Introducing OAuth Support for AWS MCP Server
Summary
AWS has added OAuth support to its MCP Server (Model Context Protocol, a standard for connecting AI agents to external tools), allowing AI agents like Claude to access AWS services using the same login methods you'd use for the AWS console or command line. The service includes new security features like token revocation, dynamic client registration, and new audit logging in AWS CloudTrail (AWS's service that records all actions taken in your AWS account).
Solution / Mitigation
To set up OAuth for the AWS MCP Server, attach the managed policy 'AWSMCPSignInOAuthAccessPolicy' to your IAM role using the AWS CLI command: aws iam attach-role-policy --role-name <MyRole> --policy-arn arn:aws:iam::aws:policy/AWSMCPSignInOAuthAccessPolicy. Then add the MCP Server endpoint to your agent's configuration using: claude mcp add --transport http aws-mcp https://aws-mcp.us-east-1.api.aws/mcp. When the agent first needs access, it will open a browser for you to authenticate and approve the authorization request.
Classification
Affected Vendors
Related Issues
Original source: https://aws.amazon.com/blogs/security/introducing-oauth-support-for-aws-mcp-server/
First tracked: July 9, 2026 at 08:01 PM
Classified by LLM (prompt v3) · confidence: 85%