RackLens
Multi-tenant AWS observability & SIEM

See every AWS account clearly cost, security & activity in one lens.

RackLens is the single pane of glass for teams that run AWS for others. Cut cloud spend, close security gaps before they bite, and prove control across every tenant — from one read-only role, with a real-time SIEM built in.

Book a demo Why teams switch
No CloudWatch agent sprawl Read-only IAM role Real-time SIEM Per-tenant isolation
0AWS services inventoried
0Live SIEM alert latency
0Scan types, every tenant
0Role to connect it all
Why teams switch to RackLens

Less spend, less risk, less busywork

Built for MSPs, agencies and platform teams who answer for someone else's AWS bill — and security.

Cut cloud spend

Spot idle resources, spend spikes and untagged waste across every account — before the invoice lands. Forecasts and per-tenant cost-to-serve in one view.

up to 30%typical first-quarter spend reduction

Reduce security risk

Continuous posture checks, IAM key hygiene and a real-time SIEM catch public buckets, stale keys and dangerous commands the moment they appear.

<3sfrom risky command to alert

Move faster

Onboard a tenant in minutes with one read-only role. No agents to babysit, no per-service tooling — every answer is already pre-collected and instant.

5 minto connect a new account
0Accounts under one tenant
0Avg. cloud spend reduced
0Risk scans per account
0Real-time monitoring
Watch the 20-second tour

RackLens in motion

Guided product tour · with audio

A walkthrough of the dashboard

One narrated minute through every tab — cost, security, SIEM, server logs and IAM. Press play for sound.

What you get

One platform, the whole cloud picture

Everything a SaaS operator needs to watch a fleet of tenant AWS accounts — without standing up a separate tool per concern.

Cost monitoring

Daily spend, top services, month-end forecasting and spend-spike detection — pulled from Cost Explorer and cached so dashboards stay instant.

Security findings

Continuous checks across IAM, S3, security groups and RDS with severity, remediation guidance and a clean open→resolved lifecycle.

IAM key hygiene

Surfaces stale, over-privileged and never-rotated access keys with a risk score, so credential debt never piles up unseen.

Live inventory

EC2, Lambda, S3, RDS, EKS and Elastic Beanstalk snapshots refreshed on a schedule — search, filter and drill into any resource.

Host metrics, no CloudWatch

A tiny per-host collector ships memory, disk, swap and load that CloudWatch never exposes — pushed straight to RackLens.

SIEM & command audit

Capture shell commands across the fleet and flag threats in real time with Sigma detection rules — alerts within seconds.

How it works

Connected in minutes, monitoring forever

RackLens reads each tenant account on a schedule and serves pre-collected data — so the UI is instant and never hammers live AWS APIs.

Connect an account

The tenant creates a read-only IAM role (or supplies an access key, sealed with KMS). One ExternalId-bound role is all it takes.

RackLens scans on a cron

A serverless pipeline fans out per tenant — assuming the role, scanning cost, security, IAM, inventory and data transfer, and writing results to a search index.

Watch it live

Dashboards read pre-polled snapshots in milliseconds. Host agents stream metrics and audited commands for real-time security visibility.

Security information & event management

A real-time SIEM, built in

Beyond posture scanning, RackLens watches what actually runs on your fleet — capturing terminal commands and flagging threats the instant they happen.

Detection that keeps up

Catch the dangerous command, not the post-mortem.

A lightweight host agent captures every executed command and streams it to RackLens. Sigma detection rules evaluate each one at ingest — so a reverse shell, a credential read, or an rm -rf / raises an alert in seconds, not after the next scan window.

  • Real-time, ~3-second latency.
    Commands flush continuously and evaluate at ingest — the dashboard auto-refreshes live, no manual reload.
  • Sigma rules, your way.
    Ship the open Sigma format — reverse shells, privilege escalation, log tampering, credential access, destructive deletes — or write your own.
  • Full activity timeline.
    Every command across every host — searchable, filterable, with risky patterns highlighted even when no rule has flagged them yet.
  • Severity & lifecycle.
    Alerts carry severity, the matched rule, host, user and full command — triaged from open to resolved in one place.
Built secure

Least-privilege by design

RackLens is built to be trusted with production accounts.

Read-only access

Cross-account access via a scoped, ExternalId-bound IAM role. Access keys, when used, are envelope-encrypted with AWS KMS.

Strict tenant isolation

Every query, scan and dashboard is scoped to a single tenant. No customer ever sees another's data.

Hardened edge

HTTPS everywhere, an origin-locked API behind a CDN, short-lived signed agent enrollment, and one-time bootstrap tokens.

Built for operators

"We replaced three separate tools — a cost dashboard, a security scanner and our log pipeline — with one RackLens login. Onboarding a new client's AWS account went from a day to about five minutes."

— Platform Lead, managed-services team running 40+ AWS accounts
RackLens

Bring every AWS account into focus.

Connect your first tenant in under five minutes and watch cost, security and live activity light up in one dashboard.

Request a demo