AWS Weekly Brief By Laroy Shtotland

← Home

Week 19 · 2 min read

May 4 – May 11, 2026

  • MCP
  • IAM
  • STIG
  • OpenSearch
  • Lattice
  • Bedrock

The AWS MCP Server is now generally available. It operates as a managed remote Model Context Protocol server enabling AI agents to securely invoke over 15,000 AWS API operations using existing IAM credentials. Fine-grained IAM context keys sandboxed script execution and CloudTrail logging separate agent permissions from human accounts while pulling current documentation to cut errors.

AWS IAM now provides higher maximum quotas for roles role trust policies instance profiles managed policies and identity providers. Customer managed policies per account reach 10,000 roles per account reach 10,000 managed policies per role reach 25 and trust policy length reaches 8,192 characters. These increases deliver greater flexibility for scaling access controls in large enterprise workloads.

AWS Directory Service expands directory security settings with STIG-aligned controls for Managed AD. The new configurations target high-impact security areas and align with DISA STIGs for Windows Server and Active Directory. Security teams can apply them consistently through the console APIs or self-service interfaces across regions and domain controllers to reduce configuration drift in regulated environments.

Amazon OpenSearch Service now supports VPC egress for private connectivity to resources in your VPC. Outbound traffic routes directly to ML models AWS services and custom applications without public internet exposure. Network interfaces added to selected subnets strengthen isolation for sensitive data processing workloads.

AWS Site-to-Site VPN now supports modifying tunnel bandwidth on existing VPN connections. Teams can adjust between standard and large tiers up to 5 Gbps without deleting the connection or updating on-premises devices. IP addresses CIDR blocks and pre-shared keys stay intact to simplify performance scaling with zero downtime.

Amazon VPC Lattice resource configurations now support private domain-name targets. Private FQDNs can be shared securely across accounts using VPC DNS resolution. Resource gateways with IN_VPC settings route traffic directly to privately-hosted backends without relying on public DNS entries.

AWS announced the Agent Toolkit to help AI coding agents build effectively on AWS. This production-ready suite succeeds earlier MCP components with over 40 validated skills for authoring CloudFormation templates and serverless applications. A fully-managed MCP server adds IAM guardrails and observability to lower token costs and strengthen enterprise security controls with no additional charges beyond standard resource usage.

Amazon Bedrock AgentCore now includes Payments in preview for agents that transact. AI agents autonomously handle the full payment lifecycle through Coinbase or Stripe wallets with session spending limits and built-in governance. Observability through existing logs metrics and traces ensures controlled transactions across APIs and services without disrupting reasoning flows.