chore: rename db migration file

chore: fix message
chore: use authz instead of granter
2026-02-12 12:32:04 +00:00 · 2026-02-11 16:47:40 +05:30 · 2026-02-11 16:27:22 +05:30 · 2026-02-11 16:17:14 +05:30 · 2026-02-11 16:14:30 +05:30 · 2026-02-11 16:11:57 +05:30
87 changed files with 5883 additions and 6932 deletions
--- a/.devenv/docker/signoz-otel-collector/compose.yaml
+++ b/.devenv/docker/signoz-otel-collector/compose.yaml
@@ -4,6 +4,7 @@ services:
    container_name: signoz-otel-collector-dev
    command:
      - --config=/etc/otel-collector-config.yaml
+      - --feature-gates=-pkg.translator.prometheus.NormalizeName
    volumes:
      - ./otel-collector-config.yaml:/etc/otel-collector-config.yaml
    environment:
--- a/2
+++ b/2
@@ -238,4 +238,4 @@ py-clean: ## Clear all pycache and pytest cache from tests directory recursively
 .PHONY: gen-mocks
 gen-mocks:
 	@echo ">> Generating mocks"
-	@mockery --config .mockery.yml
+	@mockery --config .mockery.yml
--- a/conf/example.yaml
+++ b/conf/example.yaml
@@ -300,3 +300,8 @@ user:
      allow_self: true
      # The duration within which a user can reset their password.
      max_token_lifetime: 6h
+  root:
+    # The email of the root user.
+    email: root@example.com
+    # The password of the root user.
+    password: Str0ngP@ssw0rd!
--- a/deploy/docker-swarm/docker-compose.ha.yaml
+++ b/deploy/docker-swarm/docker-compose.ha.yaml
@@ -214,6 +214,7 @@ services:
      - --config=/etc/otel-collector-config.yaml
      - --manager-config=/etc/manager-config.yaml
      - --copy-path=/var/tmp/collector-config.yaml
+      - --feature-gates=-pkg.translator.prometheus.NormalizeName
    volumes:
      - ./otel-collector-config.yaml:/etc/otel-collector-config.yaml
      - ../common/signoz/otel-collector-opamp-config.yaml:/etc/manager-config.yaml
--- a/deploy/docker-swarm/docker-compose.yaml
+++ b/deploy/docker-swarm/docker-compose.yaml
@@ -155,6 +155,7 @@ services:
      - --config=/etc/otel-collector-config.yaml
      - --manager-config=/etc/manager-config.yaml
      - --copy-path=/var/tmp/collector-config.yaml
+      - --feature-gates=-pkg.translator.prometheus.NormalizeName
    configs:
      - source: otel-collector-config
        target: /etc/otel-collector-config.yaml
--- a/deploy/docker/docker-compose.ha.yaml
+++ b/deploy/docker/docker-compose.ha.yaml
@@ -219,6 +219,7 @@ services:
      - --config=/etc/otel-collector-config.yaml
      - --manager-config=/etc/manager-config.yaml
      - --copy-path=/var/tmp/collector-config.yaml
+      - --feature-gates=-pkg.translator.prometheus.NormalizeName
    volumes:
      - ./otel-collector-config.yaml:/etc/otel-collector-config.yaml
      - ../common/signoz/otel-collector-opamp-config.yaml:/etc/manager-config.yaml
--- a/deploy/docker/docker-compose.yaml
+++ b/deploy/docker/docker-compose.yaml
@@ -150,6 +150,7 @@ services:
      - --config=/etc/otel-collector-config.yaml
      - --manager-config=/etc/manager-config.yaml
      - --copy-path=/var/tmp/collector-config.yaml
+      - --feature-gates=-pkg.translator.prometheus.NormalizeName
    volumes:
      - ./otel-collector-config.yaml:/etc/otel-collector-config.yaml
      - ../common/signoz/otel-collector-opamp-config.yaml:/etc/manager-config.yaml
--- a/ee/query-service/app/api/api.go
+++ b/ee/query-service/app/api/api.go
@@ -1,7 +1,6 @@
 package api

