Case File
fictional demoNexatel AI Support Agent
Nexatel is a fictional GCC telecom company. This is a self-directed portfolio project demonstrating Solutions Engineering capability end-to-end on AWS Bedrock - not a real client engagement, and not a live production deployment for an actual telecom.
Architecture
A single Bedrock Agent with four IAM-isolated action groups, each backed by its own narrowly-scoped Lambda. Retrieval- augmented generation against real Nexatel documentation. A full production-style edge for observability and cost control.
CloudFront
Public frontend edge
API Gateway + WAF
Rate limiting · API key / usage plan
Guardrails
Content safety · topics · PII
Bedrock Agent
Single agent, orchestration
Knowledge Base
RAG over S3 Vectors
Plan Lookup
action group
Read-only: plan catalog table
Bill Inquiry
action group
Read-only: billing table
Network Status
action group
Read-only: network status table
Escalation
action group
Write-only: can create tickets, cannot read
CloudWatch
Dashboards · alarms · budget alerts
Incident Timeline
The real engineering story.
01 · INFRASTRUCTURE
Region sustains verified physical damage
The originally-selected region, UAE (me-central-1), sustained verified physical infrastructure damage from regional conflict and had its billing suspended - confirmed directly via AWS's own console banner.
02 · MIGRATION
Full migration to eu-central-1
Migrated the entire project to Frankfurt (eu-central-1) - every script, every IAM policy, every Lambda, re-verified one resource at a time.
03 · PLATFORM GATES
Two account-verification gates, outside code or architecture
Hit a Bedrock model-access gate requiring a use-case submission and identity verification, and a CloudFront anti-fraud account-verification gate. Both handled by opening AWS Support cases and documenting the blockers transparently.
04 · COMPLIANCE
Caught a false compliance claim, rewrote it honest
Mid-build, found that the compliance documentation claimed the demo satisfied UAE/GCC data-residency requirements while actually running in Germany. Rewrote the narrative: production target is UAE (me-central-1) for PDPL Article 26, the demo runs in Frankfurt because Bedrock Agents aren't yet available in me-central-1, and the architecture is region-portable by design.
Status Ledger
What's actually live versus what's pending, stated plainly. The knowledge base and the live conversational agent are pending AWS Bedrock model-access approval - everything else below is verified and running.
| Resource | Status | Note |
|---|---|---|
| Lambdas (5) | live | all five verified |
| DynamoDB tables (6) | live | all six verified |
| API Gateway + WAF | live | rate limiting, usage plan active |
| CloudFront edge | live | verified post account-check |
| CloudWatch observability | live | dashboards, alarms, budget alerts |
| Knowledge Base ingestion | pending | resource exists; final ingestion pending |
| Live conversational agent | pending | pending Bedrock model-access approval |
Demo
Dual-mode dashboard
Switch between configuring the agent against your own content and experiencing it as an end customer would.
Upload your use case
Simulated config preview
Source: Nexatel defaults
simulated- · nexatel-plan-catalog.pdf
- · nexatel-network-sla.pdf
This preview simulates how the agent would be scoped against this content - knowledge base ingestion and the four action groups would attach here once configured.