure. It solves the right problems — discovery, security, auditability — and it does so through an open protocol rather than a walled garden. The test will come when developers push it beyond the curated paths and into the long tail of AWS services, where the skills may not cover every edge case.

AWS is making a bet that the agent-infrastructure interface will be standardized, secure, and open. The Agent Toolkit is the infrastructure for that bet.