Skip to content

What We Need From You

Scope: What we collect to deploy CampusCore into your AWS account. Your CampusCore contact walks through each item with you - you do not set any of this up alone.

CampusCore runs inside your own AWS account, so you keep ownership of the infrastructure, the data, and the bill. To deploy, we need access to that account and the AI provider keys the platform uses.

Why we gather these up front: the values on this page are part of the deployment configuration - the first deployment reads them to come up correctly and securely. Collecting them in one session avoids a redeploy later. Branding and single sign-on, by contrast, are set after the system is running, so they live in their own stages.

Your AWS account

  • AWS Account ID - the 12-digit identifier of the AWS account CampusCore will deploy into (AWS Console > top-right menu > Account ID).

AI provider keys

CampusCore uses a few best-in-class AI services. You provide the keys so usage is billed to your own accounts and stays under your control.

  • OpenAI API key - powers the assistant and document embeddings (platform.openai.com/api-keys).
  • Gemini API key - used for reading and OCR of scanned documents (ai.google.dev).
  • Cohere API key - improves search result ranking (cohere.com).
  • Google Cloud service account JSON key - used for the Gemini connection and for Google Drive integration (Google Cloud Console > IAM > Service Accounts).

Every key is stored encrypted inside your own AWS account and is only ever used there. We do not keep copies outside your environment, and any key can be rotated later.

Domain and HTTPS

These are part of the deployment configuration, so we settle them now even though the DNS record itself is something you create after the first deployment (see Custom Domain Setup).

  • Custom domain name - the address your users will visit, for example ai.university.edu. The deployment uses it to configure the application and its HTTPS certificate.
  • SSL preference - CampusCore-managed SSL (recommended - we provision and auto-renew the certificate) or self-managed SSL (you handle HTTPS yourself). This is a deployment setting, so we confirm it before deploying.

One setup action: the deploy role

So that we can deploy into your account - and only deploy, nothing more - you run a small template we provide:

  1. We give you a CloudFormation template (deploy-role.yaml) and our admin role identifier.
  2. You deploy it in your AWS account. It creates one scoped IAM role that grants exactly the permissions needed to provision CampusCore (ECS, RDS, S3, SQS, networking, certificates), and nothing outside that.
  3. You share the resulting role identifier back with us.

You can review every permission in the template before you run it. This is the only manual AWS step on your side - takes about 10 minutes.

Next: What Gets Created in Your AWS Account.