Complete Setup Guide: Asenion MCP + AWS Strands Agent

This guide will help you set up the complete integration from scratch. Follow these steps in order.

Table of Contents

  1. Prerequisites
  2. Step 1: Set Up MCP Server
  3. Step 2: Set Up OPA (Optional but Recommended)
  4. Step 3: Set Up AWS Account and Credentials
  5. Step 4: Enable AWS Bedrock Access
  6. Step 5: Set Up Python Environment
  7. Step 6: Configure the Integration
  8. Step 7: Test the Integration
  9. Step 8: Run Your First Agent
  10. Troubleshooting
  11. Next Steps

Prerequisites

Before you begin, ensure you have:

  • Python 3.11+ installed
  • AWS Account (free tier works)
  • Git (to clone the repository)
  • Windows PowerShell or Linux/Mac Terminal
  • Internet connection

Step 1: Set Up MCP Server

1.1 Navigate to Project Directory 

cd asenion-mcp-main

1.2 Install Dependencies 

pip install -r requirements.txt

This installs:

  • fastapi - Web framework
  • uvicorn - ASGI server
  • fastmcp - MCP SDK
  • mcp - MCP protocol
  • pydantic - Data validation
  • And other dependencies

1.3 Set Environment Variables

Windows PowerShell:

$env:ASENION_ORG_ID="org-123"
$env:ASENION_SYSTEM_ID="sys-1"
$env:ASENION_API_TOKEN="dev-token-please-rotate"
$env:ASENION_ENFORCE_TENANCY="true"
$env:ASENION_COLLAB_AREAS="ai_assistants,chat_clients,code_copilot,doc_drafting"
$env:ASENION_COLLAB_TOOLS="claude,chatgpt,copilot,cursor,notion-ai,slack,teams"

Linux/Mac:

export ASENION_ORG_ID=org-123
export ASENION_SYSTEM_ID=sys-1
export ASENION_API_TOKEN=dev-token-please-rotate
export ASENION_ENFORCE_TENANCY=true
export ASENION_COLLAB_AREAS="ai_assistants,chat_clients,code_copilot,doc_drafting"
export ASENION_COLLAB_TOOLS="claude,chatgpt,copilot,cursor,notion-ai,slack,teams"

1.4 Start MCP Server 

uvicorn asenion_mcp.app:fastapi_app --reload --port 8001

Expected Output:

INFO:     Started server process [xxxxx]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://127.0.0.1:8001

1.5 Verify MCP Server is Running

Windows PowerShell:

Invoke-RestMethod -Uri "http://127.0.0.1:8001/mcp/tools/get_server_info" -Method POST -ContentType "application/json" -Body '{}'

Linux/Mac:

curl -X POST http://127.0.0.1:8001/mcp/tools/get_server_info \
  -H "Content-Type: application/json" \
  -d '{}'

Expected Response:

{
  "name": "asenion-mcp",
  "version": "0.1.1",
  "org_id": "org-123",
  "system_id": "sys-1"
}

Checkpoint: If you see the server info, MCP server is working

OPA (Open Policy Agent) provides policy evaluation. This step is optional but recommended for full functionality.

2.1 Check if OPA Binary Exists

The project includes opa.exe (Windows) in the root directory. If it doesn’t exist, download from: https://www.openpolicyagent.org/docs/latest/#running-opa

2.2 Start OPA Sidecar

Windows:

.\opa.exe run --server --addr=127.0.0.1:8181 .\policy\rego

Linux/Mac:

./opa run --server --addr=127.0.0.1:8181 ./policy/rego

Or use Docker:

docker compose -f docker-compose.opa.yml up -d

2.3 Verify OPA is Running 

Invoke-WebRequest -Uri "http://127.0.0.1:8181/health"

Should return 200 OK.

2.4 Configure OPA Environment Variables

Windows PowerShell:

$env:ASENION_USE_OPA="true"
$env:ASENION_OPA_MODE="sidecar"
$env:ASENION_OPA_URL="http://127.0.0.1:8181/v1/data/policy/asenion/v1/decision"
$env:ASENION_REGO_BUNDLE="asenion-policies@1.0.0"
$env:ASENION_FAIL_CLOSED="false"

Linux/Mac:

export ASENION_USE_OPA=true
export ASENION_OPA_MODE=sidecar
export ASENION_OPA_URL=http://127.0.0.1:8181/v1/data/policy/asenion/v1/decision
export ASENION_REGO_BUNDLE=asenion-policies@1.0.0
export ASENION_FAIL_CLOSED=false

Checkpoint: OPA is running and configured

Step 3: Set Up AWS Account and Credentials

3.1 Create AWS Account (if needed)

  1. Go to https://aws.amazon.com/
  2. Click “Create an AWS Account”
  3. Follow the signup process
  4. Verify your account

