IAM for the AWS CLI

The aws configure agent-toolkit and aws agent-toolkit commands do not use IAM. These commands fetch AWS-vended skills from a public, read-only catalog over HTTPS. The AWS CLI does not sign requests or send credentials when using these commands.

You do not need to grant any IAM permissions to discover, install, update, remove, or search for skills with the AWS CLI. No IAM policies, roles, or identity configuration is required.

For information about IAM permissions required by the AWS MCP Server (the authenticated component that executes AWS API calls on your behalf), see Identity and access management for AWS MCP Server.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Data protection for the AWS CLI

Monitoring