Integrations

The clouds you already use. Without the credentials sprawl.

PulseBoard ships first-party pollers for AWS, Azure and Google Cloud — and PulseAgent for everything in between. Connect a cloud account through the wizard, paste a role ARN, and we'll fan out across regions, scrape the right APIs at the right cadence, and fold the samples into the same dashboards and alerts as the rest of your stack.

AWS Azure Google Cloud PulseAgent
Hyperscalers

Three clouds, one wiring.

Every integration is opt-in per workspace and per service. We don't store long-lived client secrets: AWS uses STS+ExternalId, Azure and GCP use Workload Identity Federation against our public OIDC issuer.

AWS

AWS

5 integrations · GA

CloudWatch metrics & logs, CloudTrail management events, Lambda function metrics, Step Functions waterfall via EventBridge → Firehose, plus the PulseBoard Lambda extension.

Azure

Azure

Azure Monitor · GA

Azure Monitor metrics for VMs, App Service, AKS, Storage, SQL DB, Cosmos, Service Bus, Event Hub, Key Vault, Redis — via federated workload identity, never client secrets.

Google Cloud

Google Cloud

6 integrations · GA

Cloud Monitoring, Cloud Logging via Pub/Sub, BigQuery cost export, GKE cluster shape, Cloud Run sidecar, Cloud Functions Gen2 in-process tracer.

Collection

PulseAgent — one Rust binary, every signal.

PulseAgent is a lightweight Rust collector that ships host metrics, container logs, Kubernetes pod logs, journald, Windows events, arbitrary Prometheus scrape targets and OTLP — over a single bearer token. Install as a systemd unit, a Windows service, a Helm DaemonSet, a Lambda extension, or a Cloud Run sidecar.

Kubernetes Docker journald Windows Prometheus OpenTelemetry Loki

PulseAgent deep-dive →

Security model

How we don't hold your secrets.

Every cloud integration uses the most secure cross-account pattern the provider supports. Onboarding scripts are idempotent and the CloudFormation template is shipped as part of the wizard.

CloudAuth modelWhat we store
AWSSTS AssumeRole + server-minted ExternalIdRole ARN + 256-bit hex ExternalId. No keys.
AzureWorkload Identity Federation (OIDC) → ClientAssertionCredentialTenant ID + App ID + Subscription ID. No client secrets.
Google CloudWorkload Identity Federation (4-hop dance via STS + IAMCredentials)Project ID/Number + Pool + Provider + SA email. No keys.