AWS-native tenant broker for Claude agents with per-team budgets, IAM policies, and CloudTrail-backed chargeback.

1. Enterprises can now access native Claude directly through existing AWS accounts, which makes procurement approval much faster and shifts urgency to internal operating controls.
2. Full feature parity removes the excuse to stay on a less capable path just for billing convenience, so more teams will request the native platform.
3. Managed agents, skills, code execution, and tool use are now available through AWS, increasing the need for tenant-level approvals and monitoring before broad rollout.
4. Customer references and independent analysis both frame AWS as the new enterprise channel for Anthropic, which means platform teams need a standard operating layer now, not after the first sprawl incident.

Catalyst. Claude Platform on AWS made native Anthropic agents, skills, and tool use available through existing AWS accounts, creating immediate rollout demand from enterprises that need AWS-native controls before they can standardize on Claude.

Build a control plane that sits between enterprise AWS organizations and Claude Platform on AWS. The product gives platform teams a self-service catalog where internal application teams request a Claude tenant, pick approved capabilities such as managed agents or code execution, and inherit prebuilt IAM, logging, and budget policies automatically. It tags and meters usage by team, project, environment, and business unit so finance can charge back spend without forcing every team onto a shared account. The system also provides rollout workflows for approving new tools, monitoring agent activity from CloudTrail, and migrating pilot apps from direct Anthropic or Bedrock setups into a standardized AWS-native operating model.

What's different. This is not a generic AI FinOps dashboard or a horizontal agent guardrail wrapper. The product is opinionated around one newly opened workflow: provisioning production Claude tenants inside AWS organizations while preserving native Anthropic capabilities. That focus makes it valuable on day one for platform teams under rollout pressure, and it creates durable data advantage in account topology, tenant policy patterns, and AI chargeback baselines that can later expand into a broader enterprise AI control plane.

Jobs to be done

flowchart LR
  Buyer[Cloud Platform Team] --> Pain[Too many Claude requests without tenant controls]
  Pain --> Product[Claude on AWS tenant broker]
  Product --> Outcome[Faster rollout with budget, IAM, and audit guardrails]

Executive takeaways

• The launch created a real but narrow opening: AWS removed procurement friction for native Claude, so the new bottleneck shifts to tenanting, IAM scoping, audit logging, and chargeback across internal teams [1][2][5][8].
• The wedge is time-sensitive because Bedrock already offers agents, guardrails, CloudTrail logging, and usage-based pricing; a startup wins only if it brokers native Claude features on AWS faster than hyperscalers add first-party admin controls [26][27][28][29][39].
• Buyer pain is credible: 44% of organizations have moved GenAI beyond experimentation into production, 60% already have a dedicated AI executive, and FinOps guidance is pushing showback/chargeback discipline onto AI workloads [10][15][16].
• A tenant broker can sell as rollout-enablement rather than standalone governance because AWS Organizations, Control Tower, Budgets, and cost-allocation tags already define the operating model buyers want—but not a Claude-specific control plane [17][18][19][20].
• Competition is adjacent rather than direct: gateways and observability vendors handle routing, tracing, or budgets, but none are purpose-built around AWS-native Claude workspace lifecycle, IAM templates, and CloudTrail-linked internal chargeback [30][31][32][33][34][35][36][37].

Market definition

Enterprise control software for provisioning, governing, and charging back native Claude Platform on AWS access across multi-account AWS organizations. The product sits between AWS account governance (Organizations/Control Tower/Budgets), Anthropic's native platform features, and internal FinOps / security approval workflows. It excludes general chat apps, model hosting, and horizontal LLM observability unless they directly own AWS-native tenant lifecycle and chargeback [5][17][18][19][20].

Customer and buyer

Primary users are central cloud platform and internal AI platform teams that must provision safe, isolated Claude access for multiple business teams. Influencers are FinOps and security engineering; the economic buyer is typically a Director of Cloud Platform Engineering or VP Infrastructure who already owns AWS multi-account standards and internal approval processes [10][17][18][22].

