{"slug": "setting-up-the-agent-toolkit-for-aws-in-kiro-and-codex-claude-code-and-cursor", "title": "Setting up the Agent Toolkit for AWS in Kiro (and Codex, Claude Code, and Cursor)", "summary": "AWS has released the Agent Toolkit for AWS, a free set of tools that gives AI coding agents secure access to AWS services, current documentation, and vetted procedures. The toolkit integrates with agents like Kiro, Codex, Claude Code, and Cursor via the Model Context Protocol (MCP), and includes an MCP server, skills, plugins, and rules files to prevent agents from guessing outdated API parameters. It costs nothing on its own, with users paying only for the AWS resources the agent creates.", "body_md": "If you've let a coding agent loose on AWS, you've watched it guess. It invents API parameters that don't exist, or hands you an S3 bucket a security review will bounce on sight. The Agent Toolkit for AWS is built to stop that. By the end of this post you'll have it running in whatever editor you use, plus a tour of what's in it and three workflows worth pointing it at.\n\nI use Kiro day to day, so I'll walk through that setup first. It also works with Codex, Claude Code, Cursor, and any other agent that speaks MCP, the Model Context Protocol, which is the open standard agents use to connect to outside tools and data. I'll cover those too.\n\nThe Agent Toolkit for AWS is a free, AWS-supported set of tools that gives AI coding agents secure access to AWS, current documentation they can read mid-task, and tested procedures for the work they tend to fumble. It plugs into the agent you already use rather than asking you to switch. In practice, that shows up in a few ways, all detailed in the [AWS user guide](https://docs.aws.amazon.com/agent-toolkit/latest/userguide/what-is-agent-toolkit.html).\n\nThe agent stops guessing about APIs it never saw. The models behind these agents trained on data that's months or years old, so anything AWS shipped recently is missing or wrong in their heads, and the toolkit hands them current docs and references at request time. For multi-step work like least-privilege IAM or a production serverless stack, it follows a vetted skill instead of reconstructing the steps from half-memory. Every call goes through your own IAM credentials, shows up in CloudWatch, and gets logged to CloudTrail, so you can scope an agent to read-only even when your role can write. And the toolkit costs nothing on its own; you pay only for the AWS resources the agent creates.\n\nIt's the successor to the MCP servers, skills, and plugins AWS shipped under [AWS Labs](https://github.com/awslabs) in 2025. Two things make me reach for it over a raw MCP setup: condition keys that let a policy tell an agent apart from a human, and skills that have been evaluated end to end rather than thrown over the wall.\n\nFour components work together ([reference](https://docs.aws.amazon.com/agent-toolkit/latest/userguide/what-is-agent-toolkit.html)).\n\nThe AWS MCP Server is the access layer, a single endpoint that reaches 300+ AWS services. It runs in two modes depending on what you ask for. Searching AWS docs, pulling service info, and discovering skills need no credentials at all, so the server is useful the moment you connect it. Anything that touches your account, real API calls and the sandboxed Python `run_script`\n\ntool, runs as you through your local AWS credentials. It also stamps two condition keys on every request, `aws:ViaAWSMCPService`\n\nand `aws:CalledViaAWSMCP`\n\n, so your policies can single out agent traffic.\n\nSkills are curated packages of instructions, scripts, and reference material for one task. The agent loads a skill only when it needs it, so they barely touch your context until they're relevant.\n\nPlugins bundle the MCP config and a curated skill set into one install. They're available for Claude Code, Codex, and Cursor; Kiro and other MCP agents connect to the server directly instead, which I cover in the setup steps below. Four ship today:\n\n| Plugin | Covers |\n|---|---|\n`aws-core` |\nService selection, CDK/CloudFormation, serverless, containers, storage, observability, billing, SDK usage, deployment. Start here.