What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

I Woke Up to a $10,000 AWS Bill: How It Happens and How to Prevent It

It's 7:14 AM on a Tuesday. You check your email before coffee and there it is: "Your estimated AWS charges for this billing period have exceeded $10,000." Your normal monthly bill is $400. Your stomach drops.

This scenario plays out hundreds of times a week across startups, side projects, and small teams. It is not a freak accident. Overnight AWS bill explosions follow a small number of predictable patterns, and every one of them is preventable — if you know what to watch for and set up the right guardrails before disaster strikes.

How a $400/Month Account Becomes a $10,000 Nightmare

The most common path to a five-figure surprise bill follows a specific sequence. Something changes — a credential leaks, an auto-scaling group misconfigures, a development resource gets forgotten — and expensive resources start accumulating charges. AWS's native billing alerts have a 24-hour delay, so by the time you're notified, the damage is already done. And if the notification lands in an unmonitored inbox, it can continue for days.

The key insight is that none of these scenarios require you to do something reckless. They require you to miss something small.

The Five Most Common Causes

1. Compromised Access Keys

This is the scariest scenario and the most expensive. An AWS access key gets committed to a public GitHub repository. Automated scanners find it within minutes. Attackers use the key to spin up GPU instances across every available region for cryptocurrency mining. A single p4d.24xlarge instance costs over $32/hour. Multiply that by 10 regions and you're burning $320/hour — $7,680 in a single day.

The fix is straightforward but non-negotiable: never put access keys in code. Use IAM roles, environment variables, or AWS Secrets Manager. Enable GitHub's secret scanning. Rotate any key that has ever been exposed, even if you think it was only briefly visible.

2. Forgotten Development Resources

You spin up an RDS database and a couple of EC2 instances for a Friday demo. Monday comes, the demo is over, and the resources keep running. A db.r5.2xlarge RDS instance costs about $1,200/month. Add a few unattached EBS volumes and an idle NAT gateway, and you're quietly bleeding $2,000-3,000/month on infrastructure nobody is using.

This is death by a thousand paper cuts. No single resource is catastrophic, but the accumulation is.

3. Auto-Scaling Without a Ceiling

Auto-scaling is supposed to save you money by matching capacity to demand. But if you set a minimum instance count and forget to set a maximum, a traffic spike — or a DDoS attack, or a bot crawling your site — can scale your fleet to dozens of instances. Each one bills by the second.

Always set a MaxSize on every Auto Scaling group. Set it to something you can afford, not something that sounds reasonable in theory.

4. Data Transfer Across Regions

AWS charges for data moving between regions, between Availability Zones, and out to the internet. A misconfigured application that routes API calls from us-east-1 to a database in eu-west-1 pays the cross-region data transfer tax on every request. At $0.02/GB, a high-throughput application can generate thousands of dollars in transfer costs that are invisible in the EC2 console.

Check your Cost and Usage Report (CUR) for data transfer line items. If cross-region transfer is a significant cost, your architecture needs attention.

5. NAT Gateway Charges

NAT Gateways charge both an hourly rate ($0.045/hour per gateway) and a per-GB data processing fee ($0.045/GB). A startup running a VPC with a NAT Gateway that processes significant outbound traffic can easily see $200-500/month from NAT Gateway charges alone. If you have multiple NAT Gateways across AZs (which is the recommended HA setup), multiply accordingly.

For development environments, consider NAT instances or VPC endpoints for the services you actually use. The savings can be dramatic.

The 15-Minute Prevention Checklist

You can dramatically reduce your risk of a billing disaster in about 15 minutes:

Set a budget alert in AWS Budgets. Create a monthly cost budget at 150% of your normal spend. Configure email and SNS notifications at 80%, 100%, and 150% thresholds. This takes 3 minutes.
Enable AWS Cost Anomaly Detection. It's free. It uses ML to detect unusual spend patterns. It has a 24-hour delay, which is why it shouldn't be your only line of defense, but it catches things budget thresholds miss.
Remove all long-lived access keys. Run aws iam list-access-keys for every user. Delete any key that doesn't have an active, documented use case. Switch to IAM roles and temporary credentials.
Tag everything with an owner and environment. If you can't tell who owns a resource and whether it's production or development, you can't make decisions about whether to keep it.
Set a max on every Auto Scaling group. Run aws autoscaling describe-auto-scaling-groups and check the MaxSize on every group. If any group can scale to more instances than you can afford, fix it now.

What AWS Won't Forgive — and What It Will

AWS has a history of issuing one-time courtesy credits for first-time billing incidents, especially when the cause is clearly accidental (compromised keys, forgotten resources). But this is not guaranteed, and it gets harder to claim on a second incident. The best protection is prevention, not hoping for a refund.

If you do get hit with an unexpected bill, contact AWS Support immediately. Open a billing support case, explain the situation clearly, and provide evidence that you've remediated the root cause. The sooner you act, the better your chances of a favorable outcome.

Automate the Protection

The checklist above is a good start, but it requires you to remember to do it — and to keep doing it as your infrastructure grows. The manual approach breaks down as soon as you add a second account, onboard a new team member, or launch a new service.

Vigilare monitors your AWS billing continuously, correlates cost spikes with security signals like GuardDuty findings, and alerts you within minutes — not hours. If a compromised key starts spinning up instances in ap-southeast-1 at 3 AM, you'll know before the bill hits four figures. Start a free 14-day trial — no credit card required.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Viktor B.

Co-founder & CEO