Get your free Bag more 9s tote today

Connect AWS with Resolve AI

Resolve AI connects to your AWS environment through a secure, temporary-access IAM role to ingest CloudWatch metrics and logs, and query AWS APIs for infrastructure state during investigations, correlating infrastructure signals with service behavior and deployment history to surface root cause without manual dashboard work.

Read the setup docs
Amazon Web Services logo

What Resolve AI does with your AWS data

Production failures in AWS rarely have a single origin. Resolve AI ingests CloudWatch metrics and logs, and queries AWS APIs for infrastructure state, correlating them against infrastructure state, code changes, and signals from your other integrated tools to trace failures back to their source.

CloudWatch log analysis

When an incident fires, Resolve AI queries the relevant CloudWatch log groups to surface error patterns, trace request failures through Lambda functions and ECS tasks, and identify where in the execution chain things broke down.

Metric correlation across services

CPU utilization, memory pressure, request counts, error rates: Resolve AI pulls CloudWatch metrics across your configured regions and connects them to incident timelines, so spikes are understood in context rather than in isolation.

Infrastructure event awareness

During an investigation, Resolve AI queries AWS APIs and CloudWatch to reconstruct what your infrastructure was doing (Auto Scaling actions, RDS state, EC2/ELB status) at the time of the incident.

Multi-region investigation

A single IAM role configuration covers all the AWS regions you choose to expose. Resolve AI reasons across regions in a single investigation, so incidents that span availability zones or regional boundaries don't require manual cross-account correlation.

Private VPC support via Satellite

For AWS environments behind a private VPC that Resolve AI cannot reach directly, the Resolve Satellite proxies CloudWatch queries securely from within your infrastructure, with no inbound network exposure required.

Cross-stack correlation

AWS data is one layer of the picture. Resolve AI connects CloudWatch signals to Kubernetes cluster state, application traces, code changes, and alerts from your observability tools, so investigations span the full environment rather than stopping at the cloud boundary.

Only the data that matters

Resolve AI connects with the minimum permissions needed to investigate, reason, and act across your AWS environment.

CloudWatch logs
CloudWatch metrics
EC2/RDS/ELB state
Auto Scaling actions
Lambda logs
Region config

Resolve AI uses temporary, assumed-role credentials scoped to read-only access. No long-lived credentials are stored by Resolve AI's cloud, and raw AWS data is never retained outside of active investigations.

AWS integration capabilities

Everything Resolve AI ingests or queries from your AWS environment, with step-by-step docs in the setup guide.

CloudWatch log querying

Queries configured log groups to surface error patterns and trace failures through Lambda functions, ECS tasks, and other AWS services.

Read the setup guide

CloudWatch metrics & data access

Pulls metrics across regions to correlate performance signals as CPU, memory, request rates, error counts with incident timelines.

Read the setup guide

Infrastructure state querying

Queries AWS APIs and CloudWatch to reconstruct infrastructure state (Auto Scaling actions, RDS state, EC2/ELB status) during incidents.

Read the setup guide

Multi-region support

A single IAM role configuration covers all AWS regions you specify, enabling cross-region investigations without additional setup.

Read the setup guide

Private VPC proxy

For environments not reachable from Resolve AI's cloud, the Resolve Satellite proxies CloudWatch queries securely from within your infrastructure.

Read the setup guide

Log group access control

A CloudWatch Log Group Allow List lets you restrict exactly which log groups Resolve AI can query; anything outside the list is inaccessible.

Read the setup guide

Connect AWS in minutes

AWS connects through a secure IAM role using temporary credential assumption. No long-lived access keys are required for the standard setup.

01

Open the AWS integration in Resolve AI

Log in to Resolve AI, open the AWS Integration, click Add Connection, and then click View Instructions to get the custom account details you'll need for the next step.

02

Create an IAM role in AWS

In your AWS account, create a new IAM role named resolve-access-role. Set the trust relationship using the target account from the Resolve AI UI and an External ID of your choosing. Attach the following managed policies: SecurityAudit, CloudWatchReadOnlyAccess, AmazonRDSReadOnlyAccess, and IAMReadOnlyAccess. Copy the Role ARN from the IAM console.

03

Configure the integration in Resolve AI

Name the connection (e.g. Production AWS), specify your target region or regions, and paste the Role ARN and External ID. Optionally, define a CloudWatch Log Group Allow List to restrict which log groups Resolve AI can query.

04

Start investigating

Resolve AI begins correlating AWS signals immediately. For environments behind a private VPC, follow the Satellite setup before this step.

05

For private VPC environments (Satellite setup)

Create a Kubernetes secret with your AWS credentials, add the CloudWatch integration to your resolve-values.yaml, and run helm upgrade to apply. Full instructions are in the setup guide.

AWS setup guide

Frequently asked questions