July 17, 2026. 10 min

Deploy CloudAEye Code Review On Premises


Executive Summary

CloudAEye Code Review now supports fully self-hosted, on premises deployments, enabling organizations to adopt AI powered code reviews without compromising security, compliance, or data sovereignty. Run entirely within your own infrastructure with enterprise SSO, GitHub integration, and automatic scaling on Amazon ECS, ensuring your source code never leaves your environment while delivering fast, high quality AI code reviews.


Introduction

As AI becomes an essential part of modern software engineering, enterprises face an important question:

How can we adopt AI without compromising security, compliance, or data sovereignty?

Many organizations, especially those in financial services, healthcare, defense, government, and regulated industries, cannot send source code outside their controlled environments. To address these requirements, CloudAEye Code Review now supports fully self-hosted (on-premises) deployments. With this deployment model, organizations can run CloudAEye entirely within their own AWS account while maintaining complete ownership of their source code, infrastructure, and security controls.


Why On-Prem?

For many enterprises, SaaS is not an option. Common requirements include:

  1. Regulatory compliance
  2. Data residency requirements
  3. Customer-managed encryption keys
  4. Internal security policies
  5. Highly restricted environments
  6. Vendor risk reduction

CloudAEye's self-hosted architecture was designed specifically for these organizations. The result is the same AI-powered code review experience developers love, without requiring customer code to leave the customer's environment.


Complete Security Isolation

The biggest advantage of CloudAEye's on-prem deployment is complete security isolation. Unlike traditional SaaS AI solutions:

  1. Source code remains inside your AWS account
  2. Pull requests never pass through CloudAEye-managed infrastructure
  3. Repository metadata stays within your environment
  4. Network traffic is controlled entirely by your security team
  5. IAM, networking, logging, monitoring, and encryption remain under your control

Your organization owns the infrastructure. Your organization controls the security. Your organization owns the data. CloudAEye simply provides the software that runs inside your environment.


Data Never Leaves Your Environment

Security-conscious customers often ask:

Does our source code get sent to CloudAEye?

With the self-hosted deployment, the answer is: No.


CloudAEye services execute inside your own cloud account. Your repositories remain connected only to your infrastructure. This architecture dramatically simplifies compliance with internal security reviews and external regulatory requirements.


High-Level Architecture

CloudAEye uses a modern containerized microservices architecture designed for enterprise deployments. The deployment consists of multiple application services running inside your AWS environment along with supporting infrastructure for authentication, networking, persistence, and AI integrations. Components communicate over secure internal networking while integrating with GitHub and your selected large language model provider.

System Architecture

Key architectural characteristics include:

  1. Container-based deployment
  2. Stateless application services
  3. Secure API communication
  4. Internal service discovery
  5. Enterprise networking
  6. Horizontal scalability
  7. Fault tolerance
  8. High availability

Because services are containerized, upgrades and scaling are significantly simpler than traditional monolithic deployments. Refer to this page to learn more about the system architecture.


Deploy on AWS ECS

CloudAEye provides first-class support for Amazon ECS, making enterprise deployment straightforward. Running on ECS provides numerous operational advantages:

  1. Managed container orchestration
  2. Automatic service recovery
  3. Rolling deployments
  4. Health monitoring
  5. Load balancing
  6. Multi-AZ deployments
  7. Integration with AWS networking and IAM

Most importantly:

Automatic Horizontal Scaling

As engineering teams grow, workloads increase. CloudAEye running on ECS can automatically scale application services based on workload, allowing organizations to support anything from a small engineering team to thousands of developers without changing architecture. Benefits include:

  1. Scale out during business hours
  2. Scale in during low utilization
  3. High availability
  4. Improved resiliency
  5. Lower infrastructure costs

This allows enterprises to handle large volumes of pull requests while maintaining fast review turnaround times. See the detailed instructions here.


Simple Deployment Process

Deploying CloudAEye on-prem follows a straightforward process. Typical steps include:

  1. Prepare your AWS environment
  2. Configure networking and security
  3. Deploy the CloudAEye services
  4. Configure storage and secrets
  5. Connect GitHub
  6. Configure authentication
  7. Validate the deployment

The deployment guide walks administrators through the required infrastructure, configuration, and verification steps for a production-ready installation.


