What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

AWS Account Suspension Horror Stories: Lessons from Real Incidents

Every AWS account suspension story starts the same way: something small was missed, and it snowballed into a crisis. These stories are anonymized from real incidents shared in engineering communities, AWS re:Post forums, and conversations with Vigilare customers. Each one illustrates a pattern — and a prevention strategy that would have stopped it.

Story 1: The $47,000 Weekend

What happened: A developer at a 4-person startup committed an AWS access key to a public GitHub repository on Friday afternoon. By Saturday morning, automated scanners had found the key. By Saturday evening, the attacker had launched over 200 GPU instances across 15 AWS regions for cryptocurrency mining.

The team didn't notice until Monday morning. The billing notification had gone to the founder's personal email, where it was buried under 200 other messages. By Monday, the charges had reached $47,000.

The outcome: AWS suspended the account due to the anomalous activity. After a week of back-and-forth with support — documenting the compromise, rotating all credentials, and demonstrating remediation — the account was reinstated. AWS credited a significant portion of the fraudulent charges, but the process consumed the entire team for a week and the startup nearly lost a key customer whose production system was down during the suspension.

The lesson: Access keys in code are a ticking bomb. Enable GitHub secret scanning. Use IAM roles instead of keys. And set up billing alerts that go to a channel someone actually monitors — not a personal email inbox.

Story 2: The Expired Credit Card

What happened: A SaaS company's CFO updated the company credit card but forgot to update the payment method in three of their five AWS accounts. The accounts with the old card started accumulating overdue balances. AWS sent email notifications to the root account address — which was set to a former employee's email that had been deactivated six months earlier.

Eight weeks later, all three accounts were suspended. Two of them ran internal tools. The third ran a customer-facing API. The API was down for 18 hours while the finance team scrambled to update payment methods and work with AWS Support to reactivate the accounts.

The outcome: No data was lost — the accounts were reactivated once payment was received. But the 18-hour outage triggered SLA violation credits for their enterprise customers, and the incident eroded trust with a customer who was in the middle of contract renewal.

The lesson: Root account emails must be actively monitored — forwarded to a shared channel, not set to an individual's email. Payment method changes should include a checklist of every AWS account. And billing health monitoring should alert when a payment method is approaching expiration.

Story 3: The SES Time Bomb

What happened: An e-commerce platform used SES for transactional email — order confirmations, shipping notifications, and password resets. Over several months, their customer email database accumulated invalid addresses from abandoned signups, role-based addresses that started bouncing, and addresses from customers who had unsubscribed but weren't properly removed from the list.

One day, they sent a promotional blast to their full list. The bounce rate hit 12%. SES immediately paused sending. The team didn't realize it until customers started calling to ask why they hadn't received their order confirmation emails.

The outcome: SES sending was paused for 48 hours while the team cleaned their email list, implemented bounce handling, and worked with SES support to have their sending reinstated. During those 48 hours, no transactional emails went out. Customers couldn't reset passwords, didn't receive order confirmations, and the support team was overwhelmed with tickets.

The lesson: SES reputation is a monitoring signal, not a set-and-forget configuration. Bounce rates and complaint rates need continuous monitoring with alerts well before they hit AWS enforcement thresholds (5% bounce, 0.1% complaint). Implement automatic bounce suppression so invalid addresses are removed after the first hard bounce, not after they've already pushed your rate above the threshold.

Story 4: The Innocent Intern

What happened: A startup hired a summer intern and gave them an IAM user with AdministratorAccess to make onboarding easy. The intern was exploring AWS services as part of a learning project and launched several large EC2 instances, created an EMR cluster, and provisioned a Redshift cluster — all for a proof-of-concept that they planned to tear down after testing.

The intern went on vacation. The resources kept running. Over two weeks, the charges accumulated to $8,000 — on an account that normally spent $600/month. AWS flagged the billing anomaly and restricted the account's ability to launch new resources.

The outcome: Not technically a full suspension, but the resource launch restriction prevented the production team from deploying a critical update. It took a day to identify the cause, clean up the intern's resources, and have the restriction lifted.

The lesson: Never give AdministratorAccess to anyone who doesn't need it. Use permission boundaries that limit the services and instance types a user can access. Tag resources with an owner so orphaned resources can be traced. And set per-service budgets that alert when any individual service's spend spikes relative to its baseline.

The Pattern

Every story shares three common elements: a signal that was present but unmonitored (billing alerts in an unread inbox, SES metrics nobody checked, resources nobody tracked), a delay between the incident starting and someone noticing (hours to weeks), and a cost that was dramatically higher than what prevention would have required.

Vigilare exists because these stories keep happening. It monitors the signals that these teams were missing — billing, security, compliance, SES reputation, and service quotas — and correlates them into a single risk score with real-time alerts. The $29/month Solo plan costs less than what any of these teams spent in a single hour of their crisis. Start a free 14-day trial.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Viktor B.

Co-founder & CEO