What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

AWS MSP Billing Visibility: Managing and Reporting Multi-Account Costs

Billing management is one of the highest-stakes responsibilities in an MSP engagement. A client who receives an unexpected $15,000 AWS bill — whether from an optimization they didn't implement, a resource your team provisioned and forgot to clean up, or a legitimate scaling event that wasn't communicated — is a client relationship at risk. Billing visibility across your client portfolio means you catch billing anomalies before clients do, explain bill components proactively, and demonstrate the cost management value your MSP delivers.

The challenge is that AWS billing data is account-scoped. Pulling cost data across dozens of client accounts requires an aggregation architecture that most MSP teams build piecemeal rather than designing intentionally.

Cost and Usage Report Architecture

AWS Cost and Usage Reports (CUR) are the primary detailed billing data source. Each account can be configured to deliver a CUR to an S3 bucket. For multi-account billing visibility, configure either consolidated billing (if clients use your AWS Organization structure) or individual CUR delivery from each client account to a central S3 bucket in your MSP billing account.

For individual client accounts (not part of your Organization), configure CUR delivery in each client account with a cross-account S3 bucket policy allowing delivery to your central bucket. Use a path structure that includes the account ID for easy partitioning: s3://msptier-billing/client-accounts/{account_id}/year={year}/month={month}/. This structure enables Athena queries that span all clients or filter to specific clients or time ranges.

Set up an Athena workgroup and data catalog in your MSP billing account that points to the central CUR bucket. With Athena, you can query costs across all clients in a single SQL query: total spend by client, service breakdown by client, anomaly detection comparing month-over-month, and resource-level cost attribution using the tags present in CUR data.

Billing Anomaly Detection Across Accounts

AWS Cost Anomaly Detection is per-account — it doesn't span accounts in a multi-client scenario unless you're using consolidated billing. Build anomaly detection at the aggregation layer using your CUR data:

Calculate each client's average daily spend for the prior 30 days. Run a nightly job that compares yesterday's spend to the rolling average and flags clients where yesterday's spend exceeded the average by more than a configurable threshold (e.g., 50% above baseline or $500 above baseline, whichever is smaller). Route anomalies to your operations team and (if the anomaly exceeds a larger threshold) to the account manager responsible for the client relationship.

Per-client thresholds matter here. A client spending $50,000/month has a normal day-to-day variance of thousands of dollars; a client spending $2,000/month has much lower variance. Parameterize your anomaly detection thresholds by client rather than using global values, and allow client-specific overrides for known patterns (monthly batch jobs, scheduled reporting runs) that would otherwise generate false positives.

Cost Allocation and Client Reporting

Translating raw CUR data into client-facing reports requires decisions about what to show and how to show it. Raw line items (thousands of rows of usage type codes and resource IDs) are not useful to most clients. Summarization and context are what make billing reports valuable:

Service-level summary: Group spending by AWS service (EC2, RDS, S3, CloudFront, etc.) and present month-over-month comparison. Highlight services where cost changed significantly and provide brief explanation (traffic growth, new deployment, pricing change).

Tagged resource attribution: Use cost allocation tags from CUR to break costs down by application, environment, or team as tagged in the client's account. This is only possible if the client's tagging hygiene is good — tag coverage audit is a prerequisite for meaningful tag-based cost attribution.

Optimization opportunities: Identify specific resources with optimization potential — unattached EBS volumes, EC2 instances running at low utilization, Reserved Instance coverage gaps. Present these as actionable recommendations with projected savings. This section of the billing report demonstrates the proactive value your MSP delivers beyond just collecting the bill.

MSP Margin and Pass-Through Models

MSPs handle AWS billing for clients under different commercial models. Understanding your model's implications for billing reporting:

Pass-through: Clients pay AWS directly; your MSP fee is separate. Billing reporting shows actual AWS costs. Your margins come entirely from service fees.

Reseller markup: You bill clients for AWS at a markup. Billing reporting to clients should show their all-in cost. Your margin visibility requires tracking your actual AWS cost (from consolidated billing discounts, Enterprise Discount Program, etc.) versus what you charge clients. Maintain clear internal accounting that separates AWS cost from MSP revenue.

Bundled/flat rate: Clients pay a flat fee covering both MSP services and AWS compute up to a defined limit. This model requires careful unit economics — your flat rate must account for average AWS consumption plus variance to remain profitable across your client portfolio. Billing visibility is critical for identifying clients where actual consumption is significantly above or below their tier's assumption.

FAQ

Can I use AWS consolidated billing to simplify multi-client cost management?

Consolidated billing through AWS Organizations simplifies billing management significantly — one bill, volume discounts shared across accounts, and centralized cost data. The requirement is that client accounts are members of your AWS Organization. This requires client consent and appropriate governance to prevent cross-client policy impact. Some clients are comfortable with this model; others aren't, particularly those with compliance requirements around account isolation. Offer both models and document the billing implications of each in your client agreements.

How do you handle Reserved Instance and Savings Plan benefits in multi-client billing?

With consolidated billing, RI and Savings Plan discounts apply automatically to the best-matching usage across all accounts in the organization. This creates an attribution challenge: whose usage consumed the commitment discount? AWS provides CUR line items that show how discounts were applied, enabling attribution. For reseller models, you need clear contractual language about how shared commitment discounts are allocated across clients.

What tools do MSPs typically use for multi-account billing analytics?

Common setups: AWS Athena + QuickSight for custom analytics on CUR data, CloudHealth or Apptio Cloudability for commercial multi-account cost management platforms, and custom billing applications built on the CUR + Athena foundation. The right choice depends on your client volume, engineering resources for custom development, and how much billing analytics capability you want to offer clients.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Vigilare Engineering

Platform Team