A typical D2C brand at $5M GMV is paying for GitHub Copilot for the two devs ($38/month), ChatGPT Team for the CS and ops team ($150/month), Claude.ai Pro for the founder and CTO ($40/month), and a content AI for the marketing team ($80/month). Four separate receipts. Four separate login surfaces the CTO didn't always approve individually. And not one of them can answer a question that involves live Shopify inventory or what Odoo says the return rate was last month.
LEGIC Identsystems — a 30-person security company — just published the architecture that fixes all three problems simultaneously: one Amazon Bedrock deployment with an OpenAI-compatible gateway that serves every team, with every request staying inside their AWS environment. Their $400 in token spend generated more than a year of development work and replaced a $100,000 annual licensing cost. The architecture translates directly to D2C — with one meaningful simplification for a brand that doesn't have a DevOps team on staff.
Consolidating AI tools for a D2C team and want to wire in your Shopify and Odoo data? Book a 30-min call — Dhwani joins every session, we scope the gateway setup and the data layer, written brief inside a week. No SDR layer.
The Subscription Stack a D2C Brand Shouldn't Still Be Running
The per-seat AI subscription stack for a 10-person D2C brand typically settles into something like this:
- GitHub Copilot for 2–3 devs: $38–57/month
- ChatGPT Team for CS, ops, and merchandising (5–8 seats): $125–200/month
- Claude.ai Pro or Business for the founder and CTO (2 seats): $40–100/month
- A content AI (Copy.ai, Jasper, or similar) for the marketing team: $80–150/month
That's $283–507/month across accounts that weren't always provisioned as a single decision. Each tool runs on a model version you're not controlling. Each has its own data handling policy you've agreed to separately. Each context window resets every session with zero knowledge of your business — your product catalog, your current inventory, your return history, your top SKUs by margin.
More specifically: none of them can pull your current Odoo stock levels before a CS rep writes a reply about availability. None of them know your Shopify return rate by SKU when the ops team is planning a restock. None of them understand which products are currently on clearance vs full-price. Every session starts from nothing, every time. The team compensates by copy-pasting data into the prompt — which takes time, which people stop doing, which means the AI output quietly stops being grounded in your actual business.
What the Bedrock Access Gateway Actually Does
LEGIC's architecture hinges on one component: the Bedrock Access Gateway, an open-source AWS Labs project that translates OpenAI-format API calls into Bedrock API calls. Any tool that uses the OpenAI API — Open WebUI, Cursor, n8n automation workflows, LangChain integrations, custom internal apps — points at the gateway endpoint instead of api.openai.com, and every request routes through Bedrock.
The practical result: you replace every SaaS AI subscription with one Bedrock deployment and give each team the same interface they already know, without retraining anyone. Open WebUI renders identically to ChatGPT. Cursor still delivers code completions. n8n automation workflows keep using the OpenAI node. The team doesn't change their workflow; the routing layer does.
LEGIC deployed the gateway on Amazon ECS Fargate behind an Application Load Balancer, with IAM Identity Center for developer authentication and per-developer inference profiles for cost attribution. That's the right architecture for a security company with senior engineers and formal audit requirements. For a D2C brand at $3–10M GMV, the same function runs on a single EC2 t3.small instance — roughly $12/month of infrastructure — and the operational overhead is minimal. The jump to Fargate and multi-account governance makes sense when you cross $15M GMV and need audit trails for every AI query; before that, the simplified version is what we typically deploy first.
Wiring Your Shopify and Odoo Data Into the Gateway
This is what changes the ROI calculation in week one, and what none of the per-seat subscriptions can replicate.
We use two layers of context:
Static context (loaded once, refreshes on a schedule): your Shopify product catalog, size guides, return policies, shipping SLAs, and current promotional pricing. This sits in a system prompt or a lightweight RAG index that every team member's session inherits automatically. The CS team's AI knows your product line before the conversation starts. The content team's AI knows which SKUs are in stock and which are on final sale. No copy-pasting required.
Dynamic context (invoked on demand via tool calls): live Odoo data — current stock per warehouse, open purchase orders, return rate by SKU, customer order history. The LLM doesn't load this at startup; it calls a lightweight endpoint that queries Odoo in real time when the user asks something that needs live data. "What's the current stock in the LA warehouse for SKU-072?" triggers an Odoo API call, gets the answer in under 2 seconds, and returns it in the chat response.
We built this dynamic context layer for a $4M fashion brand as four Lambda functions: current stock query, pending PO status, return rate by SKU, and customer lifetime value. Total build time was about 3 weeks. The CS team went from tabbing between Odoo and ChatGPT — pasting SKU numbers by hand, often with stale data — to asking live inventory questions directly in Open WebUI. The first week, they logged 340 Odoo queries through the gateway. Before, most of those queries either didn't happen or happened on a 24-hour delay via a weekly ops email.
The Shopify and Odoo data wiring is the part that takes the most scoping — knowing which queries your CS and ops teams actually run every day. We've built this layer across D2C stacks at $2M–$12M GMV. Grab 30 minutes — we map your team's actual query patterns and tell you which endpoints are worth building first. Written brief, no deck.
