Reference architectures/Hybrid

Hybrid control plane with a VPC data plane

Author policy and review audit dashboards in the SaaS console while enforcement, credentials, and decryption stay inside your VPC.

SaaS consolePolicy syncCustomer CMKPCR0 attestationSIEM export
Station70 SaaS control plane · policy authoring · audit dashboards
Signed policy sync · one way · versioned
Any LLM
Agents
Humans
Identity · Okta or Microsoft Entra / Azure AD
Connect to local gateway
Your VPC · data plane
GatekeeperDeny by default
Synced policy chainVERSIONED
Nitro EnclaveATTESTED
Your KMS · PCR0GATED
SIEM exportLIVE
SaaS APIsInternal APIsAWS · SigV4Any MCPMixed targets
Policy in the cloudSecrets in your VPCAudit export to your SIEM

Dataflow

01

Admins author policy and review dashboards in the Station70 SaaS console. The console never handles credentials.

02

Signed policy bundles sync one way to the enforcement gateway in your VPC. Every bundle is versioned and logged with author and diff.

03

Agents connect to the local gateway. Credentials are encrypted under your CMK and never leave your boundary.

04

Each call evaluates against the synced policy chain inside your enclave. Decisions are deterministic and reproducible from the log.

05

Decryption is gated on PCR0 attestation against your KMS. The control plane has no decryption path.

06

Audit summaries flow to the console for dashboards; full logs export to your SIEM in your own storage.

Components

SaaS control plane

Policy authoring UI, approval queue views, and audit dashboards. Holds summaries, never credentials.

Signed policy sync

One way channel shipping versioned policy bundles to the data plane. Tampering breaks the signature.

VPC data plane gateway

The enforcement point. Runs the enclave, evaluates policy locally, and executes downstream calls.

Your KMS and CMK

Decryption authority stays in your account, conditioned on your accepted PCR0 set.

SIEM export

Full audit stream to Splunk, Sentinel, or S3 under your encryption. The console keeps only aggregates.

Security considerations

The control plane cannot read credentials. It ships signed policy and receives audit summaries; decryption is gated on your KMS and your enclave.

A control plane outage does not block enforcement. The data plane evaluates its last synced chain and fails closed per call.

Policy changes are attributable: every bundle carries author, diff, and timestamp in the append only log.

This pattern fits teams that want managed policy tooling without extending the credential trust boundary beyond their VPC.

Deploy this architecture

Walk through the trust model, policy design, and rollout with our security and solutions team.

Learn moreAll architectures