Epsagon Documentation

Welcome to the Epsagon Documentation. You'll find comprehensive guides and documentation to help you start working with our product as quickly as possible. Let's jump right in!

Get Started

Permissions

The following permissions are being created with the IAM role included in CloudFormation stack:

[
  // Read data and correlate logs from CloudWatch
  "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess",
  // Lambda monitoring
  "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess",
  // Enriching data on Step Functions
  "arn:aws:iam::aws:policy/AWSStepFunctionsReadOnlyAccess",
  // Enriching data from X-Ray
  "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess",
  // Showing metrics for AWS resources from CloudWatch Metrics and Events
  "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess",
  // AppSync monitoring
  "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
  "arn:aws:iam::aws:policy/AWSAppSyncAdministrator"
]
[
  // Subscribing logs directly from CloudWatch Logs to Epsagon
  "logs:PutSubscriptionFilter",
  "logs:DeleteSubscriptionFilter",
  // Enabling auto-tracing for Lambda functions through Epsagon
  "lambda:UpdateFunctionConfiguration",
  // Enriching AWS Batch jobs data
  "batch:Describe*",
  // ECS monitoring
  "ecs:Describe*",
  "ecs:List*",
  // EC2 metadata for ECS monitoring
  "ec2:Describe*",
  "ec2:Get*",
  "application-autoscaling:Describe*",
  "autoscaling:Describe*",
  "elasticloadbalancing:Describe*",
  "iam:PassRole"
]

📘

Custom permissions

If needed, we can customize the permissions to fit your needs. Contact us for more information.

The IAM role is using the AWS best practices of cross-account permissions, and being enforced with an external ID that is unique to your account.

Other resources that are optionally being created, include:

  1. EpsagonCloudTrail - Send events to Epsagon on updates and changes in ECS, Lambda, and other resources. This includes: EpsagonCloudTrailToCloudWatchLogsRole, EpsagonTrailBucketPolicy, EpsagonLogGroup, EpsagonTrailBucket
  2. EpsagonReporter - Automatically send a notification to Epsagon upon stack create completion. It is not a real resource.

Updated about a year ago


Permissions


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.