Your AI-powered foundation for governance, risk, and compliance solutions. Built on AWS EKS with enterprise-grade architecture designed for rapid tenant deployment and scale-to-zero cost optimization. Built with our Agentic SDLC Platform.
Your cloud infrastructure runs on a structured AWS Organization with Control Tower governance and Identity Center for secure access management.
Consolidated billing with cost allocation tags. All member accounts roll up to a single invoice with detailed usage breakdowns by service and namespace.
Cost ManagementLanding zone with guardrails enforcing security baselines. Preventive and detective controls monitor compliance across all accounts.
GovernanceFederated access using AWS SSO with profile-based authentication. The account-creation profile provides administrator access through AWSReservedSSO_AWSAdministratorAccess role.
Isolated workload account hosting the EKS cluster and supporting services. Designed for demonstration and development activities.
WorkloadA Kubernetes 1.31 cluster optimized for cost efficiency through SPOT instances and scale-to-zero capabilities. Full Terraform automation enables rapid teardown and rebuild.
| Component | Configuration | Details |
|---|---|---|
| Cluster Name | apop-eks | Kubernetes v1.31 (supported until Nov 2025) |
| Node Group | SPOT Only Mandatory | t3.medium, t3a.medium, t3.large, t3a.large |
| Scaling | 0 - 6 nodes | Min: 0 (scale-to-zero) | Desired: 3 | Max: 6 |
| Storage | gp3 EBS Volumes | 50GB per node, KMS encrypted, 3000 IOPS |
| Network | Public Subnets | NAT Gateway disabled (saves $32.85/mo) 1 |
| Endpoint Access | Public + Private | API server accessible from both networks |
Kubernetes DNS resolution for service discovery
Native AWS networking with pod IP addressing
Persistent volume provisioning with IRSA
Automatic node scaling based on demand
AWS ALB/NLB integration for ingress
Advanced node provisioning and scheduling
S3 backup with least-privilege IRSA role
API, audit, authenticator, scheduler logs (7-day retention)
The platform that builds platforms. This entire demo infrastructure was designed, implemented, and deployed using our Agentic SDLC Platform with autonomous AI agents and Compliance-Driven Development methodology.
Compliance-Driven Development integrates regulatory requirements directly into the development lifecycle. Every feature is traced from requirement to implementation with automated evidence collection.
This infrastructure demonstrates the platform's capability to build itself. Every aspect of APOP - from Terraform modules to Kubernetes manifests to this presentation - was created using the Agentic SDLC.
LLM observability
Metrics & alerting
Dashboards
Log aggregation
OTEL compatible
OTEL compatible
OTEL compatible
OTEL compatible
All platform applications are secured behind Cloudflare Access with OTP authentication restricted to @northhighland.com email addresses. The cloudflared tunnel provides secure connectivity without exposing services directly to the internet.
Every request is authenticated at the Cloudflare edge before reaching your infrastructure. Users verify identity via email OTP, and only @northhighland.com addresses are permitted. The cloudflared tunnel ensures your Kubernetes services remain private while still accessible to authorized team members.
A comprehensive knowledge management architecture powering Policy Assistant across all accelerators. Strategic curation pipelines feed an intelligent knowledge base, exposed through governed APIs with full AI governance instrumentation.
Strategic pipelines that intelligently curate content into the knowledge base, ensuring high-quality retrieval.
Multi-agent workflows that evaluate, classify, and optimize queries before retrieval and synthesis.
Every query through the Knowledge Platform is fully instrumented with OpenTelemetry spans, feeding into Phoenix for observability. This directly satisfies AI Governance control requirements for this use case.
OpenAI, Anthropic Claude, Azure OpenAI, AWS Bedrock, Google Vertex AI with automatic failover.
Video avatars and virtual assistants deliver guidance through conversational AI and training content.
36+ languages via Deepgram Nova-2 STT/TTS including Spanish, French, German, Japanese, Korean, Mandarin.
Fully codified AI governance playbook with 63 controls across 14 domains. Controls implemented as code with complete regulatory framework mapping to ISO 42001, EU AI Act, and NIST AI RMF.