Buying triggers

• Native Claude access becomes available inside existing AWS accounts, so procurement is no longer the blocker and internal controls become the constraint. [1][2][3]
• GenAI moves from experiments to production, increasing demand for named ownership, budgets, and workspace isolation. [10][11][15]
• Finance asks for cost attribution and chargeback as AI usage spreads across internal teams. [15][16][19][20]

Willingness to pay

Adjacency pricing shows real budget envelopes already exist inside AI-platform stacks: Helicone charges $79/month Pro and $799/month Team before enterprise upsell, while Langfuse ranges from free to $2,499/month Enterprise with audit logs, SSO, SCIM, and AWS Marketplace billing. That suggests a Claude-specific broker can attach to existing platform / observability / FinOps spend if it materially shortens rollout and ownership assignment [31][33][16]. [16][31][33]

Category dynamics

Growth signal 4x YoY increase in organizations integrating GenAI into some or most functions

Validation signals

• AWS is the first cloud provider to expose the native Claude Platform through existing AWS accounts with IAM, billing, and CloudTrail.
• 44% of surveyed organizations have already moved GenAI beyond experimentation into production, increasing pressure on central platform teams.
• Capgemini found 82% of organizations plan to integrate AI agents within 1-3 years, which expands the need for permissioning and audit controls.

Regulatory & technical constraints

• Claude Platform on AWS is operated by Anthropic and may process inference outside the AWS security boundary, which constrains residency-sensitive deployments.
• Full CloudTrail visibility for Claude Platform on AWS data-plane actions requires explicit data-event logging configuration and can add cost.
• IAM enforcement is action- and workspace-specific, so provisioning automation must handle SigV4, workspace ARNs, and least-privilege policy templates correctly.

The closest substitutes come from three camps. Bedrock is the strongest incumbent because it already bundles agents, guardrails, logging, and AWS-native billing inside the AWS security boundary [26][27][28][29]. Portkey, Helicone, Langfuse, and LiteLLM offer routing, tracing, budgets, or guardrails, but they start from API traffic rather than AWS-org tenant lifecycle [30][31][32][33][34][35][36][37]. The final competitor is the internal platform team using Organizations, Control Tower, IAM, Budgets, and spreadsheets/scripts to build a bespoke approval flow [17][18][19][20].

Why incumbents do not win by default

• Cloud platforms. AWS can absorb admin features quickly, but Bedrock and Claude Platform on AWS are still distinct architectures; buyers that need native Claude parity plus internal tenant brokering are not served by default.
• Gateway vendors. Portkey and Helicone already sell routing, rate limits, fallback, and observability, but their center of gravity is cross-model traffic control rather than AWS account/workspace provisioning and finance-grade internal ownership mapping.
• Observability vendors. Langfuse is strong on traces, evals, and security monitoring, yet it operates after the application exists; the wedge here is approving and provisioning the tenant before sprawl occurs.
• Open source and in-house. LiteLLM and custom platform scripts can approximate budgets and virtual keys, but they still leave enterprises to design IAM scopes, workspace lifecycle, CloudTrail mapping, and change-management workflow themselves.

Claude AWS Tenant Broker is a control plane for large AWS enterprises that need to provision native Claude Platform access for multiple internal teams without losing budget control, IAM discipline, or auditability. The first customer is a Fortune 2000 company with a central cloud platform team, an AWS enterprise agreement, and 5 or more internal teams requesting production Claude access after security has approved the new AWS buying path. The launch of Claude Platform on AWS matters because procurement is no longer the main blocker; tenanting, spend ownership, CloudTrail setup, and approval workflow now become the operational bottleneck. The MVP should focus narrowly on self-service tenant requests, mandatory metadata, IAM role templates, budget caps, tool-permission approvals, and chargeback exports tied to AWS account structure. Go-to-market should be founder-led into Directors of Cloud Platform Engineering and VP Infrastructure buyers, starting with a paid rollout pilot for 2 to 3 internal teams and converting to an annual subscription priced by active tenants and managed spend. Research supports a real but modest initial market, modeled at about $151.6M TAM, $37.9M SAM, and $3.2M year-3 SOM, so the company has to prove a tight wedge before expanding into multi-model or multi-cloud control. The best reason to believe is that Bedrock, gateways, and internal scripts all miss the exact workflow of AWS-org-native Claude tenant lifecycle plus finance-grade ownership mapping. The biggest disconfirming risks are AWS or Anthropic shipping enough first-party admin controls, security teams rejecting Anthropic-operated processing outside the AWS boundary, and buyers deciding spreadsheets and internal scripts are good enough. A key evidence gap remains which control triggers budget first across real buyers, so the first 12 months must prove that provisioning pain converts into paid pilots and then into production contracts.

Problem

• Cloud platform teams become the bottleneck once native Claude can be bought through AWS, because each new internal team needs isolated access, IAM scope, audit logging, and budget ownership before rollout.
• The current alternative is a brittle mix of shared accounts, manual IAM setup, spreadsheets for chargeback, and one-off approval workflows that break when managed agents, code execution, and tool use spread across teams.

