vExpertAI.built on aws
EN · DE

Field notes — not a sales pitch

From solo founder
to full company.
Built on AWS.

One founder. Zero employees. A full company — marketing, sales, engineering, finance, operations — running on twelve AWS services. This is what actually works, on a Tuesday.

Daily stack: Amazon Bedrock · Amazon SageMaker · AWS Step Functions · AWS Lambda · Amazon Neptune · Amazon S3 · Amazon EventBridge · Amazon SES · Amazon DynamoDB · Amazon CloudWatch · Amazon ECS Fargate · AWS IAM

Ed Dulharu  ·  Founder & CTO, vExpertAI GmbH  ·  Munich

01 — The reality

Every department.
Every day. AWS-native.

No interns. No contractors. No agency. Just an AWS account and a workflow built around Bedrock, Step Functions, and a handful of Lambdas that quietly do the heavy lifting.

1
Founder.
That's the whole headcount.
6
Departments
run daily — augmented end-to-end.
12+
AWS services
in daily production use.
10×
Output multiplier
vs. doing it the manual way.

The point isn't the numbers. It's that none of this required headcount, a tooling budget, or a six-month transformation programme. It required an AWS account and a Tuesday.

02 — Context, not credentials

Who's talking.

Twenty years of network and security architecture before this — AT&T, Infosys, Kyndryl. Lecturer at TU Munich and Politehnica Bucharest. Author of the four-volume Generative AI for Networking Engineers, launching at Autocon5 in Munich on 9 June.

Founded vExpertAI in 2024. Self-funded. Pre-seed. Munich-based. Building the entire company on AWS — Bedrock for reasoning, SageMaker for fine-tuning, Step Functions for orchestration, Neptune for the knowledge graph, Lambda for everything in between.

The company exists because I wanted to find out what one technically literate founder, paired honestly with current models on a serious cloud, could actually do across every function of a real business. The answer turned out to be: more than I expected, but only if you do it on purpose.

03 — The architecture

Five-layer agentic guild,
fully AWS-native.

Every agent in the system maps to one of these layers. The boundaries are sharp on purpose — each layer is testable, replaceable, and observable in isolation.

01

Orchestration

Multi-agent coordination, routing, state management.

Step Functions handle the flow: which agent runs when, what it gets, how failures cascade. Bedrock Agents act as the typed entrypoints — each Action Group is a contract the supervisor can call.

AWS: Step Functions · Bedrock Agents · EventBridge
02

Foundation models

Reasoning, generation, tool use.

Bedrock as the inference plane. Claude family for reasoning and writing; Mistral variants for cheaper, narrower tasks. No keys to rotate, no separate vendor relationships, one bill.

AWS: Amazon Bedrock (Claude · Mistral) · Bedrock Action Groups
03

Knowledge

Graph relationships, RAG retrieval, document store.

Neptune holds the graph — who knows what, what depends on what, who's been talked to. Bedrock Knowledge Bases on top of S3 handle retrieval against the long tail of documents. OpenSearch indexes everything for keyword + vector hybrid search.

AWS: Amazon Neptune · Bedrock Knowledge Bases · Amazon S3 · OpenSearch
04

Execution

Containerised agent tasks, serverless compute.

Lambda for everything stateless and short-lived (most things). ECS Fargate for the few agents that need a longer leash, a real container, or a GPU. DynamoDB for low-latency state.

AWS: AWS Lambda · ECS Fargate · DynamoDB · API Gateway
05

Observability & guardrails

Monitoring, cost tracking, responsible AI controls.

CloudWatch sees everything. Cost Explorer sends weekly emails (surprises compound — they should be caught by Friday). Bedrock Guardrails enforce content policies at the inference boundary. IAM least-privilege everywhere.

AWS: CloudWatch · Cost Explorer · Bedrock Guardrails · IAM · AWS CDK

04 — Six departments, one founder

What this actually
looks like.

Each card is a real workflow that runs every week. AWS services noted underneath every line — this is the actual stack, not the marketing diagram.

DEPT / 01

Marketing & Content

A solo founder, a content machine.

