CrewloJoin waitlist
Agents for your cloud infrastructure

Clouds go down. You stay up.

Crewlo’s agents continuously map your cloud and pre-stage migration plans across regions and providers. When an AZ or data centre fails, your workloads move with one approval — Terraform plan reviewed, rollback ready, audit trail intact.

No spam. We’ll only email when there’s something to show.

See the migration flow
Read-only IAM role — you grant, you revokeEvery move human-approved — nothing migrates without your sign-off

See it in one minute

Connect AWS, watch agents map your account, stage the failover, and surface the first findings.

One platform. Map, defend, and move your cloud.

Crewlo’s agents sit between your cloud and your team — continuously mapping what you run, defending against drift in cost and security, and standing ready to migrate workloads when a region fails.

Map

Crewlo walks every region, every account, every service. EC2, RDS, S3, Lambda, ECS, IAM, VPCs, load balancers — all rendered as one continuously-updated infrastructure map. Resources show up the moment they appear, so the migration plan always reflects what you actually run.

Defend

Public S3 buckets, over-broad IAM policies, security groups open to 0.0.0.0/0, unencrypted volumes, idle EC2, over-provisioned RDS, NAT gateway hot spots. Findings are ranked by exposure and waste, each one mapped to a concrete Terraform diff ready for review.

Move

Migration plans are staged the moment your account connects — across regions today, across providers as our adapters land. When an AZ goes dark or a region degrades, agents propose the failover, you approve, the plan executes with 15-minute Tier-3 credentials and a one-click rollback.

The migration flow

Four steps from a healthy cloud to a recovered one.

Crewlo’s agents pre-stage your failover plans in the background while your cloud is healthy — so when something breaks, the only thing left to do is approve.

TodayBetaRoadmap
01Today

Map

Discovery agents walk every region, every account, every service. Resources land on a continuously-updated infrastructure graph the moment they appear — so the failover plan always reflects what you actually run.

02Beta

Stage

The migration planner pre-generates Terraform plans for cross-region failover the moment your account connects. Stateful resources get snapshot lineages; stateless ones get a target-region plan with the right network plumbing.

03Beta

Detect

Monitor agents watch CloudWatch, AWS Health, and your own SLO signals. When an AZ degrades or a region falls over, alerts fire to your dashboard, Slack, and email with the staged failover already attached.

04Roadmap

Migrate

One human approval issues 15-minute Tier-3 credentials, runs the staged plan with terraform plan reviewed in front of you, and keeps the rollback inverse hot. Full automated cutover lands as adapters and orchestration mature.

Today: AWS discovery, Tier-3 remediation pipeline, audit log, and the credential broker that powers it all. Beta and Roadmap items are in active development — we’d rather be early and honest than late and vague.

Guardrails

Three tiers of access. You opt into each one.

A company’s cloud is sacred. Crewlo is built so that the only way to make a write happen is for a human to approve it with elevated, time-bounded credentials.

Tier 1
Tier 1 — Discovery & analysis

No approval needed

  • Crewlo assumes a CloudFormation-provisioned IAM role you create on day one. The role can ONLY call Describe / List / Get APIs.
  • We physically cannot mutate state with this role. The IAM policy doesn’t grant any write permissions, so an escalation bug here is impossible.
  • Every API call is logged with timestamp, ARN, action, and the agent that requested it. Exportable to your SIEM.
Tier 2
Tier 2 — Recommendations & plans

Human reviews before any action

  • Findings (cost, security, posture) are presented as a plan, never executed automatically.
  • Each recommendation includes the proposed Terraform diff, the blast radius, and a generated rollback path — before you click anything.
  • If you never escalate to Tier 3, Crewlo will only ever read your account. Recommendations are useful on their own.
Tier 3
Tier 3 — Guided remediation

Separate role + approval + 15-min credentials + rollback

  • Tier 3 uses a SEPARATE IAM role you create only when you want to apply changes. The default read-only role cannot be escalated.
  • Every apply runs `terraform plan` first — you see the exact diff and blast radius before approval.
  • Write credentials are minted via STS with a 15-minute TTL. The token is gone before you finish reading this sentence.
  • A rollback plan is generated BEFORE the apply runs. If anything looks off mid-flight, one click reverses it.
0
production-write actions have ever happened without explicit human approval. True by design — the read-only role can’t be escalated.
Minutes not days
the recovery-time target our migration plans aim for. Stateless workloads cut over fast; stateful ones are bounded by snapshot/restore time. We optimise for time-to-approve so the cloud's physics is the only thing left.
<15 min
from connecting your account to the first findings landing — cost, security, and the staged migration topology your agents will work from. Runs on every schedule thereafter.

