1 — Native VPC deployment paradigm — network isolation, marketplace procurement & data residency.
This section establishes the foundational deployment model — demonstrating definitively that Layerup AI Agents operate entirely within your network boundaries, rather than as an external SaaS service calling back to Layerup-controlled infrastructure. This is the section your Enterprise Architecture and Network Security teams should review first.1.1 Sovereign tenancy — what it means architecturally
The central design principle of the Layerup AI Agents is sovereign tenancy. Your organisation does not share compute, memory, network space, or data storage with any other Layerup customer. The agent is provisioned exclusively within your own cloud account and executed within your own Virtual Private Cloud (VPC) on AWS, or Virtual Network (VNet) on Azure. This model is fundamentally different from traditional AI-as-a-Service products, where an enterprise sends application data to a third-party API endpoint hosted outside its network:| dimension | traditional AI-as-a-Service | Layerup AI Agents |
|---|---|---|
| Compute location | Vendor’s cloud account | Your cloud account |
| Data residency | Vendor’s infrastructure | Your VPC / VNet |
| Inference routing | Vendor’s model endpoints | Amazon Bedrock / Azure OpenAI within your tenant |
| Security controls | Vendor-managed | Your IAM, your guardrails, your encryption keys |
| Audit logs | Vendor’s logging system | Your CloudWatch / Azure Monitor |
| Network boundary | Public API call egresses your network | No egress; VPC Endpoints only |
| Procurement | Direct vendor contract | AWS Marketplace or Azure Marketplace |
1.2 Marketplace procurement — enterprise-grade supply chain
Your organisation acquires the Layerup AI Agent container artifacts through the cloud marketplace of your preferred provider. This is the recommended procurement path for enterprise customers who wish to maintain strict vendor security reviews and draw down on existing cloud spending commitments.1.2.1 AWS Marketplace
AWS launched a dedicated category for AI Agents and Tools within AWS Marketplace in mid-2025. Through this channel:- The Layerup agent is listed as a container-based product. Your procurement team subscribes to the listing directly within your AWS account.
- The signed Docker container image is delivered securely into your own Amazon Elastic Container Registry (ECR) — a private registry within your AWS account that Layerup cannot access after delivery.
- Any spend on the Layerup agent via AWS Marketplace draws down on your existing AWS Enterprise Discount Program (EDP) commitment, consolidating vendor spend within the cloud relationship already in place.
- The entire procurement transaction occurs within the AWS console, ensuring your standard vendor onboarding, contract, and security review workflows apply.
1.2.2 Azure Marketplace
For Azure environments, an equivalent path exists via the Azure Marketplace:- The agent is listed as a Container App offer or a Managed Application, delivered directly into your Azure Container Registry (ACR).
- Marketplace spend draws down on your Microsoft Azure Consumption Commitment (MACC), maintaining consolidated cloud economics.
- The Azure Marketplace listing includes full Software Bill of Materials (SBOM) disclosure for your security review team — available before subscription.
1.3 VPC isolation and network boundary architecture
Once the container image is delivered into your private registry, all subsequent infrastructure lives inside your private network. The following describes the AWS deployment network topology; Azure and GCP equivalents are structurally identical.| network component | description |
|---|---|
| VPC | The agent container runs exclusively within your dedicated AWS Virtual Private Cloud. The VPC is not shared with any external party. |
| Private Subnets | The agent’s compute instances (ECS Tasks or Bedrock AgentCore microVMs) are provisioned within private subnets — subnets that have no direct route to the public internet. |
| No Internet Gateway Route | Private subnets used by the agent do not have a route to an Internet Gateway. Outbound public internet access is architecturally blocked at the routing level. |
| NAT Gateway (Optional) | If the agent configuration requires access to approved external data feeds (e.g., a licensed pharmacy claims data API), this traffic is routed through a NAT Gateway with strict egress security group rules. All endpoints must be explicitly whitelisted. |
| VPC Endpoints | Communication between the agent container and AWS managed services (Amazon Bedrock, S3, ECR, CloudWatch) occurs via private VPC Endpoints, ensuring no traffic traverses the public internet even for AWS internal service calls. |
| Security Groups | The agent’s security group permits no inbound traffic from outside your VPC. Outbound rules are restricted to specific ports and destinations required for agent operation. |
1.4 Zero-egress data residency — layered enforcement
Data residency is enforced at multiple independent layers, not a single policy:Application Data at Rest
All ingested documents (PDFs, medical records, financial statements) are stored in your Amazon S3 buckets or Azure Blob Storage, encrypted with your customer-managed KMS or Key Vault keys. Layerup holds no access credentials to these buckets at any time.
LLM Inference
The agent invokes foundation models through Amazon Bedrock (AWS) or Azure OpenAI (Azure). Both services process data within your cloud tenant under your data processing agreements. Data is not used to train shared models. No inference request or response is routed through Layerup’s infrastructure.
Agent Reasoning & Memory
The agent’s reasoning chain, intermediate state, and working memory are session-isolated within the AgentCore microVM or ECS task. They are not persisted beyond the session unless your team explicitly configures persistence to your own designated data store.
Audit Logs & Outputs
All final outputs (underwriting decision JSON, confidence scores, flagged inconsistencies, evidence citations) are written to your internal systems of record and your own logging infrastructure (CloudWatch or Azure Monitor). No output copy is sent to Layerup.
The zero-egress guarantee extends to telemetry. The agent emits operational metrics and structured audit logs exclusively to your CloudWatch or Azure Monitor infrastructure. Layerup does not receive, aggregate, or process any telemetry from your production environment.