  • Outbound automation Bedrock generates personalised outbound sequences. Lambda orchestrates scheduling. EventBridge triggers follow-ups. SES sends. I review and approve every send. awsBedrock · Lambda · EventBridge · SES
  • Technical content Bedrock (Claude) drafts long-form pieces from my outline. S3 stores templates and brand voice. Knowledge Bases retrieve prior pieces for tone consistency. ~3× faster than writing cold. awsBedrock · Bedrock Knowledge Bases · S3
  • LinkedIn (DACH) Tone calibrated for the German market over 50+ prompt iterations stored in S3. Cultural nuance, not robotic output. awsBedrock · S3 prompt library
  • Book series Four-volume Generative AI for Networking Engineers. Bedrock-assisted research and structuring; SageMaker for the domain-specific fine-tunes that power the technical chapters. awsBedrock · SageMaker · S3
DEPT / 02

Sales & Outreach

AI doesn't close deals. It gets me to the table 10× faster.

  • DealMind Real-time AI sales coaching during live calls. Bedrock Agents feed context, objection handlers, next-best-action — DynamoDB keeps state across the conversation. awsBedrock Agents · Lambda · DynamoDB
  • Pipeline automation AI-powered outbound at scale. Step Functions orchestrate the multi-step prospecting workflow end-to-end; SES handles delivery; S3 stores every artefact. awsStep Functions · Bedrock · SES · S3
  • Proposal generation 988-paragraph Airbus DS curriculum drafted with Bedrock in days, not weeks. Knowledge Bases feed the domain context. Strong client feedback on the result. awsBedrock · Bedrock Knowledge Bases · S3
  • Pipeline intelligence Bedrock analyses conversations, suggests priorities, drafts follow-ups. Neptune maps the relationship graph — who knows whom, who introduced whom. awsBedrock · Neptune · CloudWatch
DEPT / 03

Engineering & R&D

AI writes production code. I architect and review.

  • Agentic Guild Five-layer agentic system. Step Functions for flow, Bedrock Agents for typed entrypoints, Neptune for the knowledge graph that all agents read and write. awsStep Functions · Bedrock Agents · Neptune
  • NeT/RED Hybrid red/blue team cybersecurity platform. Bedrock-driven attack and defence simulation in the same fabric. Lambdas execute the playbooks. awsBedrock · Lambda · ECS Fargate
  • Network digital twin Containerlab on EC2. AI proposes a change; the twin proves it before production sees it. The change either passes the twin and ships, or it doesn't ship. awsEC2 · CloudWatch · Bedrock
  • Domain fine-tunes Mistral-7B fine-tuned on SageMaker against NOC/SOC domain data. Cheaper, narrower, deployable inside the same AWS account boundary. awsSageMaker · S3 · Bedrock (custom model import)
DEPT / 04

Operations & Knowledge

The unsexy stuff that makes everything else possible.

  • Knowledge pipeline 599 R&D conversations classified, tagged, searchable via Bedrock Knowledge Bases. S3 as the document store, OpenSearch for hybrid retrieval. Auto-indexed on upload. awsBedrock Knowledge Bases · S3 · OpenSearch
  • Finance & admin Bedrock drafts contracts, proposals, invoices. Lambda automates formatting and routing. I review and sign. awsBedrock · Lambda · S3
  • Daily automation EventBridge triggers morning briefings. Bedrock summarises emails overnight. Lambda prepares tomorrow's priority list before I'm awake. awsEventBridge · Lambda · Bedrock · SES
  • Guardrails & cost Bedrock Guardrails enforce content policies at the inference boundary. CloudWatch monitors cost and latency. IAM least-privilege across every service. awsBedrock Guardrails · CloudWatch · IAM

05 — A day, hour by hour

One Tuesday
on AWS.

Not a fictional ideal day. The actual rhythm of running a company alone — every hour, an AWS service does the heavy lifting.

06:00

Briefing on the world.

EventBridge fires a scheduled rule. Lambda invokes Bedrock to summarise overnight emails, Slack, and industry news. SES emails me the digest before I open my laptop.

awsEventBridge → Lambda → Bedrock → SES
07:00

Research arrives.

Knowledge Bases surface the three papers that matter from 20+ uploaded overnight. Bedrock summarises them into a one-pager I can read with coffee.

awsS3 → Bedrock Knowledge Bases → Bedrock
09:00

Meetings, prepped.

Bedrock Agents pull from the Neptune relationship graph and recent CRM notes in S3 to generate briefing docs. I walk into every call already knowing the room.

awsBedrock Agents → Neptune → S3
12:00

Content drafted.

Bedrock drafts the next Substack article from a bullet outline. S3 holds the prompt templates and brand-voice examples. I edit for voice and judgement.

awsBedrock → S3 prompt templates
15:00

Engineering moves.

The SageMaker-hosted fine-tuned Mistral-7B runs inference for NOC/SOC analysis. Lambda routes results to the next agent. Architecture I drew this morning is shipping by afternoon.

awsSageMaker Endpoints → Lambda → Bedrock
18:00

Tomorrow, queued.