 import (
-	"log/slog"
 	"net/http"
 	"net/http/httputil"
 	"time"
@@ -14,6 +13,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/http/middleware"
 	querierAPI "github.com/SigNoz/signoz/pkg/querier"
 	baseapp "github.com/SigNoz/signoz/pkg/query-service/app"
+	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/integrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/logparsingpipeline"
 	"github.com/SigNoz/signoz/pkg/query-service/interfaces"
@@ -30,13 +30,13 @@ type APIHandlerOptions struct {
 	RulesManager                  *rules.Manager
 	UsageManager                  *usage.Manager
 	IntegrationsController        *integrations.Controller
+	CloudIntegrationsController   *cloudintegrations.Controller
 	LogsParsingPipelineController *logparsingpipeline.LogParsingPipelineController
 	Gateway                       *httputil.ReverseProxy
 	GatewayUrl                    string
 	// Querier Influx Interval
 	FluxInterval time.Duration
 	GlobalConfig global.Config
-	Logger       *slog.Logger // this is present in Signoz.Instrumentation but adding for quick access
 }

 type APIHandler struct {
@@ -50,6 +50,7 @@ func NewAPIHandler(opts APIHandlerOptions, signoz *signoz.SigNoz) (*APIHandler,
 		Reader:                        opts.DataConnector,
 		RuleManager:                   opts.RulesManager,
 		IntegrationsController:        opts.IntegrationsController,
+		CloudIntegrationsController:   opts.CloudIntegrationsController,
 		LogsParsingPipelineController: opts.LogsParsingPipelineController,
 		FluxInterval:                  opts.FluxInterval,
 		AlertmanagerAPI:               alertmanager.NewAPI(signoz.Alertmanager),
@@ -57,7 +58,6 @@ func NewAPIHandler(opts APIHandlerOptions, signoz *signoz.SigNoz) (*APIHandler,
 		Signoz:                        signoz,
 		QuerierAPI:                    querierAPI.NewAPI(signoz.Instrumentation.ToProviderSettings(), signoz.Querier, signoz.Analytics),
 		QueryParserAPI:                queryparser.NewAPI(signoz.Instrumentation.ToProviderSettings(), signoz.QueryParser),
-		Logger:                        opts.Logger,
 	})

 	if err != nil {
@@ -118,12 +118,14 @@ func (ah *APIHandler) RegisterRoutes(router *mux.Router, am *middleware.AuthZ) {
 }

 func (ah *APIHandler) RegisterCloudIntegrationsRoutes(router *mux.Router, am *middleware.AuthZ) {
+
 	ah.APIHandler.RegisterCloudIntegrationsRoutes(router, am)

 	router.HandleFunc(
 		"/api/v1/cloud-integrations/{cloudProvider}/accounts/generate-connection-params",
 		am.EditAccess(ah.CloudIntegrationsGenerateConnectionParams),
 	).Methods(http.MethodGet)
+
 }

 func (ah *APIHandler) getVersion(w http.ResponseWriter, r *http.Request) {
--- a/ee/query-service/app/api/cloudIntegrations.go
+++ b/ee/query-service/app/api/cloudIntegrations.go
@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"log/slog"
 	"net/http"
 	"strings"
 	"time"
@@ -14,14 +13,20 @@ import (
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/http/render"
 	"github.com/SigNoz/signoz/pkg/modules/user"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/integrationstypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
+	"go.uber.org/zap"
 )

-// TODO: move this file with other cloud integration related code
+type CloudIntegrationConnectionParamsResponse struct {
+	IngestionUrl string `json:"ingestion_url,omitempty"`
+	IngestionKey string `json:"ingestion_key,omitempty"`
+	SigNozAPIUrl string `json:"signoz_api_url,omitempty"`
+	SigNozAPIKey string `json:"signoz_api_key,omitempty"`
+}

 func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseWriter, r *http.Request) {
 	claims, err := authtypes.ClaimsFromContext(r.Context())
@@ -36,21 +41,23 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW
 		return
 	}

-	cloudProviderString := mux.Vars(r)["cloudProvider"]
-
-	cloudProvider, err := integrationstypes.NewCloudProvider(cloudProviderString)
-	if err != nil {
-		render.Error(w, err)
+	cloudProvider := mux.Vars(r)["cloudProvider"]
+	if cloudProvider != "aws" {
+		RespondError(w, basemodel.BadRequest(fmt.Errorf(
+			"cloud provider not supported: %s", cloudProvider,
+		)), nil)
 		return
 	}

-	apiKey, err := ah.getOrCreateCloudIntegrationPAT(r.Context(), claims.OrgID, cloudProvider)
-	if err != nil {
-		render.Error(w, err)
+	apiKey, apiErr := ah.getOrCreateCloudIntegrationPAT(r.Context(), claims.OrgID, cloudProvider)
+	if apiErr != nil {
+		RespondError(w, basemodel.WrapApiError(
+			apiErr, "couldn't provision PAT for cloud integration:",
+		), nil)
 		return
 	}

