AWS CloudWatch
Connect AWS CloudWatch to give RunLLM's SRE agent real-time access to your logs and metrics. During incident investigations, the agent can query log streams, list available metrics, and pull metric statistics directly from your AWS environment.
The agent can:
- Fetch log events from specific CloudWatch log groups and streams
- List available metrics across namespaces
- Get metric statistics (average, sum, min, max) for any metric over a time window
| Parameter | Description |
|---|---|
| AWS Access Key ID | The access key ID for an IAM user or role with CloudWatchReadOnlyAccess permissions. |
| AWS Secret Access Key | The secret access key associated with the access key ID above. |
| AWS Account ID | Your 12-digit AWS account ID (e.g., 123456789012). |
| AWS Region | The AWS region where your CloudWatch data lives (e.g., us-east-1). |
Optional parameters
| Parameter | Description |
|---|---|
| Rules / Instructions | Free-form instructions that guide the agent on how to use this integration (e.g., "Focus on the /aws/lambda/payments-service log group"). |
Use a least-privilege IAM policy
Create a dedicated IAM user with the AWS-managed CloudWatchReadOnlyAccess policy. This grants read-only access to logs and metrics without any write permissions.