Replace $14,000/month in AWS managed networking across your entire organization. Cross-account VPC peering mesh, multi-account Kubernetes, hub-spoke agent for remote VPCs, and Suricata IDS/IPS -- all at flat cost.
Auto-discovers VPCs across all your AWS accounts and regions. Maintains a live inventory with real-time state. Creates and manages VPC peering connections automatically -- no manual click-ops or scripting.
EnterpriseAuto-creates full-mesh peering topology with route propagation across all enrolled VPCs. Free VPC peering replaces Transit Gateway at $0/GB vs $0.02/GB. Supports 100+ VPCs across 3+ regions with zero manual route management.
EnterpriseLightweight agent in spoke VPCs establishes GRE tunnels to the hub gateway. ECMP load balancing across multiple gateways for active-active throughput. WireGuard VPN for remote clients and contractors requiring encrypted overlay.
EnterpriseK8s control plane in hub VPC. Worker nodes in spoke VPCs across 3 accounts, 3 regions, 8 VPCs -- joined via Calico IPIP overlay over VPC peering. Camphor Karpenter provider handles cross-account node provisioning automatically.
Enterprise30,000+ ET Open threat intelligence rules pre-cached in the AMI -- no download delay on boot. Syncs rules from your AWS Network Firewall policy with no $700/mo endpoint fees. Domain filtering, 5-tuple rules, and nftables stateless chain for high-throughput packet inspection.
EnterpriseEnterprise tier adds embedding-similarity caching on top of exact-match. Similar-but-not-identical prompts hit the cache -- achieving 50-70% hit rates across teams sharing the gateway. Cost attribution per team for chargeback. Prompt audit log with metadata only (content never stored).
AI GatewayComplete IaC coverage via custom Terraform provider. Every feature -- peering groups, firewall rules, Kubernetes config, AI proxy routes, ACL policies -- managed declaratively. The same REST API powers both the dashboard and the provider, so nothing is hidden.
EnterpriseAll configuration lives in your SSM Parameter Store. All logs write to your CloudWatch -- never ours. IAM policy is least-privilege, scoped to the stack by tag and ARN. Full prompt audit log with metadata (model, tokens, source IP, latency) with no prompt content stored. Full policy at trust.html.
Enterprise+---------------------------------+ | Hub VPC (Camphor Gateway) | | | | +---------------------------+ | | | Camphor EC2 (c6in.xlarge) | | | | | | | | Transit Manager | | | | K8s Control Plane | | | | Suricata IDS/IPS | | | | AI Proxy + Semantic Cache| | | | sNAT / dNAT (nftables) | | | +---------------------------+ | | | | | +---------|---------|-------------+ | | +-------------------------+ +---------------------------+ | VPC peering / GRE tunnel VPC peering / GRE tunnel | | | +-------+------------------+ +-------------------+-------+ | Spoke VPC A (Account 1) | | Spoke VPC B (Account 2) | | | | | | K8s workers (Karpenter) | | K8s workers (Karpenter) | | App pods (Calico IPIP) | | App pods (Calico IPIP) | | | | | +--------------------------+ +---------------------------+ | +---------------+------------------+ | Spoke VPC C (Account 3, us-west-2) | | | | Hub-Spoke Agent (GRE/WireGuard) | | No VPC peering required | +-----------------------------------+
One appliance, all accounts. Flat cost regardless of traffic volume. Deploy in 10 minutes from AWS Marketplace.