What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

AWS Acceptable Use Policy Violations: Common Violations and How to Avoid Them

AWS's Acceptable Use Policy prohibits using AWS services to harm others or violate laws. The policy is stated broadly, but enforcement is specifically triggered by specific behaviors detected through AWS's monitoring infrastructure. Understanding which behaviors trigger enforcement — and how to prevent them from occurring in your account, intentionally or through compromise — is foundational account management.

The practical concern for most legitimate businesses isn't intentional violation. It's the scenario where your credentials are stolen and your account is used to violate the AUP by a third party, or where a misconfiguration creates an inadvertent violation. Both scenarios trigger the same enforcement process.

AUP Categories That Affect Production Accounts

Malicious network activity: Using EC2 instances to launch DDoS attacks, conduct unauthorized port scanning against external IPs, or distribute malware. This category is almost entirely credential-compromise-driven for legitimate businesses — nobody's production application should be port scanning the internet. Prevent by limiting outbound access from EC2 instances using security groups, monitoring for unusual outbound connection patterns via VPC Flow Logs, and detecting compromised instances with GuardDuty.

Email spam and phishing: Using SES or EC2-based mail servers to send unsolicited commercial email, phishing messages, or malware. See SES reputation monitoring and SES account suspension prevention for the full picture of email compliance. Key prevention: monitor SES complaint rates continuously, implement double opt-in for marketing lists, process complaint and bounce notifications immediately.

Unauthorized resource use for cryptocurrency mining: Using EC2 or other compute resources for crypto mining without authorization. This is the most common AUP violation in compromised accounts. See crypto mining detection for prevention and detection guidance.

Hosting prohibited content: S3 or EC2 serving malware, CSAM, or other content explicitly prohibited by the AUP. For legitimate businesses, this is almost always inadvertent: an S3 bucket that's accidentally public and is found by attackers who upload malicious content, or a web application with an upload vulnerability that allows attackers to host content through your application. Prevent with S3 Block Public Access, upload validation, and regular content auditing of public resources.

Inadvertent Violations from Misconfiguration

Some AUP violations don't require account compromise — they come from configuration mistakes:

Open DNS resolvers: EC2 instances configured as DNS resolvers that accept queries from any source IP can be used for DNS amplification attacks. Any EC2 instance running DNS services should accept queries only from specific source IPs (your VPC CIDR, your office IP), not from 0.0.0.0/0. AWS sometimes receives abuse reports about DNS amplification attacks before the account owner is aware of the issue.

Open SMTP relays: EC2 instances running mail servers that relay email from any source can be exploited for spam. Configure outbound email servers to relay only for authenticated senders. Alternatively, use SES for all outbound email rather than running your own mail server on EC2 — SES handles abuse monitoring and has built-in protections against relay exploitation.

Open proxy servers: EC2 instances running proxy software that accepts connections from any source can be used to anonymize malicious traffic. Restrict proxy software to authenticated users with specific source IP restrictions.

AUP Violation Response Process

When AWS detects AUP violations, the enforcement process depends on severity:

Notification: For most first-time or lower-severity violations, AWS sends an email notification describing the detected activity and requesting a response within a defined timeframe. Respond within 24 hours with an explanation of the root cause and remediation steps taken. The email goes to your account's root email address — ensure this inbox is monitored.

Service restriction: AWS may restrict specific services pending resolution of the abuse issue. SES may have sending suspended; EC2 may have launching disabled in specific regions. Service restrictions typically lift quickly after confirming the issue is resolved and providing a satisfactory response.

Account suspension: For severe violations or unresponsive accounts, AWS may suspend the entire account. Account suspension requires more extensive remediation and AWS review before restoration. The suspension affects all services and resources in the account. See why AWS accounts get suspended for the full suspension risk picture.

Prevention Framework

The preventive controls that address most AUP violation risk:

Eliminate long-lived IAM access keys that can be stolen and used to provision abusive resources
Enable GuardDuty in all regions to detect compromise-related AUP violations early
Monitor SES complaint and bounce rates continuously with alerting below enforcement thresholds
Use S3 Block Public Access at the account level to prevent inadvertent public bucket content hosting
Restrict outbound security group rules on EC2 instances to prevent abuse after compromise
Monitor CloudTrail for unusual resource provisioning patterns that indicate compromise

FAQ

If I'm not at fault for an AUP violation (my account was compromised), does that matter?

Yes, it matters significantly for the response process. AWS distinguishes between intentional AUP violations and violations caused by compromise. For compromise-caused violations, demonstrating that you're a victim (not a perpetrator) and showing what you've done to secure the account typically leads to faster restoration and more accommodating treatment. Provide clear documentation: when the compromise occurred, what actions were taken, what preventive controls are now in place. AWS's abuse team deals with this scenario regularly and generally extends good faith to cooperative account owners who were genuinely compromised.

Can a single SES spam complaint cause an AUP violation?

A single complaint won't trigger enforcement. AUP violations for email spam require patterns of abusive behavior — sustained high complaint rates, confirmed spam campaigns, or malware/phishing content in emails. A single complaint from a recipient who marked a legitimate marketing email as spam is handled through SES's reputation metrics (which affect sending limits), not through AUP enforcement.

How long does an AUP violation stay on my account's record?

AWS doesn't publish a specific statute of limitations for AUP violations. In practice, fully resolved violations with clear root cause documentation and demonstrated remediation have diminishing effect on account standing over time. An incident fully resolved 2 years ago matters less than one from 2 months ago. AWS's account teams have the context of your full account history when evaluating current issues.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Viktor B.

Co-founder & CEO