V Vault
EFFOMA
ap-southeast-1 + Hanoi Local Zone

1. Residency split

This is the signature feature of Vault v2.0. Documents, the vector index, and the PII lookup table are held at rest physically inside the AWS Hanoi Local Zone. Only a Comprehend-redacted inference payload transits — over PrivateLink, never the public internet — to Amazon Bedrock in the parent region (ap-southeast-1).

Vault v2.0 residency-aware inference architecture diagram showing the Hanoi Local Zone data-at-rest boundary, the isolated VPC, PII redaction and tokenization, PrivateLink to Bedrock in ap-southeast-1, and the CloudTrail/Glue/Athena governance path.
Bedrock does not run inside the Local Zone. This is an honest architectural constraint, not a limitation being hidden. The Hanoi Local Zone brings EC2, S3 One Zone-IA and Direct Connect physically into Vietnam — but Bedrock inference still executes in the parent region. Vault's design keeps data-at-rest in-country and sends only a redacted payload across the region boundary, rather than claiming an in-country inference guarantee it cannot make.
Component Location Crosses region boundary?
Source documents (S3)Hanoi Local ZoneNever
Vector indexHanoi Local ZoneNever
PII lookup table (DynamoDB, KMS CMK)Hanoi Local ZoneNever
Redacted inference payloadLocal Zone → parent regionYes, via PrivateLink
Model weights / inference executionap-southeast-1 (Bedrock)

2. Customization: RAG vs. fine-tuning vs. prompt engineering

Vault defaults to RAG for anything that must be auditable, and treats LoRA fine-tuning as strictly a tone/vocabulary tool — never a way to inject facts.

RAG (default for facts)

A regulator can inspect exactly which retrieved sources produced an answer. This auditability is why RAG is the default path for anything fact-bearing — rates, policies, product terms.

LoRA fine-tuning (tone/vocabulary only)

Reserved strictly for tone and domain vocabulary, never for fact injection. Fine-tuned facts can't be audited the way retrieved sources can, and they go stale silently as policy changes.

Prompt engineering (first resort)

The cheapest lever and the first one tried. Reached for before fine-tuning or expanding the retrieval corpus.

i
The measured result

LoRA fine-tuning on a Vietnamese-legal-domain corpus reduced hallucination on domain-specific terminology by 40% compared to prompt engineering alone. That gain is scoped to vocabulary and phrasing fidelity — it is not used, and was never evaluated, as a mechanism for injecting facts the model should instead retrieve.

3. PII handling

Original PII never leaves the isolated VPC and never reaches the model. The flow: Comprehend detects PII in the incoming query, tokenizes it before any cross-region call is made, stores the mapping in a KMS-customer-managed-key-encrypted DynamoDB table, and re-hydrates the original values into the response after it returns from Bedrock.

Step ServiceWhat happens
1Amazon ComprehendDetects PII entities in the incoming query
2App tierTokenizes detected entities before constructing the cross-region payload
3DynamoDB (KMS CMK)Stores the token → original-value mapping, encrypted at rest with a customer-managed key
4Bedrock (ap-southeast-1)Receives only the tokenized/redacted payload — never sees raw PII
5App tierRe-hydrates tokens back to original PII in the response, after it returns from the model

4. Network isolation

The inference path has zero public egress. VPC interface endpoints are used for Bedrock, Comprehend and KMS — traffic to these services never touches the public internet. The bank's data center connects to the VPC via Direct Connect.

i

Interface endpoints (PrivateLink) terminate Bedrock, Comprehend and KMS calls inside the VPC. Combined with Direct Connect on the bank side, no request in the inference path is ever routed through a public gateway.

5. Governance

CloudTrail logs every inference call. Those logs feed a Glue Data Catalog, queryable through an Athena compliance workgroup — so compliance teams can self-serve questions like "show me every call touching customer X's data in the last 90 days" without filing a ticket to engineering.

i
Why this matters

A governance model that requires an engineer to run a query for every audit request doesn't scale and creates a bottleneck exactly when compliance needs speed. Routing CloudTrail through Glue/Athena turns audit requests into self-service SQL.

6. Disaster recovery — an open trade-off

This is presented honestly as an unresolved tension, not a solved problem. A standard DR playbook would fail over to the parent region for availability — but that risks violating the very residency requirement this architecture exists to satisfy.

Vault's current answer: warm standby for the stateless app tier (ready immediately on failover) plus pilot-light data replication — inactive and encrypted, activated only under a documented, compliance-approved "degraded mode" exception. This requires compliance sign-off; it is not something engineering can decide unilaterally.
Tier DR postureResidency impact
Stateless app tier Warm standby — ready immediately None — holds no customer data
Data tier (documents, vector index, PII table) Pilot light — inactive, encrypted, requires activation Activation only under documented, compliance-approved "degraded mode" exception