What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

AWS SES Account Suspension: Causes, Recovery, and Prevention

An SES suspension notification arriving at 6 PM on a Friday is one of the more stressful AWS operational events you can face. Your application stops sending emails immediately — no password resets, no order confirmations, no alerts. The notification gives you general guidance about reputation metrics but doesn't always make the root cause immediately obvious. Recovery requires responding to AWS Support through the SES Review process, and response times are measured in business days, not hours.

This guide explains what actually triggers SES suspension, how to navigate the review process effectively, and what architecture and operational changes prevent recurrence. If you're reading this while actively suspended, jump to the Recovery section.

What Triggers SES Suspension

SES enforcement falls into two categories: reputation-based actions and policy violations. They're handled differently and require different responses.

Reputation-based suspension occurs when bounce rates or complaint rates cross AWS's thresholds. AWS monitors these metrics continuously. When an account crosses the soft threshold, AWS typically sends a warning email giving you time to remediate. When metrics remain elevated or cross the hard threshold, AWS places the account in the review queue and may suspend sending while the review is pending. The specific thresholds aren't publicly documented in exact numbers, but industry experience suggests hard bounce rates above 10% and complaint rates above 0.5% trigger immediate review.

Policy violation suspension occurs when AWS determines your sending violates the SES acceptable use policy or AWS's general terms of service. This includes sending unsolicited commercial email (spam), sending to purchased lists, sending content that violates the AUP (phishing, malware distribution), or using SES to facilitate denial-of-service attacks. Policy violations typically result in immediate suspension without a warning period. AWS may also suspend accounts if the account itself appears compromised — an SES sending pattern that looks like a compromised credential being used to send spam.

The Review Process

When AWS suspends your SES sending, you receive an email to your account's registered address with details about why the suspension occurred and instructions for requesting reinstatement. Navigate to the SES console — you'll see a notification in the Account Dashboard indicating the account is under review, with a link to the Support case.

The support case is the only path to reinstatement. Respond to the case with a detailed explanation that addresses three points: what caused the problem, what specific changes you've made to fix it, and what monitoring you've implemented to prevent recurrence. Be specific and technical. "We will clean our lists" is insufficient. "We have implemented double opt-in for all new subscribers, suppressed all addresses that bounced in the past 30 days (removing 15,000 addresses), and set up CloudWatch alarms on bounce rate at 3% and complaint rate at 0.05% with SNS alerts to our engineering team" is the kind of response that leads to successful reinstatement.

AWS support typically responds within 1-3 business days. If your response is insufficient, they'll ask follow-up questions — don't let those go unanswered. Keep the case active and be responsive.

Recovery Steps While Suspended

While waiting for SES reinstatement, assess the severity of the email disruption. For business-critical sending (password resets, payment confirmations, security notifications), consider temporary alternatives: SendGrid, Mailgun, or Postmark can be provisioned in hours and configured as a drop-in SMTP replacement while SES is suspended. Build this backup sending path before you need it — implementing it during an active suspension adds stress to an already stressful situation.

Use the suspension period productively. Run a full audit of your email sending: pull lists, identify when each subscriber was added and how they were acquired, look at engagement data for the past 90 days. Remove subscribers who have never opened or clicked. Review your bounce handling to confirm every hard bounce is being suppressed immediately. Check whether your complaint handling is correctly processing all feedback loop notifications.

Prevention Architecture

The accounts that don't get suspended share a few common characteristics. They process bounce and complaint notifications programmatically — every bounce goes through code that immediately suppresses the address, not through someone manually reviewing bounce reports when they remember to. They use configuration sets to separate transactional and marketing sending, giving them granular reputation data to identify which traffic type is causing problems. They monitor the CloudWatch reputation metrics daily and have alerts configured below the danger thresholds.

Use SES's built-in suppression list. Addresses that hard-bounced or complained are automatically added to the account-level suppression list, and SES rejects sends to those addresses before they affect your metrics. This only works if your sending code uses the SES suppression list — if you're managing your own do-not-send list independently and not checking the SES suppression list before each send, addresses that AWS has suppressed can still be submitted for sending in ways that confuse your metrics.

Monitor SES reputation metrics proactively with CloudWatch alarms so you can investigate and fix problems before they reach AWS's enforcement thresholds. Vigilare surfaces SES reputation health alongside your other AWS risk factors, giving you a single view of account health rather than checking multiple AWS consoles.

FAQ

Can I appeal an SES suspension decision?

The support case response process is effectively the appeal. There's no separate escalation path specifically for SES suspensions. If your initial response is rejected, you can respond with additional information and continue the dialogue. If you believe the suspension is genuinely in error — your metrics don't support the suspension reason — explain that clearly with data. AWS support is generally reasonable when presented with clear evidence and a good-faith remediation plan.

Will SES suspension affect other AWS services?

SES suspension is specific to the email sending service. Other AWS services in the same account remain operational. Your EC2 instances, S3 buckets, and other resources are not affected. The suspension affects all SES API calls for sending — you cannot send emails, but you can still make read-only SES API calls to check configuration.

How long does it take to get reinstated?

Typical reinstatement after a successful first response takes 1-3 business days. Complex cases with multiple exchanges can take longer. Weekend and holiday timing affects response times. For production SaaS applications, this timeline underscores why having a backup email provider ready to activate is essential rather than optional.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Viktor B.

Co-founder & CEO