Setting up the Agent Toolkit for AWS in Kiro (and Codex, Claude Code, and Cursor) AWS has released the Agent Toolkit for AWS, a free set of tools that gives AI coding agents secure access to AWS services, current documentation, and vetted procedures. The toolkit integrates with agents like Kiro, Codex, Claude Code, and Cursor via the Model Context Protocol (MCP), and includes an MCP server, skills, plugins, and rules files to prevent agents from guessing outdated API parameters. It costs nothing on its own, with users paying only for the AWS resources the agent creates. If you've let a coding agent loose on AWS, you've watched it guess. It invents API parameters that don't exist, or hands you an S3 bucket a security review will bounce on sight. The Agent Toolkit for AWS is built to stop that. By the end of this post you'll have it running in whatever editor you use, plus a tour of what's in it and three workflows worth pointing it at. I use Kiro day to day, so I'll walk through that setup first. It also works with Codex, Claude Code, Cursor, and any other agent that speaks MCP, the Model Context Protocol, which is the open standard agents use to connect to outside tools and data. I'll cover those too. The Agent Toolkit for AWS is a free, AWS-supported set of tools that gives AI coding agents secure access to AWS, current documentation they can read mid-task, and tested procedures for the work they tend to fumble. It plugs into the agent you already use rather than asking you to switch. In practice, that shows up in a few ways, all detailed in the AWS user guide https://docs.aws.amazon.com/agent-toolkit/latest/userguide/what-is-agent-toolkit.html . The agent stops guessing about APIs it never saw. The models behind these agents trained on data that's months or years old, so anything AWS shipped recently is missing or wrong in their heads, and the toolkit hands them current docs and references at request time. For multi-step work like least-privilege IAM or a production serverless stack, it follows a vetted skill instead of reconstructing the steps from half-memory. Every call goes through your own IAM credentials, shows up in CloudWatch, and gets logged to CloudTrail, so you can scope an agent to read-only even when your role can write. And the toolkit costs nothing on its own; you pay only for the AWS resources the agent creates. It's the successor to the MCP servers, skills, and plugins AWS shipped under AWS Labs https://github.com/awslabs in 2025. Two things make me reach for it over a raw MCP setup: condition keys that let a policy tell an agent apart from a human, and skills that have been evaluated end to end rather than thrown over the wall. Four components work together reference https://docs.aws.amazon.com/agent-toolkit/latest/userguide/what-is-agent-toolkit.html . The AWS MCP Server is the access layer, a single endpoint that reaches 300+ AWS services. It runs in two modes depending on what you ask for. Searching AWS docs, pulling service info, and discovering skills need no credentials at all, so the server is useful the moment you connect it. Anything that touches your account, real API calls and the sandboxed Python run script tool, runs as you through your local AWS credentials. It also stamps two condition keys on every request, aws:ViaAWSMCPService and aws:CalledViaAWSMCP , so your policies can single out agent traffic. Skills are curated packages of instructions, scripts, and reference material for one task. The agent loads a skill only when it needs it, so they barely touch your context until they're relevant. Plugins bundle the MCP config and a curated skill set into one install. They're available for Claude Code, Codex, and Cursor; Kiro and other MCP agents connect to the server directly instead, which I cover in the setup steps below. Four ship today: | Plugin | Covers | |---|---| aws-core | Service selection, CDK/CloudFormation, serverless, containers, storage, observability, billing, SDK usage, deployment. Start here. | aws-agents | Building AI agents on AWS with Amazon Bedrock and AgentCore. | aws-data-analytics | Data lake, analytics, and ETL with S3 Tables, AWS Glue, and Athena. | aws-agents-for-devsecops | Incident investigation, code review, UAT, vulnerability scanning, and pen testing with AWS DevOps Agent and AWS Security Agent. | Rules files are project-level config that sets guardrails: use the MCP Server, find a skill before acting, check the docs, prefer infrastructure-as-code. Rules decide how the agent behaves; skills supply what it does for a given job. The skills are the part I underestimated at first. There are around 64 today browse the skills/ directory https://github.com/aws/agent-toolkit-for-aws/tree/main/skills for the live list , split into core and specialized. Core skills, which ship with aws-core : amazon-bedrock , aws-billing-and-cost-management , aws-blocks , aws-cdk , aws-cloudformation , aws-containers , aws-iam , aws-messaging-and-streaming , aws-observability , aws-sdk-js-v3-usage , aws-sdk-python-usage , aws-sdk-swift-usage , aws-serverless , signing-in-to-aws . Specialized skills, grouped by domain a few from each : connecting-lambda-to-api-gateway , connecting-lambda-to-dynamodb , debugging-lambda-timeouts , processing-s3-uploads-with-step-functions querying-data-lake , ingesting-into-data-lake , managing-amazon-msk , amazon-opensearch-service amazon-aurora-postgresql , amazon-elasticache , exporting-rds-to-s3 , rds-db2 creating-production-vpc-multi-az , routing-traffic-with-route53-and-cloudfront securing-s3-buckets , creating-data-lake-table , storing-and-querying-vectors Don't memorize the list. When you ask for "a Lambda behind API Gateway writing to DynamoDB," the agent pulls the matching skills on its own. A handful of things need to be in place first. None take long. run script need them. The proxy reads the standard AWS credential chain, so aws configure , an SSO login, a named profile, or the usual environment variables all work. New to this? brew install uv on macOS, or the uvx command in the Kiro config below comes bundled with it. npx command