Frequently Asked Questions

Each tier represents a different level of security and compliance:

Choose the tier that matches your client's security requirements and compliance needs.

Buy 5 or more buckets in a single purchase and get 15% off automatically.

The discount applies to the total regardless of which tier(s) you choose. Example: 5 Harden buckets = 5 × $220 = $1,100 → $935 after 15% discount.

Each purchase is a separate transaction - there's no subscription required.

Yes! You can purchase additional buckets at any time. Each purchase is a separate transaction - buy more when you need them. There's no subscription or recurring commitment.

We optimize the hardening process with automation - delivering results in hours, not days or weeks. Traditional manual hardening takes days or weeks; arxdura delivers your custom deploy template within 2 hours of ordering.

arxdura delivers results in hours, not weeks at 12% of traditional cost.

We deploy hardened S3 buckets with security controls directly into your AWS account that you own and control. This includes:

• Customer-managed encryption keys (KMS)
• Server access logging and CloudTrail audit trails
• Bucket policies blocking unencrypted uploads and public access
• Object versioning and retention policies (depending on tier)
• Compliance-tagged configurations (HIPAA, SOC 2, GDPR)

Important: We never store your data. All resources (including your actual buckets) remain in your AWS account under your control. We provide tools and expertise—you own the infrastructure.

Simple three-step self-service process:

1. Place your order: Complete payment via Stripe with your tier selection and quantity
2. Receive your template: Your personalized CloudFormation template is generated and emailed as a one-click deploy link
3. Deploy in your AWS: Click the link to open the AWS CloudFormation console with your template pre-loaded. Review and click "Create Stack"

No AWS credentials to share. No cross-account access. No waiting for us. The entire deployment takes ~15-35 minutes from the moment you click deploy in your AWS console.

Our Compliance and Governance tiers include configuration and evidence generation for:

• SOC 2 Type II – Security, availability, and processing integrity controls
• HIPAA/HITECH – Healthcare data privacy and security (PHI baseline bucket)
• GDPR – Data protection and privacy rights
• PCI-DSS – Payment card industry security standards

We generate compliance evidence (Prowler scans, audit logs, mapping documents) that your auditors can actually use. Scan and Harden focus on foundational security with basic compliance posture assessment.

No. With our self-service CloudFormation model, we never access your AWS account:

• You deploy the CloudFormation template directly in your own AWS console
• We never receive or store your AWS credentials, access keys, or account IDs
• No cross-account IAM roles are needed — no trust relationships to set up or revoke
• Your template is watermarked with your order ID and delivered via a signed, expiring URL
• When you delete the CloudFormation stack, every resource is removed — zero cleanup on your part

You own and control everything. We provide the template — you run it in your account. That's the entire model.

Note: For customers who prefer assisted deployment, we offer a concierge option where you provide temporary cross-account access. This is available on request but is not the default flow.

No AWS credentials needed. Our self-service model is designed so you never share access to your account.

After payment, you just:

1. Check your email for the one-click deploy link from us
2. Click the link — it opens the AWS CloudFormation console with your template pre-loaded
3. Review the parameters (pre-filled with your bucket name and tier)
4. Click "Create Stack" — CloudFormation deploys everything

That's it. No IAM roles to create. No account IDs to enter. No credentials to share. Your deploy link expires in 1 hour for security — if it expires, contact support for a new one.

Need help? We provide step-by-step instructions in the confirmation email. You can also contact us anytime.

Every engagement includes a comprehensive delivery package:

• Compliance Report – HTML Prowler scan results with control status
• Configuration Summary – Before/after changes applied to your buckets
• Evidence Bundle – Audit logs, CloudTrail exports, and compliance mappings ready for auditors
• Implementation Notes – What was changed, why, and how to maintain hardened state
• S3 Locations – Where evidence is stored and how to access it

All evidence is stored in S3 within your AWS account or a shared evidence bucket (your choice).

Our automated hardening completes in hours, not days. We deliver results quickly so you can move forward with your projects.

Total timeline from payment to deploy: ~15-35 minutes from the moment you click "Create Stack" in your AWS console. Your personalized CloudFormation template is emailed within minutes of payment.

This is significantly faster than manual hardening, saving you days of work.

arxdura combines expert-level hardening with automation speed:

• Speed: Hours, not days or weeks
• Certainty: Fixed price vs. unpredictable manual work
• Evidence: Audit-ready reports vs. manual documentation
• Repeatability: Proven CloudFormation templates vs. ad-hoc solutions
• Ownership: You own the infrastructure—no vendor lock-in

Think of arxdura as a specialized strike team: we show up with a tested playbook, deploy to your account, and leave you with hardened buckets and auditable evidence.

Current model: Finite engagements with lasting infrastructure.

We deploy hardened buckets with built-in controls (logging, encryption, compliance policies) that continue to protect your data after the engagement ends. You own the resources and can maintain them.

Future additions: We are developing ongoing monitoring, scheduled compliance scans, and drift detection as optional add-ons. These will be announced when available.

Current status: We're establishing direct partnerships with compliance platforms (Drata, Vanta, Secureframe). These will enable partner-referred pricing and bundled compliance workflows.

Coming soon: Referral and reseller programs for MSPs, security consultants, and compliance advisors. These will offer commission-based revenue sharing and co-branding options.

Our bulk discount (15% off 5+ buckets) is available on all purchases.

Absolutely. arxdura is designed to complement, not replace, your existing security relationships.

How consultants work with us:

• Client recommendation: Consultants recommend arxdura to clients for fast, repeatable hardening
• Focused delivery: We handle the technical deployment, freeing consultants for strategic guidance
• Evidence collaboration: Audit-ready reports fit seamlessly into consultant compliance workflows
• Future partnerships: We're launching a reseller program for consultants to deliver arxdura services to their clients

How this benefits you: You get faster deployment times, consistent hardening quality, and auditable evidence—while consultants focus on strategy, policy, and ongoing governance.

Many of our best engagements involve collaboration with the client's existing security team or advisors.

We bridge the gap between automated tools and expert implementation:

• Tools alone don't deploy: Prowler/Config identify issues but don't fix them in your account
• We deploy the fixes: Using proven CloudFormation templates with audit trails
• Tools don't generate evidence: Auditors need documentation, not just pass/fail checks
• We provide auditable deliverables: Reports, mappings, and compliance narratives
• Tools don't offer strategy: We advise on tier selection, compliance frameworks, and architecture

Think of it this way: we use Prowler and other tools to assess compliance, but our value is in the deployment, hardening, and evidence generation that tools alone cannot provide.