CloudCloudWatch Metric Streams + IAM

AWS CloudWatch Integration

Ingest CloudWatch metrics and alarms directly into TigerOps for unified cloud visibility. Correlate AWS infrastructure signals with application performance and get AI-powered anomaly detection across all namespaces.

Connect CloudWatch Book a Demo

Setup

How It Works

Deploy CloudFormation Stack

Launch the TigerOps CloudFormation template in your AWS account. It creates an IAM role with the minimum permissions needed to read CloudWatch metrics and stream them to TigerOps.

Configure Metric Streams

Enable CloudWatch Metric Streams with OpenTelemetry output format. TigerOps auto-configures a Kinesis Firehose delivery stream to forward all namespaces or a filtered subset.

Map Alarms to Incidents

Connect your existing CloudWatch Alarms via SNS to TigerOps. Alarm state transitions are enriched with correlated metrics and routed to the correct on-call team automatically.

Build Unified Dashboards

TigerOps merges CloudWatch data with metrics from your applications, databases, and Kubernetes clusters so you see the full picture on a single dashboard without switching consoles.

Capabilities

What You Get Out of the Box

Metric Streams Ingestion

Near-real-time CloudWatch metric ingestion via Kinesis Firehose and Metric Streams. Supports all AWS namespaces including custom metrics with no polling latency.

Alarm State Synchronisation

CloudWatch Alarm state changes (OK, ALARM, INSUFFICIENT_DATA) are captured via SNS and surfaced as incidents in TigerOps with full metric context.

Cross-Namespace Correlation

Automatically correlate EC2 CPU spikes with RDS connection exhaustion, Lambda throttles with SQS queue depth, and more across all AWS namespaces.

Custom Metric Support

Ingest application-level custom metrics published to CloudWatch alongside infrastructure metrics. Unified search and alerting across all metric sources.

AI Anomaly Detection

TigerOps applies ML-based anomaly detection on top of CloudWatch data to surface unusual patterns that static thresholds miss — with zero configuration.

Cost-Aware Alerting

Correlate CloudWatch billing metrics with usage spikes. TigerOps alerts you when a cost anomaly is detected and links it to the responsible AWS resource.

Configuration

CloudFormation Stack Setup

Deploy the TigerOps CloudWatch integration with a single CloudFormation command.

cloudwatch-integration.sh

# Deploy TigerOps CloudWatch integration via CloudFormation
aws cloudformation deploy \
  --template-url https://tigerops-cfn.s3.amazonaws.com/cloudwatch-integration.yaml \
  --stack-name tigerops-cloudwatch \
  --capabilities CAPABILITY_IAM \
  --parameter-overrides \
    TigerOpsApiKey=${TIGEROPS_API_KEY} \
    TigerOpsIngestEndpoint=https://ingest.atatus.net/api/v1/write \
    IncludeNamespaces="AWS/EC2,AWS/RDS,AWS/Lambda,AWS/ECS,AWS/ApplicationELB" \
    StreamOutputFormat=opentelemetry0.7

# Verify the Metric Stream was created
aws cloudwatch list-metric-streams --query 'Entries[*].Name'

# Attach existing CloudWatch Alarm to TigerOps SNS topic
aws cloudwatch put-metric-alarm \
  --alarm-name my-cpu-alarm \
  --alarm-actions arn:aws:sns:us-east-1:123456789:tigerops-alerts \
  --ok-actions arn:aws:sns:us-east-1:123456789:tigerops-alerts

# IAM policy (least-privilege, created by CloudFormation)
# {
#   "Version": "2012-10-17",
#   "Statement": [
#     {
#       "Effect": "Allow",
#       "Action": [
#         "cloudwatch:GetMetricStream",
#         "cloudwatch:ListMetricStreams",
#         "cloudwatch:PutMetricStream",
#         "firehose:PutRecord",
#         "firehose:PutRecordBatch"
#       ],
#       "Resource": "*"
#     }
#   ]
# }

FAQ

Common Questions

How does TigerOps connect to CloudWatch without a polling agent?

TigerOps uses CloudWatch Metric Streams with a Kinesis Data Firehose delivery stream. This is a push-based mechanism — AWS pushes metrics to TigerOps every 60 seconds or faster, eliminating the need for a polling agent inside your VPC.

What IAM permissions are required?

The CloudFormation stack creates an IAM role with cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, cloudwatch:PutMetricStream, firehose:PutRecord, and firehose:PutRecordBatch. No read access to your application data is required.

Can I filter which namespaces are streamed to TigerOps?

Yes. During setup you can specify an inclusion or exclusion list of CloudWatch namespaces. For example you can stream only AWS/EC2, AWS/RDS, and AWS/Lambda while excluding high-cardinality namespaces you do not need.

How are existing CloudWatch Alarms integrated?

Add the TigerOps SNS topic as a notification target on any CloudWatch Alarm. State transitions are forwarded to TigerOps and enriched with the underlying metric values and correlated signals before routing to your on-call schedule.

Does TigerOps support CloudWatch Logs Insights?

TigerOps ingests structured CloudWatch Logs via a Lambda-based subscription filter. Log events are indexed alongside metrics and traces so you can jump from a metric spike to the correlated log lines in one click.

Get Started

Unify CloudWatch with the Rest of Your Stack

Near-real-time metric streams, alarm routing, and AI anomaly detection. Deploy in under 10 minutes.

Start Free Talk to an Engineer

Explore More

Related Integrations

View all 275+ integrations