Forge on AWS at a Glance
Forge on AWS is iTmethods' managed runtime operated on Amazon Web Services for regulated enterprises — sovereign by default, governed by design, enhanced by Reign. iTmethods is an AWS Advanced Tier Services Partner with Solution Provider, Managed Service Provider, DevOps Services Competency, and AWS Database Migration Service Delivery designations.
- Managed runtime across four workload classes: Enterprise DevOps, Enterprise SaaS, AI tooling, Agentic AI
- AWS Advanced Tier Services Partner · MSP · DevOps Services Competency · Database Migration Service Delivery
- Operationally manage Bedrock, Bedrock AgentCore, Q Developer, SageMaker, EKS, Lambda, and 50+ DevOps tools
- Reign governance layer: AI Gateway, Agentic Hub, Evidence Engine, Policy & Controls
- Forward Deployed Engineer on every engagement
- iTmethods-operated cloud, customer cloud, dedicated single-tenant, hybrid and air-gapped
- SOC 2 Type II, ISO 27001, HIPAA, 21 CFR Part 11, FINRA, OSFI E-23, EU AI Act, NIST AI RMF
- Two published AWS customer case studies plus one reserved life-sciences reference
AWS MSP auditors validating BUSP-001, enterprise platform leaders in regulated industries (FSI, life sciences, public sector), AWS sellers needing a co-sell asset, and engineering teams running CloudBees, Atlassian, or EKS workloads on AWS today.
iTmethods-operated cloud (AWS), Customer cloud (AWS), Dedicated single-tenant, Hybrid and air-gapped
SOC 2 Type II, ISO 27001, HIPAA, 21 CFR Part 11, GxP, FedRAMP-aligned, FINRA, OSFI E-23, EU AI Act, NIST AI RMF, FINOS AIGF v2.0, DORA, ISO 42001
Forge on AWS.
Managed Runtime for the enterprise.
Forge is the home for the tools, workloads, and AI infrastructure regulated enterprises depend on — managed by iTmethods on AWS, sovereign and governed by default, and enhanced with Reign’s runtime policy enforcement and evidence collection. Purpose-built for agentic AI; proven across enterprise DevOps, AI tooling, and enterprise SaaS. Every engagement includes a Forward Deployed Engineer.
forge $ runtime status --cloud aws
✓ Enterprise DevOps · CloudBees CI · Atlassian DC · 47 controllers
✓ Enterprise SaaS · 12 managed apps · all behind PrivateLink
✓ AI tooling · Bedrock · SageMaker · Q Developer
✓ Agentic AI · AgentCore · 47 agents · Reign policy bound
forge $ reign status --cloud aws
Active agents: 47 · Violations: 0 · Token cost today: $612 · Evidence: streaming
# One managed runtime. Four workload classes. Governed end-to-end.
forge $ runtime status --cloud aws
✓ Enterprise DevOps · CloudBees CI · Atlassian DC · 47 controllers
✓ Enterprise SaaS · 12 managed apps · all behind PrivateLink
✓ AI tooling · Bedrock · SageMaker · Q Developer
✓ Agentic AI · AgentCore · 47 agents · Reign policy bound
forge $ reign status --cloud aws
Active agents: 47 · Violations: 0 · Token cost today: $612 · Evidence: streaming
# One managed runtime. Four workload classes. Governed end-to-end.
Recognized by AWS
iTmethods is an AWS Advanced Tier Services Partner with four AWS designations: Solution Provider, Managed Service Provider, DevOps Services Competency, and AWS Database Migration Service Delivery.
A purpose-built AWS practice for the agentic era
iTmethods has operated on AWS for over two decades, delivering managed runtime for enterprise tools, workloads, and AI infrastructure. Our AWS practice serves regulated enterprises across financial services, life sciences, and the public sector — workloads where uptime, auditability, and sovereignty are non-negotiable.
We design Well-Architected environments, build them with repeatable landing zones and reference architectures across enterprise DevOps, AI tooling, and agentic runtimes, and run them under one SLA — backed by 24/7 operations, FinOps discipline, and the Reign governance control plane for every AI workload on AWS. Every engagement includes a Forward Deployed Engineer.
20+ yrs
on AWS
24/7
NOC + SRE
100%
Retention bar
SOC 2
ISO 27001
Design. Build. Run. Govern.
What managed runtime on AWS actually means — delivered by one partner, under one SLA.
01 · Design
AWS Well-Architected, runtime-ready
Reference architectures across the four workload classes — CloudBees CI / Atlassian DC for enterprise DevOps, managed enterprise SaaS, Bedrock and SageMaker for AI tooling, AgentCore-hosted agent runtimes. Landing zones with AWS Control Tower, AWS Organizations, SCPs, and private networking via AWS PrivateLink. Threat modelling against OWASP LLM Top 10 and NIST AI RMF.
