Setup Guide
Deploy CorpAI infrastructure to your AWS account.
Prerequisites
- CorpAI organization account with admin access
- AWS account with an IAM user that has
PowerUserAccess+IAMFullAccess - AWS Access Key ID and Secret Access Key
1. Validate Credentials
- Log in to app.corpai.io
- Go to Settings → Infrastructure Setup
- Enter AWS credentials and select region
- Click Validate Credentials
2. Provision Infrastructure
Run each step in order. Each must complete before the next begins.
| Step | What It Creates | Time |
|---|---|---|
| VPC & Networking | VPC, subnets, NAT Gateway | 5-10 min |
| RDS PostgreSQL | Database | 10-15 min |
| ElastiCache Valkey | Cache | 5-10 min |
| EKS Cluster | Kubernetes for MCP servers | 15-20 min |
| Bedrock Knowledge Base | AI + vector search | 5-10 min |
| Database Schema | Tables | 1-2 min |
Advanced: Expand options to customize instance sizes for RDS, Valkey, and EKS.
3. Configure Cross-Account Access
Create an IAM role for CorpAI to manage resources:
- Go to AWS IAM Console → Roles → Create role
- Select “AWS account” → enter your account ID
- Attach policies:
AmazonEKSClusterPolicyAmazonBedrockFullAccessAmazonS3FullAccess
- Name it
corpai-cross-account-access - Copy the Role ARN
- Paste in CorpAI Settings and click Set Role
4. ACM Certificate Setup
Your Data Plane API requires an SSL certificate. Since the certificate must be in your AWS account, you need to create it in AWS Certificate Manager (ACM).
Create the Certificate
- Go to AWS Certificate Manager in the same region as your CorpAI-provisioned EKS cluster
- Click Request → select Request a public certificate
- Enter the domain shown in your CorpAI UI
- Select Disable export and DNS validation
- Click Request
Add DNS Validation Record
ACM provides a CNAME record for domain validation. CorpAI then adds this domain for you:
- In ACM, copy the CNAME name and CNAME value from the validation details
- In CorpAI Settings, paste both values in the ACM Certificate Setup section
- Click Add DNS Record
Save Certificate ARN
- Wait for ACM status to show Issued (usually 5-30 minutes)
- Copy the Certificate ARN from ACM
- Paste in CorpAI Settings and click Save Certificate
Important: Only save the ARN after the certificate shows “Issued” status. If the certificate is still pending, Data Plane deployment will fail.
5. Deploy Data Plane API
- Enter AWS credentials
- Click Deploy Data Plane API
- Wait 2-5 minutes for deployment
The Data Plane API is deployed to your EKS cluster with an NLB (Network Load Balancer) configured with your ACM certificate.
6. Verify Health
Status should show Healthy. If it shows Propagating, wait a few minutes for DNS.
| Status | Meaning |
|---|---|
| Healthy | Ready to use |
| Propagating | DNS resolving, wait |
| Unhealthy | Check NAT Gateway and security groups |
Next: Add Credentials & Deploy MCP Servers
After your Data Plane is healthy:
- Add credentials in Settings → Credentials (GitHub tokens, Atlassian tokens, etc.)
- Deploy MCP servers in MCP Servers page
- Configure policies to grant tool access
See Management for details.
Troubleshooting
Provisioning failed: Check error message. Common issues:
- Resource quota exceeded → Request increase in AWS
- Access denied → Verify IAM permissions
ACM certificate not issuing:
- Verify DNS validation record was added (check with CorpAI support)
- Ensure you requested the certificate in the correct region (same as EKS)
Data Plane deployment failed:
- Ensure ACM certificate shows “Issued” status before deploying
- Verify the certificate matches the wildcard domain shown in the UI
API unhealthy: Check NAT Gateway is active and security groups allow outbound 443.
Stuck propagating: Wait up to 30 min. Check Route 53 for DNS record.