How much does Philter cost on the AWS Marketplace?

Philter bills per instance-hour through your existing AWS account, so there is no separate invoice or procurement step. There is a 30-day free trial, and an annual contract option saves up to 18% over hourly billing. Because Philter runs on an EC2 instance you control, you also pay standard EC2 and data-transfer charges for that instance, the same as any other AMI.

Does my data leave my AWS account when I use Philter?

No. Philter runs as an EC2 instance inside your own VPC, and you send text to its API over your private network. There is no third-party redaction endpoint and no phone-home, so sensitive text never leaves your account. This is the difference between a self-hosted API and a hosted redaction service that processes your data on someone else's infrastructure.

What port does the Philter API listen on?

Philter's API listens on TCP port 8080 . When you launch the instance, open port 8080 in its security group to the specific hosts or CIDR range that need to call it, rather than to 0.0.0.0/0 . For production, put a reverse proxy in front of Philter to terminate TLS so requests are encrypted in transit.

Can I automate the Philter deployment instead of clicking through the console?

Yes. Once you have subscribed on the AWS Marketplace and noted the Philter AMI ID, you can launch it from a CloudFormation template, a Terraform module, or an auto-scaling group. See Deploying Philter in AWS via a CloudFormation Template for a working example.

How to Deploy Philter in 5 Minutes on the AWS Marketplace

The fastest way to get a self-hosted PII and PHI redaction API running is the AWS Marketplace. You subscribe, launch Philter into your own VPC, and start redacting text. No sales call, no separate contract, and no data leaving your account. From clicking subscribe to your first redacted response is about five minutes.

This guide walks through every step.

Why the Marketplace

Philter is self-hosted on purpose. It runs as an instance inside your own network, you POST text to its API, and you get redacted text back. Nothing is sent to a third party. The AWS Marketplace is the quickest path to that model because it handles three things at once:

Billing goes through your existing AWS account, so there is no new vendor to onboard. Philter is billed per instance-hour with a 30-day free trial.
Deployment is a prebuilt, Ubuntu-based AMI, so there is nothing to install or configure on the host.
Data residency is yours. The instance launches into a VPC and subnet you choose, and the API is reachable only on your network.

Before you start

You need an AWS account with permission to subscribe to Marketplace products and launch EC2 instances, and a VPC with a subnet to launch into (the default VPC is fine for a quick test). That is it.

Open the Philter listing on the AWS Marketplace and choose Continue to Subscribe. Accept the terms. The subscription itself is free; you are billed only for the instance once it is running, and the free trial covers the first 30 days.

Step 2: Configure and launch the instance

After subscribing, choose Continue to Configuration, then Continue to Launch. A few choices matter here:

Region: launch in the region where your data and applications already live, so traffic to Philter stays local.
Instance type: for testing, the smallest available type is fine. Size up for production throughput.
VPC and subnet: pick the network where the systems that will call Philter run.
Security group: Philter’s API listens on TCP port 8080. Open 8080 to the specific hosts or CIDR range that need it, not to 0.0.0.0/0.
Key pair: select or create one if you want SSH access to the host.

Choose Launch, then open the EC2 console and wait for the instance to reach the running state. Note its private IP (or public IP, if you launched it with one).

Step 3: Confirm Philter is running

Philter exposes a status endpoint. From a host that is allowed through the security group, run:

curl http://PHILTER_IP:8080/api/status

A healthy instance returns HTTP 200 OK. If the request hangs or is refused, it is almost always the security group: confirm port 8080 is open from the host you are calling from.

Step 4: Send your first redaction request

Now POST some text to the filter endpoint:

curl http://PHILTER_IP:8080/api/filter \
    --data "His SSN was 123-45-6789." \
    -H "Content-type: text/plain"

Philter returns the redacted text:

His SSN was {{{REDACTED-ssn}}}.

That is a working redaction API in your own account. The {{{REDACTED-ssn}}} placeholder is Philter’s default behavior; you control exactly how each entity type is handled with a redaction policy (redact, mask, encrypt with format-preserving encryption, pseudonymize, or tokenize).

From a quick test to production

The five-minute version above is enough to integrate Philter into a pipeline and start sending real text. Before you put it in front of production traffic, two things are worth doing:

Write a redaction policy. The default redacts common entities, but a policy lets you choose which of the 30+ entity types to detect and how to transform each one. Start with Writing Your First Redaction Policy.
Terminate TLS in front of Philter. Put a reverse proxy ahead of the instance so API traffic is encrypted in transit. See Using an Apache Reverse Proxy with Philter, and Deploying Philter in a HIPAA Environment if you are handling PHI.

When you want the deployment to be repeatable rather than click-through, launch the same AMI from infrastructure as code. Deploying Philter in AWS via a CloudFormation Template shows how to find the AMI ID and launch it as a managed stack, which is the right approach for anything beyond a one-off evaluation.

Not on AWS?

Philter is also on the Google Cloud Marketplace and the Microsoft Azure Marketplace, with the same self-hosted model and per-hour billing in your own cloud account. And if you are redacting text before it reaches a large language model, point the Philter AI Proxy at your new instance so prompts are redacted before they ever leave your network.

You can have a private, auditable redaction API running in your VPC before your coffee gets cold. Launch Philter on the AWS Marketplace to get started.