:integrations-agent"
}
}
}
]
}
```
3. Click on **Next** twice (we'll attach permissions later)
4. Provide a name for the role
5. Click on **Create Role**
4. Go to your newly created role
1. In the **Permissions** section, click on **Add permissions** and then **Create inline policy**
2. Click on **JSON** and paste the following:\
{
"Version": "2012-10-17",
"Id": "groundcover-integrations-agent",
"Statement": [
{
"Action": [
"tag:GetResources",
"storagegateway:ListTagsForResource",
"storagegateway:ListGateways",
"shield:ListProtections",
"iam:ListAccountAliases",
"ec2:DescribeTransitGatewayAttachments",
"ec2:DescribeSpotFleetRequests",
"dms:DescribeReplicationTasks",
"dms:DescribeReplicationInstances",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:GetMetricData",
"autoscaling:DescribeAutoScalingGroups",
"aps:ListWorkspaces",
"apigateway:GET",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
"s3:GetBucketTagging",
"sqs:ListQueues",
"sqs:GetQueueAttributes",
"rds:DescribeDBInstances",
"rds:DescribeDBClusters",
"lambda:ListFunctions",
"elasticache:DescribeCacheClusters",
"elasticache:DescribeServerlessCaches",
"elasticloadbalancing:DescribeLoadBalancers",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"dynamodb:DescribeTable",
"airflow:GetEnvironment",
"airflow:ListEnvironments",
"ecs:ListClusters",
"ecs:DescribeClusters",
"ecs:ListServices",
"ecs:DescribeServices",
"ecs:ListTasks",
"ecs:DescribeTasks",
"es:ListDomainNames",
"cloudfront:ListDistributions"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
3. Click on **Next**
4. Give the policy a name
5. Click on **Create Policy**
### Step 2: Configure AWS Integration
Add the following values to sensor helm values:
```yaml
global:
integrations:
agent:
enabled: true
integrationsAgent:
serviceAccount:
annotations:
"eks.amazonaws.com/role-arn":
targets:
cloudwatch:
- name:
stsRegion:
interval: 5m
regions:
-
namespaces:
-
roleArn:
extraLabels:
environment: "prod" # optional
awsInventory: # add this to add auto discovery of AWS resources
- name: "aws-inventory"
enabled: true
stsRegion:
roleArns:
-
regions:
-
interval: 5m
namespaces:
-
```
### Verification
After 5 minutes, data collection should happen at least once and you could monitor your integration:
1. Navigate to the [Data Explorer page](https://app.groundcover.com/explore/data-explorer), search for the following metric `groundcover_data_sources_collected_entries_total.` The number of returned results should match the expected number of results.
2. Navigate to the [Traces page](https://app.groundcover.com/traces) and apply the following filter `source:groundcover-platform integration.name:`. The page will show the latest results of running the integration. In case of errors, open the trace to see more details.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.groundcover.com/integrations/data-sources/aws/adding-aws-integration-with-a-backend-on-another-cloud-provider.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.