Nuberio Audit · Free AWS Health Check

Free CloudWatch Alarm Audit

Scan 18 AWS services in parallel. Classify every alarm as GOOD, NOISY, or SUPPRESSED-BAD. Surface missing coverage with copy-pasteable CLI to fix each gap. Get a hygiene score in under 5 minutes.

Read-only access · 5-minute scan · No credit card · No commitment

convops — audit statsLive
loading…
loading…
loading…
convops@audit ~ scanning cloudwatch alarms across all audited accounts

Three steps, five minutes

1

Enter your email

We send the report here when the scan finishes. No account required.

2

Deploy a read-only IAM role

One CloudFormation click. Pre-filled template. The role can only read — never write.

3

Get your report

Score, top fixes, missing alarms with CLI commands. Yours to keep for 30 days.

Demo55s · real account

See it run.

nuberio.com/audit/report/…

What the audit checks

18 AWS services, parallel scanning, results in under 5 minutes.

  • Alarm classification

    Every alarm scored GOOD, NOISY, or SUPPRESSED-BAD with specific reasons.

  • Missing coverage

    18 services cross-referenced — missing criticals surfaced with copy-pasteable CLI.

  • Unmonitored resources

    Resources with zero alarms attached, with production gaps flagged first.

  • Security findings

    Active GuardDuty and Security Hub findings with severity context.

  • Quota warnings

    Service limits over 75% surfaced before they cause a hard cap mid-incident.

  • Hygiene score

    Single 0–100 score weighted by severity and environment — comparable across accounts.

Coverage scope

Every resource type scanned and the exact CloudWatch metrics checked for each.

RDSAWS/RDS
CPUUtilizationFreeableMemoryDatabaseConnectionsFreeStorageSpaceReadLatencyWriteLatency
LambdaAWS/Lambda
ErrorsDurationThrottlesConcurrentExecutionsDestinationDeliveryFailures
ECSAWS/ECS
CPUUtilizationMemoryUtilizationRunningTaskCount
ALBAWS/ApplicationELB
HTTPCode_ELB_5XX_CountTargetResponseTimeUnHealthyHostCountRejectedConnectionCountHTTPCode_ELB_4XX_Count
NLBAWS/NetworkELB
UnHealthyHostCountTCP_Target_Reset_Count
EC2AWS/EC2
CPUUtilizationStatusCheckFailedStatusCheckFailed_AttachedEBS
ElastiCacheAWS/ElastiCache
CPUUtilizationFreeableMemoryEvictionsEngineCPUUtilizationSwapUsageCurrConnectionsReplicationLag
DynamoDBAWS/DynamoDB
SystemErrorsReadThrottleEventsWriteThrottleEventsUserErrorsSuccessfulRequestLatencyConsumedReadCapacityUnitsConsumedWriteCapacityUnits
SQSAWS/SQS
ApproximateAgeOfOldestMessageApproximateNumberOfMessagesNotVisibleApproximateNumberOfMessagesVisible
S3AWS/S3
5xxErrors4xxErrors
API Gateway (REST)AWS/ApiGateway
5XXErrorLatencyIntegrationLatency4XXError
API Gateway (HTTP)AWS/ApiGateway
5xxLatency
NAT GatewayAWS/NATGateway
ErrorPortAllocationPacketsDropCount
CloudFrontAWS/CloudFront
5xxErrorRate4xxErrorRate

Security & compliance

GuardDutyActive threat findings with severity
Security HubCompliance findings from active standards
AWS ConfigNON_COMPLIANT rule violations
CloudTrailTrail not enabled or not sending to CloudWatch Logs
Secrets ManagerRotation-enabled secrets not rotated in 90+ days
Service QuotasLimits over 75% usage

Not yet covered

EKSsoon

Sample output

62/ 100FAIR
47Total Alarms
31Healthy
9Noisy / Bad
7Missing

Example top fix

1

Add RDS FreeableMemory alarm

+8 pts

3 production RDS instances have no memory alarm. A spike will take down your database silently.

aws cloudwatch put-metric-alarm \
--alarm-name "rds-prod-memory" \
--metric-name FreeableMemory ...

Common questions about the audit.

Answers about permissions, scan time, data handling, and what happens after you get your report.

Ready to see your score?

5 minutes. No account, no credit card. Just your email and one CloudFormation click.

Read-only IAM role · No writes · Cancel any time