Features

Infrastructure intelligence,
built for engineers

InfraWatch combines cloud monitoring, full-stack observability, and secure JIT access control in one open-source platform. Start with AWS — expand anywhere.

Real-time Monitoring & Dashboards

A unified dashboard with drag-and-drop metric panels for every AWS service you run. Databases, clusters, caches, load balancers, queues — all with live CloudWatch metrics, auto-refresh, and customizable layouts per user.

Drag-and-drop panels with collapsible metric widgets
12+ AWS services monitored out of the box
CloudWatch metrics with configurable time ranges (1h, 6h, 24h, 72h)
Per-user dashboard layouts — each engineer sees what matters to them
Auto-refresh with manual override

Full-Stack Observability

Collect logs, metrics, and traces from any server — cloud or bare metal. Deploy the lightweight InfraWatch Agent powered by OpenTelemetry, and stream telemetry data into a unified view. No vendor lock-in, no per-host pricing.

Logs, metrics, and traces in one platform
Lightweight agent built on OpenTelemetry Collector
Cloud-agnostic — deploy on AWS, GCP, Azure, or bare metal
ClickHouse-powered storage for fast queries at scale
Correlate observability data with cloud service monitoring

Connector & Plugin System

A modular connector architecture that organizes plugins by domain. The AWS Connector ships with 12 plugins covering compute, databases, networking, security, and cost. The Observability Connector provides log search, metrics exploration, and distributed tracing. Each connector auto-discovers plugins at startup — activate what you need from the admin panel.

Two built-in connectors: AWS (12 plugins) and Observability (3 plugins)
Admin-controlled activation panel with per-plugin enable/disable
AWS plugins: EC2, EKS, RDS, IAM, Cost Explorer, DocumentDB, ElastiCache, Load Balancers, Amazon MQ, OpenSearch, Secrets Manager, SES
Observability plugins: Log Viewer, Metrics Explorer, Trace Viewer
Open-source plugin SDK for custom connectors and extensions

JIT Access Control

Eliminate standing access to your AWS accounts. Engineers request temporary credentials through an approval workflow, and AWS STS generates scoped credentials that auto-expire. Every access event is logged and auditable.

Request-approval workflow for AWS credential access
AWS STS temporary credentials with configurable duration
Automatic credential expiration — no manual cleanup
Full audit trail of every access request and approval

Role-Based Access Control

Three built-in roles — Employee, Manager, and Admin — each with granular permissions scoped to specific AWS services. Admins manage user roles and plugin activation. Managers can approve access requests.

Employee, Manager, and Admin role hierarchy
Granular per-service permission scoping
Admin-controlled plugin activation and user management
Manager-level approval workflows for JIT access

MFA / TOTP Authentication

Built-in multi-factor authentication using time-based one-time passwords (TOTP). Users can enable MFA from their profile, scan a QR code with any authenticator app, and verify codes. Admins can enforce MFA across the org.

TOTP-based multi-factor authentication
QR code setup with any authenticator app
Per-user enable/disable with admin override
Backup codes for account recovery

Cost Management

Built-in Cost Explorer plugin gives you monthly cost summaries with service-level breakdown and trend analysis. See exactly what you are spending, by service, by account — without leaving InfraWatch.

Monthly cost summaries with trend analysis
Service-level spend breakdown
Multi-account cost aggregation
Budget tracking and anomaly detection

Ready to get started?

InfraWatch is open-source and free. Deploy it in minutes with Docker Compose.

Get Early Access Read the Docs

Infrastructure intelligence,built for engineers