used to install skills. If npx --version prints nothing, install it from 2.35.0 or later aws --version .The quickest route is the AWS CLI wizard, which configures every agent you have at once. Prefer to do it by hand, or only use one editor? Skip to the per-agent steps below. On a recent AWS CLI, one command detects your installed agents, installs default skills, and configures the MCP Server for all of them: aws configure agent-toolkit One gotcha worth calling out, because I hit it. On an older CLI you'll see: aws: ERROR : argument subcommand: Found invalid choice 'agent-toolkit' That means your AWS CLI predates 2.35.0 . Update it instructions https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html , confirm with aws --version , and rerun. Restart your agent afterward so it picks up the new MCP config. If you only use one agent, or you want to see exactly what gets wired up, the per-agent steps below do the same thing by hand. Open your Kiro MCP config and add the AWS server. Use .kiro/settings/mcp.json for the current project, or ~/.kiro/settings/mcp.json to turn it on everywhere. Create the file if it doesn't exist yet: { "mcpServers": { "aws": { "command": "uvx", "args": "mcp-proxy-for-aws@1.6.3", "https://aws-mcp.us-east-1.api.aws/mcp", "--metadata", "AWS REGION=us-west-2" } } } If your config already lists other servers under mcpServers , add the aws entry next to them instead of replacing the block, and keep the JSON valid mind the commas . Change AWS REGION to the region you work in. Pin the proxy version rather than tracking latest. You get reproducible behavior and a guard against a bad release. Check PyPI https://pypi.org/project/mcp-proxy-for-aws/ every few weeks and bump it on purpose. Then install the skills: npx skills add aws/agent-toolkit-for-aws/skills Open Kiro's MCP Server view the Kiro panel in the sidebar, or search "MCP" in the command palette , reconnect the aws server, and you're live. Add the marketplace, then install from inside Codex: codex plugin marketplace add aws/agent-toolkit-for-aws Launch Codex, run /plugins , and install aws-core . The plugins live on the official Anthropic marketplace, included by default: /plugin install aws-core@claude-plugins-official Hit Plugin not found ? Refresh the index with /plugin marketplace update claude-plugins-official and try again. Add aws-agents , aws-data-analytics , or aws-agents-for-devsecops the same way. Add the repo as a team marketplace: Settings → Plugins → Team Marketplaces → Add Marketplace → Import from Repo , pointed at aws/agent-toolkit-for-aws . Open the Plugins panel and install aws-core first, then the others as needed. Anything that speaks MCP works, including Windsurf and Cline. Configure the AWS MCP Server directly see the server setup guide https://docs.aws.amazon.com/agent-toolkit/latest/userguide/getting-started-aws-mcp-server.html , then run npx skills add aws/agent-toolkit-for-aws/skills . Start a fresh conversation and ask: "What AWS Regions are available?" If the agent returns a list, the MCP Server is connected. For a skill check, ask it to "secure an S3 bucket" and watch it load securing-s3-buckets before it writes anything. An authentication error instead means your local credentials aren't reaching the server; see Prerequisites for how to set them up. Setup is the boring part. The workflows below are where it pays off, and each one names the skills and components doing the work. Prompt: "Build a REST API: API Gateway in front of a Lambda that reads and writes a DynamoDB table, deployed with CDK." This is the kind of task agents usually botch, because it spans four services and the IAM glue between them. The agent pulls aws-serverless , connecting-lambda-to-api-gateway , connecting-lambda-to-dynamodb , and aws-cdk , then uses the MCP Server's API tools to provision and the run script sandbox for multi-step setup. The skills carry the wiring, so the Lambda role scopes to your specific table instead of granting access to everything , and the CDK stack follows current patterns instead of a 2023 blog post the model half-remembers. Prompt: "My checkout Lambda times out intermittently and error rates spiked this morning. Help me find why." Point the agent at the symptom and it follows a real diagnostic path. debugging-lambda-timeouts and troubleshooting-application-failures give it the procedure, while aws-observability and querying-aws-cloudwatch let it read the actual logs and metrics through the MCP Server. It checks the configured timeout against duration metrics, looks for cold starts, and inspects downstream calls that block, then tells you what it found. You get an actual investigation rather than a guess. Prompt: "Audit this account's S3 buckets and secrets, and flag anything risky." This is the workflow that separates the toolkit from wiring up a raw MCP server. Before you run it, scope the agent's IAM role to read-only with the condition keys the MCP Server attaches, aws:ViaAWSMCPService and aws:CalledViaAWSMCP , so it can inspect and plan but cannot change anything, even though your own role can. Writing that policy is an advanced step, and the user guide https://docs.aws.amazon.com/agent-toolkit/latest/userguide/what-is-agent-toolkit.html explains how the condition keys fit in; you can skip it the first time through and still get value from the audit. The agent uses securing-s3-buckets and creating-secrets-using-best-practices as its rubric for what counts as risky, and every call lands in CloudTrail for you to review later. On AWS CLI 2.35.0+ , the aws agent-toolkit command group manages skills across all your agents from the terminal: aws agent-toolkit list-installed-skills aws agent-toolkit add-skill --skill-name aws-serverless aws agent-toolkit update-skill --skill-name aws-serverless aws agent-toolkit remove-skill --skill-name aws-cdk --agent kiro There's also search-skills , list-available-skills , and get-skill-metadata for browsing the catalog from the terminal. Without the CLI, re-run npx skills add aws/agent-toolkit-for-aws/skills to pull new skills, and remove them with npx skills remove