Data Plane
The Data Plane runs in your AWS account. Handles MCP server execution, AI processing, policies, and data storage.
Infrastructure
| Resource | Purpose |
|---|---|
| EKS | MCP servers, Data Plane API |
| RDS PostgreSQL | Conversations, config, audit |
| ElastiCache Valkey | Caching, rate limiting |
| S3 | Document storage |
| Bedrock + OpenSearch | AI (Gemma 3 12B) and vector search |
| Secrets Manager | MCP credentials |
Data Residency
| Data | Location | Encryption |
|---|---|---|
| Documents | S3 | KMS |
| Conversations | RDS | KMS |
| MCP credentials | Secrets Manager | KMS |
| Embeddings | OpenSearch | KMS |
Data Plane API
Runs in your EKS cluster. Your endpoint URL is displayed in Settings → Infrastructure after deployment.
Handles:
- JWT-authenticated requests from Control Plane
- AI processing via Bedrock (Gemma 3 12B)
- MCP server management
- Document uploads and Knowledge Base queries
MCP Server Execution
Each MCP server runs as a Kubernetes deployment:
- Isolated namespace
- IRSA for AWS credentials (no static keys)
- Secrets from your Secrets Manager
- Network policies for egress control
Supported Regions
All major AWS regions including:
| Americas | Europe | Asia Pacific |
|---|---|---|
| us-east-1 (Virginia) | eu-west-1 (Ireland) | ap-southeast-1 (Singapore) |
| us-east-2 (Ohio) | eu-west-2 (London) | ap-southeast-2 (Sydney) |
| us-west-1 (California) | eu-west-3 (Paris) | ap-northeast-1 (Tokyo) |
| us-west-2 (Oregon) | eu-central-1 (Frankfurt) | ap-northeast-2 (Seoul) |
| ca-central-1 (Canada) | eu-north-1 (Stockholm) | ap-south-1 (Mumbai) |
| sa-east-1 (São Paulo) |
Outbound Connectivity
| Destination | Path | Purpose |
|---|---|---|
| *.corpai.io | NAT Gateway | Control Plane |
| S3, ECR, STS, Bedrock | VPC Endpoints | AWS services (private, no internet) |
| External APIs | NAT Gateway | MCP integrations (GitHub, Jira, etc.) |
Next
Last updated on