AWS

set up a secure, temporary access iam role in your aws account so resolve can read required metrics, logs, and events for troubleshooting—without storing long lived credentials this role is global and can be used across multiple aws regions you choose to allow in resolve, create an aws integration log in to https //app0 resolve ai/ open the https //app0 resolve ai/integrations/aws/connect click add connection click view instructions to see a short guide with custom instructions for your account in aws, create a new iam role in your aws account, create a new iam role resolve access role set the trust relationship target account (from resolve ui) external id specify an id of your choosing attach required policies securityaudit https //docs aws amazon com/aws managed policy/latest/reference/securityaudit html cloudwatchlogsreadonlyaccess amazonrdsperformanceinsightsreadonly copy the role arn from the iam console on the role's detail page, and paste it into the resolve ui in resolve, configure the integration name the connection, ex "production aws" specify one or more target region(s) enter the external id the role arn was set in the step above the external id used to securely assume the iam role optional cloudwatch log group allow list lets you define a restricted list of cloudwatch log group names that resolve can query sample trust policy { "version" "2012 10 17", "statement" \[ { "effect" "allow", "principal" { "aws" "arn\ aws\ iam 590183716134\ root" }, "action" "sts\ assumerole", "condition" { "stringequals" { "sts\ externalid" "\<id>" } } } ] }