AWS

The AWS integration allows agents to interact with your Amazon Web Services infrastructure. With 30 actions spanning compute, serverless, monitoring, storage, and identity management, your agents can answer questions about your infrastructure, check resource status, and perform routine management tasks.

Prerequisites

An active AWS account with the resources you want agents to access.
Permission to create IAM roles and run a setup stack in your AWS account (typically requires admin access).
Admin or Owner role in your Sprigr Teams organisation.

How the setup works

The AWS integration uses a cross-account IAM role for secure, credential-free access. Instead of sharing API keys, you create a role in your AWS account that Sprigr Teams can assume. This approach follows AWS security best practices:

No long-lived credentials are stored or shared
You control exactly what permissions the role has
You can revoke access at any time by deleting the role
All actions are logged in your AWS account’s audit trail

The setup process uses a guided wizard with an automated setup template that creates the IAM role with the correct permissions and trust policy.

Connecting AWS

Open the Integration Hub

Sign in to team.sprigr.com and click Integrations in the sidebar.
Find AWS

Locate the AWS card and click Connect. This opens the AWS setup wizard.
Generate an External ID

The wizard generates a unique External ID for your organisation. This ID is used as an additional security measure to prevent confused deputy attacks. Copy this ID — you will need it in the next step.
Launch the setup template

Click the Launch Stack button. This opens the AWS Console in a new tab with a pre-configured setup template. The template creates:
- An IAM role with a trust policy that allows Sprigr Teams to assume it
- A managed policy with read-only permissions for the services your agents will access
Review the permissions in the template before creating the stack. By default, the template grants read-only access to EC2, Lambda, S3, CloudWatch, and other common services. You can customise the permissions by editing the template if needed.

Acknowledge that the template will create IAM resources and click Create Stack. Wait for the stack creation to complete (usually under 2 minutes).
Enter the Role ARN

Once the stack finishes creating, go to the Outputs tab and copy the Role ARN value. Return to the Sprigr Teams setup wizard and paste the Role ARN.
Test the connection

Click Test Connection. Sprigr Teams will attempt to assume the role and make a basic API call. If the test succeeds, you will see a green success message. Click Save to finish the setup.

Available tools

EC2 (Compute)

Tool	Action	Description
`aws`	`list_instances`	List EC2 instances with optional filters (state, tags, type)
`aws`	`get_instance`	Get detailed information about a specific instance
`aws`	`start_instance`	Start a stopped instance
`aws`	`stop_instance`	Stop a running instance

Lambda (Serverless)

Tool	Action	Description
`aws`	`list_functions`	List Lambda functions
`aws`	`get_function`	Get details about a specific function
`aws`	`invoke_function`	Invoke a Lambda function with a payload
`aws`	`list_function_logs`	View recent invocation logs

CloudWatch (Monitoring and Billing)

Tool	Action	Description
`aws`	`get_metrics`	Query CloudWatch metrics for any service
`aws`	`list_alarms`	List CloudWatch alarms and their states
`aws`	`get_alarm_history`	View alarm state change history
`aws`	`get_billing`	Get current month billing summary
`aws`	`get_cost_breakdown`	Get cost breakdown by service

S3 (Storage)

Tool	Action	Description
`aws`	`list_buckets`	List S3 buckets
`aws`	`list_objects`	List objects in a bucket with prefix filtering
`aws`	`get_object`	Read an object from S3
`aws`	`put_object`	Upload an object to S3

SSM (Parameter Store)

Tool	Action	Description
`aws`	`list_parameters`	List SSM parameters
`aws`	`get_parameter`	Read a parameter value
`aws`	`put_parameter`	Create or update a parameter

IAM (Identity)

Tool	Action	Description
`aws`	`list_users`	List IAM users
`aws`	`list_roles`	List IAM roles
`aws`	`get_user`	Get details about a specific IAM user

STS and Cost Explorer

Tool	Action	Description
`aws`	`get_caller_identity`	Verify which AWS account and role is being used
`aws`	`get_cost_forecast`	Get cost forecast for the current or next month

Common use cases

Infrastructure status checks — “Are all our production instances running?” — An agent queries EC2 and returns a quick summary of instance states.
Billing monitoring — “How much have we spent on AWS this month?” — The agent pulls the current billing data and breaks it down by service.
Alarm triage — “What CloudWatch alarms are firing right now?” — The agent lists all alarms in ALARM state and provides details about what triggered them.
Log investigation — “Show me the recent errors for our payment-processor Lambda function” — The agent retrieves recent invocation logs and highlights errors.
Daily infrastructure reports — A scheduled workflow queries key metrics, alarm states, and billing data, then sends a morning summary to the team.

Troubleshooting

“Access denied” or “AssumeRole failed” Verify that the Role ARN is correct and the trust policy includes the right External ID. Check the stack outputs in your AWS Console.

Missing resources in results The IAM role may not have permissions for the service or region you are querying. Check the policy attached to the role and ensure it covers the needed services.

Slow responses Queries across all regions can take longer. If possible, have the agent specify a region in the query to speed up results.

Stack creation failed Check the Events tab in the AWS Console for the specific error. Common issues include insufficient IAM permissions for the user creating the stack or a naming conflict with existing resources.

Next steps

GCP — Connect Google Cloud Platform alongside or instead of AWS.
Integrations Overview — See all available integrations.
Workflows — Automate infrastructure checks and reporting with workflows.