Step Functions runs the end-of-day workflow: follow-ups drafted by Bedrock, CRM updated, priority list generated. SES delivers it to my inbox at 18:15. The day closes itself.

awsStep Functions → Bedrock → SES

06 — The frontier we're working on

Where the line
is moving next.

Four threads in active R&D — each addresses a question the next two years will force on every serious operator: how do you let AI act, safely, inside a regulated business, on AWS?

Thread / 01

Autonomous R&D agent

EventBridge schedules a daily Lambda that pulls from arXiv, Hacker News, YouTube transcripts, and curated vendor changelogs. Bedrock clusters, deduplicates, ranks against your stated areas of interest. Knowledge Bases keep the long tail searchable. SES delivers the morning briefing.

awsEventBridge · Lambda · Bedrock · Bedrock Knowledge Bases · SES
State: in production for me, daily, since Q1.
Thread / 02

Multi-agent operations

Five specialised agents — observe, diagnose, plan, act, verify — collaborate on complex network and security operations. Step Functions coordinates; Bedrock Agents are the typed entrypoints; each agent has a narrow, testable role. Behaviour is auditable end-to-end through CloudWatch.

awsStep Functions · Bedrock Agents · Neptune · CloudWatch
Use: autonomous fault detection & remediation in NOC/SOC contexts.
Thread / 03

Safe execution via digital twins

Before any AI-generated change touches production, a Containerlab-based digital twin on EC2 executes it first. The twin reports what would happen. The change either passes the twin and ships, or it doesn't ship. AI gets to act fast precisely because it's not allowed to act blind.

awsEC2 · CloudWatch · Bedrock · Lambda
Why: AI velocity without AI risk surface.
Thread / 04

In-account AI for compliance

Mistral-7B fine-tuned on SageMaker. Inference inside the customer's AWS account boundary, region-pinned to EU. Bedrock Guardrails at the inference edge. IAM least-privilege everywhere. Designed for environments where DORA, NIS2, and the EU AI Act make external inference a non-starter — model capability without the data ever leaving the account.

awsSageMaker · Bedrock (custom model import) · Bedrock Guardrails · IAM
Posture: compliance-grade by construction, not by promise.

07 — The questions an auditor will actually ask

Governance,
in plain language.

Six questions a regulator, a board, or a CISO will eventually ask about your AI. Each one has a concrete AWS service — not a policy document — that produces the answer.

The questionWho saw what data, when?
awsCloudTrail · S3 Access Logs · CloudWatch
Every read, every write — captured immutably with configurable retention. Queryable by user, role, or object. The audit trail builds itself.
The questionDid the model output something it shouldn't have?
awsBedrock Guardrails
Content policies enforced AT the inference call, not after. Blocked outputs are logged with the reason. Tunable per use case — clinical content gets stricter rules than internal drafts.
The questionCould an agent take an action it wasn't authorised to take?
awsIAM least-privilege · Bedrock Action Groups · SCPs
Each agent has its own IAM role with the minimum permissions for its job. Action Groups define the only API surface it can touch. Anything outside that returns 403, logged.
The questionWhere does the data physically live?
awsRegion pinning · VPC endpoints · KMS
EU-only regions, enforced by IAM policy. Inference traffic flows over private VPC endpoints, never the public internet. Encryption at rest with customer-managed keys.
The questionCan we reproduce a decision from six months ago?
awsCloudTrail · CloudWatch Logs · Bedrock invocation logging
Every prompt, every model version, every output — captured and retained. Queryable for audit. You can replay any inference exactly as it ran, with the model snapshot of that day.
The questionAre we EU AI Act-classified correctly?
awsBedrock Model Evaluation · documented human-review gates · AWS Audit Manager
Risk classification done at use-case level, not application level. High-impact workflows have mandatory human-in-the-loop. Each classification + review policy is a documented, exportable artefact.

None of this is a checklist. Each row is a question someone will eventually ask — and a service that already answers it on day one.

08 — Things we already do, that you could ship next week — on your AWS account

Three low-hanging
fruits.

Same agents. Same patterns. Same AWS services. Re-pointed at the work a regulated, document-heavy, multi-market operator does every day. Each one de-risks something concrete, today.

01

A clinical & regulatory intelligence agent.

