Skip to main content

AWS Single Architecture

Published 2026-05-14Updated 2026-06-305 min read

The first iteration's "3-option comparison" depended on a PPTX deck and was removed. This PoC uses a single AWS-native stack that delivers a working demo in 8 weeks.


1. Architecture Overview


2. Components by Layer

2.1 Edge / Auth

ComponentRole
CloudFrontStatic assets · SSR cache · WAF (Korean PoP)
Lambda@EdgeJWT verification · Persona header routing
Cognito User PoolAuthentication + department · persona group mapping

2.2 Frontend

ComponentRole
Next.js 14 (App Router)SSR + Client Components + persona switcher
Cytoscape.jsKG 1-hop visualization (S1, S7)
Plotly / D3Charts · scatter · choropleth (S3, S5, S6)

2.3 Backend

ComponentRole
FastAPI (Python 3.12)API + SSE streaming
ECS Fargate ARM64Container runtime (Graviton)
OpenTelemetryTracing → CloudWatch + Langfuse

2.4 AI / Agent

ComponentRoleScenarios
Bedrock Sonnet 4.6Chatbot · Labeling · CommentsS2, S3, S4, S6
Cohere embed-v4Embedding (1024d)S1, S4
Cohere rerank-v3.5RerankingS1
AgentCore Memoryshort/long-termS2
AgentCore Code InterpreterFirecracker microVM (matplotlib · sklearn · PyMC)S3, S4, S5, S6
Bedrock Guardrails4 topics + marketing consent + PII + minor cosmeticsS8

2.5 Data Layer

ComponentRole
Amazon NeptuneKG 25 classes, ~500K edges, openCypher
OpenSearch Serverless6 indexes (product/customer/review/campaign/social_trend/competitor)
S3Raw · Synth · External data + embedding cache
DynamoDBSessions · personas · rate limit (TTL)

2.6 Data Ingest

ComponentRole
AWS GlueETL for 4 external types (social · weather · economy · competitor)
LambdaPII masking + Semantic Pipeline (S3 → Neptune · OpenSearch)
EventBridgeDaily/weekly/monthly external data collection cron

3. Traffic Flow (S2 Chatbot Example)

1. Browser → CloudFront (HTTPS, WAF)
2. CloudFront → Lambda@Edge (JWT verification, x-persona header injection)
3. CloudFront → Next.js — /chat page SSR
4. Client → FastAPI /api/chat (SSE)
5. FastAPI → Bedrock Guardrails (input guard)
6. FastAPI → Bedrock Sonnet 4.6 (persona system prompt + tool definitions)
7. Sonnet tool_use → FastAPI tool invocations
- semantic_search → OpenSearch
- neptune_query → Neptune
- trend_join → SocialSignal/WeatherSignal
- campaign_simulator → AgentCore Code Interpreter
8. Tool results → Sonnet re-invocation (multi-turn)
9. Final response → Bedrock Guardrails (output guard)
10. SSE token streaming → Browser
11. Traces → CloudWatch + Langfuse

4. Security · Governance

ItemImplementation
AuthenticationCognito (RS256 JWT) + Lambda@Edge verification
AuthorizationPer-persona group tool · KG query whitelists
PIILambda masking at S3 ingestion
GuardrailsBedrock Guardrails (input + output)
AuditCloudTrail + CloudWatch Logs + Audit DynamoDB
Cohort isolationAll nodes/documents require cohort_tag

5. Cost (8-Week PoC)

ItemEstimate
Bedrock Sonnet 4.610K chatbot calls/month
Cohere embed/rerank50K/month
Neptuner6g.large 1 node, 64 GB EBS
OpenSearch Serverless2 OCU
ECS Fargate ARM642 vCPU × 4 GB × 2 tasks
Glue ETLDaily (4 external types)
S3 + DynamoDB + EventBridgeLight usage
Monthly cost estimateAbout $4K~$6K USD

6. 8-Week PoC Milestones

WeekWork
1-2VPC · Cognito · CloudFront · ECS infrastructure + Neptune 25-class ingest + 4-type external ETL
3-4S1 · S2 · S3 (search · chatbot · insights)
5-6S5 · S7 + persona switcher
7S4 · S6 · S8 (personas · external signals · guardrails)
8Demo rehearsal + backup

7. Optional Extensions

OptionDescription
Snowflake integrationIf first-party has Snowflake, use Glue for Snowflake → S3 sync
Hybrid NodesCombine on-prem GPUs with EKS Hybrid Nodes (self-hosted vLLM)
Step FunctionsNightly batch (KG refresh, synthetic data regeneration)
BifrostBedrock + self-hosted LLM routing