We ask for access to your AWS account. That's a significant trust. This page explains exactly what we access, how we protect your data, and how to report a vulnerability.
Security is an architectural constraint, not a feature layer. These principles are built into how Vigilare works at every level.
Vigilare never requests write permissions in your AWS account. The cross-account IAM role we provision grants read-only access to the specific services we monitor — nothing more.
All data is encrypted in transit over TLS 1.2+ and at rest using AES-256. DynamoDB encryption is enabled by default. Secrets are stored in AWS Secrets Manager, never in environment variables or source code.
Vigilare has completed SOC 2 Type II certification covering Security, Availability, and Confidentiality trust service criteria. Reports are available to customers under NDA on request.
Every customer's data is stored under a unique tenant ID derived exclusively from their verified Cognito JWT claim. No tenant can access another tenant's findings, settings, or credentials.
The Terraform module used to provision access in your account is fully open source. Every IAM permission is visible, documented, and auditable before you deploy anything.
Vigilare stores only the metadata needed to evaluate risk — resource identifiers, configuration state, and finding timestamps. Raw AWS API responses are not persisted. Findings are purged after 90 days by default.
The cross-account IAM role grants only the permissions listed below — no wildcards, no write actions, no data-plane access. The full policy is part of our open-source Terraform module so you can audit it before deploying.
ce:GetCostAndUsagebudgets:DescribeBudgetsDetect billing anomalies and budget threshold breaches
iam:ListUsersiam:ListRolesiam:GetAccountPasswordPolicyiam:ListAccessKeysIdentify credential hygiene issues and policy violations
guardduty:ListDetectorsguardduty:ListFindingsguardduty:GetFindingsSurface active threat findings before AWS acts on them
health:DescribeEventshealth:DescribeEventDetailsRead Account Health Dashboard events and notices
ses:GetSendStatisticsses:GetAccountSendingEnabledMonitor sending reputation and suspension risk
support:DescribeCasesCheck for open abuse or compliance cases
See the complete policy in the Terraform module documentation.
Vigilare's control plane runs serverlessly on AWS. There are no long-lived EC2 instances, no persistent processes exposed to the internet, and no shared compute between tenants. Lambda functions execute in isolated sandboxes and are destroyed after each invocation.
API traffic is fronted by AWS API Gateway with per-tenant rate limiting. All inbound requests are authenticated against Cognito before any Lambda code runs. The tenant ID used in all data operations is extracted from the verified JWT — it is never accepted from the request body.
Infrastructure is defined in Terraform and deployed through a CI/CD pipeline. Production deployments require passing lint, type-check, and test suites. Manual changes to production infrastructure are blocked by IAM policy.
We depend on a small, audited set of third-party services. Access to AWS is governed by least-privilege IAM roles with no human standing access to production. MFA is required for all AWS console access.
Dependencies are pinned and audited with automated tooling. Security advisories are reviewed weekly and critical patches are applied within 24 hours.
We do not sell, share, or use your AWS account data for any purpose other than delivering the Vigilare service. Data processed within your account never leaves it — only metadata (resource IDs, configuration summaries, finding timestamps) is transmitted to the Vigilare control plane.
If you discover a security vulnerability in Vigilare, please report it to us privately before public disclosure. We commit to:
Send a detailed report to our security team. Please include steps to reproduce, potential impact, and any proof-of-concept if available.
security@vigilare.cloudFor general support, use the contact page instead.