The following permissions are being created with the IAM role included in CloudFormation stack:

  // Read data and correlate logs from CloudWatch
  // Lambda monitoring
  // Enriching data on Step Functions
  // Enriching data from X-Ray
  // Showing metrics for AWS resources from CloudWatch Metrics and Events
  // AppSync monitoring
  // Subscribing logs directly from CloudWatch Logs to Epsagon
  // Enabling auto-tracing for Lambda functions through Epsagon
  // Enriching AWS Batch jobs data
  // ECS monitoring
  // EC2 metadata for ECS monitoring


Custom permissions

If needed, we can customize the permissions to fit your needs. Contact us for more information.

The IAM role is using the AWS best practices of cross-account permissions, and being enforced with an external ID that is unique to your account.

Other resources that are optionally being created, include:

  1. EpsagonCloudTrail - Send events to Epsagon on updates and changes in ECS, Lambda, and other resources. This includes: EpsagonCloudTrailToCloudWatchLogsRole, EpsagonTrailBucketPolicy, EpsagonLogGroup, EpsagonTrailBucket
  2. EpsagonReporter - Automatically send a notification to Epsagon upon stack create completion. It is not a real resource.

Did this page help you?