FAQ
Common questions about Core Scan Role onboarding, trust posture, owner-ready findings, and accountable follow-through.
FAQ
On this page
- What is OpsCurb?
- How does it work?
- Is it safe?
- How much can I save?
- What does it scan?
- How long does setup take?
- Can I connect multiple AWS accounts?
- How often are scans run?
- What are AI explanations?
- Can I choose the AI model?
- Do you support Azure or GCP?
- How does billing work?
- Do you offer refunds?
- Do you offer discounts?
- My scan failed. What do I do?
- I'm not seeing any findings. Why?
- Can I delete my account?
- Where can I review the exact permissions?
- Do you use AI to build the product?
- How do I get help?
What is OpsCurb?
An AWS cost accountability tool. It scans your AWS account, finds wasteful resources, and helps your team turn the findings into owned follow-through.
How does it work?
You connect one required Core scan role first, then add optional roles only for workflows like Deep Inspect, CloudWatch Logs diagnostics, S3 inventory, IAM hygiene, or tag inventory. OpsCurb analyzes the metadata and cost signals available through the roles you enable, then surfaces findings with estimated savings and remediation guidance.
Is it safe?
OpsCurb does not ask new customers for one broad role up front. The default path is a narrow Core scan role, and more sensitive capabilities are separate opt-in roles. That split is deliberate: separate optional roles provide stronger hardening, narrower permission boundaries, and cleaner isolation than bundling those capabilities into one broader role. OpsCurb does not create, modify, or delete resources in your AWS account. It does not read S3 object contents, database row data, or secret values. It does store connection metadata such as role ARNs and external IDs, along with scan history and findings, so scans can be rerun over time.
How much can I save?
Savings vary by workload and cleanup discipline. Many teams see meaningful savings quickly, but results depend on your architecture and which recommendations you implement.
What does it scan?
The required core role covers baseline findings such as unattached EBS volumes, idle RDS signals, unused Elastic IPs, aged snapshots, idle load balancers, NAT gateways, ECR image cleanup, VPC endpoint opportunities, and cost summaries. Optional roles unlock S3 inventory, IAM hygiene, tag inventory, and CloudWatch Logs-based diagnostics.
How long does setup take?
About 5–10 minutes for the first core role. Optional add-on roles can be connected later from Settings. See the Onboarding Guide.
Can I connect multiple AWS accounts?
Yes. Each account needs its own IAM role set with unique External IDs. Free and Growth support 1 account, Scale supports up to 5, and Enterprise is custom.
How often are scans run?
- Free: limited manual scans (currently 1 per month; no automated scans)
- Growth: daily automated scans + 10 manual scans per month
- Scale: daily automated scans
- Enterprise: custom schedule
- Any plan: you can trigger a scan manually from the dashboard
What are AI explanations?
For each finding, we generate a plain-English explanation of why it's wasteful, plus copy-paste AWS CLI commands and console steps to fix it. Available on Growth and above.
Can I choose the AI model?
Yes, on Scale and Enterprise. Model availability can change over time based on provider support and product updates.
Do you support Azure or GCP?
Not yet. AWS only for now. Multi-cloud support is planned for later in 2026.
How does billing work?
Monthly subscription, billed on the same day each month. Annual billing saves ~17%. Cancel anytime from your account settings — you keep access until the end of your billing period.
Do you offer refunds?
Case by case within 30 days. Email support@opscurb.com.
Do you offer discounts?
Yes — 50% off for nonprofits and educational institutions. Email sales@opscurb.com.
My scan failed. What do I do?
Usually it is an IAM role issue, capability role mismatch, or External ID mismatch. See the Troubleshooting Guide and compare your connected roles to the Permissions Matrix.
I'm not seeing any findings. Why?
Either your infrastructure is already well-optimized (genuinely possible), the scan is still running, you have filters applied, or there's a permissions issue. Check the scan logs for errors.
Can I delete my account?
Email support@opscurb.com and request account deletion. Data deletion requests are processed per our privacy policy.
Where can I review the exact permissions?
See the public Permissions Matrix. It maps each AWS action to the feature that uses it, explains why it is needed, and shows whether the role is required or optional.
Do you use AI to build the product?
AI assistance may be used for parts of development, but generated output is not treated as self-validating. Security-sensitive areas such as IAM, access control, infrastructure, and production-impacting changes should receive human review and targeted verification before release. See AI Assurance.
How do I get help?
Email support@opscurb.com. Response times: Free (48h), Growth (priority), Scale (4h), Enterprise (1h).