AWS Security ChangesHomeSearch

AWS agent-toolkit documentation change

Service: agent-toolkit · 2026-07-10 · Documentation low

File: agent-toolkit/latest/userguide/multi-account-access.md

Summary

Added authentication requirement note for multi-profile switching and updated mcp-proxy-for-aws version from 1.6.2 to 1.6.3

Security assessment

The change clarifies security limitations of OAuth authentication for account switching and updates a dependency version. While it documents authentication constraints that could prevent privilege escalation risks, there's no evidence of a specific security vulnerability being patched.

Diff

diff --git a/agent-toolkit/latest/userguide/multi-account-access.md b/agent-toolkit/latest/userguide/multi-account-access.md
index b811e1a3e..46cc391c8 100644
--- a//agent-toolkit/latest/userguide/multi-account-access.md
+++ b//agent-toolkit/latest/userguide/multi-account-access.md
@@ -16,0 +17,4 @@ This feature is specific to the AWS MCP Server. Profile switching is not availab
+###### Important
+
+Multi-profile switching requires SigV4 authentication with the MCP Proxy for AWS. OAuth authentication does not support this feature. If you use OAuth, each session is bound to a single IAM role and switching accounts requires re-authentication.
+
@@ -65 +69 @@ Same behavior, useful for plugin integration where CLI args cannot be modified:
-          "args": ["mcp-proxy-for-aws==1.6.2", "https://aws-mcp.us-east-1.api.aws/mcp"],
+          "args": ["mcp-proxy-for-aws==1.6.3", "https://aws-mcp.us-east-1.api.aws/mcp"],