Skip to main content

Overview

Connect CodeWolf to your AWS infrastructure for comprehensive monitoring across EC2, Lambda, ECS, and other AWS services.

Prerequisites

  • AWS account with appropriate IAM permissions
  • AWS CLI configured
  • CodeWolf account

Setup

1

Create IAM role

Create an IAM role for CodeWolf with the necessary permissions.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cloudwatch:GetMetricData",
        "cloudwatch:ListMetrics",
        "ec2:DescribeInstances",
        "lambda:ListFunctions",
        "ecs:ListClusters",
        "logs:FilterLogEvents"
      ],
      "Resource": "*"
    }
  ]
}
2

Configure trust relationship

Set up a trust relationship allowing CodeWolf to assume the role.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::CODEWOLF_ACCOUNT_ID:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "YOUR_EXTERNAL_ID"
        }
      }
    }
  ]
}
Get your External ID from the CodeWolf dashboard under Integrations > AWS.
3

Connect to CodeWolf

In the CodeWolf dashboard, go to Integrations > AWS.Enter your IAM role ARN and click Connect.

Supported services

EC2

Monitor EC2 instances:
  • Instance health and status
  • CPU and memory utilization
  • Network traffic
  • Disk I/O

Lambda

Track serverless functions:
  • Invocation count and errors
  • Duration and timeout monitoring
  • Cold start analysis
  • Memory usage optimization

ECS/Fargate

Monitor containerized applications:
  • Task and service health
  • Resource utilization
  • Deployment tracking
  • Auto-scaling events

RDS

Database monitoring:
  • Query performance
  • Connection pooling
  • Storage utilization
  • Backup status

CloudWatch integration

CodeWolf automatically imports:
  • Custom metrics
  • Log groups
  • Alarms and events
  • Dashboards

Configuration

region
string
default:"us-east-1"
Primary AWS region for monitoring
multi_region
boolean
default:"false"
Enable monitoring across multiple regions
services
array
List of AWS services to monitor: ["ec2", "lambda", "ecs", "rds"]
polling_interval
integer
default:"60"
Metrics collection interval in seconds

CloudFormation template

Deploy CodeWolf integration using CloudFormation: 
AWSTemplateFormatVersion: '2010-09-09'
Description: CodeWolf AWS Integration

Parameters:
  ExternalId:
    Type: String
    Description: External ID from CodeWolf dashboard

Resources:
  CodeWolfRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: CodeWolfIntegrationRole
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              AWS: arn:aws:iam::CODEWOLF_ACCOUNT_ID:root
            Action: sts:AssumeRole
            Condition:
              StringEquals:
                sts:ExternalId: !Ref ExternalId
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/ReadOnlyAccess

Outputs:
  RoleARN:
    Description: ARN of the CodeWolf integration role
    Value: !GetAtt CodeWolfRole.Arn
Deploy the stack: 
aws cloudformation create-stack \
  --stack-name codewolf-integration \
  --template-body file://cloudformation.yaml \
  --parameters ParameterKey=ExternalId,ParameterValue=YOUR_EXTERNAL_ID \
  --capabilities CAPABILITY_NAMED_IAM

Security best practices

Follow AWS security best practices when integrating CodeWolf:
  • Use least privilege IAM policies
  • Enable MFA for sensitive operations
  • Regularly rotate access keys
  • Monitor CloudTrail for API activity
  • Use VPC endpoints for private connectivity

Troubleshooting

  • Verify the External ID matches exactly
  • Check that the trust relationship is configured correctly
  • Ensure the IAM role has necessary permissions
  • Confirm the role ARN is correct
  • Verify CloudWatch metrics are being published
  • Check IAM permissions include cloudwatch:GetMetricData
  • Ensure the correct region is selected
Review the IAM policy and add missing permissions. Check CloudTrail logs for specific denied actions.