VinTekh
All sources
Integration

AWS CloudWatch Logs

Run CloudWatch Logs Insights queries against your VPC Flow Logs, CloudTrail, and any other log group from anywhere in VinTekh — Resource Detail flows tab, Investigation evidence, ad-hoc queries. IAM scope: logs:StartQuery + logs:GetQueryResults.

Connect with IAM access key

Auth mode: IAMUser

How you'll see this source in the list.

IAM user with logs:StartQuery + logs:GetQueryResults on the log groups.

Encrypted at rest with AES-GCM. Never logged.

Where the log groups live.

Comma-separated. The Insights queries are scoped to these by default.

Credentials are encrypted at rest with AES-GCM. Never logged.

One-line bootstrap

Run once in AWS CloudShell

USER=vintekh-logs-reader
aws iam create-user --user-name "$USER"
aws iam put-user-policy --user-name "$USER" \
  --policy-name VintekhLogsRead \
  --policy-document '{
    "Version": "2012-10-17",
    "Statement": [{
      "Effect": "Allow",
      "Action": [
        "logs:StartQuery",
        "logs:GetQueryResults",
        "logs:DescribeLogGroups"
      ],
      "Resource": "*"
    }]
  }'
aws iam create-access-key --user-name "$USER"
Insights query syntax