Skip to content

AWS SaaS Policy Compliance - Service Removal Plan

Date: 2025-12-30 (Updated) Original Date: 2025-11-21 Objective: Remove all non-AWS third-party services to achieve 100% AWS SaaS Policy compliance Deadline: January 21, 2026 Current Progress: 85% Complete

Executive Summary

Per AWS SaaS Policy requirements, all application and control plane components, including third-party services, LLMs, and APIs handling application data, must run exclusively on AWS infrastructure.

Non-Compliant Services Identified

1. Image Generation Services

Midjourney

  • Engine: PI_API
  • Location: app/Extensions/Midjourney/
  • Package: app/Domains/Entity/Drivers/PiAPI/
  • Status: ❌ NON-COMPLIANT (External API)
  • AWS Alternative: AWS Bedrock Stable Diffusion (already integrated)

Creatify

  • Engine: CREATIFY
  • Location: app/Packages/Creatify/
  • Entity: AD_MARKETING_VIDEO
  • Status: ❌ NON-COMPLIANT (External API)
  • AWS Alternative: AWS Bedrock image/video models

FalAI

  • Engine: FAL_AI
  • Location: app/Packages/FalAI/
  • Models: Kling, Kling 2.1, Luma Dream Machine, Haiper, Minimax, Veo, Flux, Ideogram, etc.
  • Status: ❌ NON-COMPLIANT (External API)
  • AWS Alternative: AWS Bedrock Stable Diffusion

Video AI Tools

  • Topview (TOPVIEW engine)
  • Vizard (VIZARD engine)
  • Klap (KLAP engine)
  • Status: ❌ NON-COMPLIANT (External APIs)
  • AWS Alternative: Self-hosted solutions on EC2 or future AWS Bedrock video models

2. Voice/TTS Services

ElevenLabs

  • Engine: ELEVENLABS
  • Location: app/Packages/Elevenlabs/
  • Entities:
  • ELEVENLABS (TTS)
  • ELEVENLABS_VOICE_CHATBOT
  • ELEVENLABS_AI_MUSIC
  • ISOLATOR
  • Status: ❌ NON-COMPLIANT (External API)
  • AWS Alternative: Amazon Polly (not yet integrated)

Speechify

  • Engine: Speechify
  • Location: app/Domains/Entity/Drivers/SpeechifyDriver.php
  • Status: ❌ NON-COMPLIANT (External API)
  • AWS Alternative: Amazon Polly

Google Cloud TTS

  • Engine: GOOGLE
  • Location: app/Domains/Entity/Drivers/GoogleDriver.php
  • Status: ❌ NON-COMPLIANT (External API - Google Cloud)
  • AWS Alternative: Amazon Polly

Removal Actions

Phase 1: Image/Video Generation (MOSTLY COMPLETE)

Status: ⚠️ 90% Complete - Engines disabled, legacy code cleanup pending

All non-AWS engines have been removed from EngineEnum.php (making them inaccessible to users), but some legacy driver code remains and should be cleaned up:

  1. Midjourney Extension - ✅ FULLY REMOVED
  2. Extension directory deleted

  3. PI_API engine removed from EngineEnum.php

  4. Creatify Package - ⚠️ ENGINE DISABLED

  5. CREATIFY engine removed from EngineEnum.php

  6. Legacy code in app/Packages/Creatify/ (cleanup pending)

  7. FalAI Package - ⚠️ ENGINE DISABLED

  8. FAL_AI engine removed from EngineEnum.php

  9. Legacy drivers in app/Domains/Entity/Drivers/FalAI/ (cleanup pending)

  10. Video AI Packages - ⚠️ ENGINES DISABLED

  11. TOPVIEW, VIZARD, KLAP engines removed from EngineEnum.php
  12. Legacy code in packages (cleanup pending)

Note: While legacy code exists, these services are not accessible to users because the engines have been removed from EngineEnum.php. Code cleanup is a low-priority housekeeping task.

