> ## Documentation Index
> Fetch the complete documentation index at: https://docs.steadwing.com/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS CloudWatch

> Steadwing connects to AWS CloudWatch to query logs, metrics, and alarms automatically during incident analysis, helping you identify root causes faster.

## What does the AWS CloudWatch integration do?

Steadwing connects to AWS CloudWatch to query your logs, metrics, and alarms during incident analysis. This gives Steadwing direct access to your AWS observability data -- application logs, infrastructure metrics, alarm states, and performance data -- so it can identify root causes faster without manual log searches.

## Why Use AWS with Steadwing?

<CardGroup cols={2}>
  <Card title="Log Analysis" icon="file-text">
    Search CloudWatch Logs for errors, patterns, and stack traces
  </Card>

  <Card title="Metrics Analysis" icon="chart-line">
    Analyze performance and health metrics from CloudWatch
  </Card>

  <Card title="Alarm Monitoring" icon="bell">
    Track active and historical alarm states during incidents
  </Card>

  <Card title="Complete Picture" icon="git-merge">
    Combine AWS data with code analysis for faster RCA
  </Card>
</CardGroup>

## Prerequisites

* An AWS account with CloudWatch data
* IAM credentials with read access to CloudWatch

## How do I connect AWS CloudWatch to Steadwing?

### Step 1: Create an IAM User

1. Go to **AWS Console** → **IAM** → **Users**
2. Click **Create user**
3. Enter a username (e.g., `steadwing-readonly`)
4. Click **Next**

### Step 2: Attach Permissions

Attach the following AWS managed policies to the user:

| Policy Name                  | Purpose                                            |
| ---------------------------- | -------------------------------------------------- |
| CloudWatchReadOnlyAccess     | Read CloudWatch metrics and alarms                 |
| CloudWatchLogsReadOnlyAccess | Read CloudWatch Logs and run Logs Insights queries |

Alternatively, create a custom policy with these permissions:

```json theme={null}
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cloudwatch:DescribeAlarms",
        "cloudwatch:GetMetricData",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams",
        "logs:GetLogEvents",
        "logs:StartQuery",
        "logs:GetQueryResults",
        "logs:StopQuery"
      ],
      "Resource": "*"
    }
  ]
}
```

### Step 3: Create Access Keys

1. Open the IAM user you created
2. Go to **Security credentials** tab
3. Click **Create access key**
4. Select **Third-party service** as the use case
5. Click **Create access key**
6. Save both values:
   * **Access Key ID**
   * **Secret Access Key**

<Warning>
  Save your credentials immediately! The secret access key is shown only once. If you lose it, you'll need to create a new access key.
</Warning>

### Step 4: Connect AWS in Steadwing

1. Navigate to [Steadwing Settings](https://app.steadwing.com/settings)
2. Find the **AWS** integration card
3. Click to expand the collapsible form
4. Fill in the required fields:

| Field             | Value                                         |
| ----------------- | --------------------------------------------- |
| Access Key ID     | Your AWS access key (starts with `AKIA...`)   |
| Secret Access Key | Your AWS secret key                           |
| Region            | The AWS region to monitor (e.g., `us-east-1`) |

5. Toggle the switch to **Enable** the integration

## What data does Steadwing pull from AWS CloudWatch?

When analyzing an incident, Steadwing automatically:

1. Connects to your AWS CloudWatch using the provided credentials
2. Queries **CloudWatch Logs** - application logs, error messages, stack traces
3. Queries **CloudWatch Metrics** - performance and health data
4. Checks **CloudWatch Alarms** - active and historical alarm states
5. Correlates log errors with metric anomalies to find patterns
6. Combines findings with code analysis to identify the root cause
7. Provides evidence-based diagnosis with relevant logs and metrics

No manual searching required!

## What Data Can Steadwing Access?

Once connected, Steadwing can read:

* **CloudWatch Logs** - Application and infrastructure logs
* **CloudWatch Metrics** - Performance and health metrics
* **CloudWatch Alarms** - Active and historical alarm states

**Security:** All access is read-only. Steadwing cannot modify your AWS resources.

## Supported AWS Services

Any service that sends data to CloudWatch is supported, including:

* Lambda
* ECS / EKS
* EC2
* RDS
* API Gateway
* Step Functions
* And more

## Troubleshooting

| Issue             | Solution                                                   |
| ----------------- | ---------------------------------------------------------- |
| Connection failed | Verify your access key and secret are correct              |
| No logs found     | Ensure the region matches where your logs are stored       |
| Permission denied | Check that the IAM user has the required policies attached |

## Security

* Credentials are encrypted at rest
* We recommend using a dedicated IAM user with minimal permissions
* You can revoke access anytime by deleting the access key in AWS IAM

## Uninstall

To disconnect the integration:

1. In Steadwing Settings, disable the AWS integration
2. In AWS IAM, delete the access key:
   * Navigate to **IAM** → **Users** → your Steadwing user
   * Go to **Security credentials** tab
   * Find the access key and click **Delete**

This immediately revokes access.

## FAQs

<AccordionGroup>
  <Accordion title="Can Steadwing modify my AWS resources?">
    No. Steadwing has read-only access and can only query CloudWatch data. It cannot modify any AWS resources, configurations, or data.
  </Accordion>

  <Accordion title="Which AWS region should I use?">
    Use the region where your primary CloudWatch logs and metrics are stored. You can update this later if needed.
  </Accordion>

  <Accordion title="Can I revoke access later?">
    Yes. Simply delete the access key in AWS IAM anytime to immediately revoke access.
  </Accordion>

  <Accordion title="Does this work with multiple regions?">
    Currently, Steadwing connects to one region at a time. Use the region with your most critical services.
  </Accordion>

  <Accordion title="How much data does it query?">
    Only relevant data around the incident timeframe (typically a few hours). Queries are optimized to focus on error patterns and anomalies.
  </Accordion>

  <Accordion title="What if I use AWS Organizations?">
    Create the IAM user in the account where your CloudWatch data resides. For multi-account setups, you may need to configure cross-account access.
  </Accordion>
</AccordionGroup>

Need additional help? Please reach out to us at [hello@steadwing.com](mailto:hello@steadwing.com)
