All services
AI Foundation on AWS
Phase 03 — Enterprise AI Solutions

The governed AI environment your CISO can sign off on

AWS Bedrock with access to Claude and OpenAI (ChatGPT) models, Guardrails, audit logging and cost controls — set up in your AWS account, in Frankfurt, in 4 weeks.

Discovery Call See all services
Features

What's in your AI Foundation

AWS Bedrock in Frankfurt — the central model layer

We provision Bedrock in eu-central-1 and set up Bedrock API keys — your team gets access to Claude, Llama, Mistral and OpenAI (ChatGPT) through a single API layer. Model access governed via IAM and SCPs.

Bedrock Guardrails out of the box

PII redaction, denied-topics filters and content-safety policies — applied to every model call. Your sensitive data never leaks into a prompt, your AI never answers questions it shouldn't.

Model choice: Claude + OpenAI (ChatGPT)

Through Bedrock your team gets controlled access to the leading models — Anthropic Claude and OpenAI (ChatGPT) — in a single, governed API layer inside your AWS account.

Cost controls and a full audit trail

AWS Budgets and anomaly detection on every dollar of AI spend. CloudTrail and CloudWatch capture every model call. Per-team chargeback dashboards from day one.

Process

From kickoff to a governed AI environment

1

Discovery & threat model

Two workshops with your IT, security and a business sponsor. We map the data, the use cases, the identities and the risks.

2

Foundation setup in your AWS account

Bedrock access, Guardrails, IAM, Bedrock API keys, audit and cost stack — provisioned in eu-central-1, hardened, version-controlled in your IaC repo.

3

Pilot rollout to a single team

We onboard one pilot team — usually engineering or operations — onto the Bedrock layer. Real usage exposes the gaps before company-wide rollout.

4

Company-wide handover & enablement

Documentation, AUP, runbooks and a half-day enablement session for your IT team. We stay on retainer for guardrail tuning, cost reviews and new model onboarding.

Stop the shadow AI before it becomes a problem

Right now, half your team is already pasting customer data into ChatGPT in their browser. You can't audit it, you can't price it, and you can't stop it. The AI Foundation gives them a better tool — Claude Cowork, your data, your AWS account — that's so much nicer to use that the shadow tools fall away on their own. And you finally have a single number for AI spend, a single audit log for every prompt, and a single switch to turn off a leaving employee.

4 wks
From kickoff to live
1
Audit log for every prompt
0
Data leaves your AWS account
Features

Briefly: AWS Bedrock & Guardrails

Two terms that show up in every AI audit — and that you should understand before signing off.

Erklärt

What is AWS Bedrock?

AWS Bedrock is a managed service from Amazon that gives you access to the leading AI models — Claude (Anthropic), OpenAI (ChatGPT), Llama (Meta), Mistral and more — through a single API. Everything runs inside your own AWS account: you choose the region (e.g. Frankfurt), your data never leaves your AWS environment, and you have full control over logging, encryption and access. Instead of negotiating contracts with each AI vendor separately, you get a single, governed layer.

Erklärt

What are Guardrails — and why do I need them?

Guardrails are automatic filters that sit between your team and the AI model. They block PII leaks (customer names, credit cards), prevent prompt-injection attacks (manipulated inputs), filter off-topic answers and enforce your company policies. Without guardrails, every response from your AI is a risk. With guardrails, you know: every request is checked, every answer matches your rules — automatically, without anyone on your team having to think about it.

Technology

The four pillars of the AI Foundation

A governed AI environment is more than just a Bedrock account. Four building blocks make it enterprise-ready.

bedrock

Bedrock — The model layer

AWS Bedrock in eu-central-1 gives you access to Claude, Llama, Mistral and OpenAI (ChatGPT) models through a single API — no separate vendor contracts, no data leaving your AWS account.

guardrails

Guardrails — The safety net

Bedrock Guardrails sit between your team and the model. PII redaction, denied topics, content filters — every prompt and every response is checked, automatically.

identity

Bedrock API keys — The access layer

Bedrock API keys are the central entry point for every model. One key per team or application, gated by AWS IAM — a single source of truth for who has access.

audit

Cost & Audit — The receipts

CloudTrail logs every model call. AWS Budgets cap spend per team. Chargeback dashboards make AI costs visible — no more surprise invoices.

Architecture

The Foundation from above

Your identity provider, your AWS account, your data — Frankfurt only.

