Enterprise architecture reference

Enterprise Agentic AI Reference Stack

This reference turns a cloud-specific agent stack into a vendor-neutral enterprise model, then maps the model across Azure, AWS, and Google Cloud. The key finding is direct: cloud providers supply strong execution, model, workflow, identity, and monitoring primitives, but none of them fully solve cross-cloud agent identity, authority, runtime permissioning, evidence, revocation, and lifecycle governance as one operating layer.

9Vendor-neutral capability layers
3Cloud platforms mapped
8Cross-cloud governance controls
0Live integrations or runtime actions added

Vendor-Neutral Reference Architecture

The enterprise stack should be described by capabilities first. Provider services can implement parts of the stack, but governance authority should remain portable across clouds, models, tools, and business systems.

Agent Frameworks

Planning, tool use, memory, multi-agent coordination, evaluation hooks, and orchestration state.

Foundation Models

Hosted models, embeddings, model catalog access, model routing, versioning, and provider review.

Workflow And Events

Queues, event routing, streaming, workflow automation, retries, idempotency, and handoff state.

Runtime Infrastructure

Containers, Kubernetes, serverless functions, job runners, network controls, and sandboxed execution.

Identity And Access

Human identity, service identity, workload identity, scoped credentials, secrets, and least privilege.

Observability

Logs, traces, metrics, failure telemetry, prompt/tool traces, incident signals, and cost signals.

Governance And Safety

Policy, content safety, model risk review, human approval, evidence, auditability, and lifecycle state.

DevOps And IaC

Source control, CI/CD, infrastructure as code, release gates, environment promotion, and rollback.

Business AI Layer

Low-code agent builders, productivity assistants, enterprise workflows, and business-domain copilots.

Cloud Mapping Matrix

Layer Azure AWS Google Cloud
Agent Frameworks Azure AI Foundry Agent Service, Microsoft Agent Framework, Semantic Kernel, AutoGen Amazon Bedrock Agents, Strands Agents, AgentCore Runtime and Gateway for framework-hosted agents Vertex AI Agent Builder, Google Agent Development Kit, Gemini Enterprise Agent Platform components
Models Azure OpenAI Service, Azure AI Foundry model catalog Amazon Bedrock foundation models, SageMaker for custom model lifecycle Vertex AI Model Garden, Gemini models, partner and open model hosting
Workflow/Eventing Logic Apps, Event Grid, Service Bus, Event Hubs Step Functions, EventBridge, SQS, SNS, MSK, Kinesis Workflows, Eventarc, Pub/Sub, Cloud Tasks, Dataflow
Runtime Container Apps, AKS, Functions ECS, EKS, Lambda, Bedrock AgentCore Runtime Cloud Run, GKE, Cloud Functions, Vertex AI custom jobs
Identity Microsoft Entra ID, managed identities, Key Vault IAM, IAM Identity Center, STS, Secrets Manager, AgentCore Identity Cloud IAM, Workforce Identity Federation, Workload Identity Federation, Secret Manager
Observability Azure Monitor, Application Insights, Log Analytics CloudWatch, X-Ray, CloudTrail, Bedrock AgentCore Observability Cloud Logging, Cloud Monitoring, Cloud Trace, Vertex AI observability features
Governance Azure Policy, Purview, AI Content Safety, Entra controls, Azure AI evaluation features IAM policy, Organizations/SCPs, GuardDuty/Security Hub, Bedrock Guardrails, AgentCore Policy Organization Policy, Security Command Center, Sensitive Data Protection, Model Armor, Agent Platform governance controls
CI/CD GitHub Actions, Azure DevOps, Bicep, ARM, Terraform CodePipeline, CodeBuild, CodeDeploy, CloudFormation, CDK, Terraform Cloud Build, Cloud Deploy, Artifact Registry, Deployment Manager alternatives, Terraform
Business AI Layer Microsoft Copilot Studio, Power Automate, Microsoft 365 Copilot, Dynamics 365 Copilot Amazon Q Business, Amazon Q Developer, Bedrock-backed enterprise assistants Gemini Enterprise, Gemini for Workspace, Agentspace and Workspace-connected assistants

Provider Gaps And Weaknesses

Azure

  • Strong enterprise identity and business productivity integration, but agent lifecycle authority remains split across Foundry, Copilot, workflow, runtime, and security tooling.
  • Content safety and monitoring do not create a portable agent passport, runtime permit, or evidence chain across non-Azure execution paths.
  • Agent-to-agent and tool interoperability exist as emerging protocols, but enterprise policy inheritance and revocation semantics are still ambiguous.

