AWS agent-toolkit documentation change
Summary
Added authentication requirement note for multi-profile switching and updated mcp-proxy-for-aws version from 1.6.2 to 1.6.3
Security assessment
The change clarifies security limitations of OAuth authentication for account switching and updates a dependency version. While it documents authentication constraints that could prevent privilege escalation risks, there's no evidence of a specific security vulnerability being patched.
Diff
diff --git a/agent-toolkit/latest/userguide/multi-account-access.md b/agent-toolkit/latest/userguide/multi-account-access.md index b811e1a3e..46cc391c8 100644 --- a//agent-toolkit/latest/userguide/multi-account-access.md +++ b//agent-toolkit/latest/userguide/multi-account-access.md @@ -16,0 +17,4 @@ This feature is specific to the AWS MCP Server. Profile switching is not availab +###### Important + +Multi-profile switching requires SigV4 authentication with the MCP Proxy for AWS. OAuth authentication does not support this feature. If you use OAuth, each session is bound to a single IAM role and switching accounts requires re-authentication. + @@ -65 +69 @@ Same behavior, useful for plugin integration where CLI args cannot be modified: - "args": ["mcp-proxy-for-aws==1.6.2", "https://aws-mcp.us-east-1.api.aws/mcp"], + "args": ["mcp-proxy-for-aws==1.6.3", "https://aws-mcp.us-east-1.api.aws/mcp"],