Pillar 6
Sovereign Operations
AU hosting patterns, encryption key separation, and infrastructure guardrails for regulated environments. Data residency and operational control as first-class requirements.
What you get
- Region-locked to ap-southeast-2 / ap-southeast-4 via AWS Service Control Policy
- KMS key deletion and policy tampering blocked at organisation level
- 5 purpose-separated encryption keys — no single key shared across functions
- Signed audit bundles with HMAC integrity and database snapshot records
- S3 Object Lock (WORM) as an optional hardening layer for immutability
How it works
- 1Deploy in AU region
All services deploy within approved Australian regions. A Service Control Policy denies operations outside ap-southeast-2 and ap-southeast-4.
- 2Guardrails enforce boundaries
Organisation-level SCPs prevent region drift, KMS key deletion, security service tampering, and destructive production actions.
- 3Prove compliance
Signed audit bundles, integrity hash chains, and configurable retention provide the evidence trail for assessors and procurement.
Deployment architecture
┌────────────────────────────────────────────────┐
│ AU Region (ap-southeast-2) │
│ │
│ Marketing Customer Portal Ops Portal │
│ │ │ │ │
│ │ ▼ ▼ │
│ │ ┌──────────────────────┐ │
│ │ │ Fastify API │ │
│ │ └───┬──────────┬───────┘ │
│ │ │ │ │
│ │ Postgres Object Store │
│ │
├────────────────────────────────────────────────┤
│ Guardrail Layer (SCPs) │
│ Region lock · KMS protect · Deny destructive │
└────────────────────────────────────────────────┘