AWS Infrastructure

the fraud platform AI-Native Fraud Investigation Platform — Deployment View

All services run within the fraud platform's AWS data boundary. Managed services minimize operational burden. External integrations (LangFuse, MLflow) connect via encrypted channels with credentials in Secrets Manager.

AWS VPC — the fraud platform Data Boundary

Compute

EKS / Kubernetes managed

Tool wrappers and agent services. Each the fraud platform tool runs as a typed microservice with health checks and RBAC.

AgentCore orchestration

Workflow runtime managing routing, multi-step execution, approval gates, and policy checks.

AI / ML

Bedrock models

Amazon Nova for routing and extraction. Claude for complex reasoning and evidence synthesis.

SageMaker training

Targeted fine-tuning jobs. Model endpoints for classification, structured output, report style.

Data

S3 + Iceberg storage

Training data, SFT datasets, model artifacts. Versioned with Iceberg table format. KMS encrypted.

Athena analytics

SQL-based dataset analysis. Quality checks and distribution analysis before training.

DynamoDB metadata

Experiment metadata and lightweight tracking. Fast key-value access for workflow state.

Event Backbone

MSK / Kafka events

Durable event bus. Investigation workflows are resumable and auditable through topic-based execution.

case.flagged → trigger investigation
agent.investigate → tool orchestration
agent.report_ready → analyst review
case.resolved → action confirmed

Kafka decouples the fraud platform from the AI layer. The existing scoring engine publishes events; the agent platform subscribes and investigates.

Security & Governance

IAM access

Scoped roles per service. Least-privilege by default.

KMS encryption

Encryption at rest for S3, DynamoDB, and SageMaker artifacts.

Secrets Manager credentials

API keys, LangFuse credentials, external service tokens.

CloudWatch audit

Immutable audit logs. Telemetry and alerting for all services.

External Services

LangFuse Cloud observability

Traces every prompt, tool call, and output. Nested spans per investigation. Eval dashboards for quality, latency, and cost.

MLflow experiments

Experiment tracking and model lineage. Version control for fine-tuned model variants and golden eval results.

Service Connections

AgentCore↔EKStool calls

AgentCore↔Bedrockmodel inference

AgentCore↔SageMakerfine-tuned endpoints

AgentCore↔MSK / Kafkaevent pub/sub

SageMaker↔S3training data + artifacts

Athena↔S3SQL over Iceberg

EKS→LangFusetraces (HTTPS)

SageMaker→MLflowexperiment logs

Secrets Mgr··→EKScredential injection

KMS··→S3encryption keys

IAM··→AgentCorerole assumption

CloudWatch··→all servicesaudit + alerting

Cost control by design: Nova (cheaper) handles routing and extraction; Claude (stronger) only for complex synthesis. Per-case token and tool cost attribution via LangFuse. Async execution for long-running investigations. CloudFormation templates for this stack are in fine_tuning/infra/.