OpsCompanion Docs
Integrations

Amazon Web Services (AWS)

Connect OpsCompanion to your AWS accounts for comprehensive cloud monitoring and security

Amazon Web Services (AWS) Integration

Connect your Amazon Web Services (AWS) accounts to OpsCompanion for real-time monitoring, security insights, and compliance tracking.

Quick Start

Get started in under 5 minutes:

  1. Run the Terraform Module - Automated IAM role creation with read-only access
  2. Register Your Account - Add your IAM role ARN to OpsCompanion
  3. Start Monitoring - View resources, CloudTrail logs, and security recommendations

Get Started →

What You Can Monitor

Compute Resources

  • EC2 - Instances, AMIs, volumes, snapshots, security groups
  • ECS - Clusters, services, tasks, task definitions
  • EKS - Kubernetes clusters, node groups, add-ons
  • Lambda - Functions, layers, aliases, event sources

Storage & Databases

  • S3 - Buckets, objects, access policies
  • RDS - Database instances, snapshots, parameter groups
  • DynamoDB - Tables, indexes, backups
  • EFS - File systems, mount targets, access points

Networking

  • VPC - Virtual private clouds, subnets, route tables
  • Security Groups - Inbound/outbound rules
  • Load Balancers - ALB, NLB, CLB configurations
  • Route53 - DNS zones, records, health checks

Security & Identity

  • IAM - Users, roles, policies, groups
  • Secrets Manager - Secrets (metadata only)
  • KMS - Keys, aliases, grants
  • CloudTrail - Audit logs and trails
  • GuardDuty - Security findings

Operations

  • CloudWatch - Metrics, alarms, logs, dashboards
  • CloudFormation - Stacks, stack sets, change sets
  • Systems Manager - Parameters, patches, compliance
  • Config - Configuration history and compliance

Permissions Model

Read-Only Access

OpsCompanion uses an IAM role with read-only permissions. This means it can see and analyze your environment but cannot make any changes.

Can access:

  • Resource metadata and configurations
  • CloudWatch metrics and logs
  • CloudTrail audit logs
  • Cost and billing information
  • IAM policies

Cannot access or modify:

  • Create, update, or delete resources
  • Change IAM policies
  • Secret values or credentials
  • Billing settings or payment methods

Cross-Account Access

Uses AWS IAM role assumption with an external ID for secure cross-account access without requiring access keys.

Setup Guides

IAM Role Setup

Complete guide to setting up read-only access for account monitoring

Architecture

┌─────────────────────────────────────────┐
│         Your AWS Account                │
│                                         │
│  ┌────────────────────────────────┐     │
│  │  IAM Role (ReadOnly)           │     │
│  │  opscompanion-readonly-role    │     │
│  │                                │     │
│  │  Trust Policy:                 │     │
│  │  - OpsCompanion Account        │     │
│  │  - External ID Required        │     │
│  └──────────┬─────────────────────┘     │
│             │                           │
│             │ AssumeRole                │
│             │                           │
└─────────────┼───────────────────────────┘

┌─────────────▼─────────────────────────────┐
│         OpsCompanion Platform             │
│                                           │
└───────────────────────────────────────────┘

Support

Need help? We're here:

GCP Integration Setup Guide

Connect your GCP projects to OpsCompanion using Terraform

AWS Integration Setup Guide

Connect your AWS accounts to OpsCompanion using Terraform

On this page

Amazon Web Services (AWS) IntegrationQuick StartWhat You Can MonitorCompute ResourcesStorage & DatabasesNetworkingSecurity & IdentityOperationsPermissions ModelRead-Only AccessCross-Account AccessSetup GuidesArchitectureSupport