{"id":50381087,"url":"https://github.com/deliverydriver/aws-sovereign-infrastructure","last_synced_at":"2026-05-30T12:01:59.310Z","repository":{"id":361270912,"uuid":"1253609263","full_name":"deliverydriver/aws-sovereign-infrastructure","owner":"deliverydriver","description":"Sovereign and High-Trust Infrastructure Patterns for AI Systems on AWS","archived":false,"fork":false,"pushed_at":"2026-05-29T21:02:32.000Z","size":10,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-29T23:04:48.380Z","etag":null,"topics":["ai-agents","aws","local-zones","outposts","private","security","sovereign","terraform"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deliverydriver.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-29T16:30:31.000Z","updated_at":"2026-05-29T21:02:36.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/deliverydriver/aws-sovereign-infrastructure","commit_stats":null,"previous_names":["deliverydriver/aws-sovereign-infrastructure"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/deliverydriver/aws-sovereign-infrastructure","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deliverydriver%2Faws-sovereign-infrastructure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deliverydriver%2Faws-sovereign-infrastructure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deliverydriver%2Faws-sovereign-infrastructure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deliverydriver%2Faws-sovereign-infrastructure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deliverydriver","download_url":"https://codeload.github.com/deliverydriver/aws-sovereign-infrastructure/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deliverydriver%2Faws-sovereign-infrastructure/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33691312,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-30T02:00:06.278Z","response_time":92,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","aws","local-zones","outposts","private","security","sovereign","terraform"],"created_at":"2026-05-30T12:01:59.205Z","updated_at":"2026-05-30T12:01:59.301Z","avatar_url":"https://github.com/deliverydriver.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Sovereign and High-Trust Infrastructure Patterns on AWS\n\nPatterns and reference implementations for running capable systems — particularly AI and agentic workloads — in environments with strict requirements around data location, access control, encryption, logging, and operational boundaries.\n\n## Framing\n\n\"Sovereign\" here is used in the practical sense: workloads where the organization cannot or will not accept the standard public cloud trust model. This includes regulated industries, defense-adjacent work, high-value IP, legal data, and any situation where the consequences of a confidentiality or integrity failure are unacceptable even if the provider is acting in good faith.\n\nThe constraint is real: you still want the operational and capability advantages of modern cloud infrastructure, but certain classes of data, computation, or control plane operations must remain within tighter boundaries.\n\n## Distinct Challenges for AI Systems\n\nRunning sophisticated agents and inference workloads under these constraints is materially harder than traditional enterprise applications:\n\n- Model endpoints and tool servers may need to stay inside restricted networks or on Outposts/Local Zones.\n- Agent memory and tool outputs can be highly sensitive; standard logging and observability pipelines may be unacceptable.\n- Tool-use capabilities that are powerful in an open environment become dangerous when the blast radius must be minimized.\n- Human oversight mechanisms themselves must often operate under the same sovereignty constraints.\n- Evaluation and debugging of agent behavior cannot leak context.\n\nThese requirements drive different (often more expensive and operationally heavier) designs than standard Well-Architected guidance assumes.\n\n## Areas of Focus\n\n- Networking models that support capable AI systems with minimal or no public egress (PrivateLink-heavy designs, Transit Gateway segmentation, dedicated connectivity)\n- Workload identity and credential issuance for agents when the execution environment itself is under higher scrutiny\n- Encryption and key management strategies that survive restricted environments (customer-managed keys with strict policies, envelope encryption for agent state, Nitro Enclaves where appropriate)\n- Operational models that preserve dual-control and restricted administration even for the cloud provider's own support surfaces\n- Patterns for running voice agents, tool servers, and long-running autonomous processes when standard managed AI services are only partially available or must be self-hosted\n\n## Relationship to the Rest of the Work\n\nThese patterns are intended to be composed with the landing zone and agent platform work. Not every workload needs the full sovereign treatment; the interesting engineering is in knowing where the boundaries should be drawn and how to maintain capability on both sides of them.\n\n## Context\n\nThis work is driven by real client requirements in sovereign and high-trust environments, combined with the need to run advanced agentic systems without compromising those constraints.\n\nThe documentation prioritizes concrete, usable patterns over high-level principles. The gap between \"use these services in this region\" and \"here is how you actually run a stateful voice agent with tool use when half the managed services are off-limits\" is where the useful work lives.\n\n---\n\nThe designs accept higher operational cost and reduced convenience in exchange for stronger guarantees. The documentation is explicit about what those trade-offs actually are in practice.\n\n## Services and Patterns for Demonstrating Depth\n\nRunning capable AI/agentic systems under sovereign or high-trust constraints requires going well beyond standard \"use these services in this region\" guidance. This project will demonstrate extensive experience with the following AWS capabilities in restricted environments:\n\n**Restricted Networking \u0026 Connectivity (Advanced)**\n- AWS Outposts and Local Zones for running inference, agent execution environments, and tool servers with strict data residency.\n- Advanced Direct Connect + Transit Gateway designs with deep inspection (Gateway Load Balancer + appliances) and strict traffic engineering.\n- Heavy, production-grade use of PrivateLink / VPC endpoints and VPC Lattice in environments with minimal or no public egress.\n- Wavelength or Dedicated Local Zones patterns where relevant for edge AI under constraint.\n\n**Encryption, Data Protection \u0026 Compute Isolation**\n- Customer-managed KMS with complex key policies, grants, multi-region replication, and integration into agent memory/tool output stores under restricted admin models.\n- AWS Nitro Enclaves for the most sensitive agent processing, tool execution, or model inference.\n- Macie with custom classification for agent-generated sensitive content.\n- Envelope encryption architectures that survive limited trust in the control plane.\n\n**Identity \u0026 Access Under High Constraint**\n- IAM Roles Anywhere and certificate-based workload identity for agents and tool servers.\n- Strict break-glass, dual-control, and customer-managed access patterns (including restricted AWS support access) with comprehensive CloudTrail Lake auditing.\n- Workload identity federation patterns that minimize credential exposure for agents that must act while operating inside tight trust boundaries.\n\n**Operational \u0026 Resilience Patterns in Restricted Environments**\n- How to maintain capable AI systems (voice agents, long-running autonomous processes, tool use) with limited or no standard managed AI services.\n- Update, patching, and configuration management strategies for Outposts and highly restricted accounts.\n- Backup, disaster recovery, and state recovery patterns when standard cross-region replication and many managed services are off-limits.\n- Logging, monitoring, and observability architectures that do not create unacceptable data residency or access risks (CloudTrail Lake, selective CloudWatch, on-premises or restricted collectors).\n\n**AI-Specific Sovereignty Patterns**\n- Self-hosted or restricted-deployment patterns for inference when Bedrock/SageMaker endpoints must stay inside the trust boundary.\n- Secure tool calling architectures when external services or data sources have residency or access requirements.\n- Human oversight and approval mechanisms that themselves must operate entirely inside the restricted environment.\n\n**Documentation \u0026 Artifacts**\n- Concrete reference architectures with detailed trust boundary and data flow diagrams.\n- ADRs that explain why common AWS patterns were modified or rejected under sovereignty constraints.\n- Real cost and operational overhead comparisons between sovereign and standard deployments.\n- Runbooks for operating voice and agent systems in these environments.\n\nThis is some of the highest-signal work for demonstrating senior experience in difficult environments.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeliverydriver%2Faws-sovereign-infrastructure","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeliverydriver%2Faws-sovereign-infrastructure","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeliverydriver%2Faws-sovereign-infrastructure/lists"}