What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

My AWS Account Got Suspended — Now What?

You try to log into the AWS console and see a message about your account being suspended. Or worse: your monitoring goes dark, your API returns errors, and customers start reporting that your application is down. Then you check your email and find a message from AWS about account restrictions.

This is a crisis, but it's a recoverable one — if you act quickly and methodically. Here's the playbook.

The First 15 Minutes

1. Don't Panic — Assess What Type of Suspension You're Dealing With

AWS suspends accounts for different reasons, and the recovery path depends on the cause. Check your root account email (not an IAM user email — the email address associated with the root account). Look for messages from AWS that explain why the account was restricted. The most common reasons are:

Unpaid invoice — Your payment method failed and the balance went overdue
Suspected compromise — AWS detected activity suggesting your account was compromised
AUP violation — AWS flagged activity that violates their Acceptable Use Policy
Compliance documentation — AWS needs identity verification or tax documentation

2. Log Into the AWS Console with Root Credentials

Even when an account is suspended, you typically retain access to the AWS Support Center and Billing Dashboard through the root account. This is your lifeline. If you don't have the root account credentials, find them now — check your password manager, your company's credential vault, or whoever set up the account originally.

3. Open a Support Case Immediately

Go to the AWS Support Center. Open a new case under "Account and Billing Support." Select the issue type that matches your suspension reason. Be specific and factual in your description: state what happened, when you noticed, and what you've already done to investigate.

AWS Support for suspended accounts is typically prioritized, but response times vary from hours to a day depending on severity and support plan. If you're on Business or Enterprise Support, you'll get faster responses.

Recovery by Suspension Type

Payment Failure Recovery

This is the most common and usually the fastest to resolve. Log into the Billing Dashboard (accessible even when suspended). Update your payment method — add a new credit card or fix the expired one. Pay the outstanding balance. Then contact support to confirm the payment and request account reactivation.

AWS typically reactivates accounts within hours of payment confirmation. Your resources should still exist — they're stopped, not deleted. Once the account is reactivated, instances can be restarted and services should come back online.

Security Compromise Recovery

If AWS suspended your account because they detected compromise indicators, you need to demonstrate that you've secured the account before they'll reactivate it. This means rotating all IAM credentials (passwords and access keys), reviewing and removing any unauthorized IAM users or roles, terminating any resources you didn't create (check all regions), enabling MFA on the root account if it wasn't already, and reviewing CloudTrail logs to understand the scope of the compromise.

Document everything you've done and include it in your support case. AWS wants to see that you've addressed the root cause, not just the symptoms.

AUP Violation Recovery

AUP violations require understanding exactly what triggered the enforcement action. Common triggers include SES abuse (high bounce/complaint rates), cryptocurrency mining on Free Tier accounts, or resources being used for prohibited activities. In your support case, acknowledge the violation, explain the root cause (if unintentional), describe the corrective actions you've taken, and commit to preventing recurrence.

Recovery timeline for AUP violations is typically longer than billing issues — expect 1-3 days for review after you've provided your remediation evidence.

Compliance Documentation Recovery

If AWS needs identity verification or tax documentation, provide exactly what they've requested. Common requests include government-issued ID for identity verification, VAT registration for EU accounts, and business registration documents. Upload the documentation through the support case and confirm that it's been submitted.

The 30-Day Clock

Once an account is suspended, AWS provides approximately 30 days to resolve the issue before permanent account closure begins. During this window, your resources exist but are stopped. After the window closes, AWS begins deleting resources — and this is irreversible.

This is why speed matters. Every day you spend without resolving the suspension is a day closer to permanent data loss.

What About Your Users?

While your account is suspended, all services are unavailable. If you have a customer-facing application running on this account, it's down. Your immediate priority after opening the support case should be activating whatever disaster recovery plan you have: failover to a backup region or account, communicating with affected users, and setting realistic expectations for recovery timeline.

If you don't have a DR plan — if all your infrastructure runs in a single account with no cross-account backups — this is an expensive lesson. After recovery, setting up cross-account backups should be the first thing you do.

Preventing the Next Suspension

Every suspension was preventable. The warning signs were there — in billing notifications, in GuardDuty findings, in SES reputation metrics, in root account email — but they weren't being watched.

After recovery, implement these four controls:

Monitor the root account email actively. Forward it to a channel (Slack, PagerDuty) that someone checks daily.
Set up billing alerts and anomaly detection. Even the basic free setup catches most billing-related suspension triggers.
Enable GuardDuty in all regions. It detects the compromise patterns that lead to security-related suspensions.
Monitor your account health holistically. Billing + security + compliance + SES reputation — all four dimensions matter, and they need to be watched together.

Vigilare monitors all four dimensions continuously and alerts you before AWS enforcement thresholds are reached. If your account's risk score starts declining — because of a billing anomaly, a security finding, or an SES reputation drop — you'll know about it hours or days before AWS takes action. Start a free 14-day trial.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Viktor B.

Co-founder & CEO