- Quickly identify application issues in real time using ngrok request events and CloudWatch visibility.
- Historically audit changes occurring in an account.
- Profile usage of your service using CloudWatch queries and analytic charts.
- Identify security issues using ngrok events.
1. Obtain CloudWatch log group ARN
For ngrok to send events to CloudWatch, a log group ARN is required. To create or retrieve the ARN, see the AWS CloudWatch documentation for working with log groups and streams. You may also want to reference the AWS Log role documentation.2. Create a log export
- In a browser, go to the ngrok dashboard and navigate to Events Stream under Traffic Observability in the left navigation.
- Select Create Subscription.
- In the Log Exporting configuration, provide a description for the export.
- In the Sources tab, select Add Source to choose which events to send to CloudWatch.
- Select Add Event Sources to confirm your selections.
3. Create event destination
To send events to CloudWatch, assign an Event Destination to the Log Export.- In the Log Exporting configuration Destination tab, select Add Destination.
- Choose AWS CloudWatch Logs as the target and fill in the required information:
- Log Group ARN
- Description (optional)
- Create IAM Role: An IAM role is required so ngrok can stream logs to CloudWatch. Using the information from your preferred method (API or CLI Script), create the IAM role and provide the role ARN. For the fastest integration or proof of concept, use the CLI Script.
Security best practice: If configuring your IAM role manually, ensure that you configure the Trust Policy with a condition that includes the ExternalId.
This ensures that the only data AWS can ingest is from your ngrok account.
If you configure the IAM role with the CLI script, this is done automatically.
- When all required inputs have values, select Send Test Event.
- You should see a Success message.
- Select Done to complete the CloudWatch Event Destination setup.