Getting Started
Get InfraWatch running in under 5 minutes with Docker Compose, or deploy to Kubernetes with the official Helm chart.
Prerequisites
- An AWS IAM role with read-only access to the services you want to monitor (see IAM Setup)
- SMTP credentials for email delivery (SES SMTP, Mailgun, etc.)
- Docker & Docker Compose (for Docker deployment) or a Kubernetes cluster with Helm 3
Choose Your Deployment
Recommended for local / small teams
Docker Compose
For production Kubernetes clusters
Kubernetes (Helm)
How It Works
InfraWatch uses server-side AWS credentials that are never exposed to end users. Instead of giving teams direct access to AWS, it provides a request-approve-expire workflow:
- Employees request time-bound access to specific AWS services
- Managers approve via email with OTP verification
- Temporary credentials are issued via AWS STS and auto-expire
- Everyone gets monitoring — live dashboards for all approved services
No passwords anywhere
All authentication uses email OTP (6-digit codes). Users never enter or manage AWS credentials directly.
Architecture Overview
| Component | Technology | Purpose |
|---|---|---|
| Frontend | React 18 | Dashboard UI, service panels, widget charts |
| Backend | FastAPI | REST API, AWS integration, auth |
| Worker | Celery | Background metric and resource collection |
| Database | PostgreSQL | Users, requests, collected metrics |
| Cache | Valkey | Sessions, API cache, STS credential store |
Next Steps
- Deploy with Docker Compose — the quickest way to get started
- Deploy with Helm — for production Kubernetes environments
- Configuration Reference — all environment variables and Helm values
- IAM Setup — required AWS permissions and role configuration