ABS Core v4.1.0
Guides

Enterprise Deployment (IaC)

Official architecture blueprints for deploying ABS Core via Terraform and Kubernetes (Helm) in highly regulated environments.

Enterprise Deployment (IaC)

ABS Core is designed to be deployed securely within your own infrastructure, ensuring absolute data sovereignty and compliance. We provide official Infrastructure as Code (IaC) templates for seamless and secure enterprise rollouts.

Deployment Architecture

The enterprise delivery package includes two primary IaC stacks:

1. Cloud Provisioning (Terraform)

We provide battle-tested Terraform modules (e.g., aws-ecs) to orchestrate the foundational cloud environment:

  • Dedicated VPC: Total network isolation for the AI gateway.
  • ALB DMZ: Restricted ingress traffic policies blocking unauthorized callers.
  • Fargate Clusters: Serverless compute layers eliminating underlying host vulnerabilities.
  • Secret Management: Automatic injection of ledger keys and database endpoints via AWS Systems Manager Parameter Store (SSM), keeping keys out of environment variables or logs.

2. Container Orchestration (Kubernetes / Helm)

For teams operating their own clusters, ABS Core provides official Helm Charts (abs-core):

  • Non-Root Execution: Containers are rigorously configured to run with Drop-All capabilities and non-root users.
  • Resource Quotas: Bounded memory and CPU targets preventing denial-of-service via malformed policy evaluations.
  • Circuit Breakers: Native readiness and liveness probes designed and tuned for our high-throughput WASM engine.

The Deployment Lifecycle

ABS Core is a white-glove, self-hosted deployment. Upon enterprise licensing:

  1. Registry Access: Your DevSecOps team receives a secure, read-only token to our private container registry.
  2. IaC Integration: You overlay our provided Terraform/Helm charts into your internal CI/CD pipelines.
  3. Vault Setup: The local environment provisions the internal PostgreSQL database where the immutable PersistentAuditChain will reside.
  4. Agent Cutover: Once the ABS Core gateway is listening locally, you update your AI Agents (e.g., Langchain, Autogen, internal Copilots) point to the internal ABS Gateway URL instead of the public internet.

This architecture ensures that no AI workload, prompt, or sensitive data ever leaves your corporate perimeter.

Developer Experience (Local Testing)

Before deploying to production, your developers can test the gateway locally. See the Quickstart Guide to run the abs core start CLI and validate logic locally on a laptop.

Next Steps

To access the Enterprise IaC repositories, contact your dedicated account manager or reach out to [email protected].

Air-Gapped Operations

Install and operate ABS Core on servers with no internet access -- banks, defense, and classified environments.

MCP Firewall & Integration

How ABS Core intercepts Model Context Protocol (MCP) tool calls to enforce enterprise governance.

On this page

Enterprise Deployment (IaC)Deployment Architecture1. Cloud Provisioning (Terraform)2. Container Orchestration (Kubernetes / Helm)The Deployment LifecycleDeveloper Experience (Local Testing)Next Steps