Phase 2: Presentation Services (COMPLETED)

  1. Remove Gamma AI
  2. Delete app/Domains/Entity/Drivers/GammaAIDriver.php
  3. Delete app/Domains/Engine/Drivers/GammaAIEngineDriver.php
  4. Remove GAMMA_AI from EngineEnum.php
  5. Remove GAMMA_AI from EntityEnum.php

  6. Remove GammaService from AiPresentation extension

  7. Implement AWS Bedrock Presentation Generator

  8. Create BedrockPresentationService.php (main orchestrator)
  9. Create BedrockContentGenerator.php (Claude Sonnet 4.5)
  10. Create BedrockImageGenerator.php (Stable Diffusion SDXL)
  11. Create PresentationAssembler.php (PPTX assembly)
  12. Update AiPresentation extension to use new service

Status: ✅ COMPLETED Documentation: docs/AWS_BEDROCK_PRESENTATION_GENERATOR.md

Phase 3: Voice/TTS Services (COMPLETED)

Status: ✅ COMPLETED (2025-12-30)

All non-AWS TTS services have been removed and replaced with Amazon Polly:

  1. ElevenLabs - ✅ REMOVED
  2. All ElevenLabs packages and drivers deleted
  3. Engine removed from EngineEnum.php

  4. Entities removed from EntityEnum.php

  5. Speechify - ✅ REMOVED

  6. All Speechify drivers deleted

  7. Engine removed from EngineEnum.php

  8. Google TTS - ✅ REMOVED

  9. All Google TTS drivers deleted

  10. Engine removed from EngineEnum.php

  11. Amazon Polly Integration - ✅ IMPLEMENTED

  12. Service: app/Packages/Bedrock/Services/PollyVoiceSynthesisService.php
  13. Neural voice support for 10+ languages
  14. SSML support for advanced speech control
  15. Video narration generation
  16. Integrated with HybridVideoPipelineService

Phase 4: Storage Migration (COMPLETED)

  1. Remove Cloudflare R2
  2. Delete app/Extensions/Cloudflare/ directory
  3. Remove Cloudflare R2 SQL files
  4. Update to use AWS S3 exclusively

Status: ✅ COMPLETED

Phase 5: UI and Configuration Cleanup

  1. Update Settings Views
  2. Remove references from resources/views/default/panel/admin/settings/

  3. Remove from resources/views/default/panel/admin/config/tools.blade.php

  4. Update Menu Service

  5. Remove entries from app/Services/Common/MenuService.php

  6. Update Routes

  7. Clean up routes/panel.php

  8. Update Language Files

  9. Remove translations from resources/lang/*.json

  10. Update JavaScript

  11. Remove from public/themes/default/assets/js/panel/settings.js
  12. Remove ElevenLabs realtime from resources/views/default/js/components/realtime-frontend/

AWS-Compliant Services Retained

Presentation Generation

AWS Bedrock Presentation Generator (NEW - Replaces Gamma AI) - Content: Claude Sonnet 4.5 for presentation structure - Images: Stable Diffusion SDXL for slide images - Assembly: PhpPresentation library for PPTX generation - Storage: AWS S3 for file storage - Documentation: docs/AWS_BEDROCK_PRESENTATION_GENERATOR.md

Image Generation

AWS Bedrock Stable Diffusion - Already integrated: app/Domains/Entity/Drivers/StableDiffusion/AwsBedrockDriver.php - Supported models in BedrockEngine.php: STABLE_DIFFUSION_1

Voice/TTS

Amazon Polly - FULLY INTEGRATED - Service: app/Packages/Bedrock/Services/PollyVoiceSynthesisService.php - Neural voice support for 10+ languages (en-US, en-GB, es-ES, fr-FR, de-DE, ja-JP, ko-KR, zh-CN, pt-BR, it-IT) - SSML support for advanced speech synthesis control - Integrated with video narration pipeline via HybridVideoPipelineService.php - Cost estimation and credit tracking included

LLM/Text Generation

AWS Bedrock Claude Models (already integrated) - Full suite of Claude models available - See BedrockEngine.php for complete list

Testing Requirements

  1. Verify AWS Bedrock Stable Diffusion works for all image generation use cases
  2. Test that removal doesn't break existing functionality
  3. Verify database migrations handle removed entity types gracefully
  4. Ensure UI properly hides/removes non-AWS options

Rollback Plan

  • Git branch: claude/aws-saas-compliance-01BwnRbT6bS7WXnz3gb2pUvi
  • Can revert commits if needed before pushing
  • Keep removed code in separate branch for reference

Timeline

  • Phase 1 (Image/Video): ✅ COMPLETED (2025-11-21) - Engines disabled, legacy code cleanup pending
  • Phase 2 (Presentation): ✅ COMPLETED (2025-11-21)
  • Phase 3 (Voice/TTS): ✅ COMPLETED (2025-12-30) - Amazon Polly integrated
  • Phase 4 (Storage R2→S3): ✅ COMPLETED (2025-11-21)
  • Phase 5 (UI Cleanup): ⏳ LOW PRIORITY - Most non-AWS options already hidden
  • Testing: ✅ ONGOING