Solution

• Provide an AWS-native tenant broker that provisions Claude workspaces per internal team with approved IAM templates, mandatory tags, budget caps, and default CloudTrail mappings.
• Give platform, FinOps, and security teams a shared approval and chargeback layer so they can say yes to more Claude deployments without forcing every team into a shared platform account or a Bedrock fallback.

Why we win

• The wedge is tied to one newly urgent workflow, provisioning native Claude Platform on AWS inside existing AWS governance models, rather than a generic AI observability or routing story.
• The product fits how large enterprises already operate with AWS Organizations, Control Tower, Budgets, and cost-allocation tags, which lowers behavior change versus introducing a new platform standard.
• Tenant-policy history, IAM templates, approved tool configurations, and spend-to-owner mappings can compound into a sticky implementation and data moat that horizontal gateways do not collect at tenant-creation time.

Milestones

flowchart LR
  Wedge[Claude on AWS rollout bottleneck] --> MVP[Tenant provisioning and chargeback MVP]
  MVP --> Proof[Paid pilots with faster launches and clean ownership mapping]
  Proof --> Expansion[Broader AI governance and cross-model control]

Founding team

Experiment roadmap

Risk assessment

What must be true

• At least 5 of the first 15 target enterprises are actively choosing native Claude Platform on AWS over Bedrock for some production workloads.
• Cloud platform leaders view tenant provisioning and spend ownership as a budgetable problem, not an internal scripting task.
• Security review for lower-sensitivity internal workloads can pass despite Anthropic-operated processing outside the AWS security boundary.
• A read-only and provisioning overlay can launch live pilots in less than 30 days without bespoke integration work dominating margin.
• Early customers show credible willingness to expand from Claude-on-AWS controls into broader multi-model or cross-business-unit governance.

Open diligence questions

• Which control actually triggers purchase first in live accounts, tenant provisioning, IAM templates, chargeback, or audit reporting?
• Who owns the first budget in practice, cloud platform, central AI, FinOps, or security?
• How often do buyers reject native Claude on AWS because inference happens outside the AWS security boundary?
• How quickly can AWS or Anthropic add first-party tenant admin and spend controls that erase the wedge?
• What pilot evidence convinces a platform leader to replace internal scripts with an annual software contract?

Model sanity

• Revenue engine. Base-case revenue is driven by growing from 3 paid pilots at Y1 exit to 18 paying tenant bundles at Y3 exit while accounts step from $60K pilots into $144K-$168K recurring deployments.
• Must go right. The company must templatize AWS org mapping and security review work quickly enough that each new rollout behaves like software revenue rather than services revenue.
• Model breaks if. If Bedrock substitution or security objections push sales cycles toward nine months, the downside case compresses the cash buffer before repeatable implementation proof exists.
• Next-round proof. The next round is justified by reaching 8 paying customers, 2-plus production conversions, and one partner-led implementation motion with margins moving toward the 70% target.

Scenarios

Sensitivity

flowchart LR
  Leads --> PaidPilots
  PaidPilots --> ProductionTenants
  ProductionTenants --> ExpandedTenants
  ExpandedTenants --> Revenue
  Revenue --> GrossProfit
  GrossProfit --> Cash

Flags: The base case assumes consultancy partners start contributing qualified pipeline in Y2; if that channel slips, Y3 customer count is likely too high. · No realized churn is modeled in the 36-month P&L, so the customer count path is more optimistic than the separate LTV math. · Gross margin reaching 70%+ depends on reusable IAM, tagging, and chargeback templates; bespoke security exceptions would push the model toward the downside case. · The model turns Q4Y3 EBITDA-positive but remains full-year EBITDA negative in Y3, so another round is still likely unless pricing or conversion improves faster than planned.

• AWS feature catch-up. AWS or Anthropic could add enough native tenanting and spend controls to compress the initial wedge. Mitigation: Own the cross-account approval workflow, chargeback detail, and cross-model expansion path that hyperscaler features are less likely to prioritize.
• Platform-team sales drag. Cloud platform buyers move carefully, so pilots may stall if the value proposition sounds like governance overhead. Mitigation: Lead with migration projects that unlock AWS commitment drawdown and measurable reduction in platform-engineering setup time.
• Demand concentrates in a small cohort. If only a limited number of enterprises insist on native Claude features over Bedrock or direct APIs, the wedge may stay narrow. Mitigation: Start with Claude-on-AWS where urgency is highest, then broaden the product to cover other frontier-model channels and multi-cloud AI tenancy.