What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

AWS Trusted Advisor: Automating Best Practice Monitoring and Alerts

Trusted Advisor: More Than a Dashboard

Most AWS users know Trusted Advisor as a dashboard in the console that occasionally reminds them to enable MFA or fix exposed access keys. What fewer people know is that Trusted Advisor has an API, integrates with EventBridge, and can be the foundation of an automated best-practices monitoring system.

Trusted Advisor continuously evaluates your account against AWS best practices across five categories: cost optimization, performance, security, fault tolerance, and service limits. When issues are found, it grades them as red (action recommended), yellow (investigation recommended), or green (no problems). With the right automation, these findings flow into your notification channels and help desks automatically.

Trusted Advisor Support Plan Requirements

Trusted Advisor checks availability depends on your AWS Support plan:

Basic/Developer: 6 core security checks and service limit checks
Business: All checks across all five categories (~115 checks)
Enterprise/Enterprise On-Ramp: All checks + Trusted Advisor Priority (ML-enhanced prioritization)

For most organizations, Business Support ($100/month + percentage of usage) is worth it if you have significant AWS spend. The cost optimization recommendations alone typically identify more savings than the support cost.

Core Security Checks (Available on All Plans)

Even on the free Basic plan, Trusted Advisor provides six critical security checks:

S3 Bucket Permissions: Identifies S3 buckets with public access
Security Groups - Specific Ports Unrestricted: Security groups allowing 0.0.0.0/0 on risky ports
IAM Use: Whether IAM is being used (vs. root account only)
MFA on Root Account: Root MFA status
IAM Access Key Rotation: Access keys older than 90 days
Exposed Access Keys: AWS coordinates with GitHub and other platforms to detect leaked keys

These checks overlap with AWS Config and GuardDuty in some areas, but the exposed access keys check is uniquely valuable — it's often the fastest detection of a leaked key. For the full security monitoring context, see our proactive monitoring guide.

Automating Trusted Advisor with EventBridge

Trusted Advisor integrates with EventBridge, publishing events when check results change. Set up automatic notifications for status changes:

resource "aws_cloudwatch_event_rule" "trusted_advisor" {
  name        = "trusted-advisor-alerts"
  description = "Trusted Advisor check status changes"

  event_pattern = jsonencode({
    source      = ["aws.trustedadvisor"]
    detail-type = ["Trusted Advisor Check Item Refresh Notification"]
    detail = {
      status = ["ERROR", "WARN"]
    }
  })
}

resource "aws_cloudwatch_event_target" "ta_sns" {
  rule      = aws_cloudwatch_event_rule.trusted_advisor.name
  target_id = "trusted-advisor-sns"
  arn       = aws_sns_topic.operations_alerts.arn
}

The EventBridge event includes the check name, status, and affected resources. Route ERROR status events to immediate notification and WARN to a weekly digest.

Programmatic Access with the Trusted Advisor API

The Support API provides programmatic access to Trusted Advisor check results:

import boto3

# Support API is only available in us-east-1
support = boto3.client('support', region_name='us-east-1')

# List all available checks
checks = support.describe_trusted_advisor_checks(language='en')

# Get results for a specific check (Security Groups)
check_id = 'HCP4007jGY'  # Security Groups - Specific Ports Unrestricted
results = support.describe_trusted_advisor_check_result(
    checkId=check_id,
    language='en'
)

for resource in results['result']['flaggedResources']:
    if resource['status'] == 'error':
        print(f"Security group: {resource['metadata'][1]} - Unrestricted: {resource['metadata'][3]}")

Use this to build custom dashboards, generate weekly reports, or populate ticketing systems with Trusted Advisor findings.

Cost Optimization Findings

On Business Support, Trusted Advisor's cost optimization checks identify:

Underutilized EC2 instances: Instances with low CPU and network utilization
Idle RDS instances: Databases with no connections over the past 7 days
Unassociated Elastic IPs: EIPs not attached to running instances ($0.005/hour/IP)
Underutilized EBS volumes: Volumes with less than 10% read/write over 7 days
Savings Plan recommendations: Potential savings from Reserved Instances or Savings Plans

Run a Trusted Advisor cost optimization review monthly and create tickets for findings that represent real savings. For a comprehensive cost management approach, see our cost optimization guide and Savings Plans guide.

Service Limit Monitoring

Trusted Advisor monitors service quota utilization and warns when you're approaching limits (typically at 80%). This is one of the most practically valuable checks — hitting a service limit in production is entirely preventable with proper monitoring.

# Get all service limit checks
checks = support.describe_trusted_advisor_checks(language='en')
limit_checks = [c for c in checks['checks'] if c['category'] == 'service_limits']

for check in limit_checks:
    result = support.describe_trusted_advisor_check_result(
        checkId=check['id'], language='en'
    )
    for resource in result['result']['flaggedResources']:
        if resource['status'] in ['warn', 'error']:
            print(f"Limit warning: {check['name']} - {resource['metadata']}")

For the complete service quota monitoring approach, see our service quotas monitoring guide and quota increase guide.

Trusted Advisor Priority (Enterprise)

Trusted Advisor Priority, available with Enterprise Support, uses ML to identify the highest-priority findings for your specific account. Rather than reviewing all 115 checks, Priority surfaces the 10-20 actions that will have the most impact on cost, security, and reliability for your workloads. It also incorporates AWS operational event data — if AWS is aware of a pattern affecting accounts like yours, Priority may surface recommendations before you experience a problem.

Refreshing Check Results

Trusted Advisor refreshes most checks automatically (weekly for cost and performance, more frequently for security). You can manually refresh checks via the API:

support.refresh_trusted_advisor_check(checkId='HCP4007jGY')

Refresh is rate-limited — each check can be refreshed at most once every 12 hours. For monitoring that requires more frequent evaluation, use Config rules or CloudWatch alarms rather than Trusted Advisor.

Integrating with Your Monitoring Stack

Trusted Advisor integrates with the broader AWS monitoring ecosystem:

Security Hub: Trusted Advisor security findings appear in Security Hub when the integration is enabled
Health Dashboard: Trusted Advisor Exposed Access Keys findings also appear in Account Health
CloudWatch: Trusted Advisor service limit data is available as CloudWatch metrics for alarming

For the complete monitoring architecture, see our proactive monitoring guide and account health monitoring guide.

FAQ

Is Trusted Advisor redundant with AWS Config and Security Hub?

Partially. There's overlap in security checks — both Config and Trusted Advisor detect open security groups and public S3 buckets. The unique value of Trusted Advisor is: (1) the exposed access key detection that coordinates with GitHub and other platforms, (2) cost optimization findings not covered by Config, (3) fault tolerance checks, and (4) the service limit monitoring. They complement each other rather than replace each other.

Can Trusted Advisor monitor multiple accounts?

Trusted Advisor is account-specific — each account has its own findings. For multi-account monitoring, you need to collect Trusted Advisor findings from each account separately. The EventBridge integration works per-account; for centralized monitoring, aggregate EventBridge events from all accounts to a central event bus in your security account.

How do I know which Trusted Advisor checks matter most for my environment?

Start with the security category — these findings represent actual security risks. Then review service limits for your most critical services. Cost optimization is valuable but can be reviewed less frequently. Fault tolerance checks are worth reviewing quarterly as part of your resilience review.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Viktor B.

Co-founder & CEO