3.2 Create IAM User

  1. Log into AWS Console: https://console.aws.amazon.com/
  2. Go to IAM:
    • Search for “IAM” in the top search bar
    • Click on “IAM” service
  3. Create a User:
    • Click “Users” in the left sidebar
    • Click “Create user”
    • Enter username: strands-agent (or any name)
    • Click “Next”
  4. Set Permissions:
    • Select “Attach policies directly”
    • Search for and select: AmazonBedrockFullAccess
    • Click “Next” → “Create user”
  5. Create Access Keys:
    • Click on the user you just created
    • Go to “Security credentials” tab
    • Scroll to “Access keys” section
    • Click “Create access key”
    • Select “Application running outside AWS”
    • Click “Next” → “Create access key”
  6. Save Your Credentials:
    • IMPORTANT: Copy both:
      • Access key ID (starts with AKIA...)
      • Secret access key (long string)
    • Click “Download .csv file” to save them
    • You won’t be able to see the secret key again

3.3 Configure AWS Credentials

Option A: AWS CLI (Recommended)

  1. Install AWS CLI (if not installed):
    • Download from: https://aws.amazon.com/cli/
    • Or: pip install awscli
  2. Configure: 
    aws configure

    Enter when prompted:

    • AWS Access Key ID: [paste your key]
    • AWS Secret Access Key: [paste your secret]
    • Default region: us-east-1
    • Default output format: json (just press Enter)
  3. Verify: 
    aws sts get-caller-identity

    Should return your AWS account ID and user ARN.

Option B: Environment Variables

Windows PowerShell:

$env:AWS_ACCESS_KEY_ID="your_access_key_here"
$env:AWS_SECRET_ACCESS_KEY="your_secret_key_here"
$env:AWS_DEFAULT_REGION="us-east-1"

Linux/Mac:

export AWS_ACCESS_KEY_ID=your_access_key_here
export AWS_SECRET_ACCESS_KEY=your_secret_key_here
export AWS_DEFAULT_REGION=us-east-1

Checkpoint: AWS credentials configured and verified

Step 4: Enable AWS Bedrock Access

4.1 Go to Bedrock Console

  1. Go to: https://console.aws.amazon.com/bedrock/
  2. Or search “Bedrock” in AWS Console

4.2 Open Model Catalog

  1. Click “Model catalog” in the left sidebar
  2. Find “Claude” models (e.g., “Claude Sonnet 4”)
  3. Click on the model to open it

4.3 Open in Playground

  1. Click “Open in Playground” button
  2. If it’s your first time, you’ll see a form asking for use case details

4.4 Fill Out Use Case Form

Fill it out with:

  • Use case: “AI agent for governance and compliance checking”
  • Description: “Using Claude to help with policy compliance decisions via MCP tools”
  • Industry: Select appropriate (e.g., “Technology”, “Financial Services”)
  • Submit the form

4.5 Wait for Approval

  • Usually instant (a few minutes)
  • You’ll get an email when approved
  • After approval, the model will work automatically

Checkpoint: Bedrock access granted

Step 5: Set Up Python Environment

5.1 Navigate to Strands Directory 

cd strands_asenion

5.2 Create Virtual Environment

Windows:

python -m venv venv
venv\Scripts\Activate.ps1

Linux/Mac:

python -m venv venv
source venv/bin/activate

5.3 Install Dependencies 

pip install strands-agents strands-agents-tools

This installs:

  • strands-agents - AWS Strands Agent SDK
  • strands-agents-tools - Additional tools
  • All required dependencies (boto3, mcp, etc.)

Checkpoint: Virtual environment created and dependencies installed

Step 6: Configure the Integration

6.1 Check Configuration File

The file strands_asenion/config.py should already be configured:

ASENION_MCP_URL = os.environ.get("ASENION_MCP_URL", "http://127.0.0.1:8001/mcp")
ASENION_TOKEN = os.environ.get("ASENION_API_TOKEN", "dev-token-please-rotate")

6.2 Set MCP URL (if needed)

If your MCP server is on a different URL (e.g., via ngrok):

Windows PowerShell:

$env:ASENION_MCP_URL="https://your-ngrok-url.ngrok.app/mcp"

Linux/Mac:

export ASENION_MCP_URL=https://your-ngrok-url.ngrok.app/mcp

Checkpoint: Configuration is set

Step 7: Test the Integration

7.1 Test MCP Connection 

python test_connection.py

Expected Output:

[OK] MCP Client connected successfully
[OK] Found 11 tools:
  - check_action: ...
  - required_prompts: ...
  ...
[OK] Connection test successful

7.2 Test AWS Credentials 

aws sts get-caller-identity

Should return your AWS account information.

Checkpoint: Both MCP and AWS are working

Step 8: Run Your First Agent

8.1 Run the Main Script 

python main.py

Expected Output:

Connecting to Asenion MCP server...
[OK] Connected to MCP server
[OK] Loaded 11 governance tools
[OK] AWS credentials configured (Account: xxxxx)
Creating Strands Agent...
[OK] Agent created

Question: Can I send customer PII to alice@external.com...?

