AWS Cloudwatch

Using keys

Prerequisites: Have your AWS credentials ready, including access key and secret access key, with permissions to access.
Configuring DrDroid: In the DrDroid platform, navigate to Integrations > CloudWatch. Enter your AWS access key ID, secret access key, and specify the region your CloudWatch logs are stored in.
Testing the Integration: Test the integration.

Note: For security reasons, some teams prefer to create a new user with access attached to these permissions.

Steps to create a new user:

Step 1: Create a new user in your CloudWatch

Go to this link within your AWS account IAM and create a new user.

Step 2: Attach one policy of CloudWatchReadOnlyAccess to the user.

You don’t need to add any group to the user.

Step 3: Once the user is created, create an access key by going to “Security Credentials”.

Step 4: Select “Third-party service” or “Application running on an AWS compute service” while creating the key.

Step 5: Copy paste the access key and secret key in Integrations page.

Using AssumeRole](/docs/with-assumerole)

To connect using AssumeRole, we recommend setting up a call with our team as it requires multiple to & fro.

Share your AWS Account Number with Doctor Droid team.

Create a new role in your account with the following Trust Policy. ({{Role_ARN}} to be shared by Doctor Droid team)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::{{Role_ARN}}"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Attach the following Policy to the role:

PolicyName: CloudWatchReadOnlyAccessPolicy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - 'cloudwatch:Describe*'
                  - 'cloudwatch:Get*'
                  - 'cloudwatch:List*'
                  - 'logs:Get*'
                  - 'logs:Describe*'
                  - 'logs:List*'
                  - 'logs:StartQuery'
                  - 'logs:StopQuery'                  
                  - 'logs:GetQueryResults'
                  - 'logs:FilterLogEvents'
                Resource: '*'

Share the ARN of the role created with Doctor Droid team.

GETTING STARTED

MONITOR

DEBUG

INTEGRATIONS

CONTEXT

Security & Privacy

Using keys

Steps to create a new user:

Step 1: Create a new user in your CloudWatch

Step 2: Attach one policy of CloudWatchReadOnlyAccess to the user.

Step 3: Once the user is created, create an access key by going to “Security Credentials”.

Step 4: Select “Third-party service” or “Application running on an AWS compute service” while creating the key.

Step 5: Copy paste the access key and secret key in Integrations page.

Using AssumeRole](/docs/with-assumerole)

GETTING STARTED

MONITOR

DEBUG

INTEGRATIONS

CONTEXT

Security & Privacy

​Using keys

​Steps to create a new user:

​Step 1: Create a new user in your CloudWatch

​Step 2: Attach one policy of CloudWatchReadOnlyAccess to the user.

​Step 3: Once the user is created, create an access key by going to “Security Credentials”.

​Step 4: Select “Third-party service” or “Application running on an AWS compute service” while creating the key.

​Step 5: Copy paste the access key and secret key in Integrations page.

​Using AssumeRole](/docs/with-assumerole)

Using keys

Steps to create a new user:

Step 1: Create a new user in your CloudWatch

Step 2: Attach one policy of CloudWatchReadOnlyAccess to the user.

Step 3: Once the user is created, create an access key by going to “Security Credentials”.

Step 4: Select “Third-party service” or “Application running on an AWS compute service” while creating the key.

Step 5: Copy paste the access key and secret key in Integrations page.

Using AssumeRole](/docs/with-assumerole)