The AWS Well-Architected IaC Analyzer and ArchGuard: when to use which
The AWS Well-Architected IaC Analyzer is an open-source GenAI tool from AWS that evaluates IaC against the Well-Architected Framework using Amazon Bedrock. It is excellent. ArchGuard is a hosted SaaS workflow that runs the same class of analysis and returns a branded PDF with multi-tenant consultant support.
What the AWS IaC Analyzer is
An open-source GenAI tool from aws-samples for evaluating Infrastructure as Code (CloudFormation, Terraform, CDK) against the Well-Architected Framework using Amazon Bedrock. Excellent. Free (you pay for your own Bedrock usage). Self-hosted: you deploy the CloudFormation stack into your own AWS account, manage the Bedrock Knowledge Base, host the web UI, and assemble the output yourself.
What ArchGuard is
A hosted SaaS workflow that runs the same class of analysis, returns a branded PDF, and supports multi-tenant consultant workflows out of the box. No CloudFormation stack to deploy, no Knowledge Base to maintain, no infrastructure of your own to manage.
| AWS IaC Analyzer | ArchGuard | |
|---|---|---|
| Form | Open-source CloudFormation stack (self-hosted) | Hosted SaaS |
| Cost | Free + your Bedrock usage costs | Subscription / Credit Packs |
| Setup | Deploy stack, configure Knowledge Base, manage updates | Sign up, upload zip |
| Multi-tenant | Self-host per client environment | Built-in workspaces |
| Output | Web UI + manually assembled PDF | Branded PDF deliverable |
| Update cadence | Your responsibility | Continuous — our responsibility |
| Bedrock model upgrades | Your responsibility | Our responsibility |
| Best for | Internal teams comfortable with OSS infrastructure | Consultants and CTOs who need a hosted workflow |
When to choose the open-source analyzer
You have an AWS account, you’re comfortable running infrastructure, you want full control of the prompts and the Knowledge Base, you’re internally facing only, and you have time to assemble the deliverable yourself.
When to choose ArchGuard
You’re reviewing someone else’s Terraform (a client’s workload, an inherited repo, AI-generated modules). You need a stakeholder-ready report on a schedule. You don’t want to maintain a CloudFormation stack to run a review.
Frequently asked questions
Is the AWS Well-Architected IaC Analyzer free?↓
The open-source tool itself is free. You pay for your own Bedrock usage and the AWS infrastructure you deploy to run it (CloudFormation stack, S3, Lambda, Knowledge Base). For teams with low usage, this can be less than $49/month. For teams with high usage or who need the hosted workflow, ArchGuard may be more cost-effective.
Can the AWS IaC Analyzer produce a branded PDF?↓
The tool produces output through a web UI that you deploy yourself. Assembling a branded PDF deliverable requires additional work on your part. ArchGuard produces a branded PDF as the primary output.
Does ArchGuard use Amazon Bedrock?↓
Yes. ArchGuard uses Amazon Bedrock for AI inference, running in eu-central-1 for EU customers and us-east-1 for US customers. The model and infrastructure maintenance is our responsibility, not yours.