SUPPORTED CLOUDS

Multi-cloud, stated honestly.

We connect read-only to your clouds. Here’s how we analyze your multi-cloud infrastructure.

ProviderStatusHow it connectsCoverage
Microsoft AzureProduction-readyRead-only service principal (Reader + Cost Management Reader)Full live analysis · 20+ detectors · daily cost sync · weekly price catalog
Amazon Web ServicesProduction-readyRead-only IAM role (external ID)Live resource analysis · 7 savings detectors · daily cost sync
Google CloudProduction-readyBigQuery billing export · Workload Identity FederationBigQuery billing-export analysis · 7 savings detectors

Important Support Parameters

  • Azure is fully supported with live resource analysis, exact VM resize via the price catalog, cost sync, and reports.
  • AWS and GCP are available in pilot with live resource analysis, billing exports, and our 7 core savings detectors.
  • Other providers are not supported at this time.

Telemetric Connection Pipeline

01

App Setup

Register a secure, dedicated Service Principal inside your Active Directory.

02

Assign Scopes

Grant Reader + Cost Management Reader scopes to selected subscriptions.

03

Encrypted Key

Wizard validates principal credentials. Keys are encrypted instantly with AES-256-GCM.

04

Recurring Sync

Cost data syncs daily, list prices weekly. Audits run on your plan’s schedule.

SECURITY SCOPE PROTOCOLS

Strict boundary isolation.

Ingested Scope (Read-Only)

  • Subscription GUIDs & metadata

    Subscription categorization and tenant boundary isolation.

  • Resource inventory properties

    Virtual Machine core sizes, SKU indexes, locations, and capacity plans.

  • Cost Management ActualCost records

    Reconciling raw daily spend details with negotiated subscription discount rates.

  • Workload CPU utilization counters

    Daily average and maximum CPU utilization for compute and SQL workloads.

Strictly Out of Scope

  • Application Database contents

    Strict read-only role constraints mechanically block payload queries.

  • OS filesystems & SSH/RDP keys

    No VM-level agents or runtime access credentials are ever requested.

  • Identity registries & user profiles

    We completely skip Active Directory user profiles or administrative logs.

  • Write Operations of any scope

    No deploy, create, modify, scale, or terminate code paths exist.

Get started with multi-cloud auditing

Connect your cloud accounts read-only, run on-demand scans, and analyze savings.