Reference architectures/On prem

Self hosted Gatekeeper in your AWS VPC

Run the entire Gatekeeper stack inside your own AWS VPC. Customer managed keys, private endpoints, and no data crossing your network boundary.

TerraformCustomer CMKPrivateLinkMicrosoft Entra / Azure ADSigV4SIEM export
Claude
Cursor
Internal agents
Identity · Microsoft Entra / Azure AD
Private endpoint only
Your AWS VPC
GatekeeperDeny by default
Gateway in your VPCPRIVATE
Customer managed CMKYOURS
Nitro EnclaveATTESTED
PrivateLink egressSCOPED
Internal APIsInternal MCPRDSAWS · SigV4Inside your boundary
No data leaves your boundaryCustomer managed keysTerraform deploy

Dataflow

01

Gatekeeper deploys into your AWS VPC from a Terraform module. The enclave image ships with a published PCR0 measurement you can verify against the reproducible build.

02

Credentials are encrypted under your customer managed CMK. The key policy conditions decryption on your accepted PCR0 set; Station70 has no decryption path.

03

Agents authenticate through Microsoft Entra / Azure AD and connect to the gateway over a private endpoint. No public ingress is required.

04

Policy evaluates locally inside the enclave with no external calls. Decisions complete in under a millisecond.

05

Approved calls reach internal services over PrivateLink and AWS services through SigV4 requests signed inside the enclave. Signing keys never transmit.

06

Audit events stream to your SIEM through your own log pipeline. Nothing crosses your network boundary.

Components

Terraform module

Infrastructure as code deployment of the gateway, enclave, KMS policy, and DynamoDB tables into your account.

Gateway in your VPC

The MCP endpoint runs on your EC2 instances behind your load balancer, reachable only from your networks.

Customer managed CMK

You own the key, the key policy, and the rotation schedule. Revoking the grant cuts all decryption instantly.

AWS PrivateLink

Egress to internal services stays on the AWS backbone. Certificate pinning is configurable per service.

Microsoft Entra / Azure AD (OIDC)

Your identity provider issues the JWTs agents present. Compromise scope matches every other OIDC relying party you run.

Security considerations

Station70 has no decryption path. The key policy on your CMK gates decryption on PCR0, enforced by AWS outside Station70’s reach.

A modified gateway binary fails attestation and never receives plaintext. New PCR0 values surface in your KMS audit logs before acceptance.

Policy evaluates locally with no external calls, so a WAN outage does not affect enforcement.

Audit logs stay in your storage. Retention, export, and legal hold follow your own controls.

Deploy this architecture

Walk through the trust model, policy design, and rollout with our security and solutions team.

Learn moreAll architectures