Infrastructure
AWS resources deployed in your account.
Architecture
Resources
| Service | Resource | Purpose |
|---|---|---|
| VPC | Network + NAT | Isolated network, outbound access |
| EKS | Cluster + nodes | MCP servers, Data Plane API |
| RDS | PostgreSQL | Conversations, config, audit |
| ElastiCache | Valkey | Caching, rate limiting |
| Bedrock | Knowledge Base | AI (Gemma 3 12B), document search |
| OpenSearch | Serverless | Vector embeddings |
| S3 | Bucket | Document storage |
| KMS | Keys | Encryption |
| Secrets Manager | Secrets | MCP credentials |
Resource Tags
All provisioned resources are tagged for easy identification and cost tracking:
| Tag | Value |
|---|---|
ManagedBy | corpai-terraform |
Organization | Your organization ID |
Project | corpai |
CostCenter | corpai-self-hosted |
Use these tags in AWS Cost Explorer to track CorpAI-related costs.
Security
- All data in private subnets
- No inbound internet access
- KMS encryption at rest
- TLS in transit
- IRSA for pod credentials (no static keys)
Monitoring
CloudWatch logs for EKS, RDS, and API access. Set up alarms for CPU, memory, and error rates.
Next
Last updated on