Oura Ring MCP Server

BEDROCK_DEPLOYMENT.md•9.96 KiB

# AWS Bedrock Deployment Guide This guide provides detailed instructions for deploying the Oura MCP Server to AWS Bedrock AgentCore. ## Overview AWS Bedrock AgentCore allows you to create AI agents that can use MCP servers to access external data and APIs. This deployment will: 1. Package the Oura MCP server as a Docker container 2. Store the container in Amazon ECR (Elastic Container Registry) 3. Securely store your Oura API token in AWS Secrets Manager 4. Create a Bedrock Agent that uses the MCP server ## Prerequisites Before you begin, ensure you have: - **AWS Account** with Bedrock access enabled - **AWS CLI** installed and configured (`aws configure`) - **Docker** installed and running - **Oura Personal Access Token** from [cloud.ouraring.com/personal-access-tokens](https://cloud.ouraring.com/personal-access-tokens) - **IAM Permissions** to create: - ECR repositories - Secrets Manager secrets - IAM roles - Bedrock agents ## Automated Deployment The easiest way to deploy is using the provided script: ```bash # Set your Oura token export OURA_PERSONAL_ACCESS_TOKEN="your_token_here" # Optional: Set AWS region (defaults to us-east-1) export AWS_REGION="us-east-1" # Run deployment ./deploy-bedrock.sh ``` The script will guide you through the entire process and provide the configuration details you need. ## Manual Deployment ### Step 1: Create ECR Repository ```bash aws ecr create-repository \ --repository-name oura-mcp-server \ --region us-east-1 \ --image-scanning-configuration scanOnPush=true ``` ### Step 2: Build Docker Image ```bash docker build -t oura-mcp-server:latest . ``` ### Step 3: Push to ECR ```bash # Get your AWS account ID AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) # Login to ECR aws ecr get-login-password --region us-east-1 | \ docker login --username AWS --password-stdin \ ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com # Tag image docker tag oura-mcp-server:latest \ ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/oura-mcp-server:latest # Push image docker push ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/oura-mcp-server:latest ``` ### Step 4: Create IAM Role for Bedrock Create a trust policy file `trust-policy.json`: ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } ``` Create the role: ```bash aws iam create-role \ --role-name BedrockAgentRole \ --assume-role-policy-document file://trust-policy.json # Attach Bedrock policy aws iam attach-role-policy \ --role-name BedrockAgentRole \ --policy-arn arn:aws:iam::aws:policy/AmazonBedrockFullAccess ``` ### Step 5: Store Oura Token in Secrets Manager ```bash aws secretsmanager create-secret \ --name oura-mcp-server/token \ --description "Oura Ring API Personal Access Token" \ --secret-string '{"OURA_PERSONAL_ACCESS_TOKEN":"YOUR_TOKEN_HERE"}' \ --region us-east-1 ``` ### Step 6: Create Bedrock Agent 1. **Navigate to AWS Bedrock Console**: - Go to [AWS Bedrock Console](https://console.aws.amazon.com/bedrock) - Select "Agents" from the left menu - Click "Create Agent" 2. **Configure Agent Basic Settings**: - **Agent name**: `oura-health-agent` - **Description**: `Agent for accessing Oura Ring health and fitness data` - **Agent resource role**: Select the `BedrockAgentRole` you created - **Foundation model**: `Anthropic Claude 3.5 Sonnet v2` - **Instructions**: ``` You are a health and fitness assistant with access to Oura Ring data. Help users understand their sleep patterns, activity levels, readiness scores, and overall health metrics. Provide insights and recommendations based on their data. ``` 3. **Add MCP Server**: - In the "Action groups" section, click "Add MCP server" - **Server type**: Container - **Container image URI**: `YOUR_ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com/oura-mcp-server:latest` - **Environment variables**: - Click "Add environment variable from Secrets Manager" - **Secret ARN**: `arn:aws:secretsmanager:us-east-1:YOUR_ACCOUNT_ID:secret:oura-mcp-server/token` - **Key**: `OURA_PERSONAL_ACCESS_TOKEN` 4. **Review and Create**: - Review all settings - Click "Create Agent" 5. **Prepare Agent**: - After creation, click "Prepare" to make the agent ready for use - Wait for preparation to complete ## Testing Your Agent ### Test in AWS Console 1. Go to your agent in the Bedrock console 2. Click "Test" in the top right 3. Try these queries: - "Show me my sleep data from last week" - "What was my readiness score yesterday?" - "How active was I this month?" ### Test via AWS CLI ```bash aws bedrock-agent-runtime invoke-agent \ --agent-id YOUR_AGENT_ID \ --agent-alias-id TESTALIAS \ --session-id test-session-1 \ --input-text "What was my sleep score last night?" \ --region us-east-1 \ response.txt cat response.txt ``` ## Configuration Options ### Environment Variables You can configure the MCP server with these environment variables: | Variable | Description | Required | |----------|-------------|----------| | `OURA_PERSONAL_ACCESS_TOKEN` | Your Oura API token | Yes | | `OURA_CLIENT_ID` | OAuth2 client ID (future) | No | | `OURA_CLIENT_SECRET` | OAuth2 client secret (future) | No | ### Container Resources For production use, consider adjusting container resources: - **Memory**: 512 MB (default) - increase for heavy usage - **CPU**: 0.25 vCPU (default) - increase for concurrent requests - **Timeout**: 30 seconds (default) ## Monitoring and Logging ### CloudWatch Logs Your MCP server logs are available in CloudWatch: ```bash aws logs tail /aws/bedrock/agents/oura-health-agent --follow ``` ### Container Insights Enable Container Insights for detailed metrics: ```bash aws ecs update-cluster-settings \ --cluster bedrock-agents \ --settings name=containerInsights,value=enabled ``` ### Metrics to Monitor - **Invocation count**: Number of tool calls - **Error rate**: Failed API requests - **Latency**: Response time per tool - **Token usage**: API token consumption ## Security Best Practices ### 1. Token Rotation Rotate your Oura Personal Access Token regularly: ```bash # Update secret with new token aws secretsmanager update-secret \ --secret-id oura-mcp-server/token \ --secret-string '{"OURA_PERSONAL_ACCESS_TOKEN":"NEW_TOKEN_HERE"}' ``` ### 2. IAM Least Privilege Review and restrict IAM role permissions: ```bash aws iam get-role-policy \ --role-name BedrockAgentRole \ --policy-name BedrockAgentPolicy ``` ### 3. VPC Configuration For enhanced security, deploy in a VPC: - Use private subnets - Configure security groups - Enable VPC endpoints for ECR and Secrets Manager ### 4. Encryption Ensure encryption at rest and in transit: - ECR images are encrypted by default - Secrets Manager uses KMS encryption - Use HTTPS for all API calls ## Troubleshooting ### Agent Creation Fails **Error**: "Invalid container image" - Verify image URI is correct - Check image exists in ECR - Ensure IAM role has ECR access **Error**: "Cannot access secret" - Verify secret ARN is correct - Check IAM role has Secrets Manager permissions - Ensure secret is in same region ### Runtime Errors **Error**: "Authentication failed" - Check Oura token is valid - Verify token hasn't expired - Ensure secret is properly configured **Error**: "Timeout" - Increase container timeout - Check network connectivity - Review Oura API status ### No Data Returned **Issue**: Empty responses from tools - Verify Oura Ring is syncing - Check date range parameters - Ensure user has data for requested period ## Cost Optimization ### ECR Storage - Use lifecycle policies to remove old images - Keep only latest and production tags ```bash aws ecr put-lifecycle-policy \ --repository-name oura-mcp-server \ --lifecycle-policy-text file://lifecycle-policy.json ``` ### Secrets Manager - Use single secret for multiple environments - Consider secret rotation policies ### Bedrock Invocations - Cache responses when appropriate - Batch requests where possible - Monitor token usage ## Updating the Server ### Deploy New Version ```bash # Build new version docker build -t oura-mcp-server:v2 . # Tag as latest docker tag oura-mcp-server:v2 \ ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/oura-mcp-server:latest # Push to ECR docker push ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/oura-mcp-server:latest # Update agent (triggers automatic redeployment) aws bedrock-agent update-agent \ --agent-id YOUR_AGENT_ID \ --agent-name oura-health-agent ``` ### Rollback ```bash # List available image tags aws ecr describe-images \ --repository-name oura-mcp-server # Tag previous version as latest docker pull ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/oura-mcp-server:v1 docker tag ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/oura-mcp-server:v1 \ ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/oura-mcp-server:latest docker push ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/oura-mcp-server:latest ``` ## Advanced Configuration ### Multi-Region Deployment Deploy to multiple regions for redundancy: ```bash for region in us-east-1 us-west-2 eu-west-1; do ./deploy-bedrock.sh --region $region done ``` ### Custom Domain Use API Gateway for custom domain: 1. Create REST API in API Gateway 2. Configure proxy integration to Bedrock 3. Set up custom domain 4. Update DNS records ## Support and Resources - **AWS Support**: [AWS Support Center](https://console.aws.amazon.com/support) - **Bedrock Documentation**: [AWS Bedrock Docs](https://docs.aws.amazon.com/bedrock) - **GitHub Issues**: [Report issues](https://github.com/yourusername/oura-mcp-python/issues) ## Next Steps After successful deployment: 1. Test all available tools 2. Set up monitoring dashboards 3. Configure alerts for errors 4. Document your use cases 5. Share with your team Happy health tracking with AWS Bedrock!

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/abekek/oura-mcp-python'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

BEDROCK_DEPLOYMENT.md•9.96 KiB