AWS Integration
Connect your entire AWS environment to TigerOps in under 5 minutes. Monitor EC2, ECS, Lambda, RDS, S3, ELB, CloudWatch, and 40+ services with AI-powered anomaly detection and autonomous incident response.
How It Works
Create a Read-Only IAM Role
Use our provided CloudFormation template to create a cross-account IAM role with read-only permissions. No write access is ever required — your resources stay protected.
Connect Your AWS Account
Enter your AWS Account ID and the Role ARN in TigerOps. We auto-discover all enabled regions and begin listing services immediately.
Auto-Discover Resources
TigerOps scans your account and automatically begins collecting metrics from EC2, ECS, Lambda, RDS, ELB, S3, and 40+ services — no per-service configuration needed.
AI Starts Learning Immediately
Within minutes, the AI SRE builds a baseline of your AWS environment. Anomaly detection, cost correlation, and automated runbooks activate as data accumulates.
What You Get Out of the Box
CloudWatch Metrics Ingest
Pull every standard CloudWatch namespace — EC2, ECS, Lambda, RDS, ELB, and more — into TigerOps with 1-minute granularity and 13-month retention.
Multi-Region & Multi-Account
Monitor all AWS regions and consolidate multiple accounts into a single TigerOps workspace with per-account cost attribution.
Auto-Tagging & Grouping
TigerOps reads your AWS resource tags and automatically groups metrics by service, environment, team, and cost center.
Lambda Cold Start Analysis
Track cold start frequency, duration distributions, and correlate them with concurrency limits and memory configuration.
RDS Query Intelligence
Surface slow queries, lock contention events, and replica lag spikes with automatic ticket creation when SLOs are breached.
Cost Anomaly Detection
The AI SRE flags unexpected cost spikes in real time and correlates them with infrastructure changes, deployments, or traffic anomalies.
CloudFormation Setup
Deploy the IAM role using our one-click CloudFormation template or the snippet below.
# TigerOps AWS Integration — CloudFormation Template
AWSTemplateFormatVersion: '2010-09-09'
Description: TigerOps Read-Only Monitoring Role
Parameters:
TigerOpsAccountId:
Type: String
Default: '123456789012' # Replace with your TigerOps account ID
ExternalId:
Type: String
Description: External ID from TigerOps dashboard
Resources:
TigerOpsRole:
Type: AWS::IAM::Role
Properties:
RoleName: TigerOpsMonitoringRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
AWS: !Sub 'arn:aws:iam::${TigerOpsAccountId}:root'
Action: sts:AssumeRole
Condition:
StringEquals:
sts:ExternalId: !Ref ExternalId
ManagedPolicyArns:
- arn:aws:iam::aws:policy/ReadOnlyAccess
Policies:
- PolicyName: TigerOpsCloudWatch
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- cloudwatch:GetMetricData
- cloudwatch:ListMetrics
- cloudwatch:GetMetricStatistics
Resource: '*'
Outputs:
RoleArn:
Value: !GetAtt TigerOpsRole.Arn
Description: Paste this ARN into TigerOpsCommon Questions
What AWS permissions does TigerOps require?
TigerOps uses a cross-account IAM role with read-only permissions — specifically, CloudWatch:GetMetricData, ec2:Describe*, rds:Describe*, lambda:List*, ecs:Describe*, and similar read operations. We provide a CloudFormation template that creates this role automatically. Write permissions are never required.
How does TigerOps handle multiple AWS accounts and regions?
You can connect any number of AWS accounts to a single TigerOps workspace. Each account uses its own IAM role. You can then filter dashboards, alerts, and AI analysis by account, region, or cross-account — giving you a single pane of glass for your entire AWS footprint.
Does TigerOps replace CloudWatch?
No — TigerOps ingests CloudWatch metrics alongside infrastructure agent data, application traces, and logs. You keep CloudWatch for AWS-native alerting if needed, while TigerOps provides unified observability, AI-powered analysis, and cross-service correlation that CloudWatch cannot do on its own.
Can I monitor AWS Lambda cold starts and invocation errors?
Yes. TigerOps collects Lambda invocation count, duration, throttles, error count, concurrent executions, and cold start metrics. The AI SRE can automatically detect when cold start rates rise above your baseline and create an incident with remediation suggestions.
How long does setup take for a typical AWS environment?
For most accounts, from IAM role creation to first metrics appearing in TigerOps takes under 5 minutes using our CloudFormation template. Full service discovery across all regions completes within 15 minutes for accounts with hundreds of resources.
Connect AWS in Under 5 Minutes
No credit card required. Read-only permissions. SOC 2 Type II compliant.