Progress: 85% complete ⬅️ CURRENT

Compliance Impact

Before (Nov 2024): ~40-50% compliant After Phase 1 (Image/Video): ~60% compliant After Phase 2 (Presentation): ~65% compliant After Phase 3 (Voice/TTS with Polly): ~80% compliant After Phase 4 (Storage): ~85% compliant ⬅️ CURRENT After Legacy Code Cleanup: ~90% compliant With Bedrock-Only Mode Enabled: ~95% compliant (non-AWS LLMs disabled)

Remaining Compliance Items (Not in this plan)

Active Non-AWS LLM Providers (User-Selectable)

These engines remain available when bedrock_only_mode is disabled: - OpenAI (GPT-4o, DALL-E, TTS, Whisper, Sora) - Anthropic Direct API (should use Bedrock) - Gemini (Google) - DeepSeek - X.AI (Grok) - Perplexity - OpenRouter - Together - Azure OpenAI - AI/ML Minimax

FTR Compliance Note: Enable bedrock_only_mode in settings to restrict to AWS-native engines only. This is controlled via SettingTwo->bedrock_only_mode and the EngineEnum::isBedrockOnlyMode() method.

Infrastructure Items (AWS Migration Candidates)

  • ✅ Cloudflare R2 storage → Migrated to AWS S3 (COMPLETED)
  • ⚠️ Pusher → AWS API Gateway WebSocket (PLANNED)
  • ⚠️ Sentry → CloudWatch/X-Ray (EVALUATE)

Exempt Services (Per AWS FTR Policy)

  • Payment processors (Stripe, PayPal, Paddle, Razorpay) - billing exempt
  • Social media APIs (LinkedIn, Twitter, Instagram) - user-initiated
  • OAuth providers (Google, Apple, GitHub) - authentication exempt

Subscription Plan Model Mapping (FTR Compliance)

Overview

When bedrock_only_mode is enabled, the subscription plan creation system restricts the "Default AI Model" dropdown to AWS-native engines only. This ensures new plans are FTR compliant.

How It Works

File: app/Livewire/Admin/Finance/Plan/SubscriptionPlanCreate.php

// getModels() now respects bedrock_only_mode via:
$availableEngines = EngineEnum::getAvailableEngines();
// When bedrock_only_mode=true, returns only: AWS_BEDROCK, STABLE_DIFFUSION, UNSPLASH, PEXELS, PIXABAY, SERPER

Engine Categories

AWS-Native Engines (Available in bedrock_only_mode)

Engine Database Value Models
AWS Bedrock aws_bedrock Claude 4.x, Nova, Qwen, Gemma, MiniMax, Kimi, Mistral via Bedrock
Stable Diffusion stable_diffusion Uses Bedrock Stable Diffusion
Stock Images unsplash, pexels, pixabay Exempt (user-initiated, not AI/ML)
Search serper Exempt (not AI/ML)

Legacy Engines (Hidden when bedrock_only_mode enabled)

Engine Database Value FTR Status
OpenAI openai Non-compliant (direct API)
Anthropic anthropic Non-compliant (use Bedrock Claude)
Gemini gemini Non-compliant (Google)
DeepSeek deep_seek Non-compliant
X.AI x_ai Non-compliant
Azure OpenAI azure_openai Non-compliant (Microsoft)

Backwards Compatibility

Existing plans with legacy (non-Bedrock) models are preserved: - Legacy model appears in dropdown with [Legacy - Migration Required] badge - Warning alert displayed: "This plan uses a non-Bedrock model..." - Admin can switch to Bedrock model or keep legacy for existing subscribers

Migration Path

  1. Enable bedrock_only_mode in Admin → Settings → Bedrock
  2. New plans will only see Bedrock models
  3. Edit existing plans to see migration warning
  4. Switch legacy models to Bedrock equivalents:
  5. gpt-4obedrock-claude-sonnet-4 or bedrock-nova-pro
  6. claude-3-5-sonnetbedrock-claude-3-5-sonnet-v2
  7. gemini-1.5-flashbedrock-nova-lite

Database Tables

  • entities - All AI models with engine column
  • plans - Subscription plans with default_ai_model column
  • settings_two - Contains bedrock_only_mode boolean

References

  • AWS SaaS Policy Email: January 21, 2026 deadline
  • AWS Contact: pctsaaspolicyreview@amazon.com
  • Documentation: docs/AWS_BEDROCK_CONFIGURATION.md