Skip to main content

Documentation Index

Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks you through sending ngrok events, including network traffic logs, to AWS CloudWatch. You may want to keep an audit log of configuration changes in your ngrok account, record all traffic to your endpoints for active monitoring and troubleshooting, or use AWS CloudWatch as a SIEM for security inspections. By integrating ngrok with CloudWatch, you can:
  • Quickly identify application issues in real time using ngrok request events and CloudWatch visibility.
  • Historically audit changes occurring in an account.
  • Profile usage of your service using CloudWatch queries and analytic charts.
  • Identify security issues using ngrok events.

1. Obtain CloudWatch log group ARN

For ngrok to send events to CloudWatch, a log group ARN is required. To create or retrieve the ARN, see the AWS CloudWatch documentation for working with log groups and streams. You may also want to reference the AWS IAM documentation on using external IDs with cross-account roles.

2. Create a log export

  • In a browser, go to Log Exporting in the ngrok dashboard.
  • Click + New Log Export.
  • Enter a description in the Description field.
  • In the Sources tab, click Add Source to choose which events to send to CloudWatch.
  • Make your selections from the list, then click Add Event Sources to confirm.
To capture traffic events only from specific endpoints or tunnels, add a CEL filter expression when configuring the source. For example, to filter by hostname: ev.conn.server_name == "your-tunnel.ngrok.app". See Log Sources filters for more examples and filter syntax.

3. Create event destination

To send events to CloudWatch, assign an Event Destination to the Log Export.
  • In the Destinations tab, click Add Destination.
  • Choose AWS CloudWatch Logs as the target and fill in the required information:
    • Log Group ARN
    • Description (optional)
  • Create IAM Role: An IAM role is required so ngrok can stream logs to CloudWatch. The dashboard provides two options: download and run the CLI Script to create the role automatically (the fastest option), or use the API tab’s displayed policy JSON to create it manually via the AWS console or tools like Terraform or Pulumi. Enter the resulting role ARN to complete the destination setup.
Security best practice: If configuring your IAM role manually, ensure that you configure the Trust Policy with a condition that includes the ExternalId. This ensures that the only data AWS can ingest is from your ngrok account. If you configure the IAM role with the CLI script, this is done automatically.
  • When all required inputs have values, click Send Test Event.
  • You should see a Success message.
  • Click Done to complete the CloudWatch Event Destination setup.