Frequently Asked Questions

This page answers the most common questions about Guardian Pro. For issue-specific troubleshooting, see the dedicated guides for Common Issues, CUR Issues, IAM Issues, and Scan Issues.

General

What is Guardian Pro?

Guardian Pro is an AI-powered AWS governance platform that continuously monitors your cloud infrastructure for security risks, cost optimization opportunities, compliance gaps, and architectural weaknesses. It provides automated scanning, one-click remediation, compliance reporting, cost analysis, and an AI assistant that understands your infrastructure.

Which AWS services does Guardian Pro monitor?

Guardian Pro monitors resources across all major AWS service categories, including compute (EC2, Lambda, ECS, EKS), networking (VPC, ALB, CloudFront, Route 53), storage (S3, EBS, EFS), databases (RDS, DynamoDB, ElastiCache, OpenSearch), security (IAM, KMS, Secrets Manager, WAF), and many more. The full list continues to grow with each release.

Which AWS regions does Guardian Pro scan?

Guardian Pro scans all AWS regions where your workloads are running. During discovery, Guardian Pro identifies which regions contain resources and focuses scanning on those active regions. Global services (such as IAM, S3, CloudFront, and Route 53) are scanned regardless of region selection.

Does Guardian Pro work with AWS Organizations?

Yes. Guardian Pro is designed to work seamlessly with AWS Organizations. During onboarding, it discovers all member accounts and deploys monitoring roles via StackSets. See Multi-Account Management for details.

Can I use Guardian Pro with a single AWS account?

Absolutely. Guardian Pro supports both multi-account (AWS Organizations) and single-account setups. The onboarding wizard offers a simplified path for single accounts. See Onboarding Overview.

Security and Privacy

Does Guardian Pro have access to my data (files, database contents, secrets)?

No. Guardian Pro reads resource configurations and metadata only. For example, it checks whether an S3 bucket has encryption enabled, but never reads the bucket's contents. It checks whether a secret exists and is rotated, but never retrieves secret values. See Data Privacy for full details.

Does Guardian Pro store my AWS credentials?

No. Guardian Pro never stores AWS access keys or secret keys. All access to your AWS accounts is through cross-account IAM roles with confused deputy protection. See IAM Permissions.

Is my data shared with other tenants?

No. Guardian Pro enforces strict tenant isolation at the data layer. Your data is physically keyed to your organization, making cross-tenant access architecturally impossible. See Data Privacy.

Can Guardian Pro make changes to my AWS infrastructure?

Only when you explicitly initiate a remediation action. Guardian Pro operates in read-only mode for all scanning and monitoring. Write access is only exercised when you click "Fix" on a finding and confirm the action after reviewing the preview. You can also deploy Guardian Pro with read-only roles if your security policies prohibit any write access.

Does Guardian Pro support MFA?

Yes. Guardian Pro supports time-based one-time password (TOTP) multi-factor authentication compatible with standard authenticator apps. Enterprise plans can enforce MFA organization-wide. See Multi-Factor Authentication.

Cost Intelligence

Why does Cost Intelligence require CUR?

AWS Cost and Usage Reports (CUR) provide the most detailed and accurate billing data available from AWS. CUR data includes line-item detail, resource-level cost attribution, and usage metrics that are essential for accurate cost analysis, anomaly detection, and optimization recommendations. See CUR Setup.

How long does it take for cost data to appear?

After configuring CUR, AWS typically delivers the first report within 24 hours. Once data is available, Guardian Pro ingests it automatically and your cost dashboard populates within the next sync cycle. See CUR Issues if data does not appear within 48 hours.

Does Guardian Pro show real-time costs?

Cost data reflects the most recent CUR delivery from AWS, which is updated multiple times per day. While not real-time to the minute, data is typically no more than a few hours behind. Anomaly detection runs on the latest available data.

Scanning and Findings

How often does Guardian Pro scan my infrastructure?

Guardian Pro supports both scheduled and on-demand scanning. You can trigger a scan at any time from the Dashboard. Scheduled scan frequency depends on your subscription plan -- see Subscription Plans for details.

What are findings?

Findings are issues discovered during a scan. Each finding identifies a specific resource that deviates from a security best practice, cost optimization opportunity, or compliance requirement. Findings include a severity level, a detailed explanation, and remediation guidance.

What do the severity levels mean?

Severity	Meaning
Critical	Immediate risk requiring urgent attention. Could lead to data exposure, unauthorized access, or service disruption.
High	Significant risk that should be addressed promptly.
Medium	Moderate risk suitable for the next maintenance cycle.
Low	Minor improvement or informational recommendation.

