What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

ISO 27001 on AWS: Building an Information Security Management System

ISO 27001 is an international information security standard that certifies an organization's Information Security Management System (ISMS). Unlike compliance frameworks that prescribe specific technical controls, ISO 27001 is risk-based — it requires you to identify risks, evaluate them, select appropriate controls to mitigate them, and demonstrate that those controls operate effectively. The Annex A of ISO 27001:2022 lists 93 controls organized into four themes; your risk assessment determines which are applicable and how they should be implemented.

For AWS-hosted environments, ISO 27001 certification covers both the ISMS as a management system and the technical controls implemented on AWS infrastructure. Certification is performed by accredited certification bodies and involves a two-stage audit: Stage 1 reviews your ISMS documentation; Stage 2 verifies that controls are implemented and operating effectively.

The ISMS Foundation

Before addressing technical controls, you need the management system that ISO 27001 requires. This includes: an information security policy signed by leadership, a risk assessment methodology, an asset inventory, a Statement of Applicability (SoA) documenting which Annex A controls are applicable and why (or why each is excluded), documented risk treatment decisions, and operational procedures for key security processes.

The SoA is a central artifact. It lists all 93 Annex A controls and indicates whether each is applicable to your organization, what controls you've implemented, and why any controls were excluded. For cloud-native organizations, some physical security controls (A.7.1 Physical entry controls, A.7.3 Securing offices) are implemented by AWS rather than you — the SoA notes these as partially applicable and references AWS's own ISO 27001 certification as evidence that AWS implements them appropriately.

Technical Controls: Access Management (A.5.15-A.5.18)

The access management controls require formal user registration and de-registration, access provisioning and revocation, management of privileged access, and secret authentication information. AWS implementations:

Use IAM Identity Center (formerly AWS SSO) for centralized human user access management. Identity Center integrates with your corporate identity provider (Okta, Azure AD, Google Workspace) so that access follows your existing onboarding/offboarding processes — when an employee is deactivated in your IdP, their AWS access is automatically revoked. This satisfies both the provisioning and de-registration requirements without manual AWS console management.

For privileged access, implement just-in-time elevation rather than persistent privileged access. Use IAM roles that require MFA to assume, with session durations limited to 1-4 hours. Log all privileged session activity through CloudTrail. Review privileged access quarterly and document the review.

Technical Controls: Cryptography (A.8.24)

A.8.24 requires a policy on the use of cryptographic controls and appropriate key management. Document which data categories require encryption, what encryption algorithms are used (AES-256 for data at rest, TLS 1.2+ for transit), and how keys are managed.

AWS KMS provides the key management infrastructure — key creation, rotation, audit logging, and access control. Document your KMS key hierarchy: which keys encrypt which data types, who can administer keys, the rotation schedule, and what happens to data if a key is lost (KMS makes this practically impossible with proper configuration, but auditors want to see you've thought about it).

Technical Controls: Logging and Monitoring (A.8.15, A.8.16)

These controls require event logging, log protection, and monitoring. CloudTrail, CloudWatch Logs, and GuardDuty form the technical foundation. Specific requirements:

Logs must be protected against unauthorized modification (CloudTrail log integrity validation, S3 bucket policies preventing log deletion)
Administrator activities must be logged (CloudTrail logs all AWS API calls)
Security-relevant events must be reviewed (GuardDuty findings and CloudTrail alerts routed to security personnel for review)
Clocks must be synchronized (AWS services use NTP to synchronize to accurate time sources — document this)

Technical Controls: Network Security (A.8.20, A.8.21)

Network security controls require managing networks to protect systems and applying controls to network services. AWS implementations: VPCs provide network segmentation. Security groups implement firewall rules. VPC Flow Logs provide network traffic logging. AWS Network Firewall or third-party security appliances add deep packet inspection for environments requiring it.

Document your network architecture — auditors want to see how systems are segmented and how network controls are enforced. Export VPC and security group configurations from AWS Config as evidence that network controls are in place and haven't drifted. The security group audit process can produce documentation suitable for ISO 27001 evidence packages.

Evidence Collection and Continuous Monitoring

ISO 27001 Stage 2 auditors verify that controls are operating effectively, not just configured. Evidence for technical controls should include: AWS Config compliance reports showing controls in place over the audit period, CloudTrail log exports demonstrating logging was continuous, GuardDuty finding resolution records, patch compliance reports from Systems Manager, and access review records with documented approval signatures.

Build evidence collection into your normal operations rather than scrambling before the audit. Monthly security reviews that produce documented findings, quarterly access reviews with sign-off, and annual penetration testing reports all serve double duty as operational security activities and audit evidence.

FAQ

How long does ISO 27001 certification take?

Organizations typically take 6-18 months to achieve initial certification, depending on the starting maturity of their security program. The main time-consuming activities are developing the ISMS documentation, implementing missing controls, operating controls long enough to generate meaningful evidence, and scheduling with a certification body (which often has a multi-month backlog). Plan for a 12-month journey if building from scratch.

Does AWS being ISO 27001 certified help with our own certification?

Yes. AWS maintains ISO 27001 certification for its infrastructure services. When your auditors ask about physical security, hypervisor security, and other infrastructure-layer controls, you can reference AWS's ISO 27001 certificate and provide AWS's audit report as evidence. This significantly simplifies evidence collection for controls that are AWS's responsibility under the shared responsibility model.

What's the difference between ISO 27001 and ISO 27017/27018?

ISO 27001 is the base standard for ISMS certification. ISO 27017 extends it with additional controls specific to cloud services. ISO 27018 adds controls specific to processing personally identifiable information in cloud environments. AWS holds certifications for all three. For cloud-native organizations, achieving 27001 is the foundational goal; 27017 and 27018 may be relevant additional certifications depending on your customer requirements and the sensitivity of data you process.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Vigilare Engineering

Platform Team