\n|\n`aws-agents` |\nBuilding AI agents on AWS with Amazon Bedrock and AgentCore. |\n`aws-data-analytics` |\nData lake, analytics, and ETL with S3 Tables, AWS Glue, and Athena. |\n`aws-agents-for-devsecops` |\nIncident investigation, code review, UAT, vulnerability scanning, and pen testing with AWS DevOps Agent and AWS Security Agent. |\n\nRules files are project-level config that sets guardrails: use the MCP Server, find a skill before acting, check the docs, prefer infrastructure-as-code. Rules decide how the agent behaves; skills supply what it does for a given job.\n\nThe skills are the part I underestimated at first. There are around 64 today (browse the [ skills/ directory](https://github.com/aws/agent-toolkit-for-aws/tree/main/skills) for the live list), split into core and specialized.\n\nCore skills, which ship with `aws-core`\n\n:\n\n`amazon-bedrock`\n\n, `aws-billing-and-cost-management`\n\n, `aws-blocks`\n\n, `aws-cdk`\n\n, `aws-cloudformation`\n\n, `aws-containers`\n\n, `aws-iam`\n\n, `aws-messaging-and-streaming`\n\n, `aws-observability`\n\n, `aws-sdk-js-v3-usage`\n\n, `aws-sdk-python-usage`\n\n, `aws-sdk-swift-usage`\n\n, `aws-serverless`\n\n, `signing-in-to-aws`\n\n.\n\nSpecialized skills, grouped by domain (a few from each):\n\n`connecting-lambda-to-api-gateway`\n\n, `connecting-lambda-to-dynamodb`\n\n, `debugging-lambda-timeouts`\n\n, `processing-s3-uploads-with-step-functions`\n\n`querying-data-lake`\n\n, `ingesting-into-data-lake`\n\n, `managing-amazon-msk`\n\n, `amazon-opensearch-service`\n\n`amazon-aurora-postgresql`\n\n, `amazon-elasticache`\n\n, `exporting-rds-to-s3`\n\n, `rds-db2`\n\n`creating-production-vpc-multi-az`\n\n, `routing-traffic-with-route53-and-cloudfront`\n\n`securing-s3-buckets`\n\n, `creating-data-lake-table`\n\n, `storing-and-querying-vectors`\n\nDon't memorize the list. When you ask for \"a Lambda behind API Gateway writing to DynamoDB,\" the agent pulls the matching skills on its own.\n\nA handful of things need to be in place first. None take long.\n\n`run_script`\n\nneed them. The proxy reads the standard AWS credential chain, so `aws configure`\n\n, an SSO login, a named profile, or the usual environment variables all work. New to this? `brew install uv`\n\non macOS, or the `uvx`\n\ncommand in the Kiro config below comes bundled with it.`npx`\n\ncommand used to install skills. If `npx --version`\n\nprints nothing, install it from `2.35.0`\n\nor later`aws --version`\n\n.The quickest route is the AWS CLI wizard, which configures every agent you have at once. Prefer to do it by hand, or only use one editor? Skip to the per-agent steps below.\n\nOn a recent AWS CLI, one command detects your installed agents, installs default skills, and configures the MCP Server for all of them:\n\n```\naws configure agent-toolkit\n```\n\nOne gotcha worth calling out, because I hit it. On an older CLI you'll see:\n\n```\naws: [ERROR]: argument subcommand: Found invalid choice 'agent-toolkit'\n```\n\nThat means your AWS CLI predates `2.35.0`\n\n. Update it ([instructions](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)), confirm with `aws --version`\n\n, and rerun. Restart your agent afterward so it picks up the new MCP config.\n\nIf you only use one agent, or you want to see exactly what gets wired up, the per-agent steps below do the same thing by hand.\n\nOpen your Kiro MCP config and add the AWS server. Use `.kiro/settings/mcp.json`\n\nfor the current project, or `~/.kiro/settings/mcp.json`\n\nto turn it on everywhere. Create the file if it doesn't exist yet:\n\n```\n{\n  \"mcpServers\": {\n    \"aws\": {\n      \"command\": \"uvx\",\n      \"args\": [\n        \"mcp-proxy-for-aws@1.6.3\",\n        \"https://aws-mcp.us-east-1.api.aws/mcp\",\n        \"--metadata\", \"AWS_REGION=us-west-2\"\n      ]\n    }\n  }\n}\n```\n\nIf your config already lists other servers under `mcpServers`\n\n, add the `aws`\n\nentry next to them instead of replacing the block, and keep the JSON valid (mind the commas). Change `AWS_REGION`\n\nto the region you work in.\n\nPin the proxy version rather than tracking latest. You get reproducible behavior and a guard against a bad release. Check [PyPI](https://pypi.org/project/mcp-proxy-for-aws/) every few weeks and bump it on purpose.