Connect AWS with Resolve AI
Resolve AI connects to your AWS environment through a secure, temporary-access IAM role to ingest CloudWatch metrics and logs, and query AWS APIs for infrastructure state during investigations, correlating infrastructure signals with service behavior and deployment history to surface root cause without manual dashboard work.
Read the setup docs
What Resolve AI does with your AWS data
Production failures in AWS rarely have a single origin. Resolve AI ingests CloudWatch metrics and logs, and queries AWS APIs for infrastructure state, correlating them against infrastructure state, code changes, and signals from your other integrated tools to trace failures back to their source.
CloudWatch log analysis
When an incident fires, Resolve AI queries the relevant CloudWatch log groups to surface error patterns, trace request failures through Lambda functions and ECS tasks, and identify where in the execution chain things broke down.
Metric correlation across services
CPU utilization, memory pressure, request counts, error rates: Resolve AI pulls CloudWatch metrics across your configured regions and connects them to incident timelines, so spikes are understood in context rather than in isolation.
Infrastructure event awareness
During an investigation, Resolve AI queries AWS APIs and CloudWatch to reconstruct what your infrastructure was doing (Auto Scaling actions, RDS state, EC2/ELB status) at the time of the incident.
Multi-region investigation
A single IAM role configuration covers all the AWS regions you choose to expose. Resolve AI reasons across regions in a single investigation, so incidents that span availability zones or regional boundaries don't require manual cross-account correlation.
Private VPC support via Satellite
For AWS environments behind a private VPC that Resolve AI cannot reach directly, the Resolve Satellite proxies CloudWatch queries securely from within your infrastructure, with no inbound network exposure required.
Cross-stack correlation
AWS data is one layer of the picture. Resolve AI connects CloudWatch signals to Kubernetes cluster state, application traces, code changes, and alerts from your observability tools, so investigations span the full environment rather than stopping at the cloud boundary.
Only the data that matters
Resolve AI connects with the minimum permissions needed to investigate, reason, and act across your AWS environment.
Resolve AI uses temporary, assumed-role credentials scoped to read-only access. No long-lived credentials are stored by Resolve AI's cloud, and raw AWS data is never retained outside of active investigations.
AWS integration capabilities
Everything Resolve AI ingests or queries from your AWS environment, with step-by-step docs in the setup guide.
CloudWatch log querying
Queries configured log groups to surface error patterns and trace failures through Lambda functions, ECS tasks, and other AWS services.
CloudWatch metrics & data access
Pulls metrics across regions to correlate performance signals as CPU, memory, request rates, error counts with incident timelines.
Infrastructure state querying
Queries AWS APIs and CloudWatch to reconstruct infrastructure state (Auto Scaling actions, RDS state, EC2/ELB status) during incidents.
Multi-region support
A single IAM role configuration covers all AWS regions you specify, enabling cross-region investigations without additional setup.
Private VPC proxy
For environments not reachable from Resolve AI's cloud, the Resolve Satellite proxies CloudWatch queries securely from within your infrastructure.
Log group access control
A CloudWatch Log Group Allow List lets you restrict exactly which log groups Resolve AI can query; anything outside the list is inaccessible.
Connect AWS in minutes
AWS connects through a secure IAM role using temporary credential assumption. No long-lived access keys are required for the standard setup.
Open the AWS integration in Resolve AI
Log in to Resolve AI, open the AWS Integration, click Add Connection, and then click View Instructions to get the custom account details you'll need for the next step.
Create an IAM role in AWS
In your AWS account, create a new IAM role named resolve-access-role. Set the trust relationship using the target account from the Resolve AI UI and an External ID of your choosing. Attach the following managed policies: SecurityAudit, CloudWatchReadOnlyAccess, AmazonRDSReadOnlyAccess, and IAMReadOnlyAccess. Copy the Role ARN from the IAM console.
Configure the integration in Resolve AI
Name the connection (e.g. Production AWS), specify your target region or regions, and paste the Role ARN and External ID. Optionally, define a CloudWatch Log Group Allow List to restrict which log groups Resolve AI can query.
Start investigating
Resolve AI begins correlating AWS signals immediately. For environments behind a private VPC, follow the Satellite setup before this step.
For private VPC environments (Satellite setup)
Create a Kubernetes secret with your AWS credentials, add the CloudWatch integration to your resolve-values.yaml, and run helm upgrade to apply. Full instructions are in the setup guide.



