Is the Nuberio Audit really free?

Yes. The Audit is free forever. No credit card is required. It uses a read-only CloudFormation template to connect to your AWS account and takes approximately 5 minutes to complete.

What does the Nuberio Audit check?

The Audit checks your CloudWatch alarm coverage (returning a hygiene score out of 100), lists alarms classified as good, noisy, or suppressed-bad, identifies missing critical alarms across 18 services (RDS, Lambda, ECS, ALB, S3, API Gateway, NAT Gateway, CloudFront, and more), lists unmonitored production resources, and surfaces security findings from GuardDuty, Security Hub, CloudTrail, Secrets Manager, and AWS Config.

Does the Audit require write access to my AWS account?

No. The Audit uses a read-only IAM role created via a CloudFormation template. Nuberio never requests write access during the Audit.

Nuberio Audit · Free AWS Health Check

Free CloudWatch
Alarm Audit

Scan 18 AWS services in parallel. Classify every alarm as GOOD, NOISY, or SUPPRESSED-BAD. Surface missing coverage with copy-pasteable CLI to fix each gap. Get a hygiene score in under 5 minutes.

Run free audit →What we check ↓

Read-only access · 5-minute scan · No credit card · No commitment

convops — audit statsLive

loading…

convops@audit ~ scanning cloudwatch alarms across all audited accounts

Three steps, five minutes

Enter your email

We send the report here when the scan finishes. No account required.

Deploy a read-only IAM role

One CloudFormation click. Pre-filled template. The role can only read — never write.

Get your report

Score, top fixes, missing alarms with CLI commands. Yours to keep for 30 days.

Demo55s · real account

See it run.

nuberio.com/audit/report/…

What the audit checks

18 AWS services, parallel scanning, results in under 5 minutes.

Alarm classification
Every alarm scored GOOD, NOISY, or SUPPRESSED-BAD with specific reasons.
Missing coverage
18 services cross-referenced — missing criticals surfaced with copy-pasteable CLI.
Unmonitored resources
Resources with zero alarms attached, with production gaps flagged first.
Security findings
Active GuardDuty and Security Hub findings with severity context.
Quota warnings
Service limits over 75% surfaced before they cause a hard cap mid-incident.
Hygiene score
Single 0–100 score weighted by severity and environment — comparable across accounts.

Coverage scope

Every resource type scanned and the exact CloudWatch metrics checked for each.

RDSAWS/RDS

CPUUtilizationFreeableMemoryDatabaseConnectionsFreeStorageSpaceReadLatencyWriteLatency

LambdaAWS/Lambda

ErrorsDurationThrottlesConcurrentExecutionsDestinationDeliveryFailures

ECSAWS/ECS

CPUUtilizationMemoryUtilizationRunningTaskCount

ALBAWS/ApplicationELB

HTTPCode_ELB_5XX_CountTargetResponseTimeUnHealthyHostCountRejectedConnectionCountHTTPCode_ELB_4XX_Count

NLBAWS/NetworkELB

UnHealthyHostCountTCP_Target_Reset_Count

EC2AWS/EC2

CPUUtilizationStatusCheckFailedStatusCheckFailed_AttachedEBS

ElastiCacheAWS/ElastiCache

CPUUtilizationFreeableMemoryEvictionsEngineCPUUtilizationSwapUsageCurrConnectionsReplicationLag

DynamoDBAWS/DynamoDB

SystemErrorsReadThrottleEventsWriteThrottleEventsUserErrorsSuccessfulRequestLatencyConsumedReadCapacityUnitsConsumedWriteCapacityUnits

SQSAWS/SQS

ApproximateAgeOfOldestMessageApproximateNumberOfMessagesNotVisibleApproximateNumberOfMessagesVisible

S3AWS/S3

5xxErrors4xxErrors

API Gateway (REST)AWS/ApiGateway

5XXErrorLatencyIntegrationLatency4XXError

API Gateway (HTTP)AWS/ApiGateway

5xxLatency

NAT GatewayAWS/NATGateway

ErrorPortAllocationPacketsDropCount

CloudFrontAWS/CloudFront

5xxErrorRate4xxErrorRate

Security & compliance

GuardDutyActive threat findings with severity

Security HubCompliance findings from active standards

AWS ConfigNON_COMPLIANT rule violations

CloudTrailTrail not enabled or not sending to CloudWatch Logs

Secrets ManagerRotation-enabled secrets not rotated in 90+ days

Service QuotasLimits over 75% usage

Not yet covered

EKSsoon

Sample output

47Total Alarms

31Healthy

9Noisy / Bad

7Missing

Example top fix

Add RDS FreeableMemory alarm

+8 pts

3 production RDS instances have no memory alarm. A spike will take down your database silently.

aws cloudwatch put-metric-alarm \
--alarm-name "rds-prod-memory" \
--metric-name FreeableMemory ...

Common questions about the audit.

Answers about permissions, scan time, data handling, and what happens after you get your report.

What comes next

The audit gives you a one-time snapshot. These two products close the loop on an ongoing basis.

Nuberio Watch →

24/7 anomaly detection across all CloudWatch metrics — no alarms needed. 9 verification checks before every alert.

Root cause analysis →

When an alarm fires, Diagnose reads your logs and CloudTrail and sends a plain-English fix to WhatsApp or Slack.

CloudWatch metric reference →

Recommended thresholds and debugging guidance for every metric the audit checks.

Ready to see your score?

5 minutes. No account, no credit card. Just your email and one CloudFormation click.

Run free audit →See pricing →

Read-only IAM role · No writes · Cancel any time