Skip to main content

CloudWatch & Datadog Integration

If your AI workloads log to AWS CloudWatch or Datadog, you can forward those events to Igris for unified compliance tracking.

AWS CloudWatch

Setup with Lambda Forwarder

Create a Lambda function that subscribes to your CloudWatch log group and forwards AI-related events to Igris. 1. Create the Lambda function: 
const https = require("https");

exports.handler = async (event) => {
  const payload = Buffer.from(event.awslogs.data, "base64");
  const parsed = JSON.parse(require("zlib").gunzipSync(payload).toString());

  const events = parsed.logEvents.map((e) => ({
    message: e.message,
    timestamp: new Date(e.timestamp).toISOString()
  }));

  const response = await fetch(
    `${process.env.IGRIS_URL}/api/v1/ingest/cloudwatch`,
    {
      method: "POST",
      headers: {
        "Authorization": `Bearer ${process.env.IGRIS_API_KEY}`,
        "Content-Type": "application/json"
      },
      body: JSON.stringify({
        logGroup: parsed.logGroup,
        logStream: parsed.logStream,
        events
      })
    }
  );

  return { statusCode: response.status };
};
2. Subscribe to your log group: 
aws logs put-subscription-filter \
  --log-group-name "/aws/lambda/my-ai-service" \
  --filter-name "igris-forwarder" \
  --filter-pattern "" \
  --destination-arn "arn:aws:lambda:us-east-1:123456:function:igris-forwarder"
3. Set environment variables on the Lambda:
  • IGRIS_URL — your Igris deployment URL
  • IGRIS_API_KEY — your ingestion API key

Endpoint

POST /api/v1/ingest/cloudwatch

Datadog APM

Setup with Webhook

Use Datadog’s Webhook Integration to forward APM events to Igris. 1. Add webhook in Datadog: Go to Integrations → Webhooks and create:
  • Name: igris-ingest
  • URL: https://your-igris.fly.dev/api/v1/ingest/datadog
  • Headers: 
    {
  "Authorization": "Bearer ig_your_api_key_here",
  "Content-Type": "application/json"
}
  • Payload: 
    {
  "title": "$EVENT_TITLE",
  "type": "$EVENT_TYPE",
  "tags": "$TAGS",
  "body": "$EVENT_MSG",
  "timestamp": "$LAST_UPDATED"
}
2. Create a Monitor that triggers the webhook on AI-related events (e.g., tag filter service:ai-gateway).

Endpoint

POST /api/v1/ingest/datadog

Payload Normalization

Both providers are normalized to the standard audit event format:
Source FieldIgris Field
Log message / event bodyParsed for tool name, action, metadata
Timestamptimestamp
Log group / service tagmetadata.source_detail
Trace/request IDmetadata.traceId
CloudWatch and Datadog events are best-effort parsed. For structured AI logs, consider using the Raw JSON endpoint with your own normalization.