The same autonomous research agent that scans arXiv and Hacker News for me, re-pointed at PubMed, EMA and FDA guidance, MDCG documents, EU AI Act amendments, MDR updates, and competitor patent filings. Every morning, your regulatory affairs and clinical teams get a one-page brief: what changed, what matters, what to read in full.

awsEventBridge → Lambda → Bedrock → Bedrock Knowledge Bases → SES

What it replaces
Roughly one full-time analyst's worth of source-scanning, every week.
What it de-risks
"We missed the guidance update" — gone. Drift between markets — caught early.
Time to ship
Two weeks to a working pilot. We've built this exact shape before, on this exact stack.
Where humans stay
All judgement, all interpretation, all decisions. The agent surfaces; people decide.
02

Multilingual, compliance-grade documentation.

The agent that drafted a 988-paragraph training curriculum for Airbus DS in days, re-pointed at Instructions For Use, technical files, patient leaflets, and product labelling — generated across 20+ EU languages from a single structured source of truth in S3. Regulatory affairs reviews instead of writes. Versions stay aligned across markets by construction, not by spreadsheet.

awsBedrock · Bedrock Knowledge Bases · S3 · Step Functions · Lambda

What it replaces
6 to 12 weeks of documentation work per product launch, per market.
What it de-risks
Translation drift, version inconsistency across markets, audit findings from text mismatches.
Time to ship
Four to six weeks to a first product line. Then it scales sideways.
Where humans stay
Regulatory sign-off on every released artefact. AI never publishes alone.
03

A tender & RFP response crew.

The same multi-agent pattern behind DealMind and our pipeline intelligence, applied to the document monsters that hospital and procurement tenders actually are. Bedrock Agents read the RFP. One pulls matching evidence from your internal library in S3. One drafts compliant responses. One cross-checks every claim against the source. Your bid team becomes the editor of a near-complete draft, not the writer of a blank page.

awsBedrock Agents · Step Functions · Bedrock Knowledge Bases · Neptune · S3

What it replaces
60 to 80% of bid-team hours per response. Tenders you currently skip become tenders you can answer.
What it de-risks
Missed deadlines. Weak responses. Compliance claims that don't trace back to evidence.
Time to ship
Three to four weeks to a working crew on one tender format. Generalises from there.
Where humans stay
Strategy, pricing, relationship — the parts that win the deal. Not the parts that fill the form.

09 — The bill, in full

What this actually
costs.

A bootstrapped startup, six departments, twelve services, production workloads. No hidden line items. The numbers below are real monthly averages.

BEDROCKFoundation models
~$150
Claude + Mistral inference, plus Knowledge Bases retrieval. Volume scales with usage; this is the steady state.
SAGEMAKERFine-tuning & endpoints
~$80
Mistral-7B fine-tuning runs + serving endpoints on spot instances. Trains less than once a month, serves 24/7.
NEPTUNEKnowledge graph
~$120
Serverless Neptune. Scales to near-zero when idle. One of the higher line items, easily justified by what it enables.
LAMBDAServerless compute
~$5
Millions of invocations per month, mostly free tier. The cheapest reliable glue ever built.
S3 + EVENTBRIDGE + SES + CLOUDWATCHStorage, events, email, observability
~$30
All the connective tissue. Each individually negligible; together they keep the system healthy.
Full stack
~$385
Per month. Six departments. Twelve services. Production workloads.

That's less than the lunch budget for one founder — running an entire AI-augmented company.

10 — Honest lessons

What works on AWS.
What quietly burns months.

Earned the hard way, after the easy demos and the ugly weekends. No hype in either column.

Do this on AWS.

The patterns that compound.

  • Start with Bedrock. Don't build inference infrastructure first.
  • Try Bedrock Knowledge Bases before reaching for fine-tuning.
  • Lambda for glue. Step Functions for flow. Don't reinvent either.
  • Bedrock Guardrails from day one. Not day ninety.
  • Cost Explorer weekly. Surprises compound — catch them by Friday.
  • Human reviews everything customer-facing. Without exception.

Don't do this.

The patterns that quietly burn months.

  • Don't fine-tune when prompting works. It usually does.
  • Don't build agents before you've nailed the prompts they call.
  • Don't skip IAM least-privilege. The bill and the breach are both in there.
  • Don't ignore Bedrock Guardrails. They're not a checkbox.
  • Don't confuse AI speed with AI accuracy. Different metrics.
  • Don't wait for the "perfect" service launch. The compounding starts now.

11 — The takeaway

AI on AWS won't replace
your company.
But a company using AI
on AWS will replace one
that doesn't.

You don't need a fifty-person AI team. You need one person, one AWS account, and the willingness to start on Tuesday.