What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

AWS SES Reputation Monitoring: Keeping Your Sending in Good Standing

Amazon SES ties sending privileges directly to reputation metrics. AWS monitors your bounce rate, complaint rate, and sending patterns, and will throttle or suspend your account if those metrics cross thresholds. Unlike most AWS service limits which can be increased on request, SES reputation issues require you to fix the underlying problem before sending is restored — and AWS won't restore access until they're satisfied that the problem is genuinely resolved.

The accounts that end up suspended are almost never sending spam intentionally. They're running legitimate email operations — transactional emails, SaaS notifications, marketing lists — where something went wrong and nobody noticed until AWS sent the suspension notice. A list management issue that drove bounce rates from 1% to 12% over three weeks. A feedback loop that reported spam complaints from a segment that opted in months ago. An integration bug that sent duplicate notifications to the same users repeatedly.

Reputation monitoring catches these problems while they're still fixable — before AWS takes action, before your IP address is blocklisted, before customers stop receiving your emails.

The Metrics That Matter

SES exposes reputation metrics through the SES console and via CloudWatch. The two metrics that AWS monitors most closely are bounce rate and complaint rate. Understanding the thresholds and what drives each metric is prerequisite to building useful monitoring.

Bounce rate measures the percentage of sent emails that generated a hard bounce — a permanent delivery failure, typically because the recipient address doesn't exist. AWS's threshold for investigation is around 5%; accounts above 10% bounce rate face sending throttles. Hard bounces compound over time: sending to invalid addresses repeatedly signals to receiving mail servers that your lists aren't maintained, which increases your likelihood of being classified as a spam sender even for valid recipient addresses.

Complaint rate measures the percentage of emails that recipients marked as spam through their mail client. This data comes via ISP feedback loops — when Gmail, Yahoo, or Outlook users click "Report Spam," the ISP notifies AWS via the feedback loop. AWS's threshold for concern is 0.1% complaint rate; above 0.5% causes immediate investigation. Complaint rate is the more dangerous metric because it signals intentional recipient objection rather than just list hygiene issues.

Additional metrics to watch: delivery rate (percentage of non-bounced sends that were accepted), open rate (available if you use SES tracking), and sending volume changes. A sudden spike in sending volume combined with elevated complaint rates is a strong signal of a compromised SES credential being used for spam.

Setting Up CloudWatch Alerts

SES pushes reputation metrics to CloudWatch under the AWS/SES namespace. The relevant metrics are Reputation.BounceRate and Reputation.ComplaintRate. Create CloudWatch alarms on both metrics with thresholds below AWS's enforcement thresholds — you want to be alerted at 3% bounce rate and 0.05% complaint rate so you have time to investigate before crossing into the danger zone.

Configure the alarm to trigger an SNS notification to your engineering and deliverability team. The notification should include the current metric value and a link to the SES console's reputation dashboard. Time matters when reputation issues arise — faster notification enables faster remediation.

For SES accounts sending from multiple verified identities (multiple domains or sending addresses), create separate alarms for the account-level metrics and monitor sending statistics broken down by configuration set if you're using configuration sets to separate traffic types. A problem with one configuration set shouldn't obscure the health of others.

Virtual Deliverability Manager

AWS introduced Virtual Deliverability Manager (VDM) as a higher-level reputation monitoring tool integrated directly into SES. VDM provides inbox placement rates broken down by email client, engagement metrics, and recommendations for improving deliverability. It's more comprehensive than raw CloudWatch metrics and designed specifically for the email deliverability use case.

Enable VDM in the SES console under Account Dashboard. Once enabled, it starts collecting data from new sends — historical data isn't retroactively available. VDM's inbox placement monitoring requires sending test emails to seed addresses maintained by the VDM service, which incur a small per-email charge. The insight into inbox vs. spam folder placement is worth the cost for serious senders.

Managing Bounce Handling

Reducing bounce rate is primarily a list hygiene problem. SES sends bounce notifications to the feedback notification email address configured for your sending domain. Process these notifications and remove bounced addresses from your sending lists before the next send. If your bounce rate is elevated, the fastest fix is removing addresses that haven't had a confirmed engagement in the past 90 days — stale addresses bounce at much higher rates than recently confirmed ones.

Implement double opt-in for new subscribers if you're running any marketing or newsletter sending. Double opt-in confirms that the subscriber controls the email address, which eliminates typo bounces and dramatically reduces spam complaints from users who don't remember subscribing. It reduces list growth rate but improves list quality in ways that directly protect your SES reputation.

Handling Complaint Notifications

Configure SES to forward complaint notifications to an email address your team monitors. When a complaint arrives, suppress that address from future sends immediately — sending to a user who has reported you as spam compounds the complaint rate and violates multiple ISP feedback loop agreements. SES provides a suppression list that automatically handles this for direct bounces and complaints, but verify your integration is respecting the suppression list for all sending paths.

High complaint rates on specific email types indicate content or frequency problems. A complaint rate of 0.3% on promotional emails but 0.01% on transactional emails tells you to look at your promotional email program. Analyze which sends are generating complaints — subject line, send time, email content, and whether the recipients opted in recently or long ago.

FAQ

How long does SES reputation data take to appear in CloudWatch?

SES reputation metrics are updated approximately once per day. This means CloudWatch alarms on reputation metrics won't provide real-time feedback. For near-real-time feedback, monitor bounce and complaint notifications as they arrive rather than relying on the aggregate CloudWatch metrics for immediate alerting.

Does SES reputation affect my regular AWS account?

SES reputation issues can result in SES-specific sending throttles or suspension, which doesn't directly affect other AWS services. However, the same cross-account monitoring and risk scoring that Vigilare performs applies to SES sending health as part of the overall account risk picture. A compromised SES credential used for spam sending is also a signal of broader credential compromise.

What should I do if my SES account is placed under review?

Respond to the AWS review promptly and honestly. Provide a detailed explanation of what caused the reputation degradation, what specific steps you've taken to fix it (list suppression, double opt-in implementation, content review), and what monitoring you've put in place to prevent recurrence. AWS support wants to see that you understand the root cause and have implemented systemic fixes, not just temporarily stopped the problematic sending.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Viktor B.

Co-founder & CEO