Agent response:
------------------------------------------------------------
[Agent's response with governance decision]
------------------------------------------------------------

8.2 Try Your Own Questions

Edit main.py and change the question:

q = "Your question here"

Or create an interactive chat:

while True:
    question = input("Your question: ")
    if question.lower() in ('quit', 'exit'):
        break
    response = agent(question)
    print(response)

Checkpoint: Agent is working end-to-end

Troubleshooting

Issue: “MCP Server connection failed”

Symptoms:

  • ConnectionError or Unable to connect
  • getaddrinfo failed

Solutions:

  1. Check MCP server is running: 
    netstat -ano | findstr ":8001"
  2. Verify URL in config.py matches your server
  3. Check firewall settings
  4. Restart MCP server if needed

Issue: “Unable to locate credentials”

Symptoms:

  • NoCredentialsError
  • Unable to locate credentials

Solutions:

  1. Run aws configure and enter credentials
  2. Or set environment variables: 
    $env:AWS_ACCESS_KEY_ID="your_key"
$env:AWS_SECRET_ACCESS_KEY="your_secret"
  3. Verify with: aws sts get-caller-identity

Issue: “ResourceNotFoundException” (Bedrock)

Symptoms:

  • Model use case details have not been submitted

Solutions:

  1. Go to AWS Bedrock Console → Model catalog
  2. Open Claude model in Playground
  3. Fill out and submit the use case form
  4. Wait for approval (usually instant)

Issue: “ModuleNotFoundError: No module named ‘strands’”

Symptoms:

  • Import errors when running scripts

Solutions:

  1. Activate virtual environment: 
    venv\Scripts\Activate.ps1
  2. Install dependencies: 
    pip install strands-agents strands-agents-tools

Issue: “Port 8001 already in use”

Symptoms:

  • [Errno 10048] error while attempting to bind

Solutions:

  1. Find the process: 
    netstat -ano | findstr ":8001"
  2. Kill it: 
    taskkill /PID <process_id> /F
  3. Or use a different port: 
    uvicorn asenion_mcp.app:fastapi_app --port 8002

Issue: “OPA not responding”

Symptoms:

  • OPA health check fails
  • Policy evaluation errors

Solutions:

  1. Check OPA is running: 
    curl http://127.0.0.1:8181/health
  2. Restart OPA: 
    .\opa.exe run --server --addr=127.0.0.1:8181 .\policy\rego
  3. Verify policies are in policy/rego/ directory

Next Steps

Customize the Agent

Edit main.py to customize:

  • System prompt
  • Default questions
  • Error handling
  • Logging level

Add More Tools

The framework supports all 11 MCP tools. See INTEGRATION_REPORT.md for details.

Deploy to Production

  1. Deploy MCP server to cloud (AWS ECS/Lambda)
  2. Set up proper authentication
  3. Configure monitoring
  4. Use HTTPS/TLS

Quick Reference

Start Everything

Terminal 1 - MCP Server:

cd asenion-mcp-main
uvicorn asenion_mcp.app:fastapi_app --port 8001

Terminal 2 - OPA (Optional):

cd asenion-mcp-main
.\opa.exe run --server --addr=127.0.0.1:8181 .\policy\rego

Terminal 3 - Run Agent:

cd strands_asenion
venv\Scripts\Activate.ps1
python main.py

Environment Variables Summary 

# MCP Server
$env:ASENION_ORG_ID="org-123"
$env:ASENION_SYSTEM_ID="sys-1"
$env:ASENION_API_TOKEN="dev-token-please-rotate"

# OPA (if using)
$env:ASENION_USE_OPA="true"
$env:ASENION_OPA_URL="http://127.0.0.1:8181/v1/data/policy/asenion/v1/decision"

# AWS (via aws configure or env vars)
$env:AWS_ACCESS_KEY_ID="your_key"
$env:AWS_SECRET_ACCESS_KEY="your_secret"
$env:AWS_DEFAULT_REGION="us-east-1"

Useful Commands 

# Test MCP server
Invoke-RestMethod -Uri "http://127.0.0.1:8001/mcp/tools/get_server_info" -Method POST -ContentType "application/json" -Body '{}'

# Test AWS credentials
aws sts get-caller-identity

# Test connection
cd strands_asenion
python test_connection.py

Getting Help

  • Documentation: See README.md and INTEGRATION_REPORT.md
  • Examples: Check demos/ directory
  • Issues: Review troubleshooting section above

Summary Checklist

Use this checklist to verify your setup:

  • MCP server running on port 8001
  • AWS account created
  • IAM user created with Bedrock permissions
  • AWS credentials configured (aws configure)
  • AWS credentials verified (aws sts get-caller-identity)
  • Bedrock model access granted (Claude)
  • Python virtual environment created
  • Dependencies installed (strands-agents, etc.)
  • MCP connection test passed
  • Agent runs successfully

Once all items are checked, you’re ready to use the integration

Table of contents