What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

AWS Free Tier Monitoring: Preventing Surprise Charges on New Accounts

AWS's Free Tier is genuinely useful for learning and development, but it creates unexpected charges more often than AWS would probably like to admit. The structure of the free tier — specific usage limits per service, some of which expire after 12 months while others are permanent — doesn't match how most people actually use AWS, especially in team or organizational contexts where multiple people share an account.

This guide explains the free tier structure, the common sources of unexpected charges, and the monitoring setup that prevents surprises.

Understanding Free Tier Types

AWS offers three distinct types of free tier access, which are easy to conflate:

12-month free tier: Applies to new accounts for 12 months from the account creation date. Covers common services at usage limits designed for light usage: 750 hours/month of t2.micro or t3.micro EC2 instances, 5 GB S3 storage, 750 hours of RDS db.t2.micro or db.t3.micro, 1 million Lambda invocations/month, and others. Usage beyond these limits is billed at standard rates, and the free tier ends entirely after 12 months.

Always-free tier: Permanent free usage for specific services, not limited to the first 12 months. Examples: 1 million Lambda invocations/month, 25 GB DynamoDB storage, 10 CloudWatch custom metrics, 10 GB Glacier retrieval per month. These limits apply indefinitely.

Free trials: Time-limited free access to specific services upon first use. Examples: 90-day free trial for Amazon Detective, 30-day free trial for GuardDuty. Once the trial expires, standard billing begins.

Common Sources of Unexpected Charges

Data transfer out to the internet. Data transfer is not covered by the free tier beyond 100 GB/month (across all services). Developers running demos that transfer large files, downloading EC2 instances, or serving content to users can quickly exceed the 100 GB limit. Data transfer is also the most opaque AWS cost — it doesn't show up as an EC2 or S3 charge but as a separate "Data Transfer" line item.

Elastic IP addresses. Elastic IPs associated with running instances are free. Unattached Elastic IPs cost $0.005/hour. After 12 months, even the running-instance Elastic IPs are billed at standard rates.

RDS storage snapshots. Automated RDS snapshots beyond the size of the database consume backup storage billed at standard rates. Many users set up RDS with automated backups enabled without realizing the snapshot storage isn't always free.

CloudWatch Logs ingestion. CloudWatch Logs ingestion isn't covered by the free tier beyond the 5 GB/month free allowance (in the always-free tier). Applications that write verbose logs can easily exceed this, especially if Lambda functions log every invocation or EC2 applications have debug logging enabled.

NAT Gateways. NAT Gateways are never free — there's no free tier for NAT Gateway data processing or hourly charges. Developers who launch NAT Gateways to give private subnet instances internet access without realizing the ongoing cost are a common source of unexpected bills.

Setting Up Free Tier Alerts

AWS provides a free tier usage alert feature in the Billing console. Enable "Free Tier Alerts" to receive email notifications when you're approaching free tier limits for services you're using. This is useful but not comprehensive — it covers common services and may not catch all usage patterns.

Supplement the built-in alerts with a billing budget using AWS Budgets. Create a budget with a $1 monthly threshold and configure it to send an alert when actual or forecasted costs exceed the threshold. A $1 budget alert on a new account means any charge at all triggers an alert — useful for confirming that the account is truly staying within free tier limits.

For accounts beyond the first year (or for organizations that have outgrown free tier relevance), configure billing anomaly detection to catch unexpected cost spikes. The free tier alerts become less useful after 12 months, but billing anomaly detection remains relevant indefinitely.

Free Tier in AWS Organizations

Each member account in an AWS Organization has its own free tier — the 12-month clock starts when each account is created. However, some services pool free tier allowances at the organization level (billing is consolidated to the management account). Check the specific terms for each service you use, as the organization-level behavior isn't consistent across services.

For teams creating multiple AWS accounts for different projects or environments, each new account gets its own free tier. This is legitimate and intended — creating a new account for a new project to take advantage of fresh free tier is normal account management, not gaming the system.

FAQ

Does the free tier reset each month?

Yes. The monthly usage limits (750 EC2 hours, 5 GB S3 storage, etc.) reset at the beginning of each calendar month. They don't accumulate — unused free tier allocation from January doesn't carry over to February. The 12-month timer counts from account creation, not from when you start using services.

Can I get a refund if I'm charged for free tier overages?

AWS sometimes grants one-time credits for charges due to accidental free tier overages, especially for new users who weren't aware of the limits. Contact AWS Support and explain the situation — describe that you were unaware of the limit, that you've now cleaned up the resources causing the overage, and request a one-time credit. This is not guaranteed but is often granted for first-time overages with reasonable circumstances.

What happens to my account when the 12-month free tier expires?

Resources continue running and are billed at standard On-Demand rates. AWS sends an email notification before the free tier expires. If you've been using free tier resources and don't want to pay for them after the tier expires, you need to delete the resources before the expiration date. AWS doesn't automatically stop or delete resources when the free tier ends.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Viktor B.

Co-founder & CEO