AWS just made its cloud programmable for AI agents — with an audit trail to match

Amazon Web Services quietly closed a gap that has been blocking enterprise agents from doing real work in cloud environments. The AWS MCP Server, a piece of infrastructure that lets software agents interact with AWS using the Model Context Protocol, moved to general availability on May 6, 2026 — six months after its preview debut at re:Invent 2025, according to AWS's announcement.

What changed with the GA release is the IAM context key aws:CalledViaAWSMCP, which CloudTrail writes when an agent makes an API call. Before this key existed, an agent using your credentials looked identical to you using your credentials in your audit logs: same IAM principal, same API calls, no way to distinguish them without custom instrumentation. Now CloudTrail records agent-initiated actions separately, and you can write IAM policies that apply specifically to agent-initiated behavior — a different permission model than granting broad access to anyone holding the access key, AWS explains.

That is the practical effect: the provenance layer for agentic cloud operations is now an AWS problem, not a builder problem. You no longer need to roll your own audit trail to let an agent provision infrastructure, query CloudWatch, or spin up a Lambda function.

The AWS MCP Server itself is free. You pay only for the AWS resources your agents actually use, AWS says. The server exposes 15,000 or more AWS API operations through a single tool called call_aws, using your existing IAM credentials. It also includes run_script, which executes Python in a sandboxed environment that inherits your IAM permissions but cannot reach the internet — useful for running short-lived scripts for data processing or tool calling without network egress, according to the AWS blog post.

Skills replace the older Agent SOPs as the format for giving agents procedural knowledge. The shift is architectural: where SOPs were static documents the agent read before acting, Skills are loaded on demand as the agent encounters specific tasks. AWS calls this the most significant addition in the GA release.

Documentation search and skill discovery no longer require AWS credentials — a practical change that removes one of the barriers for teams evaluating the server before committing to an AWS account, per the what's-new post. The server is available in two regions at launch: US East (N. Virginia) and Europe (Frankfurt).

The competitive context is worth noting. By Q1 2026, Google had added MCP support to its Gemini API and Vertex AI Agent Builder, following Microsoft which shipped MCP servers for GitHub, Azure, Teams, and Microsoft 365 by Q3 2025, per an independent analysis of MCP adoption. MCP itself is governed by the Linux Foundation's Agentic AI Foundation — it is not an AWS-only protocol. But AWS's implementation is the one that ships with native IAM audit trails and direct billing attribution, which is the combination enterprise buyers have been waiting for.

The deeper question — whether agents actually use the right service for the job, and whether the Skills-based guidance actually improves task completion rates in production — is not answered by the GA announcement. AWS says Skills are evaluated end-to-end by AWS teams, but independent benchmarks are not available yet. The infrastructure is real. The outcome data is not.

What to watch next: whether the two-region launch expands, and whether the open-source community treats the legacy awslabs/mcp repository as genuinely superseded or continues maintaining it as a lighter-weight alternative to the Agent Toolkit for AWS.