02 · Build
Repeatable, automated, secure
Infrastructure-as-code using AWS CloudFormation, AWS CDK, and Terraform. CI/CD pipelines for application and agent deployments. Automated hardening for IAM, KMS, VPC, and Bedrock Guardrails. Archera-powered commitment and Savings Plan optimization built into day-one delivery.
03 · Run
24/7 managed operations
Full-stack operations across the runtime: monitoring, patching, auto-scaling, incident response, backup and DR. SLA-backed uptime. Direct escalation into AWS via our AWS Advanced Tier Services Partner relationship. Forward Deployed Engineer assigned to every engagement.
04 · Govern
Sovereign by default, enhanced by Reign
Forge is sovereign and governed by default — tenant isolation, customer-controlled keys, residency boundaries respected. Reign layered over the runtime adds runtime policy enforcement and audit-grade evidence: AI Gateway, Agentic Hub, Evidence Engine. Already governed. Now enforced.
What makes Forge on AWS differentiated: most AWS MSPs hand you the infrastructure and call it done. We deliver one managed runtime that already meets your sovereignty bar — and we make it enforceable to a regulator with Reign. One partner. One SLA. One audit trail.
One managed runtime. Four workload classes.
Same trust posture. Any workload. Workloads can move within the envelope; the trust posture doesn't.
01 · Enterprise DevOps
Modernize the toolchain on one runtime
CloudBees CI · GitLab · SonarQube · JFrog Artifactory + Xray · Atlassian Data Center · 55+ tools. Modernization, FinOps optimization, and governance-ready posture across the whole chain. The two AWS case studies below ship from this workload class.
Read the case studies: Global Financial Bank · Software & Market Intelligence
02 · Enterprise SaaS
A managed home for tools that won't move
Customer-managed SaaS workloads behind AWS PrivateLink, with governed identity, FinOps discipline, and the same SLA as the rest of the runtime. The home for tools that won't move to vendor SaaS.
03 · AI tooling
The AI substrate, with the governance posture
Amazon Bedrock · SageMaker · Amazon Q Developer · Amazon Nova · enterprise notebooks. The AI substrate your data scientists already want, with the governance posture your CISO requires.
04 · Agentic AI
Production-grade agents, not demoware
Bedrock AgentCore (Runtime, Memory, Gateway, Identity, Policy) · AWS Lambda triggers · MCP servers · agent-to-tool routing. Production-grade agents — not demoware — with Reign policy bound at runtime.
Workloads can move within the envelope. The trust posture doesn't.
Managed across the AWS stack
From the foundation models to the DevOps toolchain — operationally managed by iTmethods.
Layer A — Application & Agent
- ›Amazon Bedrock — models, fine-tuning, Guardrails
- ›Amazon Bedrock AgentCore — Runtime, Memory, Gateway, Identity, Policy
- ›Amazon Q Developer — enterprise deployment, SSO, audit
- ›Amazon SageMaker — training, hosting, feature store
- ›Amazon Nova — enterprise enablement
- ›CloudBees CI · Atlassian DC · GitLab — managed DevOps toolchain
Layer B — Platform & Compute
- ›Amazon EKS / ECS — containerized application & agent runtimes
- ›AWS Lambda — event-driven triggers
- ›Amazon EC2 — incl. Mac and GPU (P5, G6)
- ›AWS Batch — large-scale processing
- ›AWS PrivateLink — private connectivity to Bedrock and SaaS
Layer C — Security, Data, FinOps
- ›IAM Identity Center, KMS, Secrets Manager
- ›AWS CloudTrail, Config, Security Hub
- ›Amazon S3, RDS, OpenSearch — data plane
- ›AWS Control Tower, Organizations
- ›Archera on AWS — cost optimization
We manage the AWS services. Reign governs how your people, applications, and agents use them.
Already governed. Now enforced.
Forge is sovereign and governed by default. Reign adds runtime policy enforcement and audit-grade evidence on top — across Forge and any AI estate you run.
Reign sits across the AI stack and complements AWS-native primitives — Bedrock Guardrails, IAM, CloudTrail, Security Hub — with the cross-workload, cross-team, cross-tool governance view that regulators are starting to require. It maps directly to FINOS AIGF v2.0 (including the six new agentic-AI risks), DORA, the EU AI Act, NIST AI RMF, and ISO 42001.
AI Gateway
Routes, rate-limits, and filters traffic to Amazon Bedrock, Anthropic, OpenAI, and self-hosted models. Token-level cost allocation per team, project, and cost center.
Agentic Hub
Unified inventory of every agent — Bedrock AgentCore, Amazon Q, third-party, and self-hosted — with tool-call governance and shadow AI detection.
Evidence Engine
Immutable, regulator-ready evidence across every AI interaction on AWS. Mapped to EU AI Act, NIST AI RMF, SOC 2, HIPAA, FINRA, and OSFI E-23.