Can I suppress findings I have accepted as risk?

Yes. You can suppress or acknowledge individual findings in the Action Centre. Suppressed findings are excluded from your health score calculation and can be filtered out of the Action Centre view. They remain recorded for audit purposes.

What happens when a finding is remediated?

When you apply a remediation, Guardian Pro updates the finding status and verifies the fix on the next scan. If the resource is now compliant, the finding is marked as resolved. If the issue reoccurs (for example, if someone reverts the change), a new finding is created.

Compliance

Which compliance frameworks does Guardian Pro support?

Guardian Pro supports four industry-standard compliance frameworks:

CIS AWS Foundations Benchmark (latest version)
SOC 2
GDPR
AWS Well-Architected Framework

Additionally, Guardian Pro applies its own best-practice checks beyond what the standard frameworks require. See Compliance Overview.

Can I export compliance reports for auditors?

Yes. Guardian Pro supports compliance report exports in PDF, CSV, and JSON formats. Reports include control-by-control pass/fail status, evidence of compliance, and timestamps. See Compliance Overview for export options.

Account Management

How many AWS accounts can I connect?

The number of accounts depends on your subscription plan: Starter supports up to 5, Business supports up to 50, and Enterprise supports unlimited accounts. See Subscription Plans.

Can I add accounts after initial onboarding?

Yes. You can add accounts at any time from Settings > Organization, or they are added automatically if you deployed StackSets and new accounts join your AWS Organization. See Adding Accounts.

What happens when I remove an account?

Removing an account permanently deletes all Guardian Pro data for that account, including findings, cost history, and compliance records. The IAM role in the AWS account is not automatically removed -- you need to delete the CloudFormation stack or StackSet instance separately.

AI Assistant

What can I ask the AI Assistant?

The AI Assistant understands your infrastructure and can answer questions about security findings, cost analysis, compliance status, architecture risks, and remediation guidance. Example questions:

"What are my most critical security issues?"
"How much could I save by rightsizing my compute?"
"Am I compliant with CIS benchmarks?"
"What happens if my primary database goes down?"

Does the AI Assistant have access to my data?

The AI Assistant receives contextual information about your currently selected account (findings summary, cost overview, compliance status) to provide relevant answers. It does not have direct access to your AWS resources or data contents. See Data Privacy.

Billing and Subscription

How is Guardian Pro billed?

Guardian Pro is billed through AWS Marketplace as part of your consolidated AWS bill. There are no separate invoices or payment methods to manage.

Can I upgrade or downgrade my plan?

Yes. Plan changes can be made from Settings > Subscription or through the AWS Marketplace. Upgrades take effect immediately. Downgrades take effect at the start of the next billing period.

Is there a free trial?

Check the current AWS Marketplace listing for trial availability, or contact sales for evaluation options.

Next Steps

Common Issues -- Resolve login, dashboard, and scan problems.
Contact Support -- Get help from the Guardian Pro team.
Quick Start -- Get started with Guardian Pro.

General​

What is Guardian Pro?​

Which AWS services does Guardian Pro monitor?​

Which AWS regions does Guardian Pro scan?​

Does Guardian Pro work with AWS Organizations?​

Can I use Guardian Pro with a single AWS account?​

Security and Privacy​

Does Guardian Pro have access to my data (files, database contents, secrets)?​

Does Guardian Pro store my AWS credentials?​

Is my data shared with other tenants?​

Can Guardian Pro make changes to my AWS infrastructure?​

Does Guardian Pro support MFA?​

Cost Intelligence​

Why does Cost Intelligence require CUR?​

How long does it take for cost data to appear?​

Does Guardian Pro show real-time costs?​

Scanning and Findings​

How often does Guardian Pro scan my infrastructure?​

What are findings?​

What do the severity levels mean?​

Can I suppress findings I have accepted as risk?​

What happens when a finding is remediated?​

Compliance​

Which compliance frameworks does Guardian Pro support?​

Can I export compliance reports for auditors?​

Account Management​

How many AWS accounts can I connect?​

Can I add accounts after initial onboarding?​

What happens when I remove an account?​

AI Assistant​

What can I ask the AI Assistant?​

Does the AI Assistant have access to my data?​

Billing and Subscription​

How is Guardian Pro billed?​

Can I upgrade or downgrade my plan?​

Is there a free trial?​

Next Steps​