-	result := integrationstypes.GettableCloudIntegrationConnectionParams{
+	result := CloudIntegrationConnectionParamsResponse{
 		SigNozAPIKey: apiKey,
 	}

@@ -64,17 +71,16 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW
 		// Return the API Key (PAT) even if the rest of the params can not be deduced.
 		// Params not returned from here will be requested from the user via form inputs.
 		// This enables gracefully degraded but working experience even for non-cloud deployments.
-		ah.opts.Logger.InfoContext(
-			r.Context(),
-			"ingestion params and signoz api url can not be deduced since no license was found",
-		)
-		render.Success(w, http.StatusOK, result)
+		zap.L().Info("ingestion params and signoz api url can not be deduced since no license was found")
+		ah.Respond(w, result)
 		return
 	}

-	signozApiUrl, err := ah.getIngestionUrlAndSigNozAPIUrl(r.Context(), license.Key)
-	if err != nil {
-		render.Error(w, err)
+	signozApiUrl, apiErr := ah.getIngestionUrlAndSigNozAPIUrl(r.Context(), license.Key)
+	if apiErr != nil {
+		RespondError(w, basemodel.WrapApiError(
+			apiErr, "couldn't deduce ingestion url and signoz api url",
+		), nil)
 		return
 	}

@@ -83,41 +89,48 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW

 	gatewayUrl := ah.opts.GatewayUrl
 	if len(gatewayUrl) > 0 {
-		ingestionKeyString, err := ah.getOrCreateCloudProviderIngestionKey(
+
+		ingestionKey, apiErr := getOrCreateCloudProviderIngestionKey(
 			r.Context(), gatewayUrl, license.Key, cloudProvider,
 		)
-		if err != nil {
-			render.Error(w, err)
+		if apiErr != nil {
+			RespondError(w, basemodel.WrapApiError(
+				apiErr, "couldn't get or create ingestion key",
+			), nil)
 			return
 		}

-		result.IngestionKey = ingestionKeyString
+		result.IngestionKey = ingestionKey
+
 	} else {
-		ah.opts.Logger.InfoContext(
-			r.Context(),
-			"ingestion key can't be deduced since no gateway url has been configured",
-		)
+		zap.L().Info("ingestion key can't be deduced since no gateway url has been configured")
 	}

-	render.Success(w, http.StatusOK, result)
+	ah.Respond(w, result)
 }

-func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId string, cloudProvider valuer.String) (string, error) {
+func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId string, cloudProvider string) (
+	string, *basemodel.ApiError,
+) {
 	integrationPATName := fmt.Sprintf("%s integration", cloudProvider)

-	integrationUser, err := ah.getOrCreateCloudIntegrationUser(ctx, orgId, cloudProvider)
-	if err != nil {
-		return "", err
+	integrationUser, apiErr := ah.getOrCreateCloudIntegrationUser(ctx, orgId, cloudProvider)
+	if apiErr != nil {
+		return "", apiErr
 	}

 	orgIdUUID, err := valuer.NewUUID(orgId)
 	if err != nil {
-		return "", err
+		return "", basemodel.InternalError(fmt.Errorf(
+			"couldn't parse orgId: %w", err,
+		))
 	}

 	allPats, err := ah.Signoz.Modules.User.ListAPIKeys(ctx, orgIdUUID)
 	if err != nil {
-		return "", err
+		return "", basemodel.InternalError(fmt.Errorf(
+			"couldn't list PATs: %w", err,
+		))
 	}
 	for _, p := range allPats {
 		if p.UserID == integrationUser.ID && p.Name == integrationPATName {
@@ -125,10 +138,9 @@ func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId
 		}
 	}

-	ah.opts.Logger.InfoContext(
-		ctx,
+	zap.L().Info(
 		"no PAT found for cloud integration, creating a new one",
-		slog.String("cloudProvider", cloudProvider.String()),
+		zap.String("cloudProvider", cloudProvider),
 	)

 	newPAT, err := types.NewStorableAPIKey(
@@ -138,48 +150,68 @@ func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId
 		0,
 	)
 	if err != nil {
-		return "", err
+		return "", basemodel.InternalError(fmt.Errorf(
+			"couldn't create cloud integration PAT: %w", err,
+		))
 	}

 	err = ah.Signoz.Modules.User.CreateAPIKey(ctx, newPAT)
 	if err != nil {
-		return "", err
+		return "", basemodel.InternalError(fmt.Errorf(
+			"couldn't create cloud integration PAT: %w", err,
+		))
 	}
 	return newPAT.Token, nil
 }