GitHub App Integration

CloudAEye continues to integrate with GitHub through a GitHub App, even in self-hosted deployments. This provides:

  1. Secure repository authentication
  2. Pull request events
  3. Review comments
  4. Repository permissions
  5. Organization-level management

Administrators retain full control over which repositories CloudAEye on-prem can access. This follows GitHub's recommended authentication model while minimizing required permissions. Please see this page for detailed instructions.


Enterprise Authentication with SSO

Large organizations rarely want another username and password. CloudAEye supports enterprise Single Sign-On (SSO), allowing developers to authenticate using existing corporate identity providers. Benefits include:

  1. Centralized identity management
  2. Multi-factor authentication (MFA)
  3. User lifecycle management
  4. Group-based authorization
  5. Simplified onboarding
  6. Simplified offboarding
  7. Improved compliance

This enables CloudAEye to fit naturally into existing enterprise identity ecosystems.


Okta Integration

Organizations using Okta can integrate CloudAEye with their existing authentication infrastructure. This allows:

  1. Corporate login
  2. Existing MFA policies
  3. Existing password policies
  4. Identity governance
  5. Centralized user management

Developers simply sign in using their corporate credentials. Learn more here.


Keycloak Integration

Many enterprises prefer open-source identity providers. CloudAEye also supports Keycloak, making it an excellent choice for organizations requiring:

  1. Self-managed identity
  2. Open-source IAM
  3. Internal authentication infrastructure
  4. Air-gapped deployments
  5. Complete administrative control

This provides the flexibility to support both commercial and open-source identity platforms. Refer to this page to learn more.


Built for Enterprise Operations

Enterprise deployments require much more than simply running containers. CloudAEye is designed to integrate with existing operational practices, including:

  1. Existing IAM policies
  2. Existing VPC architecture
  3. Enterprise logging
  4. Monitoring
  5. Backup strategies
  6. Disaster recovery
  7. Security monitoring
  8. Compliance tooling

This minimizes operational disruption while fitting naturally into existing cloud governance models.


Ideal for Regulated Industries

CloudAEye's self-hosted deployment is particularly valuable for organizations operating under strict regulatory requirements. Examples include:

  1. Banking
  2. Financial Services
  3. Healthcare
  4. Insurance
  5. Government
  6. Defense
  7. Telecommunications
  8. Critical Infrastructure

These organizations often require complete visibility into where software executes and where sensitive source code resides. CloudAEye enables AI-assisted code review without sacrificing these security requirements.


Benefits at a Glance

CloudAEye On-Prem provides:

  1. Complete security isolation
  2. Customer code never leaves their environment
  3. Customer-owned infrastructure
  4. Enterprise networking
  5. AWS ECS deployment
  6. Automatic horizontal scaling
  7. GitHub App integration
  8. Enterprise SSO
  9. Okta support
  10. Keycloak support
  11. High availability
  12. Containerized architecture
  13. Enterprise-grade security
  14. Simplified compliance
  15. Production-ready operations

The Best of Both Worlds

Organizations no longer need to choose between AI-powered developer productivity and enterprise security. CloudAEye's self-hosted deployment delivers both. Developers receive fast, intelligent, human-like AI code reviews directly within GitHub, while security teams retain complete control over infrastructure, identity, networking, and source code. As AI becomes a core component of modern software engineering, enterprises need solutions that fit their security model, not the other way around. CloudAEye's on-premises deployment makes that possible.


References

  1. Use Code Review at CloudAEye
  2. Docs: Self-hosting System Architecture
  3. Video: Overview of Code Review

Nazrul Islam

A seasoned engineering executive, Nazrul has been building enterprise products and services for 20 years. Nazrul is the founder and CEO of CloudAEye. Previously, he was Sr. Dir and Head of CloudBees Core where he focused on enterprise version of Jenkins. Before that, he was Sr. Dir of Engineering, Oracle Cloud. Nazrul graduated from the executive MBA program with high distinction (top 10% of the cohort) at University of Michigan Ross School of Business. Nazrul is named inventor in 47 patents.