An AWS Well-Architected Review tool built for Terraform
ArchGuard is an AWS Well-Architected Review tool for Terraform infrastructure. Upload your Terraform; receive a branded PDF report across the Security, Reliability, Cost Optimization, and Operational Excellence pillars in 24 hours. ArchGuard does not require AWS account access, does not read Terraform state, and never modifies infrastructure.
Which AWS Well-Architected Review tool fits which job?
| ArchGuard | AWS WA Tool (Console) | AWS WA IaC Analyzer | Consulting engagement | AWS Partner review | |
|---|---|---|---|---|---|
| Input | Terraform HCL | Self-attested answers | Terraform / CFN / CDK | Interview + discovery | Interview + console |
| AWS account needed | No | Yes | Yes (your account) | Yes | No (partner-led) |
| Cost | $49–$399/mo | $0 | Free + Bedrock usage | $5K–$25K | $0 + optional $5K credit |
| Output | Branded PDF | Console dashboard | Web UI + manual PDF | Custom deliverable | Console report |
| Turnaround | 24 hours | Immediate | Self-paced | 2–4 weeks | 2–4 weeks |
| Best for | Consultant & CTO reviews | Internal self-review | Internal teams, OSS setup | Enterprise programs | AWS Partners |
Sources: AWS Well-Architected Tool · AWS WA IaC Analyzer
What ArchGuard reviews
Security →
Identity, detection, infrastructure protection, data protection, incident response.
Reliability →
Automatic recovery, horizontal scaling, change management, failure management.
Cost Optimization →
Cloud financial management, expenditure awareness, cost-effective resources.
Operational Excellence →
Operations as code, frequent small changes, anticipate failure, learn from events.
How the review works
- 1
Upload your Terraform zip
Include all .tf files, modules, and the relevant tfvars. No state files, no credentials.
- 2
AI review across all four pillars
ArchGuard analyses your workload against the AWS Well-Architected Framework, evaluating relationships between resources and identifying architectural gaps.
- 3
Branded PDF in 24 hours
Your report arrives with findings by severity, WAFR control references, and remediation HCL for each finding.
- 4
Optional: white-label for clients
On the Agency plan or with Credit Packs, the PDF carries your firm's logo and contact details — not ArchGuard's.
Why review-only matters
ArchGuard never touches your AWS account. No IAM role to assume, no Terraform state to read, no AWS API calls, no pull request permissions. The review is entirely code-based. For a full explanation of what data is processed and what is not, see the methodology page and trust & data handling.
AWS Well-Architected automation: what we automate, what we don’t
What ArchGuard automates
- ·Structured pillar-by-pillar analysis of your Terraform
- ·PDF generation with findings, severity, and remediation HCL
- ·Finding-to-WAFR-question mapping
- ·Per-resource evidence collection from HCL
What ArchGuard does NOT automate
- ·AWS Partner Network review submission
- ·AWS credit application
- ·Remediation execution (we find, you fix)
- ·Multi-account discovery
- ·Runtime cloud posture management
Pricing
Solo ($49/mo), Team ($149/mo), Agency ($399/mo), and Credit Packs ($199 for 3 reviews, $499 for 10 reviews). Full details on the pricing page.
Frequently asked questions
Is this an official AWS tool?↓
No. ArchGuard is a product of Rost CAMP, an independent company registered in the Netherlands. ArchGuard uses Amazon Bedrock and reviews against the AWS Well-Architected Framework, but is not an AWS product, is not endorsed by AWS, and is not affiliated with AWS in any way.
How does this differ from the AWS Well-Architected Tool in the Console?↓
The AWS Well-Architected Tool in the AWS Console is an interview-driven process — you answer ~50 questions, it records your answers. It does not read your Terraform. ArchGuard reads your Terraform directly, produces evidence-based findings, and outputs a PDF you can share outside the AWS account.
Can ArchGuard submit my workload for AWS Partner Review credits?↓
No. ArchGuard does not integrate with the AWS Partner Network program directly. ArchGuard's findings map 1:1 to WAFR pillars and can support a Partner Review submission, but the formal submission requires the AWS Well-Architected Tool and an AWS Partner account. Verify with your AWS Partner Manager.
Does ArchGuard read my Terraform state file?↓
No. ArchGuard processes Terraform HCL files only. We do not accept state files, do not read them, and do not require them. The review is entirely code-based.
Is the Sustainability pillar covered?↓
Not currently. ArchGuard covers Security, Reliability, Cost Optimization, and Operational Excellence. The Sustainability and Performance Efficiency pillars are on the roadmap.