\n\nThen install the skills:\n\n```\nnpx skills add aws/agent-toolkit-for-aws/skills\n```\n\nOpen Kiro's MCP Server view (the Kiro panel in the sidebar, or search \"MCP\" in the command palette), reconnect the `aws`\n\nserver, and you're live.\n\nAdd the marketplace, then install from inside Codex:\n\n```\ncodex plugin marketplace add aws/agent-toolkit-for-aws\n```\n\nLaunch Codex, run `/plugins`\n\n, and install `aws-core`\n\n.\n\nThe plugins live on the official Anthropic marketplace, included by default:\n\n```\n/plugin install aws-core@claude-plugins-official\n```\n\nHit `Plugin not found`\n\n? Refresh the index with `/plugin marketplace update claude-plugins-official`\n\nand try again. Add `aws-agents`\n\n, `aws-data-analytics`\n\n, or `aws-agents-for-devsecops`\n\nthe same way.\n\nAdd the repo as a team marketplace: **Settings → Plugins → Team Marketplaces → Add Marketplace → Import from Repo**, pointed at `aws/agent-toolkit-for-aws`\n\n. Open the **Plugins** panel and install `aws-core`\n\nfirst, then the others as needed.\n\nAnything that speaks MCP works, including Windsurf and Cline. Configure the AWS MCP Server directly (see the [server setup guide](https://docs.aws.amazon.com/agent-toolkit/latest/userguide/getting-started-aws-mcp-server.html)), then run `npx skills add aws/agent-toolkit-for-aws/skills`\n\n.\n\nStart a fresh conversation and ask: *\"What AWS Regions are available?\"* If the agent returns a list, the MCP Server is connected. For a skill check, ask it to \"secure an S3 bucket\" and watch it load `securing-s3-buckets`\n\nbefore it writes anything. An authentication error instead means your local credentials aren't reaching the server; see Prerequisites for how to set them up.\n\nSetup is the boring part. The workflows below are where it pays off, and each one names the skills and components doing the work.\n\nPrompt: *\"Build a REST API: API Gateway in front of a Lambda that reads and writes a DynamoDB table, deployed with CDK.\"*\n\nThis is the kind of task agents usually botch, because it spans four services and the IAM glue between them. The agent pulls `aws-serverless`\n\n, `connecting-lambda-to-api-gateway`\n\n, `connecting-lambda-to-dynamodb`\n\n, and `aws-cdk`\n\n, then uses the MCP Server's API tools to provision and the `run_script`\n\nsandbox for multi-step setup. The skills carry the wiring, so the Lambda role scopes to your specific table instead of granting access to everything (`*`\n\n), and the CDK stack follows current patterns instead of a 2023 blog post the model half-remembers.\n\nPrompt: *\"My checkout Lambda times out intermittently and error rates spiked this morning. Help me find why.\"*\n\nPoint the agent at the symptom and it follows a real diagnostic path. `debugging-lambda-timeouts`\n\nand `troubleshooting-application-failures`\n\ngive it the procedure, while `aws-observability`\n\nand `querying-aws-cloudwatch`\n\nlet it read the actual logs and metrics through the MCP Server. It checks the configured timeout against duration metrics, looks for cold starts, and inspects downstream calls that block, then tells you what it found. You get an actual investigation rather than a guess.\n\nPrompt: *\"Audit this account's S3 buckets and secrets, and flag anything risky.\"*\n\nThis is the workflow that separates the toolkit from wiring up a raw MCP server. Before you run it, scope the agent's IAM role to read-only with the condition keys the MCP Server attaches, `aws:ViaAWSMCPService`\n\nand `aws:CalledViaAWSMCP`\n\n, so it can inspect and plan but cannot change anything, even though your own role can. Writing that policy is an advanced step, and the [user guide](https://docs.aws.amazon.com/agent-toolkit/latest/userguide/what-is-agent-toolkit.html) explains how the condition keys fit in; you can skip it the first time through and still get value from the audit. The agent uses `securing-s3-buckets`\n\nand `creating-secrets-using-best-practices`\n\nas its rubric for what counts as risky, and every call lands in CloudTrail for you to review later.