What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

AWS Suspension Timeline: How Much Warning Do You Actually Get?

One of the most common misconceptions about AWS account suspension is that it happens without warning. In most cases, it doesn't. AWS follows a graduated enforcement process with multiple notifications before taking action. The problem isn't that AWS doesn't warn you — it's that the warnings arrive in channels nobody monitors, with timelines shorter than most teams expect.

Here's the actual enforcement timeline for each suspension category, based on documented AWS behavior and real-world incident reports.

Billing-Related Suspension

This is the most common type and has the longest, most predictable timeline.

Day 0: Your payment method fails (expired card, insufficient funds, declined charge). AWS attempts the charge again within a few days.

Days 3-7: After repeated failed charge attempts, AWS sends the first email notification to the root account email address and any configured billing contacts. The email says your account has an overdue balance and asks you to update your payment method.

Days 7-14: Follow-up emails with increasing urgency. The language shifts from "please update your payment" to "your account may be restricted."

Days 14-30: AWS may begin restricting your account — preventing new resource launches while existing resources continue running. This is a critical warning phase. Production stays up, but you can't deploy changes.

Days 30-60: Full account suspension. All running resources are stopped. API access is revoked. Console access is limited to Support and Billing.

Day 90+ (after suspension): AWS begins the account closure process. Resources start being deleted. This is irreversible.

Key insight: The total window from first failed payment to suspension is typically 30-60 days. The window from suspension to permanent data loss is roughly another 30 days. You have time — but only if you know the clock is ticking.

Security Compromise Suspension

This timeline is much shorter and less predictable.

Hour 0: AWS's automated systems detect indicators of compromise — API calls from known malicious IPs, rapid resource provisioning inconsistent with account history, or attempts to disable CloudTrail.

Hours 1-24: AWS may proactively restrict the account to limit damage. This can happen with as little as one email notification, sometimes simultaneously with the restriction. The notification typically goes to the root account email and may include a request to confirm whether the activity was authorized.

Hours 24-72: If you don't respond and confirm the activity was unauthorized (or demonstrate that you've secured the account), the restriction may escalate to full suspension.

Key insight: Security-related suspensions can happen within hours. There is no 30-day grace period. AWS acts fast because the compromised account may be attacking other customers or generating massive unauthorized charges.

AUP Violation Suspension

The timeline depends on the severity of the violation.

Low-severity violations (SES bounce rate too high, minor terms violations): AWS typically sends a warning email first, giving you days to weeks to remediate. If you fix the issue, no further action is taken.

High-severity violations (hosting malware, DDoS participation, actively harming other customers): AWS may suspend immediately with notification. There is no warning period for activities that pose an active threat to other customers on the platform.

SES-specific timeline: SES has its own graduated enforcement. When your bounce rate exceeds 5%, you get a warning. Above 10%, SES sending is paused. If the issue isn't resolved, it can escalate to broader account restrictions.

Compliance Documentation Suspension

This is the most predictable timeline and usually the easiest to resolve.

Day 0: AWS requests documentation — identity verification, VAT number, business registration.

Days 14-30: Follow-up requests if you haven't responded.

Days 30-60: Account restriction or suspension if documentation isn't provided.

Key insight: These requests are easy to satisfy but easy to miss. They often arrive during account creation for specific regions and look like routine administrative emails.

The Real Problem: Notification Delivery

Every timeline above assumes you see the notification when it's sent. In practice, the most common reason suspensions escalate to crisis level is that the notification wasn't seen in time. Root account emails forwarded to a shared inbox that nobody checks. AWS notifications caught by spam filters. Billing contacts set to an email address of someone who left the company.

The fix is straightforward: ensure the root account email is actively monitored. Forward it to a Slack channel or PagerDuty integration. Test the delivery regularly. If you wouldn't bet your production infrastructure on someone reading that email within 24 hours, you need a better monitoring channel.

Building Your Early Warning System

Rather than relying on AWS emails, monitor the signals that precede suspension directly:

AWS Health Dashboard events (via EventBridge) — catches abuse notifications and compliance requests
Billing status (via Budgets and Cost Anomaly Detection) — catches payment failures and spend anomalies
GuardDuty findings (via EventBridge) — catches the compromise patterns that lead to security-related suspension
SES reputation metrics (via CloudWatch) — catches bounce and complaint rate issues before they escalate

Vigilare monitors all four signal categories and correlates them into a single account health score. When your score starts dropping — because a billing anomaly appeared, or a GuardDuty finding fired, or your SES bounce rate is climbing — you know days or weeks before AWS enforcement arrives. Start a free 14-day trial.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Viktor B.

Co-founder & CEO