Frequently asked questions

The questions cloud and security engineers ask us most often, with straight answers grounded in how the platform actually works.

What happens when an AZ or region goes down?
Monitor agents watch CloudWatch, AWS Health, and your own SLO signals. When degradation is detected, the staged failover plan that's been pre-generated for your account surfaces as an alert in your dashboard, Slack, and email — already with a Terraform plan and rollback inverse attached. You approve, Tier-3 mints 15-minute credentials, and the cutover runs. Cross-region staging is in beta today; full automated cutover lands as the orchestration layer matures. We'd rather be honest about which step you're approving than overpromise on autopilot.
Can you migrate AWS to GCP today?
Cross-cloud migration (AWS → GCP or AWS → Azure) is on the roadmap, not shipping today. The platform was built around a Cloud Abstraction Layer with provider-agnostic resource types, so adding GCP/Azure is an adapter implementation rather than a rewrite — but the AWS adapter is the only one in production right now. Same-cloud cross-region failover (e.g. us-east-1 → us-west-2) is closer to demo: discovery, plan staging, and Tier-3 execution all work today; the multi-region orchestration is in active development.
How fast can a workload migrate?
It depends on the workload. Stateless services with their state in S3, RDS, or DynamoDB cut over in minutes — the bottleneck is DNS propagation and load balancer warm-up. Stateful databases are bound by the cloud's snapshot/restore physics: an RDS multi-AZ failover is sub-minute; a cross-region restore from snapshot can be tens of minutes for a multi-TB database. Crewlo optimises the part we control — time-to-approve — so the rest comes down to your cloud provider's actual capability.
Why is Crewlo read-only by default?
A company's cloud is sacred. The default IAM role we ask you to grant only has Get / Describe / List permissions — it physically cannot modify anything in your account. Discovery, cost analysis, and security posture all run inside that boundary. You can revoke the role at any time and access stops immediately.
How does Tier-3 (write) approval work?
Writes never run on the read-only role. When you ask Crewlo to apply a fix, you create a separate write-scoped IAM role just for that change. Every write runs `terraform plan` first so you see the exact diff and blast radius, a rollback plan is generated before any apply, and the elevated credentials expire after 15 minutes. Nothing is touched without your explicit approval on the plan.
Will you support GCP and Azure?
Yes — that's the roadmap. The platform was built around a Cloud Abstraction Layer with provider-agnostic resource types (compute, databases, storage, networking, identity), so adding GCP and Azure is an adapter implementation, not a rewrite. We're shipping AWS first because it's where most of our early conversations live; the next provider lands once AWS coverage is rock-solid.
Can I self-host Crewlo?
Self-hosting isn't available at launch — we're focused on getting the hosted product right first. If you have a hard requirement to run Crewlo inside your own VPC (regulated industry, government, very large enterprise), reach out. We're tracking interest and will publish a self-hosted reference once we have enough demand to support it well.
What happens if a remediation fails partway through?
Every Tier-3 apply ships with a pre-generated rollback plan, recorded before the change runs. If a step fails, the executor halts immediately, surfaces the error in the dashboard, and offers the rollback as a one-click action. Partial state is never silently abandoned — you'll see exactly which steps succeeded, which failed, and what the platform proposes to do next.
How are credentials handled?
Crewlo never stores your AWS access keys. You grant a cross-account IAM role via a CloudFormation template we provide; the platform assumes that role using STS short-lived credentials, scoped to the exact API calls each scan needs. Tier-3 write credentials are issued through a separate Credential Broker, scoped per-change, and expire in 15 minutes. Every cloud API call we make is recorded to an immutable audit log you can export.
Do you have SOC 2 / GDPR compliance?
We're early — SOC 2 Type II is on the roadmap and we're already operating to its controls (audit logging, least-privilege access, encryption in transit and at rest). GDPR-wise we minimise the data we collect: we don't ingest object contents, application data, or PII from your cloud account — only resource metadata and metrics needed to produce findings. Talk to us if you need a DPA or have a specific compliance question.

Be ready before the next outage.

Get agents staging migration plans for your cloud the moment you connect. No credit card. Disconnect any time and access stops immediately.

No spam. We’ll only email when there’s something to show.

How we keep your cloud safe