Using keys

  1. Prerequisites: Have your AWS credentials ready, including access key and secret access key, with permissions to access.
  2. Configuring DrDroid: In the DrDroid platform, navigate to Integrations > CloudWatch. Enter your AWS access key ID, secret access key, and specify the region your CloudWatch logs are stored in.
  3. Testing the Integration: Test the integration.
Note: For security reasons, some teams prefer to create a new user with access attached to these permissions.

Steps to create a new user:

Step 1: Create a new user in your CloudWatch

Go to this link within your AWS account IAM and create a new user.

Step 2: Attach one policy of CloudWatchReadOnlyAccess to the user.

You don’t need to add any group to the user.

Step 3: Once the user is created, create an access key by going to “Security Credentials”.

Step 4: Select “Third-party service” or “Application running on an AWS compute service” while creating the key.

Step 5: Copy paste the access key and secret key in Integrations page.

Using AssumeRole](/docs/with-assumerole)

To connect using AssumeRole, we recommend setting up a call with our team as it requires multiple to & fro.
  1. Share your AWS Account Number with Doctor Droid team.
  2. Create a new role in your account with the following Trust Policy. ({{Role_ARN}} to be shared by Doctor Droid team) 
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::{{Role_ARN}}"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
  3. Attach the following Policy to the role: 
    PolicyName: CloudWatchReadOnlyAccessPolicy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - 'cloudwatch:Describe*'
                  - 'cloudwatch:Get*'
                  - 'cloudwatch:List*'
                  - 'logs:Get*'
                  - 'logs:Describe*'
                  - 'logs:List*'
                  - 'logs:StartQuery'
                  - 'logs:StopQuery'                  
                  - 'logs:GetQueryResults'
                  - 'logs:FilterLogEvents'
                Resource: '*'
  4. Share the ARN of the role created with Doctor Droid team.