\n\nOn AWS CLI `2.35.0+`\n\n, the `aws agent-toolkit`\n\ncommand group manages skills across all your agents from the terminal:\n\n```\naws agent-toolkit list-installed-skills\naws agent-toolkit add-skill --skill-name aws-serverless\naws agent-toolkit update-skill --skill-name aws-serverless\naws agent-toolkit remove-skill --skill-name aws-cdk --agent kiro\n```\n\nThere's also `search-skills`\n\n, `list-available-skills`\n\n, and `get-skill-metadata`\n\nfor browsing the catalog from the terminal. Without the CLI, re-run `npx skills add aws/agent-toolkit-for-aws/skills`\n\nto pull new skills, and remove them with `npx skills remove <skill-name>`\n\n. The MCP Server itself is AWS-hosted, so its API coverage and docs stay current on their own. The one thing you pin and bump yourself is the proxy version in your config.\n\n**Is the Agent Toolkit for AWS free?**\n\nYes. The toolkit costs nothing to install or use. You pay only standard AWS rates for the resources your agent creates or calls.\n\n**Which AWS CLI version do I need for aws configure agent-toolkit?**\n\n`Found invalid choice 'agent-toolkit'`\n\n. Check yours with `aws --version`\n\n.**How do I fix \"Found invalid choice 'agent-toolkit'\"?**\n\nUpgrade the AWS CLI to 2.35.0 or later, since the command shipped in that release. On macOS with Homebrew, run `brew upgrade awscli`\n\n, then confirm with `aws --version`\n\n.\n\n**Do I need an AWS account and credentials?**\n\nCredentials are needed only for actions that touch your account, like API calls and `run_script`\n\n. Documentation search and skill discovery work with no credentials. Anything that provisions or reads real resources needs an AWS account.\n\n**Which coding agents does it work with?**\n\nKiro, Claude Code, Codex, and Cursor have first-class setups, and any MCP-compatible agent works too, including Windsurf and Cline. Plugins cover Claude Code, Codex, and Cursor; Kiro and the rest connect to the MCP server directly.\n\n**How is it different from the AWS Labs MCP servers?**\n\nIt's the successor to AWS Labs. The differences that matter: IAM condition keys that separate agent actions from human ones, CloudWatch and CloudTrail on every request, and skills evaluated end to end.\n\n**How do I give a coding agent read-only access to AWS?**\n\nScope its IAM role with the condition keys the MCP server attaches, `aws:ViaAWSMCPService`\n\nand `aws:CalledViaAWSMCP`\n\n, to allow reads and deny writes. The agent can inspect and plan but not change anything, even when your own role can.\n\n**How do I update or remove skills?**\n\nOn AWS CLI 2.35.0+, use `aws agent-toolkit update-skill`\n\nand `aws agent-toolkit remove-skill`\n\n. Otherwise re-run `npx skills add aws/agent-toolkit-for-aws/skills`\n\nto update, and `npx skills remove <skill-name>`\n\nto remove.\n\n`setting-up-cloudwatch-alarm-notifications`\n\nand watch it connect the alarm to an SNS topic.*Saurabh Dahal is a developer advocate at AWS, working with the latest agentic and AI tools for developers to help boost developer productivity. He set up the Agent Toolkit for AWS across Kiro, Codex, Claude Code, and Cursor for this guide.*\n\n*Published June 30, 2026. Last updated June 30, 2026.*", "url": "https://wpnews.pro/news/setting-up-the-agent-toolkit-for-aws-in-kiro-and-codex-claude-code-and-cursor", "canonical_source": "https://dev.to/raabdahl/setting-up-the-agent-toolkit-for-aws-in-kiro-and-codex-claude-code-and-cursor-2amm", "published_at": "2026-06-30 12:30:56+00:00", "updated_at": "2026-06-30 12:49:02.358648+00:00", "lang": "en", "topics": ["developer-tools", "artificial-intelligence", "ai-agents", "ai-tools", "ai-infrastructure"], "entities": ["AWS", "Agent Toolkit for AWS", "Kiro", "Codex", "Claude Code", "Cursor", "Model Context Protocol", "AWS Labs"], "alternates": {"html": "https://wpnews.pro/news/setting-up-the-agent-toolkit-for-aws-in-kiro-and-codex-claude-code-and-cursor", "markdown": "https://wpnews.pro/news/setting-up-the-agent-toolkit-for-aws-in-kiro-and-codex-claude-code-and-cursor.md", "text": "https://wpnews.pro/news/setting-up-the-agent-toolkit-for-aws-in-kiro-and-codex-claude-code-and-cursor.txt", "jsonld": "https://wpnews.pro/news/setting-up-the-agent-toolkit-for-aws-in-kiro-and-codex-claude-code-and-cursor.jsonld"}}