Setup & Integrations
Integrations
AWS
set up a secure, temporary access iam role in your aws account so resolve can read required metrics, logs, and events for troubleshooting—without storing long lived credentials this role is global and can be used across multiple aws regions you choose to allow private vpc / self hosted? if your cloudwatch logs are in a private vpc that resolve cannot reach directly, you can use the docid\ a2g0qhdcis 6o17lqztzh to securely proxy queries see the /#connect via satellite section below in resolve, create an aws integration log in to https //app0 resolve ai/ open the https //app0 resolve ai/integrations/aws/connect click add connection click view instructions to see a short guide with custom instructions for your account in aws, create a new iam role in your aws account, create a new iam role resolve access role set the trust relationship target account (from resolve ui) external id specify an id of your choosing attach required policies securityaudit https //docs aws amazon com/aws managed policy/latest/reference/securityaudit html cloudwatchlogsreadonlyaccess amazonrdsperformanceinsightsreadonly copy the role arn from the iam console on the role's detail page and external id set in the trust relationship, and paste them into the resolve ui in resolve, configure the integration name the connection, ex "production aws" specify one or more target region(s) enter the external id the role arn was set in the step above the external id used to securely assume the iam role optional cloudwatch log group allow list lets you define a restricted list of cloudwatch log group names that resolve can query sample trust policy { "version" "2012 10 17", "statement" \[ { "effect" "allow", "principal" { "aws" "arn\ aws\ iam 590183716134\ root" }, "action" "sts\ assumerole", "condition" { "stringequals" { "sts\ externalid" "\<id>" } } } ] } connect via satellite if your aws resources are in a private vpc that resolve cannot reach directly, use the docid\ a2g0qhdcis 6o17lqztzh to securely proxy cloudwatch queries prerequisite the resolve satellite should already be installed in your environment see docid\ a2g0qhdcis 6o17lqztzh for installation instructions 1\ create kubernetes secret create a kubernetes secret containing your aws credentials with cloudwatch read access secret creation apiversion v1 kind secret type opaque metadata name cloudwatch resolve credentials stringdata accesskeyid "\<your aws access key id>" secretaccesskey "\<your aws secret access key>" apply the secret apply secret kubectl apply f cloudwatch resolve credentials yml 2\ update values file add the cloudwatch integration to your resolve values yaml resolve values yaml integrations cloudwatchonprem type cloudwatch create true secretname "cloudwatch resolve credentials" connection region us east 1 # your aws region loggroupname "/aws/lambda/my function" # optional specific log group 3\ apply changes update the satellite with the new configuration helm upgrade install resolve satellite \\ oci //registry 1 docker io/resolveaihq/satellite chart \\ \ values resolve values yaml 4\ verify integration open the https //app0 resolve ai/integrations/aws page in resolve to verify the connection