AWS

AWS is too big to watch by hand. Agents map the account, investigate anomalies, and open the fix as a pull request.

Two hundred services, four consoles deep. Polylane turns your account into something agents can reason about, investigate, and fix with your review.

Join the waitlist

Every supported resource.

The AWS resource types that show up in your graph.

Lambda Function
Lambda Layer
EC2 Instance
VPC
Subnet
Security Group
Internet Gateway
NAT Gateway
Route Table
Network ACL
EBS Volume
Elastic IP
S3 Bucket
DynamoDB Table
RDS Instance
CloudFront Distribution
API Gateway REST API
API Gateway v2 API
SQS Queue
SNS Topic
ECS Cluster
ECS Service
ECS Task Definition
ElastiCache Cluster
App Runner Service
App Runner Connection
IAM Role
KMS Key
Kinesis Stream
ElastiCache Replication Group
RDS Cluster
Service Discovery Service
Secrets Manager Secret
EventBridge Rule
EventBridge Bus
Step Functions State Machine
Redshift Cluster
Kinesis Firehose
Neptune Cluster
Cognito User Pool
Cognito Identity Pool
Athena Workgroup
Glue Database
Glue Crawler
Glue Job
Batch Job Queue
Batch Compute Environment
Amazon MQ Broker
MSK Cluster
DocumentDB Cluster
MemoryDB Cluster
CloudTrail Trail
GuardDuty Detector
WAF Web ACL
ACM Certificate
EKS Cluster
EKS Node Group
EKS Fargate Profile
EKS Addon
EKS Access Entry
EKS Identity Provider
EKS OIDC Provider
Elastic IP
Elasticsearch Domain
OpenSearch Domain
EventBridge Pipe
Amplify App
Application Load Balancer
Network Load Balancer
Gateway Load Balancer
Target Group
Load Balancer Listener
Listener Rule
Glue Table

Proactive observability for AWS.

Self-operating software at AWS scale: proactive agents watch the account, investigate anomalies, and open the fixes.

From VPCs to Lambdas, one graph

Lambda, ECS, RDS, DynamoDB, SQS, SNS, EventBridge, Step Functions, VPCs and everything wired to them, EKS clusters included: 74 resource types land in one living graph with their edges, config, and history.

Read-only, by construction

Connecting is one CloudFormation stack that creates an IAM role with the AWS-managed ReadOnlyAccess policy. No write, delete, or modify permissions, cross-account assumption only, and the template is open for review before you create it.

Alarms that investigate themselves

Optionally point your CloudWatch Alarms at Polylane, and when one fires, an agent picks it up and starts investigating immediately, so the alarm arrives with an explanation instead of a dashboard link.

CloudWatch, actually read

Agents comb your CloudWatch metrics and logs and X-Ray traces on a cadence, and judge what they see against how each resource normally behaves. No thresholds to tune, no alert rules to babysit.

Who changed what, answered

Each sync writes down exactly what appeared, changed, or disappeared across the account. When something breaks minutes after an infrastructure change, the investigation starts from that change, not from scratch.

Investigations that end in a PR

When the root cause is a line of code, the investigation ends as a pull request on the repo behind the service, with a regression test and the evidence trail attached.

Questions.

How does Polylane connect to my AWS account?

Through a CloudFormation stack. You enter your account ID and region, review the pre-loaded template, and create the stack. It provisions an IAM role that Polylane assumes cross-account, and your resources start syncing within minutes.

Is it really read-only?

Yes. The IAM role carries the AWS-managed ReadOnlyAccess policy and nothing else: no write, delete, or modify permissions, and it can only be assumed cross-account from Polylane's AWS account. The CloudFormation template is open, so you can review exactly what's granted before creating the stack. Changes to your code only ever land as pull requests.

What AWS resources does Polylane sync?

74 resource types: Lambda, EC2, VPC networking, S3, DynamoDB, RDS and Aurora, ECS, EKS (clusters, node groups, Fargate profiles, addons), SQS, SNS, EventBridge, Step Functions, Kinesis, ElastiCache, CloudFront, API Gateway, Cognito, Glue, Redshift, load balancers, and more. The full list is on this page.

What happens when a CloudWatch alarm fires?

If you opt in when connecting, Polylane subscribes to the CloudWatch Alarms in the account. When one fires, an agent picks it up and investigates it automatically, correlating it with recent changes and the surrounding resources in the graph.

Does it work with my observability provider?

Yes. Datadog, Sentry, Honeycomb, and Axiom join the graph as first-class sources, and their alerts get triaged by an agent the moment they fire.

What does it cost?

Early access is rolling out through the waitlist. Join it and we'll get you in as capacity opens up.

One CloudFormation stack. Zero write permissions. No more 2am consoles.