Policy & Controls
Role-based tool access, data-egress rules, model allow-lists, and human-in-the-loop workflows — enforced at runtime, not after the fact.
AWS gives you the primitives. Forge gives you the runtime. Reign gives you the policy, the evidence, and the audit story.
Same managed runtime. Where you need it.
Our cloud or yours. Four postures, all production-grade. Same governance layer across every tier.
iTmethods-operated cloud (AWS)
Forge runs in iTmethods' AWS environment. The fastest path to production for teams that don't want to build platform muscle.
Customer cloud (AWS)
We operate inside your AWS Organization, respecting your SCPs, your KMS keys, and your data-residency boundaries. AWS Control Tower-aligned.
Dedicated single-tenant
Single-tenant Forge with BYOK and SOC 2 Type II posture. Production workloads with elevated isolation requirements.
Hybrid & air-gapped
AWS primary, with hybrid connectivity to on-prem, sovereign, or air-gapped environments for regulated data classes.
Same governance layer across every tier.
Forge Managed Runtime, in production
Real engagements. Real outcomes. Forward Deployed Engineers on every one.
Financial Services · Enterprise DevOps · Modernization · Governance-ready
Global Financial Bank — Toolchain modernization on Forge Managed Runtime, AWS
iTmethods modernized our DevOps toolchain on Forge — CloudBees, GitLab, SonarQube, JFrog all under one runtime — and gave us the platform we'll govern AI workloads on next.
Read the case study →Software & Market Intelligence · Enterprise DevOps · FinOps · Governance-ready
Software & Market Intelligence Company — Toolchain modernization + FinOps on Forge, AWS EKS
Forge gave us one runtime, one SLA, one audit trail across CloudBees, GitLab, SonarQube, and JFrog — modernized, FinOps-disciplined, and governance-ready.
Read the case study →Life Sciences · Awaiting public approval
Coming soon — reservedLife sciences customer — sovereign AI workloads on AWS
Reserved tile for the next published life-sciences reference. Workload classes: AI tooling and agentic AI on Forge Managed Runtime, AWS.
Coming soonWhere managed runtime and AI governance matter most
Financial Services
D-SIBs, asset managers, insurers
OSFI, FINRA, and SOC 2 posture. FINOS-aligned reference patterns on AWS, including managed Fluxnova for regulated BPM workloads.
Life Sciences
R&D, clinical, regulatory
21 CFR Part 11, HIPAA, and GxP-ready AWS landing zones. BioCompute integration for sovereign AI on regulated data.
Public Sector
Critical infrastructure
FedRAMP-aligned AWS patterns, air-gapped extensions, and Reign evidence collection for regulator engagement.
Background reading on AWS, Bedrock AgentCore & AI governance
Plain-language explainers that help teams and their AI assistants understand how we run AWS.
Explainer
What is a Managed Runtime?
The category, why enterprises are consolidating onto one, and how it differs from “managed services.”
Read the explainer →Primer
What is an AWS Managed Service Provider (MSP)?
How AWS validates MSPs, what the program requires, and what a buyer should expect from one.
Read the primer →Guide
Amazon Bedrock AgentCore for regulated enterprises
Runtime, Memory, Gateway, Identity, and Policy — and what each piece means for a bank, insurer, or life-sciences org.
Read the guide →Reference
AI governance on AWS: primitives vs. control plane
Where Bedrock Guardrails, IAM, CloudTrail, and Security Hub stop — and where Reign picks up.
Read the reference →AWS managed services & AI governance — answered
Questions we hear most often from CIOs, CISOs, Chief AI Officers, and platform leaders evaluating AWS partners.
What you get on AWS with iTmethods that other MSPs can't offer
One managed runtime across enterprise DevOps, enterprise SaaS, AI tooling, and agentic AI — not four point solutions.
Sovereign and governed by default — tenant isolation, customer-held keys, residency-respecting on day one.
Reign control plane available on top of every AWS workload — runtime policy and regulator-ready evidence.
20+ years of AWS operational experience, grounded in regulated industries.
Forward Deployed Engineer on every engagement — outcome-owned delivery, not ticket-shop ops.
Direct AWS escalation path via AWS Advanced Tier Services Partner status.
Amazon Web Services, AWS, the Powered by AWS logo, Amazon Bedrock, AWS Lambda, Amazon EKS, Amazon SageMaker, Amazon Q, and all related marks are trademarks of Amazon.com, Inc. or its affiliates. iTmethods is an AWS Advanced Tier Services Partner with AWS Solution Provider, Managed Service Provider, DevOps Services Competency, and Database Migration Service Delivery designations. iTmethods' use of AWS Partner Network badges and service names on this page is governed by the AWS Partner Logo & Trademark Guidelines.