What is multi-cloud incident management?

Multi-cloud incident management is the practice of detecting, investigating, and resolving incidents that span multiple cloud providers (like AWS, Azure, and GCP) simultaneously. It requires tools and processes that can work across different cloud ecosystems.

Which cloud providers does Aurora support?

Aurora supports AWS, Azure, GCP, OVH, Scaleway, and Kubernetes. It uses native authentication for each provider (AWS STS AssumeRole, Azure Service Principal, GCP OAuth) for secure access.

Can Aurora investigate incidents across multiple clouds simultaneously?

Yes. Aurora's AI agents can execute commands and queries across multiple cloud providers in parallel during a single investigation. This eliminates the sequential context-switching that slows down manual investigation.

Do I need separate agents for each cloud provider?

No. Aurora uses a single unified agent that understands all supported cloud providers. You configure cloud connectors once, and the agent dynamically selects the appropriate tools and commands based on the investigation context.

How does Aurora handle cross-cloud dependencies?

Aurora builds an infrastructure dependency graph using Memgraph that maps relationships across all connected cloud providers. When an incident occurs, the AI traverses this graph to identify blast radius and upstream/downstream dependencies regardless of which cloud hosts them.

Multi-Cloud Incident Management: Challenges and Solutions

Why Multi-Cloud is the Norm

Key Takeaway: 89% of organizations use a multi-cloud strategy, but investigating incidents across AWS, Azure, and GCP simultaneously remains a major pain point. AI-powered tools that can query multiple cloud providers in parallel eliminate the context-switching that slows manual investigation by 3-5x.

Multi-cloud adoption has become the default strategy for enterprises. According to Flexera's 2024 State of the Cloud Report, 89% of organizations have a multi-cloud strategy, with enterprises using an average of 3.4 cloud providers. Gartner predicts that by 2027, over 90% of organizations will adopt multi-cloud approaches.

The reasons are clear: avoiding vendor lock-in, leveraging best-of-breed services, meeting data residency requirements, and improving resilience. But this architectural choice creates a significant operational challenge: how do you investigate and resolve incidents that span multiple cloud providers simultaneously?

Top Challenges of Multi-Cloud Incident Management

Fragmented Observability

Each cloud provider has its own monitoring and logging ecosystem:

AWS: CloudWatch, X-Ray, CloudTrail
Azure: Azure Monitor, Application Insights, Log Analytics
GCP: Cloud Monitoring, Cloud Logging, Cloud Trace
Kubernetes: Prometheus, various logging solutions

When an incident spans multiple providers, engineers must context-switch between consoles, query languages, and data formats. A single investigation might require checking CloudWatch metrics, Azure Monitor alerts, and Kubernetes pod logs — all with different interfaces.

Inconsistent Tooling

Different cloud providers use different CLI tools (aws, az, gcloud, kubectl), different authentication mechanisms (IAM roles, service principals, service accounts), and different resource naming conventions. This inconsistency slows investigation and increases error rates.

Credential Management

Investigating incidents across clouds requires access credentials for each provider. Managing AWS access keys, Azure service principals, GCP service accounts, and Kubernetes kubeconfig files securely is a significant operational burden.

Blast Radius Assessment

In multi-cloud architectures, services often depend on resources across providers. A database in AWS might serve an application running in GCP, with traffic routed through Azure. Understanding the blast radius of an incident requires a cross-cloud dependency map.

Tribal Knowledge

Different team members often specialize in different clouds. When an incident spans AWS and Azure, you might need two specialists — and they might not be on call at the same time. Critical investigation knowledge is siloed.

"In a multi-cloud incident, the bottleneck isn't the tooling — it's finding someone who understands both AWS networking and Azure load balancing at 3 AM. AI agents that understand all clouds eliminate that dependency." — Noah Casarotto-Dinning, CEO at Arvo AI

According to the 2024 State of Cloud Strategy Survey by HashiCorp, 90% of enterprises report that multi-cloud skills gaps are a significant barrier to effective cloud operations.