-// TODO: move this function out of handler and use proper module structure
-func (ah *APIHandler) getOrCreateCloudIntegrationUser(ctx context.Context, orgId string, cloudProvider valuer.String) (*types.User, error) {
-	cloudIntegrationUserName := fmt.Sprintf("%s-integration", cloudProvider.String())
+func (ah *APIHandler) getOrCreateCloudIntegrationUser(
+	ctx context.Context, orgId string, cloudProvider string,
+) (*types.User, *basemodel.ApiError) {
+	cloudIntegrationUserName := fmt.Sprintf("%s-integration", cloudProvider)
 	email := valuer.MustNewEmail(fmt.Sprintf("%s@signoz.io", cloudIntegrationUserName))

 	cloudIntegrationUser, err := types.NewUser(cloudIntegrationUserName, email, types.RoleViewer, valuer.MustNewUUID(orgId))
 	if err != nil {
-		return nil, err
+		return nil, basemodel.InternalError(fmt.Errorf("couldn't create cloud integration user: %w", err))
 	}

 	password := types.MustGenerateFactorPassword(cloudIntegrationUser.ID.StringValue())

 	cloudIntegrationUser, err = ah.Signoz.Modules.User.GetOrCreateUser(ctx, cloudIntegrationUser, user.WithFactorPassword(password))
 	if err != nil {
-		return nil, err
+		return nil, basemodel.InternalError(fmt.Errorf("couldn't look for integration user: %w", err))
 	}

 	return cloudIntegrationUser, nil
 }

-// TODO: move this function out of handler and use proper module structure
-func (ah *APIHandler) getIngestionUrlAndSigNozAPIUrl(ctx context.Context, licenseKey string) (string, error) {
-	respBytes, err := ah.Signoz.Zeus.GetDeployment(ctx, licenseKey)
-	if err != nil {
-		return "", errors.WrapInternalf(err, errors.CodeInternal, "couldn't query for deployment info: error")
+func (ah *APIHandler) getIngestionUrlAndSigNozAPIUrl(ctx context.Context, licenseKey string) (
+	string, *basemodel.ApiError,
+) {
+	// TODO: remove this struct from here
+	type deploymentResponse struct {
+		Name        string `json:"name"`
+		ClusterInfo struct {
+			Region struct {
+				DNS string `json:"dns"`
+			} `json:"region"`
+		} `json:"cluster"`
 	}

-	resp := new(integrationstypes.GettableDeployment)
+	respBytes, err := ah.Signoz.Zeus.GetDeployment(ctx, licenseKey)
+	if err != nil {
+		return "", basemodel.InternalError(fmt.Errorf(
+			"couldn't query for deployment info: error: %w", err,
+		))
+	}
+
+	resp := new(deploymentResponse)

 	err = json.Unmarshal(respBytes, resp)
 	if err != nil {
-		return "", errors.WrapInternalf(err, errors.CodeInternal, "couldn't unmarshal deployment info response")
+		return "", basemodel.InternalError(fmt.Errorf(
+			"couldn't unmarshal deployment info response: error: %w", err,
+		))
 	}

 	regionDns := resp.ClusterInfo.Region.DNS
@@ -187,11 +219,9 @@ func (ah *APIHandler) getIngestionUrlAndSigNozAPIUrl(ctx context.Context, licens

 	if len(regionDns) < 1 || len(deploymentName) < 1 {
 		// Fail early if actual response structure and expectation here ever diverge
-		return "", errors.WrapInternalf(
-			err,
-			errors.CodeInternal,
+		return "", basemodel.InternalError(fmt.Errorf(
 			"deployment info response not in expected shape. couldn't determine region dns and deployment name",
-		)
+		))
 	}

 	signozApiUrl := fmt.Sprintf("https://%s.%s", deploymentName, regionDns)
@@ -199,85 +229,102 @@ func (ah *APIHandler) getIngestionUrlAndSigNozAPIUrl(ctx context.Context, licens
 	return signozApiUrl, nil
 }

