BYOC Model
Cogrion operates on a Bring Your Own Cloud (BYOC) model. Tenants use their own cloud account — AWS or AliCloud — as the foundation for their data platform. Cogrion provides the software, the catalog, and the orchestration layer on top of it.
The Ownership Split
| What | Owned By |
|---|---|
| Control Plane (API, catalog, orchestration) | Cogrion |
| Cogrion UI | Cogrion |
| BFF API | Cogrion |
| Keycloak (identity provider) | Cogrion |
| Temporal workers (cloud provisioning) | Cogrion |
| Cloud account (AWS / AliCloud) | Tenant |
| VPC and network configuration | Tenant |
| Kubernetes cluster (EKS / ACK) | Tenant |
| All data and workloads in the cluster | Tenant |
| Cluster Agent process | Tenant (operated by platform, runs in tenant cluster) |
| S3 / OSS buckets for state and data | Tenant |
| IAM roles and cloud credentials | Tenant |
The platform provisions and manages the tenant-side infrastructure on the tenant's behalf, but does so inside the tenant's own account. Cogrion never has standing access to tenant infrastructure — the Cluster Agent pulls instructions outbound; nothing is pushed inward.
What BYOC Means for Data Sovereignty
- Data stays in the tenant's cloud. Airflow DAGs, JupyterHub notebooks, query results, ML models — none of this ever transits the Cogrion network.
- Credentials stay in the cluster. Secrets (database passwords, API keys, service credentials) live in the tenant's Kubernetes secret store. The Control Plane never sees them.
- The tenant can audit everything. Cloud account logs (CloudTrail, AliCloud ActionTrail) and Kubernetes audit logs belong to the tenant and are under their control.
- Offboarding is clean. If a tenant stops using the platform, their cloud account and all its contents remain theirs.
What the Platform Provisions in the Tenant's Cloud
When a tenant creates a workspace, the platform provisions the following resources in their cloud account:
| AWS | AliCloud |
|---|---|
| VPC + Subnets (public/private) + NAT Gateway | VPC + VSwitches + NAT Gateway |
| EKS Cluster + Node groups / Karpenter | ACK Cluster + Node pools |
| RDS (optional) | RDS / PolarDB (optional) |
| IAM Roles (IRSA) | RAM Roles |
| S3 Bucket (Tofu state) | OSS Bucket (Tofu state) |
All resources are created using OpenTofu modules from the AWS or AliCloud Terraform module repos, executed by the Temporal worker.
Multi-Cloud
A single tenant can have workspaces on both AWS and AliCloud. Each workspace is independent: different cloud accounts, different regions, different infrastructure stacks. The Control Plane tracks all workspaces for a tenant and the Cogrion UI surfaces them together in a single view.
Go Deeper
- Architecture → How It's Built
- Platform Developer → Terraform Modules — AWS
- Platform Developer → Terraform Modules — AliCloud