Strategies for Cross-Cloud Incident Response

Unified Monitoring

Implement a monitoring layer that aggregates signals from all cloud providers. Tools like Datadog, Grafana, and New Relic can ingest metrics from multiple clouds, providing a single pane of glass.

Standardized Alerting

Route all alerts through a single platform (PagerDuty, Opsgenie) regardless of which cloud generated them. This ensures consistent severity classification and escalation.

Cross-Cloud Runbooks

Develop runbooks that account for multi-cloud scenarios. Instead of "check AWS CloudWatch," document the investigation flow across all relevant providers.

Infrastructure as Code

Use Terraform or similar tools to manage infrastructure across all providers. This creates a single source of truth for your cross-cloud architecture and makes it easier to identify configuration-related issues.

Automated Investigation

The most effective strategy is automating the cross-cloud investigation itself. AI agents that can query multiple cloud providers simultaneously eliminate the need for manual context-switching.

How Aurora Solves Multi-Cloud Incidents

Aurora was built specifically for multi-cloud incident management. Here's how it addresses each challenge:

Unified Cloud Connectors

Aurora connects to all major cloud providers through native connectors:

AWS: Uses STS AssumeRole for secure, temporary credentials
Azure: Azure Service Principal authentication
GCP: OAuth-based authentication
OVH: API key authentication
Scaleway: API token authentication
Kubernetes: Kubeconfig-based access

All connectors are configured once and used by the AI agent as needed during investigations.

Infrastructure Discovery Pipeline

Aurora's infrastructure discovery runs in three phases:

Bulk Discovery: Enumerates all resources across all connected cloud providers
Detail Enrichment: Gathers detailed configuration and metadata for each resource
Connection Inference: Maps dependencies between resources (e.g., which EC2 instances connect to which RDS databases)

This builds a comprehensive infrastructure graph in Memgraph that the AI agent uses for blast radius analysis.

Natural Language Investigation

Instead of learning five different CLI tools and query languages, engineers interact with Aurora through natural language:

"What caused the latency spike on the payment service?"
"Are there any failing pods in the production cluster?"
"Show me all resources affected by the us-east-1 connectivity issue"

Aurora translates these queries into the appropriate cloud-specific commands and aggregates the results.

Simultaneous Multi-Cloud Queries

During an investigation, Aurora's agents can execute commands across multiple cloud providers in parallel. While checking AWS CloudWatch metrics, it can simultaneously query Azure Monitor and Kubernetes pod status — something a human investigator would have to do sequentially.

Dependency Graph

Aurora's Memgraph-powered infrastructure graph provides cross-cloud dependency mapping. When an AWS RDS instance goes down, Aurora automatically identifies the Azure-hosted application that depends on it and the GCP-based load balancer that routes traffic to it.

Building a Multi-Cloud Incident Playbook

Map your cross-cloud dependencies: Use Aurora's infrastructure discovery or manually document how services interact across providers.
Standardize alerting: Route all alerts to a single platform with consistent severity levels.
Deploy unified investigation: Set up Aurora with connectors to all your cloud providers.
Create cross-cloud runbooks: Document investigation procedures that span providers.
Practice: Run game days that simulate multi-cloud incidents to test your team's response.
Review and improve: Use AI-generated postmortems to identify patterns in cross-cloud incidents.

Getting Started

git clone https://github.com/Arvo-AI/aurora.git
cd aurora
make init
make prod-prebuilt

Configure your cloud providers in Aurora's settings, connect your monitoring tools, and the AI agent will automatically investigate incidents across all your cloud environments.

Learn more at arvoai.ca or read the full documentation. For a deep dive into how Aurora's AI agents investigate incidents, see What is Agentic Incident Management?. To understand how Aurora automates root cause analysis, read our Complete Guide to RCA for SREs.