AWS

  • AgentCore gives AWS a clearer managed agent runtime story, but governance is still distributed across IAM, Bedrock, Organizations, CloudTrail, and service-specific controls.
  • Lifecycle management is improving, yet cross-cloud agent identity, delegated authority, and evidence packaging are not a single enterprise operating record.
  • Runtime policy enforcement is strongest inside AWS control boundaries and weaker when agents delegate to SaaS tools, external clouds, or unmanaged MCP servers.

Google Cloud

  • Google has strong model and data-platform depth, but enterprise agent governance is still evolving across Gemini, Vertex AI, Agentspace, and cloud IAM surfaces.
  • Agent identity and registry concepts are emerging, but customers still need a durable cross-cloud lifecycle, approval, evidence, and revocation model.
  • Runtime controls can be robust inside Google Cloud, but inter-agent controls, policy portability, and external tool authority remain enterprise design responsibilities.

Cross-Cloud Governance Layer

A governed enterprise should place a cloud-agnostic operating layer above provider runtimes. In Scaled Agents terms, this is where Passport, Toll Gates, Runtime Permits, Stamps, Human Review, Action Broker mediation, and lifecycle analytics fit.

Agent Identity Passport

Every AI worker needs a durable identity record with owner, purpose, risk tier, data boundary, tool boundary, authority limits, lifecycle state, and renewal date.

Credentialing

Agents should receive short-lived scoped credentials only after a current Passport, approved role, active review state, and valid runtime context are confirmed.

Dynamic Permissions

Runtime authority should be granted per action, data class, tool, destination, model, workflow, risk tier, and business purpose, then expire or require renewal.

Policy Checkpoints

Pre-run checks validate identity and scope, mid-run checks constrain tools and delegation, and post-run checks record outcome, evidence, exceptions, and residual risk.

Audit Evidence

Evidence should reconstruct who owned the agent, what authority applied, what data and tools were used, what policy decided, and what human review occurred.

Lifecycle Tracking

Draft, reviewed, approved, active, paused, suspended, revoked, and retired states must remain distinct across every cloud and business-system connector.

Revocation Controls

Kill switches should disable credentials, tool access, workflow triggers, agent-to-agent delegation, scheduled jobs, and external communications without relying on one cloud console.

Inter-Agent Controls

Agent-to-agent communication should require sender and receiver passports, approved delegation purpose, inherited authority limits, transcript/evidence capture, and deny-by-default behavior.

Operating Analytics

Executives need population, risk, cost, value, incident, exception, renewal, and orphan-agent views that cut across provider-specific logs and runtime services.

Enterprise Operating Model

Operating Area Recommendation
Ownership Assign a business owner, technical owner, risk reviewer, data reviewer, and operator for each AI worker. The agent may recommend or execute bounded tasks, but a human remains accountable for scope, review, and retirement decisions.
Governance Structure Use a federated model: a central AI governance platform defines policy, records, evidence, and release gates; domain teams propose agents and own business outcomes inside those guardrails.
Deployment Pattern Deploy agents in the cloud or runtime that fits workload needs, but require every runtime to call the same Passport, Toll Gate, Runtime Permit, evidence, and revocation controls before consequential actions.
Policy Consistency Translate enterprise policy into portable controls that can be evaluated before tool calls, data access, workflow handoffs, model changes, external communication, and agent-to-agent delegation.
Auditability Keep provider logs, model traces, workflow events, human review records, and evidence stamps correlated by agent ID, Passport ID, action ID, policy version, and lifecycle state.

Actionable Next Steps

Architecture

Produce a layered reference architecture, cross-cloud policy flow, Passport-to-runtime-permit sequence, inter-agent communication control diagram, and audit evidence reconstruction view.

Product

Productize the Passport, Toll Gate, Runtime Permit, Policy Studio, Evidence Pack, Kill Switch, Agent Registry, and Action Broker as the provider-agnostic governance layer above cloud runtimes.

Go To Market

Position Scaled Agents above cloud execution platforms: not another model wrapper, but the customer-managed governance plane for identity, authority, evidence, and lifecycle control across clouds.

Source And Review Posture

Review boundary: provider service names and feature boundaries are time-sensitive. This page is a public architecture reference for planning and review. It is not procurement advice, legal advice, a formal compliance determination, audit opinion, security sign-off, or a claim that any cloud service provides complete cross-cloud agent governance.