Networking

Network architecture, IP ranges, and infrastructure security.

VPC Architecture

Future AGI’s infrastructure runs within isolated Virtual Private Clouds (VPCs) on AWS. Our architecture enforces strict network segmentation:

  • Public subnets are limited to load balancers and edge proxies. No application servers or databases are directly internet-accessible.
  • Private subnets host all application services, databases, caches, and internal processing pipelines. These subnets have no direct inbound internet access.
  • Security groups enforce least-privilege network rules, restricting traffic between services to only the ports and protocols required for operation.
  • Customer environments are logically isolated at the application layer, ensuring no cross-tenant network access.

WAF and DDoS Protection

All inbound traffic passes through multiple layers of protection:

  • AWS Web Application Firewall (WAF) — Filters malicious requests, blocks common attack patterns (SQL injection, XSS, path traversal), and enforces rate limiting.
  • AWS Shield Standard — Provides automatic protection against volumetric DDoS attacks at the network and transport layers.
  • AWS Shield Advanced — Available for Enterprise deployments, providing enhanced DDoS mitigation with 24/7 access to the AWS DDoS Response Team.

Egress IP Addresses

If your infrastructure requires firewall whitelisting for outbound webhook deliveries or API callbacks from Future AGI, use the following static IP ranges:

US Region (us-east-1):

  • 44.214.XXX.XXX/32
  • 44.214.XXX.XXX/32

EU Region (eu-west-1):

  • 3.126.XXX.XXX/32
  • 3.126.XXX.XXX/32

Contact support@futureagi.com for the current production IP addresses. These IPs are stable and changes are communicated at least 30 days in advance.

Load Balancing

Application traffic is distributed across multiple instances using AWS Application Load Balancers (ALB). Load balancers perform health checks on backend services and automatically route traffic away from unhealthy instances, ensuring high availability.

Content Delivery Network

Static assets, documentation, and the Future AGI dashboard are served through Amazon CloudFront, providing:

  • Global edge caching for low-latency access worldwide
  • TLS termination at the edge
  • Automatic compression (gzip/Brotli) for reduced transfer sizes
  • Geographic access controls where required by compliance policy

Questions?

Reach out to our security team.

security@futureagi.com

Request documents

SOC 2 report, DPA, pen test summary.

Request documents →