PulseBoard ships first-party pollers for AWS, Azure and Google Cloud — and PulseAgent for everything in between. Connect a cloud account through the wizard, paste a role ARN, and we'll fan out across regions, scrape the right APIs at the right cadence, and fold the samples into the same dashboards and alerts as the rest of your stack.
Every integration is opt-in per workspace and per service. We don't store long-lived client secrets: AWS uses STS+ExternalId, Azure and GCP use Workload Identity Federation against our public OIDC issuer.
5 integrations · GA
CloudWatch metrics & logs, CloudTrail management events, Lambda function metrics, Step Functions waterfall via EventBridge → Firehose, plus the PulseBoard Lambda extension.
Azure Monitor · GA
Azure Monitor metrics for VMs, App Service, AKS, Storage, SQL DB, Cosmos, Service Bus, Event Hub, Key Vault, Redis — via federated workload identity, never client secrets.
6 integrations · GA
Cloud Monitoring, Cloud Logging via Pub/Sub, BigQuery cost export, GKE cluster shape, Cloud Run sidecar, Cloud Functions Gen2 in-process tracer.
PulseAgent is a lightweight Rust collector that ships host metrics, container logs, Kubernetes pod logs, journald, Windows events, arbitrary Prometheus scrape targets and OTLP — over a single bearer token. Install as a systemd unit, a Windows service, a Helm DaemonSet, a Lambda extension, or a Cloud Run sidecar.
Every cloud integration uses the most secure cross-account pattern the provider supports. Onboarding scripts are idempotent and the CloudFormation template is shipped as part of the wizard.
| Cloud | Auth model | What we store |
|---|---|---|
| AWS | STS AssumeRole + server-minted ExternalId | Role ARN + 256-bit hex ExternalId. No keys. |
| Azure | Workload Identity Federation (OIDC) → ClientAssertionCredential | Tenant ID + App ID + Subscription ID. No client secrets. |
| Google Cloud | Workload Identity Federation (4-hop dance via STS + IAMCredentials) | Project ID/Number + Pool + Provider + SA email. No keys. |