Frequently asked questions
Everything you need to know about how Driftak works, what we can see, and how we keep your AWS account safe.
How does Driftak connect to AWS?
Driftak connects via a read-only IAM Role you create in your AWS account. You grant Driftak permission to assume that role using a cross-account trust policy with an external ID. We never store your AWS credentials, access keys, or secrets — only the Role ARN you provide.
Is my AWS data safe?
Yes. Driftak only requests read-only IAM permissions — we can see resource metadata and cost data, but we cannot modify, delete, or create any resources in your account. We cannot access your application data, S3 bucket contents, Secrets Manager values, or anything requiring write access. The IAM policy is open-source and auditable on GitHub.
How much does Driftak cost?
Driftak is free to start with no credit card required. Paid plans start at $29/month (Starter) and $99/month (Pro), with a 14-day free trial on all paid plans. See the pricing page for full details.
What AWS resources does Driftak monitor?
Driftak monitors EC2 instances (idle CPU/network), EBS volumes (unattached/orphaned), RDS instances (zero connections), Elastic IPs (unassociated), Application and Network Load Balancers (no healthy targets), and NAT Gateways (low data transfer). More resource types are added regularly based on user feedback.