Your institution already runs on AWS. Your student information system, your LMS infrastructure, your data lake—it is all inside an AWS account governed by your security team. Now you want to add generative AI for tutoring, advising, and content creation.

ibl.ai deploys natively on AWS, using the services your team already knows: Amazon Bedrock, SageMaker, EKS, S3, and IAM. No data leaves your account. No new vendor VPN. No bolt-on middleware.

---

Why AWS-Native Matters

Higher-education institutions choose AWS for scale, compliance, and ecosystem breadth. But when AI vendors ask you to send student data to *their* cloud, the value of your AWS investment erodes. You lose:

• Network-level isolation. Data now traverses the public internet to a third party.

• Unified IAM. You need a second identity layer for the AI vendor's platform.

• Cost visibility. AI compute costs disappear into the vendor's invoice, invisible to your FinOps team.

• Incident response scope. If something breaks, you are coordinating across two cloud tenants.

ibl.ai eliminates these problems by deploying inside your AWS account, using your VPC, your IAM roles, and your billing.

---

Amazon Bedrock: Managed Multi-Model Access

Amazon Bedrock provides serverless access to foundation models from Anthropic (Claude 3.5 Sonnet, Claude 3 Opus), Meta (Llama 3), Mistral, Cohere, Amazon (Titan), and others—all through a unified API with no infrastructure to manage.

ibl.ai's orchestration engine is a Bedrock-native consumer. Here is how it works:

• Model routing. Each AI agent (mentorAI, courseAI, skillsAI) can be configured to use different models for different tasks. Claude for nuanced tutoring dialogue. Titan Embeddings for vector search. Llama 3 for cost-sensitive batch summarization.

• Guardrails. Bedrock Guardrails enforce content policies—blocking off-topic responses, PII leakage, or harmful content—at the API layer. ibl.ai inherits these protections automatically.

• Knowledge Bases. Bedrock Knowledge Bases connect to your S3-hosted course materials for retrieval-augmented generation (RAG). ibl.ai's agents query these knowledge bases to ground every answer in your institution's actual curriculum.

• Cross-region inference. For institutions with global campuses, Bedrock's cross-region inference profiles route requests to the nearest available region—reducing latency for students in different time zones.

---

Amazon SageMaker: Custom Models and Fine-Tuning

Some institutions need more than off-the-shelf models. A medical school may want a model fine-tuned on clinical case studies. An engineering program may need domain-specific reasoning.

Amazon SageMaker provides the full ML lifecycle:

1. Fine-tune open-weight models (Llama 3, Mistral, Phi-3) on institutional datasets using SageMaker Training jobs. 2. Deploy fine-tuned models to SageMaker Endpoints with auto-scaling and A/B testing. 3. Connect the endpoint to ibl.ai via a single configuration change—the platform treats SageMaker endpoints identically to Bedrock models.

Faculty and data-science teams can iterate on models using SageMaker Studio notebooks, then promote successful experiments to production in ibl.ai—all within the same AWS account.

---

Infrastructure: EKS, S3, and the Familiar Stack

ibl.ai's microservices run on Amazon EKS (Elastic Kubernetes Service), the same container orchestration platform your DevOps team likely already manages. The deployment includes:

• API and orchestration services running as EKS pods with horizontal auto-scaling.

• Amazon RDS (PostgreSQL) for relational data—user profiles, session logs, course mappings.

• Amazon S3 for object storage—lecture materials, embeddings, exports, and backups.

• Amazon ElastiCache (Redis) for session caching and real-time feature serving.

• Amazon CloudWatch for metrics, logs, and alarms—integrated with your existing dashboards.

Everything runs inside your VPC with private subnets. Bedrock and SageMaker connections use VPC endpoints (AWS PrivateLink), so AI inference traffic never touches the public internet.

---

Security and Compliance

IAM and Least Privilege

ibl.ai uses IAM roles (not long-lived keys) for every service interaction. Each microservice assumes a role scoped to exactly the resources it needs—nothing more.

Encryption

• At rest: S3 (SSE-S3 or SSE-KMS), RDS (KMS-encrypted volumes), EBS (KMS).

• In transit: TLS 1.3 everywhere. Internal service mesh uses mTLS.

FERPA Alignment

Student data never leaves the institution's AWS account. Bedrock processes prompts ephemerally—no training on customer data. Audit logs flow to CloudTrail for compliance review.

SOC 2 and HECVAT

ibl.ai maintains SOC 2 Type II certification. Combined with AWS's own compliance portfolio, institutions can satisfy HECVAT questionnaires with minimal custom documentation.

---

Cost Visibility and Optimization

Because ibl.ai runs in *your* AWS account, every dollar of AI compute shows up in *your* AWS Cost Explorer:

• Bedrock usage is billed per token, broken down by model.

• SageMaker endpoints scale to zero when not in use (with provisioned concurrency for peak hours).

• EKS and RDS costs follow your existing Reserved Instance or Savings Plans.

ibl.ai's admin console adds a pedagogical layer: cost per student, cost per tutoring session, cost per department. Your FinOps team gets the cloud-level view; your provost gets the academic-level view.

---

Getting Started

1. Choose your deployment model. ibl.ai supports single-account deployment (simplest) or multi-account via AWS Organizations (for large university systems). 2. Enable Bedrock model access. Request access to your preferred models in the Bedrock console. 3. Deploy via Terraform/CDK. ibl.ai provides Infrastructure-as-Code templates for EKS, RDS, S3, and IAM—reviewed by your security team before deployment. 4. Connect your LMS. ibl.ai integrates via LTI 1.3 with Canvas, Blackboard, Moodle, and Open edX. 5. Pilot and scale. Start with one program, measure impact, expand.

---

The Bottom Line

If you are already on AWS, adding ibl.ai is not a new vendor risk—it is an extension of your existing cloud strategy. Your VPC, your IAM, your billing, your compliance posture—all intact. ibl.ai simply adds intelligent, AI-powered student support on top of the infrastructure you already trust.

Ready to deploy ibl.ai in your AWS account? [Contact us](https://ibl.ai/contact) for a technical architecture review.