5 domains | 19 controls | Enterprise-wide governance structure
9 domains | 44 controls | Per-system governance controls
Three specialized accelerators address distinct governance domains. Each runs in an isolated Kubernetes namespace with dedicated databases and resource quotas. Currently scaled to zero for cost optimization.
Enterprise document processing and knowledge extraction service. Ingests documents, processes content, and builds relationship graphs for all platform solutions.
The apop namespace hosts shared infrastructure components that all solutions consume. These stateful services provide the foundation for AI capabilities and data persistence.
| Service | Version | Configuration | Purpose |
|---|---|---|---|
| PostgreSQL | pgvector/pg15 | 20Gi storage, 4 databases (apop, camunda, content, auth) | Relational data with vector embeddings |
| Neo4j | 5.15 Enterprise | APOC + GDS plugins, 1Gi heap, 20Gi storage | Knowledge graphs and relationship queries |
| Redis | 7-alpine | AOF persistence, 512MB max, 10Gi storage | Caching and session management |
| Kafka + Zookeeper | 7.4.0 | 3 partitions, 168-hour retention | Event streaming and async processing |
| OPA | Latest | 2 replicas, ConfigMap policies | Policy-as-code enforcement |
| RAG Copilot | v2.0 | Knative scale 0-10, 50 concurrent, 5min timeout | GraphRAG search with multi-hop reasoning |
Port 8190
Routes incoming requests
Port 8191
AI-powered classification
Port 8192
Request routing logic
Port 8193
SMTP notifications
Executable business processes and decision models across all accelerators. Built on Camunda Platform 7 with full BPMN 2.0 and DMN 1.3 compliance.
91 core processes shared across accelerators
Each of the 63 AI Governance controls maps to one or more executable BPMN processes, providing automated workflow enforcement and evidence collection.
Complete demo-ready infrastructure in minutes. Strategic fixtures, automated testing, and full backup/restore capabilities enable rapid tenant deployment with zero manual data entry.
Spin up solution AND all required data instantly. Per-namespace fixtures with schema validation and CDD integration.
Per-namespace recovery with automated S3 backup. Full cluster restoration in ~15 minutes.
Playwright-based testing from Agentic SDLC Platform with fixture-based data injection.
Fully reproducible infrastructure. Destroy and recreate identically in minutes.
Kafka event streaming capability is fully implemented in the APOP platform but not currently deployed in production solutions. Available for future environments requiring async event processing.
This non-production environment implements baseline security controls aligned with SOC2 Type 2 requirements. Production deployments require additional hardening measures.2
4 tenants, 1 platform, complete isolation. Each accelerator runs in fully isolated environments with dedicated databases and resource quotas.
Namespace-per-tenant with resource quotas
Schema-per-tenant for relational data
Database-per-tenant for graph data
Namespace-per-tenant with key prefixing
Cloudflare Access policies per tenant
The following security measures would be implemented before hosting customer data or providing capabilities beyond demonstration purposes.
This environment is designed for rapid iteration and cost efficiency. Infrastructure can be torn down and rebuilt on demand using ./scripts/demo-control.sh. Scale-to-zero capability reduces idle costs to ~$76/month (EKS control plane only). Full destruction reduces monthly cost to $0.
Aggressive cost management through SPOT instances, scale-to-zero Knative services, and automated scheduling.
| State | Monthly Cost | Configuration | Use Case |
|---|---|---|---|
| Active Demo | ~$279/month | 3 SPOT nodes running, all services active | Client demonstrations, development |
| Idle (Scaled Down) | ~$76/month | 0 nodes, EKS control plane only | Weekends, overnight, extended idle periods |
| Destroyed | $0/month | Infrastructure fully removed via Terraform | Long-term idle, budget constraints |
Scales nodegroup to 3 nodes. Environment ready in 3-5 minutes.
Scales nodes to zero. EKS control plane continues running.
Full Terraform destroy. Requires confirmation typing "DESTROY".
AI operations designed for enterprise scale with multi-provider support, cost optimization, and responsible AI practices.
Integrated AI-powered virtual assistants and video avatars for interactive training, conversational agents, and enhanced user engagement across all accelerator demos.
15-minute recovery, enterprise-grade resilience with automated backup and restore procedures.
Integrates with your existing tools and enables custom development through open APIs.