What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

AWS Account Health Monitoring: Staying Ahead of Service Disruptions

The Problem With Finding Out Too Late

Your application is down. Users are complaining. You're checking your infrastructure — EC2 instances are running, ALBs look healthy, Lambda functions are executing. But RDS connections are timing out, and you can't figure out why. Fifteen minutes into the incident, someone checks the AWS Health Dashboard and discovers there's an ongoing RDS incident in us-east-1 that started before your alarms fired.

This is a common and entirely avoidable scenario. AWS maintains extensive health information about service disruptions, planned maintenance, and account-specific issues — but by default, you have to go check the dashboard to see it. Setting up proactive health monitoring means you learn about AWS issues from AWS, not from your users.

AWS Health Dashboard: Two Different Views

The AWS Health Dashboard has two distinct sections that are often confused:

Service Health

Service Health (previously the AWS Status Page at status.aws.amazon.com) shows the current status of all AWS services globally. This is a public page — anyone can see it. The limitation is that it shows general service health, not account-specific impacts. A regional RDS degradation might affect your account significantly but appear as "Service disruption in us-east-1" without details about the specific issue.

Your Account Health

Account Health (previously called Personal Health Dashboard) shows events specifically affecting your account, your services, and your resources. This is where you see:

Planned maintenance on specific EC2 instances or RDS clusters in your account
EC2 retirement notifications for instances running on aging hardware
AWS notifications about potential security issues in your account
Certificate expiration warnings for services you're using
Compliance and policy changes that affect your account

Account Health events are more actionable than general service health because they're specific to your resources.

AWS Health EventBridge Integration

The key to proactive health monitoring is integrating AWS Health with EventBridge so events are automatically pushed to your notification channels rather than requiring manual checks. AWS Health publishes events to EventBridge automatically — you just need to set up the rules.

Alert on All AWS Health Events

resource "aws_cloudwatch_event_rule" "aws_health" {
  name        = "aws-health-alerts"
  description = "All AWS Health events"

  event_pattern = jsonencode({
    source      = ["aws.health"]
    detail-type = ["AWS Health Event"]
  })
}

resource "aws_cloudwatch_event_target" "health_sns" {
  rule      = aws_cloudwatch_event_rule.aws_health.name
  target_id = "health-sns"
  arn       = aws_sns_topic.health_alerts.arn
}

Filter for High-Priority Events

You may not want to be paged for every planned maintenance window. Filter for the highest-priority events:

event_pattern = jsonencode({
  source      = ["aws.health"]
  detail-type = ["AWS Health Event"]
  detail = {
    eventTypeCategory = ["issue", "accountNotification"]
    eventStatusCode   = ["open", "upcoming"]
    service           = ["EC2", "RDS", "LAMBDA", "EKS", "ECS", "S3"]
  }
})

Lambda Handler for Health Events

For more sophisticated processing — formatting events for Slack, deduplication, or routing by service — use a Lambda function as the EventBridge target:

import json
import boto3

def handler(event, context):
    health_event = event['detail']
    event_type = health_event['eventTypeCategory']
    service = health_event['service']
    region = health_event.get('region', 'global')
    description = health_event['eventDescription'][0]['latestDescription']

    message = f"""
🔔 AWS Health Alert
Service: {service} ({region})
Type: {event_type}
Status: {health_event['eventStatusCode']}

{description}
    """

    # Send to Slack webhook
    requests.post(os.environ['SLACK_WEBHOOK_URL'],
                 json={'text': message})

Multi-Account Health Monitoring with AWS Organizations

If you're using AWS Organizations, AWS Health provides an organizational view that aggregates health events across all member accounts. Enable organizational view in your management account:

aws health enable-health-service-access-for-organization

After enabling, you can query health events across all accounts in your organization using the Health API with the --include-member-accounts option. This is particularly valuable for MSPs managing multiple customer accounts or large enterprises with many AWS accounts.

Configure a central EventBridge rule in your management account to receive health events from all member accounts:

event_pattern = jsonencode({
  source      = ["aws.health"]
  detail-type = ["AWS Health Event"]
  # This automatically includes events from all member accounts
})

See our AWS Organizations guide for the organizational monitoring architecture.

Planned Maintenance: Getting Ahead of Required Actions

One of the most valuable AWS Health event types is planned maintenance — events that require your action before a deadline. Common examples:

EC2 Instance Retirement

When the underlying hardware running your EC2 instances is scheduled for retirement, AWS notifies you through Health. The notification includes the retirement date and the instances affected. You have a window to migrate to new instances before the forced retirement. Missing this notification means unexpected instance termination.

RDS Maintenance Windows

RDS engine version upgrades, OS patching, and certificate rotations are announced through Health. For multi-AZ deployments, these can happen with minimal downtime, but single-AZ RDS will have a restart. Health notifications give you the timing so you can plan.

TLS Certificate Rotation

AWS rotates the TLS certificates used for RDS connections periodically. If your application doesn't trust the new root CA, connections will fail after rotation. Health notifications give you advance warning to update your trust store.

The AWS Health API

For programmatic access to health events — useful for building dashboards, automating responses, or integrating with ticketing systems — use the Health API:

import boto3

# Health API is only available in us-east-1
health = boto3.client('health', region_name='us-east-1')

# Get all open events affecting your account
response = health.describe_events(
    filter={
        'eventStatusCodes': ['open', 'upcoming'],
        'eventTypeCategories': ['issue', 'scheduledChange', 'accountNotification']
    }
)

for event in response['events']:
    print(f"{event['service']}: {event['eventTypeCode']} - {event['statusCode']}")

Vigilare and Health Monitoring

Vigilare integrates with AWS Health to include account health status in your overall account health score. When there's an active AWS service issue affecting your account, it surfaces in your Vigilare dashboard alongside security findings and cost anomalies. For teams managing multiple accounts, this provides a single view of both self-inflicted issues (misconfigurations, security findings) and AWS-side issues (service degradations, maintenance events).

This is particularly valuable during incident response: you can immediately see whether a production issue is caused by something in your environment or by an underlying AWS service problem. See our incident response guide for how health monitoring fits into incident management.

Service Quotas and Health

AWS Health also includes notifications about service quota limits you're approaching. If your account's usage is getting close to a default limit, Health can notify you before you hit the limit and cause application failures. This integrates with the broader service quota monitoring approach — see our guide on AWS service quotas monitoring.

FAQ

Is AWS Health free?

The AWS Health Dashboard and basic Health API access are free for all AWS accounts. The Business or Enterprise Support plans include additional features: access to the full Health event history (vs. 90 days for Basic/Developer support) and programmatic access to the organizational view.

How do I test my Health event routing?

Use EventBridge's test event feature to send a sample AWS Health event structure to your rules. Alternatively, view existing health events in the console and verify they're appearing in your SNS/Slack notifications.

How quickly does AWS Health notify about incidents?

AWS Health events typically appear within minutes of AWS identifying an issue. This is often faster than you'd detect the issue through your own monitoring (CloudWatch alarms have evaluation periods, health checks have failure thresholds). Setting up Health EventBridge integration means you'll frequently learn about regional issues from AWS before your alarms fire.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Viktor B.

Co-founder & CEO