Skip to main content

Overview

The AWS CloudWatch integration enables Steadwing to access your CloudWatch logs, metrics, and alarms during incident analysis. This helps our AI identify root causes faster by analyzing your AWS observability data - from application logs and infrastructure metrics to alarm states and performance data.

Why Use AWS with Steadwing?

Log Analysis

Search CloudWatch Logs for errors, patterns, and stack traces

Metrics Analysis

Analyze performance and health metrics from CloudWatch

Alarm Monitoring

Track active and historical alarm states during incidents

Complete Picture

Combine AWS data with code analysis for faster RCA

Prerequisites

  • An AWS account with CloudWatch data
  • IAM credentials with read access to CloudWatch

Setup Instructions

Step 1: Create an IAM User

  1. Go to AWS ConsoleIAMUsers
  2. Click Create user
  3. Enter a username (e.g., steadwing-readonly)
  4. Click Next

Step 2: Attach Permissions

Attach the following AWS managed policies to the user:
Policy NamePurpose
CloudWatchReadOnlyAccessRead CloudWatch metrics and alarms
CloudWatchLogsReadOnlyAccessRead CloudWatch Logs and run Logs Insights queries
Alternatively, create a custom policy with these permissions: 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cloudwatch:DescribeAlarms",
        "cloudwatch:GetMetricData",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams",
        "logs:GetLogEvents",
        "logs:StartQuery",
        "logs:GetQueryResults",
        "logs:StopQuery"
      ],
      "Resource": "*"
    }
  ]
}

Step 3: Create Access Keys

  1. Open the IAM user you created
  2. Go to Security credentials tab
  3. Click Create access key
  4. Select Third-party service as the use case
  5. Click Create access key
  6. Save both values:
    • Access Key ID
    • Secret Access Key
Save your credentials immediately! The secret access key is shown only once. If you lose it, you’ll need to create a new access key.

Step 4: Connect AWS in Steadwing

  1. Navigate to Steadwing Settings
  2. Find the AWS integration card
  3. Click to expand the collapsible form
  4. Fill in the required fields:
FieldValue
Access Key IDYour AWS access key (starts with AKIA...)
Secret Access KeyYour AWS secret key
RegionThe AWS region to monitor (e.g., us-east-1)
  1. Toggle the switch to Enable the integration

Step 5: Verify Connection

  1. Return to Steadwing Settings
  2. Confirm the AWS integration shows as Connected
  3. You’re all set! Steadwing will now use your CloudWatch data during incident analysis

How It Works

When analyzing an incident, Steadwing automatically:
  1. Connects to your AWS CloudWatch using the provided credentials
  2. Queries CloudWatch Logs - application logs, error messages, stack traces
  3. Queries CloudWatch Metrics - performance and health data
  4. Checks CloudWatch Alarms - active and historical alarm states
  5. Correlates log errors with metric anomalies to find patterns
  6. Combines findings with code analysis to identify the root cause
  7. Provides evidence-based diagnosis with relevant logs and metrics
No manual searching required!

What Data Can Steadwing Access?

Once connected, Steadwing can read:
  • CloudWatch Logs - Application and infrastructure logs
  • CloudWatch Metrics - Performance and health metrics
  • CloudWatch Alarms - Active and historical alarm states
Security: All access is read-only. Steadwing cannot modify your AWS resources.

Supported AWS Services

Any service that sends data to CloudWatch is supported, including:
  • Lambda
  • ECS / EKS
  • EC2
  • RDS
  • API Gateway
  • Step Functions
  • And more

Troubleshooting

IssueSolution
Connection failedVerify your access key and secret are correct
No logs foundEnsure the region matches where your logs are stored
Permission deniedCheck that the IAM user has the required policies attached

Security

  • Credentials are encrypted at rest
  • We recommend using a dedicated IAM user with minimal permissions
  • You can revoke access anytime by deleting the access key in AWS IAM

Uninstall

To disconnect the integration:
  1. In Steadwing Settings, disable the AWS integration
  2. In AWS IAM, delete the access key:
    • Navigate to IAMUsers → your Steadwing user
    • Go to Security credentials tab
    • Find the access key and click Delete
This immediately revokes access.

FAQs

No. Steadwing has read-only access and can only query CloudWatch data. It cannot modify any AWS resources, configurations, or data.
Use the region where your primary CloudWatch logs and metrics are stored. You can update this later if needed.
Yes. Simply delete the access key in AWS IAM anytime to immediately revoke access.
Currently, Steadwing connects to one region at a time. Use the region with your most critical services.
Only relevant data around the incident timeframe (typically a few hours). Queries are optimized to focus on error patterns and anomalies.
Create the IAM user in the account where your CloudWatch data resides. For multi-account setups, you may need to configure cross-account access.
Need additional help? Please reach out to us at [email protected]