AWS Well-Architected Tool and ArchGuard: when to use which
The AWS Well-Architected Tool is free, built by AWS, and the right choice for formal Partner Network reviews. ArchGuard is for when you want a Terraform-native review and a PDF deliverable you can share outside the AWS Console.
What the AWS Well-Architected Tool does
An interview-driven workload review inside the AWS Console. You describe your workload, then answer approximately 50 questions per workload across the six pillars. AWS guides you to recommendations based on your answers. The output is a workload record in the Console — downloadable as a report. Free. Tied to the AWS account holding the workload.
What ArchGuard does that the Console tool doesn’t
Reads your Terraform directly — no questions to answer. Findings are evidence-driven (the resource exists or it doesn’t) rather than self-attested. Output is a PDF you can share outside the AWS account. Works on workloads you don’t own the AWS account for — a common scenario for consultants reviewing client infrastructure.
| AWS WA Tool | ArchGuard | |
|---|---|---|
| Input | Self-attested answers to ~50 questions | Terraform code (uploaded as zip) |
| AWS account required | Yes — the workload must be in the account | No |
| Pillars | All 6 official WAFR pillars | 4 (Security, Reliability, Cost, Ops) |
| Output | Console dashboard + downloadable report | Branded PDF |
| Sharing | Inside the AWS organisation | Anywhere (PDF) |
| Cost | $0 | $49–$399/mo |
| Best for | Internal team self-review, AWS Partner reviews | Outside-the-team review + branded deliverable |
When to use each
Use the AWS Well-Architected Tool when:
- ·Your team is self-reviewing a workload you operate in the AWS Console
- ·You are an AWS Partner conducting a partner-led review
- ·You want the formal workload record and milestone tracking inside AWS
Use ArchGuard when:
- ·A consultant reviewing a client's Terraform (no console access needed)
- ·A CTO reviewing inherited or AI-generated infrastructure
- ·Pre-launch sign-off that needs a PDF deliverable for stakeholders
- ·Investor due diligence prep where the output needs to leave the AWS account
Frequently asked questions
Is ArchGuard an official AWS tool?↓
No. ArchGuard is a product of Rost CAMP, an independent company registered in the Netherlands. ArchGuard uses Amazon Bedrock and reviews against the AWS Well-Architected Framework, but is not an AWS product, is not endorsed by AWS, and is not affiliated with AWS.
Does the AWS Well-Architected Tool read Terraform?↓
No. The AWS Well-Architected Tool in the AWS Console is an interview-driven process — you answer questions, it records your answers. It does not import or read Terraform files.
Can I use both the AWS WA Tool and ArchGuard?↓
Yes, and many teams do. Use the AWS WA Tool for your official AWS Partner Network review and to track workload history in the Console. Use ArchGuard for Terraform-native review and to produce a PDF deliverable for stakeholders outside the AWS account.