SUPPORTED CLOUDS
Multi-cloud, stated honestly.
We connect read-only to your clouds. Here’s how we analyze your multi-cloud infrastructure.
| Provider | Status | How it connects | Coverage |
|---|---|---|---|
| Microsoft Azure | Production-ready | Read-only service principal (Reader + Cost Management Reader) | Full live analysis · 20+ detectors · daily cost sync · weekly price catalog |
| Amazon Web Services | Production-ready | Read-only IAM role (external ID) | Live resource analysis · 7 savings detectors · daily cost sync |
| Google Cloud | Production-ready | BigQuery billing export · Workload Identity Federation | BigQuery billing-export analysis · 7 savings detectors |
Important Support Parameters
- Azure is fully supported with live resource analysis, exact VM resize via the price catalog, cost sync, and reports.
- AWS and GCP are available in pilot with live resource analysis, billing exports, and our 7 core savings detectors.
- Other providers are not supported at this time.
Telemetric Connection Pipeline
App Setup
Register a secure, dedicated Service Principal inside your Active Directory.
Assign Scopes
Grant Reader + Cost Management Reader scopes to selected subscriptions.
Encrypted Key
Wizard validates principal credentials. Keys are encrypted instantly with AES-256-GCM.
Recurring Sync
Cost data syncs daily, list prices weekly. Audits run on your plan’s schedule.
Strict boundary isolation.
Ingested Scope (Read-Only)
- Subscription GUIDs & metadata
Subscription categorization and tenant boundary isolation.
- Resource inventory properties
Virtual Machine core sizes, SKU indexes, locations, and capacity plans.
- Cost Management ActualCost records
Reconciling raw daily spend details with negotiated subscription discount rates.
- Workload CPU utilization counters
Daily average and maximum CPU utilization for compute and SQL workloads.
Strictly Out of Scope
- Application Database contents
Strict read-only role constraints mechanically block payload queries.
- OS filesystems & SSH/RDP keys
No VM-level agents or runtime access credentials are ever requested.
- Identity registries & user profiles
We completely skip Active Directory user profiles or administrative logs.
- Write Operations of any scope
No deploy, create, modify, scale, or terminate code paths exist.
Get started with multi-cloud auditing
Connect your cloud accounts read-only, run on-demand scans, and analyze savings.