All AMIs are available in five regions (us-east-1, us-west-2, eu-west-1, ap-southeast-1, eu-west-1). Pricing is a flat monthly Marketplace subscription — no additional per-hour charges on top of your EC2 instance cost.
| Product | Base OS | Monthly |
|---|---|---|
|
Hardened WordPress AMI Live
CIS L2 Ubuntu + Nginx + PHP-FPM. Secure defaults, fail2ban, SSH hardening.
CIS L2Nginxfail2ban
|
Linux Distro of your choice | $29/mo |
|
AI / LLM Workbench Live
CIS L2 base with ML toolchain and GPU-ready configuration for LLM inference workloads.
CIS L2ML ToolchainGPU-Ready
|
Linux Distro of your choice | $49/mo |
|
Agentic AI Server Live
Hardened base for autonomous agent deployments — tool-calling, job orchestration, API gateway hooks.
CIS L2Agent FrameworksAPI Ready
|
Linux Distro of your choice | $79/mo |
|
SMB SIEM Stack — Wazuh Live
Full Wazuh + OpenSearch SIEM on CIS L2 base. Requires t3.xlarge or larger for OpenSearch heap.
CIS L2WazuhOpenSearcht3.xlarge+
|
Linux Distro of your choice | $149/mo |
|
HIPAA-Ready Base AMI Live
CIS L2 with HIPAA-aligned access controls, audit logging configuration, and encrypted storage defaults.
CIS L2HIPAA ControlsAudit Logging
|
Linux Distro of your choice | $299/mo |
Same Ansible hardening playbooks. Same CIS Level 2 baseline. Delivered via S3 presigned URLs in your hypervisor's native format. Contact PTG to discuss your environment and delivery requirements.
CIS-hardened Ubuntu or RHEL image for direct vSphere import. Includes documented import procedure and post-deploy hardening checklist.
Generation 2 VHDX for Hyper-V on Windows Server 2019/2022 and Azure Stack HCI. Secure Boot compatible.
Copy-on-write images with Virtio drivers and cloud-init for flexible credential injection at first boot.
Raw disk images and bootable ISOs for PXE / MAAS provisioning. Unattended installation with pre-applied CIS hardening.
| Tier | Host Limit | Monthly |
|---|---|---|
|
Recon
Monthly scans, CVSS-scored PDF report, remediation priority list, email delivery within 48 hrs.
|
Up to 10 hosts | $349/mo |
|
Sentinel
Bi-weekly scans, credentialed mode, executive summary + technical report, ticketing integration, re-scan validation.
|
Up to 50 hosts | $649/mo |
|
Fortress
Weekly scans, unlimited hosts, executive dashboard, CRITICAL escalation, compliance mapping, dedicated engineer.
|
Unlimited | Custom |
| Tier | Deployment | Monthly |
|---|---|---|
|
Advisory
Monthly patch classification report, risk-tiered priorities, CVE cross-reference. Your team deploys.
|
Advisory only | $299/mo |
|
Managed
Ansible-driven automated deployment, change-window scheduling, pre-patch snapshots, rollback procedures, audit trail.
|
PTG deploys | $399/mo |
|
Enterprise
SLA-backed patching, SOC 2 / HIPAA / PCI-DSS documentation, ITSM integration, dedicated engineer, quarterly review.
|
PTG deploys | Custom |
-
Does the AMI price replace my EC2 instance cost?No — the AWS Marketplace subscription is a separate flat monthly fee on top of your EC2 instance cost. There is no per-hour add-on from PTG. You pay your normal EC2 rate directly to AWS, and PTG's subscription is billed separately through Marketplace.
-
Can I run the AMI in multiple regions on one subscription?AWS Marketplace subscriptions are per-AMI, not per-region. All five products distribute to us-east-1, us-west-2, eu-west-1, and ap-southeast-1. Contact PTG if you need distribution to additional regions.
-
Can I bundle vulnerability scanning with patch governance?Yes. Bundling Sentinel or higher scanning with the Managed patch tier is the most common combination and makes practical sense — scanning identifies the vulnerabilities, patching closes them. Contact PTG to discuss bundle pricing for your environment.
-
What's included in an on-premises image delivery?Each delivery includes the image in your specified format (OVA, VHDX, QCOW2, or raw), documented import procedures, a post-deploy hardening checklist, and a Lynis audit report confirming the hardening score. Delivery is via S3 presigned URL with a configurable expiry window.
-
Do you offer custom AMI builds for specific compliance frameworks?Yes. Contact PTG to discuss custom builds for PCI-DSS, FedRAMP baseline, DISA STIG, or other frameworks. Custom builds are priced on a project basis and can target any of the supported hypervisor output formats in addition to AWS.
Not sure what you need?
A free 30-minute infrastructure assessment will clarify exactly which combination of images and managed services fits your environment and budget.