Per-Team Cost Attribution Without the Spreadsheet
One of LEGIC's specific architecture decisions was per-developer inference profiles, each tracked separately in CloudWatch with alerting thresholds. If a developer accidentally kicks off a large batch job, they get a notification before it becomes a surprise on the monthly bill.
For a D2C brand, the equivalent is per-team attribution: CS team token spend vs devs' vs marketing's vs ops'. Not for billing back to teams, but to answer two questions the subscription stack never let you ask: which use cases are generating real daily usage, and which AI subscriptions were seat licenses that sat idle.
The comparison against the previous subscription stack lands quickly. After the first month on the gateway, the $4M fashion brand we mentioned saw their CS team generating $19 in Bedrock token costs at equivalent usage to what they'd been running on ChatGPT Team. Their ChatGPT Team spend had been $125/month for 5 seats. The devs generated $14 in token costs running Claude Code through the gateway vs $38 on GitHub Copilot. Monthly total before the gateway: $283. Monthly total after: $85 in tokens plus $27 in gateway and Open WebUI infrastructure. The $4M brand reallocated the delta to two more Odoo API integrations.
The Build Path for a D2C Brand Without a DevOps Team
LEGIC's production architecture is correct for LEGIC: multi-account structure, ECS Fargate, EKS for Open WebUI, Service Control Policies restricting models by region, Grafana in a monitoring account. For a D2C brand that doesn't have a DevOps engineer on staff, we recommend a four-step path that covers the same ground on simpler infrastructure.
Step 1 — Enable Bedrock and request model access. In your existing AWS account, enable Bedrock in us-east-1 and submit model access requests for Claude Sonnet and Claude Haiku. Access is typically granted within a few hours. No new accounts needed at this stage.
Step 2 — Deploy the gateway on a t3.small. The Bedrock Access Gateway is a lightweight Node.js application. A t3.small EC2 instance ($12/month) handles the request volume of a 15-person team with headroom. Add an IAM role with Bedrock invocation permissions and a cost allocation tag per team. For production, add an Application Load Balancer and an ACM certificate for HTTPS; for an internal-only deployment, the raw EC2 instance URL works.
Step 3 — Deploy Open WebUI and wire Claude Code. Open WebUI installs on the same instance via Docker in about 20 minutes. Point it at the gateway URL instead of the OpenAI endpoint. For devs using Claude Code or Cursor, update the API base URL in settings — one configuration change, no reinstall. Existing chat history and personas in Open WebUI carry over from any prior ChatGPT-like setup.
Step 4 — Build the Odoo and Shopify context layer. Start with two Lambda functions: a Shopify product catalog sync (runs nightly, loads into the system prompt) and a live Odoo stock query (invoked on demand as a tool call). The first two alone handle the majority of CS and ops queries. Our AI solutions work at this stage typically takes 4–6 weeks for the full data layer, but CS teams see value from week one with just the catalog sync.
The full stack cost for a 10-person D2C team: approximately $27-50/month in infrastructure plus $40-90/month in Bedrock token costs at typical usage. That's $67-140/month total vs $283-507/month for separate subscriptions — and with context that's actually connected to your business. For reference posts on what Bedrock can do at the product layer, see our earlier writeup on Bedrock-powered product search and the Bedrock AgentCore payments integration.
Frequently Asked Questions
Is Bedrock Access Gateway an official AWS product or open source?
Bedrock Access Gateway is an open-source project published and maintained by AWS Labs on GitHub. It is not a managed AWS service — you deploy and operate it yourself. AWS Labs projects are supported by AWS teams and follow AWS coding standards, but they don't carry the same SLA guarantees as core AWS services like Bedrock itself. For a D2C brand, this means you own the gateway infrastructure, but the project is well-documented, actively maintained, and the codebase is simple enough that a developer can understand and modify it in an afternoon.
Does Open WebUI store conversation data outside our AWS environment?
Open WebUI is self-hosted — you deploy it on your own infrastructure (EC2, ECS, or any container host). Conversations are stored in a local database on the same instance or in an RDS instance you control. No conversation data leaves your AWS environment unless you configure it to. This is the core data-sovereignty advantage over ChatGPT Team or Claude.ai: your CS team's conversations about customer orders, your developer's code completions, and your ops team's inventory queries all stay within your VPC. The Open WebUI instance needs outbound access to the Bedrock Access Gateway, but that gateway terminates at your Bedrock endpoint — not at any external API.
How does adding a new team member work once the gateway is deployed?
For non-technical team members using Open WebUI, adding a user is an admin action inside the Open WebUI interface — create an account, assign to a team group, done. No AWS console access required on their end. For developers using Claude Code or Cursor, you update their IAM user to include the Bedrock invocation policy and share the gateway endpoint URL. The per-team cost tag is set at the IAM level, so new users inherit the right attribution tag automatically. Total onboarding time for a new non-technical user is under 5 minutes once the initial deployment is running.
About the author
Founder & CEO, Braincuber Technologies
Founder and CEO of Braincuber. Has scoped and shipped 500+ Odoo, AI, and cloud projects for US mid-market and global brands. Takes every founder call personally — no SDR layer between buyers and the people building the system.