When sovereignty, audit, or internal policy requires that no third party can access production infrastructure, customer-managed deployment is the right model. FormKiQ is deployed via CloudFormation into an AWS account you own and operate. FormKiQ teams have no access unless you explicitly grant it.
What "customer-managed" means in practice
- Encryption: Customer-managed KMS keys. No FormKiQ key material ownership.
- IAM: Policies and roles are defined and governed by your security team.
- Networking: Deploy in your VPC with private endpoints and egress controls.
- Region selection: Deploy per region for multi-jurisdiction architecture.
- Audit: CloudTrail, CloudWatch, and FormKiQ event trails support exportable evidence.
Comparison: Deployment Models
| Customer-Managed | Vendor-Managed | Hybrid | |
|---|---|---|---|
| Data in your AWS account | Yes | Segregated account | Production only |
| FormKiQ team access | None unless granted | Operational access | Non-production only |
| Your team manages infrastructure | Full | No | Production |
When to choose customer-managed
- Policies prohibit vendor access to production data.
- Regulated sectors require strict sovereignty boundaries.
- Cross-border transfer restrictions require jurisdictional control.
- Security teams must own IAM and encryption posture end-to-end.
Getting started
Deploy with CloudFormation in minutes. FormKiQ can support architecture reviews and onboarding in non-production while your team owns production operations.
Book a Call