Skip to Content
IntegrationsAWS

AWS Integration

The AWS integration connects AtlasAI to your Amazon Web Services environment. It imports CloudWatch metrics and alarms, discovers EC2 instances and other resources for CMDB population, and enables cloud-native monitoring alongside your on-prem infrastructure.

Prerequisites

  • An AWS account with IAM permissions for CloudWatch, EC2, ECS, and RDS (read-only)
  • An IAM role or access key pair for authentication

Setup

Step 1: Create an IAM policy.

Create a policy with the minimum required permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cloudwatch:GetMetricData",
        "cloudwatch:ListMetrics",
        "cloudwatch:DescribeAlarms",
        "ec2:DescribeInstances",
        "ec2:DescribeRegions",
        "ecs:ListClusters",
        "ecs:DescribeClusters",
        "ecs:ListServices",
        "ecs:DescribeServices",
        "rds:DescribeDBInstances",
        "lambda:ListFunctions",
        "elasticloadbalancing:DescribeLoadBalancers",
        "tag:GetResources"
      ],
      "Resource": "*"
    }
  ]
}

Step 2: Create an IAM role (recommended) or access key.

For cross-account access, create an IAM role with the policy above and configure a trust relationship allowing the AtlasAI Tenant Plane to assume it.

Step 3: Configure the integration in AtlasAI.

  1. Navigate to Settings → Integrations → AWS
  2. Click Add Account
  3. Choose authentication method:
    • IAM Role: Enter the Role ARN
    • Access Key: Enter the Access Key ID and Secret Access Key
  4. Select the AWS regions to monitor
  5. Select the services to discover:
    • EC2 instances
    • ECS clusters and services
    • RDS instances
    • Lambda functions
    • Load balancers
  6. Configure CloudWatch metric import:
    • Select metric namespaces (e.g., AWS/EC2, AWS/RDS, AWS/ELB)
    • Set the polling interval (default: 60 seconds)
  7. Click Test Connection and then Save & Enable

What Gets Imported

AWS ServiceAtlasAI Data
EC2Instance inventory (CMDB), CPU/memory/disk/network metrics
ECSCluster and service inventory, container metrics
RDSDatabase instance inventory, performance metrics
LambdaFunction inventory, invocation/error/duration metrics
CloudWatch AlarmsImported as AtlasAI alert rules
ELB/ALBLoad balancer inventory, request/latency/error metrics

Resource Discovery

AWS resources are automatically added to the AtlasAI CMDB with:

  • Instance ID, name, type, and tags
  • VPC, subnet, and security group information
  • Relationships (e.g., EC2 instance runs in a subnet, serves traffic through an ALB)
  • Cost allocation tags (for FinOps integration)

Discovery runs every 5 minutes by default (configurable).

Troubleshooting

IssueSolution
Access deniedVerify the IAM policy is attached and the role trust relationship is correct
No metricsCheck that the selected CloudWatch namespaces have active metrics
Missing instancesVerify the selected regions include where your resources are deployed
Stale CMDB dataReduce the discovery interval or trigger a manual sync
PagerDutyKubernetes