Support for AWS aws login command #1824
Description
Describe the feature
I would like AWS MCP servers to support authentication using the new aws login command announced by AWS on November 19, 2025.
Currently, AWS MCP servers recommend authentication methods using the AWS_PROFILE environment variable, but credentials generated by aws login do not appear to be properly recognized.
Use Case
Background:
aws login is a new feature that automatically generates and rotates (every 15 minutes) short-term credentials using AWS Management Console credentials. This provides the following benefits:
- No need to manage long-term access keys
- Secure authentication (using OAuth 2.0 + PKCE)
- Simple setup (browser authentication only)
Problem:
When using AWS MCP servers, even after authenticating with aws login and configuring as follows, the credentials are not properly recognized:
# Authenticate with AWS CLI 2.32.0
aws login# MCP configuration example (mcp.json)
{
"mcpServers": {
"aws-api": {
"command": "uvx",
"args": ["awslabs.aws-api-mcp-server@latest"],
"env": {
"AWS_REGION": "us-east-1"
}
}
}
}Expected behavior:
The AWS SDK credential chain should automatically detect credentials generated by aws login, and the MCP server should operate normally.
Actual behavior:
Credentials are not detected, and the MCP server fails to start or AWS API access fails.
Proposed Solution
Please enable AWS MCP servers to properly recognize credentials generated by aws login.
Implementation approach (speculation):
Supporting aws login likely requires adding the botocore[crt] dependency:
uv add botocore[crt]Adding this dependency should enable the AWS SDK credential chain to properly recognize credentials generated by aws login.
Other Information
Reference links:
- AWS Official Announcement
- AWS Security Blog: Simplified developer access to AWS with 'aws login'
- AWS CLI User Guide: Sign in for authentication
Acknowledgements
- I may be able to implement this feature request
- This feature might incur a breaking change