AWS

Connecting your AWS account to NOFire AI enables automatic discovery and monitoring of your AWS infrastructure across multiple regions. NOFire AI discovers:

RDS Instances - MySQL, PostgreSQL, MariaDB, Oracle, SQL Server databases
Aurora Clusters - Including cluster members and read replicas
ElastiCache Clusters - Redis and Memcached deployments
Lambda Functions - Serverless functions with complete configuration
Multi-Region Support - Discover resources across all your specified AWS regions

This metadata enhances NOFire AI’s understanding of your infrastructure landscape, enabling deeper context for investigations and root cause analysis. To ensure a smooth integration, we follow AWS’s best practices by utilizing an assumed role and external ID for secure access.

Step 1: Create IAM Role

Navigate to AWS IAM console

Access the AWS Management Console using an account that has the necessary permissions to create IAM roles. Then, proceed with the steps outlined below:

Access IAM: Navigate to the IAM service in the AWS console.
Create a new role: In the navigation pane on the left, choose Roles > Create role.
Enter credentials:
- Add NOFire AI’s Account ID: In the Account ID input box, paste the NOFire AI AWS Account ID: 593113792344. This will give us access to the IAM role.
- Add an External ID: Under Options, enter a unique external ID (you’ll need this later). You can generate one or use the one provided in the NOFire AI dashboard.
Assign permissions: On the permissions console, search for and attach these AWS managed policies:
- ReadOnlyAccess - Provides comprehensive readonly access across all AWS services
- CloudWatchLogsReadOnlyAccess - Enables log querying and analysis
- AmazonRDSPerformanceInsightsReadOnly - Provides deep RDS database performance insights
AWS managed policies are automatically maintained and updated by AWS, ensuring you always have the latest permissions for new services without manual updates.
Search for “ReadOnlyAccess” in the AWS managed policies, select it, then repeat for the other two policies. Click Next when done.
Finalize and review:
- Role name: Enter a descriptive name (e.g., nofireai-readonly-role)
- Description: Add an optional description (e.g., “NOFire AI readonly access for infrastructure discovery”)
- Review the three attached policies and trust relationship
If everything looks correct, click the Create role button at the bottom right corner.
Copy the Role ARN: Once the role is created, navigate to it and copy the role ARN. You’ll need this to complete the connection setup on the NOFire AI dashboard.

Alternative: Create role using AWS CLI

For automation or scripting, you can create the IAM role using the AWS CLI:

# Set your variables
NOFIREAI_ACCOUNT_ID="593113792344"
EXTERNAL_ID="your-unique-external-id"
ROLE_NAME="nofireai-readonly-role"

# Create trust policy
cat > trust-policy.json <<EOF
{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": {"AWS": "arn:aws:iam::${NOFIREAI_ACCOUNT_ID}:root"},
    "Action": "sts:AssumeRole",
    "Condition": {"StringEquals": {"sts:ExternalId": "${EXTERNAL_ID}"}}
  }]
}
EOF

# Create role and attach policies
aws iam create-role \
  --role-name ${ROLE_NAME} \
  --assume-role-policy-document file://trust-policy.json \
  --description "NOFire AI readonly access for infrastructure discovery"

# Attach managed policies
aws iam attach-role-policy \
  --role-name ${ROLE_NAME} \
  --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess

aws iam attach-role-policy \
  --role-name ${ROLE_NAME} \
  --policy-arn arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess

aws iam attach-role-policy \
  --role-name ${ROLE_NAME} \
  --policy-arn arn:aws:iam::aws:policy/AmazonRDSPerformanceInsightsReadOnly

# Get Role ARN
aws iam get-role --role-name ${ROLE_NAME} --query 'Role.Arn' --output text

Step 2: Add AWS Connection to NOFire AI

Navigate to the Connections Tab

Select AWS: From the list of available connections, select AWS. Click Next at the top right corner.
Enter connection details:
- Connection name - A descriptive name for this connection (e.g., “Production AWS”, “Staging Environment”)
- Role ARN - The IAM role ARN you copied from AWS (e.g., arn:aws:iam::123456789012:role/nofireai-readonly-role)
- External ID - The unique external ID you used when creating the role
- Regions - Select one or more AWS regions to discover (e.g., us-east-1, us-west-2, eu-west-1)
  Only select regions where you have active resources to optimize discovery time and reduce costs.
  Click Save to create the connection.
Connection initialization: Once the connection is established, NOFire AI automatically:
- Validates the IAM role and permissions
- Discovers RDS instances, Aurora clusters, ElastiCache clusters, and Lambda functions across specified regions
- Builds the infrastructure graph and tracks relationships
- Updates the connection status to READY when complete
You can monitor the connection status in the Connections dashboard.

Overview

MCP Integration

Setup & Integrations

Step 1: Create IAM Role

Step 2: Add AWS Connection to NOFire AI

Overview

MCP Integration

Setup & Integrations

​Step 1: Create IAM Role

​Step 2: Add AWS Connection to NOFire AI

Step 1: Create IAM Role

Step 2: Add AWS Connection to NOFire AI