Ihr Identity Provider — Azure AD · Okta · Google Workspace
Mitarbeitende
Gruppen & Rollen
Offboarding
↓ SSO
Ihr AWS-Account · eu-central-1 (Frankfurt)
Claude Cowork
Chat im Browser
AI-Gateway
API für Anwendungen
Claude Code
Engineering im Terminal
↓ governt durch
Bedrock Guardrails
PII-Redaction · Denied Topics · Content Filter
AWS Bedrock
Claude · Llama · Mistral · Amazon Nova
CloudTrail · CloudWatch
Audit-Log pro Prompt · Antwort · Guardrail-Entscheidung
AWS Budgets · Cost Explorer
Pro-Team-Verrechnung · Anomalie-Erkennung · Alerts
Comparison

Why not just buy ChatGPT Enterprise?

ChatGPT Enterprise is a fine product. But for a regulated business, it's not the same thing.

Thema
ChatGPT
W² KI-Assistent
Where data lives
OpenAI servers in the US, even with Enterprise.
Your AWS account in Frankfurt — eu-central-1, full stop.
Audit logs
Limited admin console, no per-prompt audit.
Every prompt and response in CloudTrail and CloudWatch — yours forever.
Guardrails
OpenAI's built-in moderation, not configurable.
Bedrock Guardrails configured to your policies — denied topics, PII, your rules.
Cost control
Per-seat licence, you pay even if a team doesn't use it.
Pay only for tokens consumed. Per-team budgets, alerts, chargeback.
Model choice
OpenAI models only.
Claude, Llama, Mistral, Amazon Nova — switch per use case, switch per cost.
Interaction

How your team uses the Foundation

Three doors into the same governed environment — same audit layer, same controls, same models.

🔌

Bedrock API for applications

Internal applications and automations call Bedrock directly. A single API layer for Claude and OpenAI models, with guardrails, audit log and cost tracking.

💬

Bedrock Console for power users

IT and innovation teams use the Bedrock console to test, compare and tune models — all inside your AWS account, with IAM-based permissions.

Custom tools & agents

On top of the Foundation we build internal assistants and agents with you — all running through the same layer, the same guardrails, the same audit log.

Security

Built so your security team has no open questions

The Foundation meets the requirements you'll be asked about anyway.

Your own AWS account

Everything runs in your dedicated AWS account. We get role-based access for the engagement; you keep the keys.

EU hosting (Frankfurt)

Bedrock, audit logs, gateway and dashboards — all in eu-central-1. No data crosses an EU border.

Per-prompt audit trail

CloudTrail captures every Bedrock call, every guardrail decision, every team and user — immutably. Ready for your auditor on day one.

Centralised access control

Bedrock API keys and all tools are governed by AWS IAM. One key per team or person — revoke it and AI access is gone instantly.

Pricing
On request Individual quote

scoped to complexity

  • AWS Bedrock + Guardrails in Frankfurt
  • Access to Claude and OpenAI models
  • Cost controls and full audit trail
Book a discovery call Request a quote by email
Same phase

Related services

Pricing
On request
scoped to complexity

AI Assistant for Your Business

A digital team member that knows all your company documents and gives your staff the right answers instantly — around the clock.

  • Knows your entire company knowledge
  • Built into your daily tools
  • Gets smarter over time
Learn more
Enterprise
Pricing
On request
scoped to complexity

Agent Factory

A management platform for AI agents: deploy new agents independently, assign tasks, monitor results — no external vendor required.

  • Deploy new agents at the push of a button
  • Assign tasks & monitor results
  • Own AWS account, enterprise-grade security
Learn more
Governance
Pricing
On request
scoped to complexity

EU AI Act Compliance Package

Risk classification, AI register, DPIAs and governance committee setup — your documentation and processes ready for the regulator.

  • Risk classification per EU AI Act
  • AI register and DPIA templates
  • Vendor risk assessment for AI tools
Learn more
Regulated industries
Pricing
On request
scoped to complexity

Sovereign LLM Deployment

AI inside your own AWS environment — your keys, your data, no traffic to the public internet. For finance, healthcare and the public sector.

  • Data never leaves your AWS network
  • Encrypted with your own keys
  • Zero data retention with the model provider
Learn more
Pricing
On request
scoped to complexity

AI Cost & FinOps

Stop paying for what you don't need. Audit your AI spend, implement caching, set budgets, and assign costs back to teams.

  • Audit existing Bedrock & API spend
  • Prompt caching and model right-sizing
  • Per-team chargeback dashboards
Learn more
Pricing
On request
scoped to complexity

AI Security & Red-Team Audit

We test your AI systems the way an attacker would: prompt injection, data leakage, agent abuse and MCP server hardening — with a fix list you can act on.

  • Prompt injection & data leakage tests
  • MCP server and agent hardening
  • Prioritised remediation report
Learn more
No sales pitch. No pressure. Just a conversation.

Let's talk.

30 minutes, no obligation, no cost. We'll honestly tell you if and how we can help.

Book a discovery call Email us