-func (ah *APIHandler) getOrCreateCloudProviderIngestionKey(
-	ctx context.Context, gatewayUrl string, licenseKey string, cloudProvider valuer.String,
-) (string, error) {
+type ingestionKey struct {
+	Name  string `json:"name"`
+	Value string `json:"value"`
+	// other attributes from gateway response not included here since they are not being used.
+}
+
+type ingestionKeysSearchResponse struct {
+	Status string         `json:"status"`
+	Data   []ingestionKey `json:"data"`
+	Error  string         `json:"error"`
+}
+
+type createIngestionKeyResponse struct {
+	Status string       `json:"status"`
+	Data   ingestionKey `json:"data"`
+	Error  string       `json:"error"`
+}
+
+func getOrCreateCloudProviderIngestionKey(
+	ctx context.Context, gatewayUrl string, licenseKey string, cloudProvider string,
+) (string, *basemodel.ApiError) {
 	cloudProviderKeyName := fmt.Sprintf("%s-integration", cloudProvider)

 	// see if the key already exists
-	searchResult, err := requestGateway[integrationstypes.GettableIngestionKeysSearch](
+	searchResult, apiErr := requestGateway[ingestionKeysSearchResponse](
 		ctx,
 		gatewayUrl,
 		licenseKey,
 		fmt.Sprintf("/v1/workspaces/me/keys/search?name=%s", cloudProviderKeyName),
 		nil,
-		ah.opts.Logger,
 	)
-	if err != nil {
-		return "", err
+
+	if apiErr != nil {
+		return "", basemodel.WrapApiError(
+			apiErr, "couldn't search for cloudprovider ingestion key",
+		)
 	}

 	if searchResult.Status != "success" {
-		return "", errors.NewInternalf(
-			errors.CodeInternal,
-			"couldn't search for cloud provider ingestion key: status: %s, error: %s",
+		return "", basemodel.InternalError(fmt.Errorf(
+			"couldn't search for cloudprovider ingestion key: status: %s, error: %s",
 			searchResult.Status, searchResult.Error,
-		)
+		))
 	}

 	for _, k := range searchResult.Data {
-		if k.Name != cloudProviderKeyName {
-			continue
-		}
+		if k.Name == cloudProviderKeyName {
+			if len(k.Value) < 1 {
+				// Fail early if actual response structure and expectation here ever diverge
+				return "", basemodel.InternalError(fmt.Errorf(
+					"ingestion keys search response not as expected",
+				))
+			}

-		if len(k.Value) < 1 {
-			// Fail early if actual response structure and expectation here ever diverge
-			return "", errors.NewInternalf(errors.CodeInternal, "ingestion keys search response not as expected")
+			return k.Value, nil
 		}
-
-		return k.Value, nil
 	}

-	ah.opts.Logger.InfoContext(
-		ctx,
+	zap.L().Info(
 		"no existing ingestion key found for cloud integration, creating a new one",
-		slog.String("cloudProvider", cloudProvider.String()),
+		zap.String("cloudProvider", cloudProvider),
 	)
-
-	createKeyResult, err := requestGateway[integrationstypes.GettableCreateIngestionKey](
+	createKeyResult, apiErr := requestGateway[createIngestionKeyResponse](
 		ctx, gatewayUrl, licenseKey, "/v1/workspaces/me/keys",
 		map[string]any{
 			"name": cloudProviderKeyName,
-			"tags": []string{"integration", cloudProvider.String()},
+			"tags": []string{"integration", cloudProvider},
 		},
-		ah.opts.Logger,
 	)
-	if err != nil {
-		return "", err
+	if apiErr != nil {
+		return "", basemodel.WrapApiError(
+			apiErr, "couldn't create cloudprovider ingestion key",
+		)
 	}

 	if createKeyResult.Status != "success" {
-		return "", errors.NewInternalf(
-			errors.CodeInternal,
-			"couldn't create cloud provider ingestion key: status: %s, error: %s",
+		return "", basemodel.InternalError(fmt.Errorf(
+			"couldn't create cloudprovider ingestion key: status: %s, error: %s",
 			createKeyResult.Status, createKeyResult.Error,
-		)
+		))
 	}

-	ingestionKeyString := createKeyResult.Data.Value
-	if len(ingestionKeyString) < 1 {
+	ingestionKey := createKeyResult.Data.Value
+	if len(ingestionKey) < 1 {
 		// Fail early if actual response structure and expectation here ever diverge
-		return "", errors.NewInternalf(errors.CodeInternal,
+		return "", basemodel.InternalError(fmt.Errorf(
 			"ingestion key creation response not as expected",
-		)
+		))
 	}

-	return ingestionKeyString, nil
+	return ingestionKey, nil
 }

 func requestGateway[ResponseType any](
-	ctx context.Context, gatewayUrl, licenseKey, path string, payload any, logger *slog.Logger,
-) (*ResponseType, error) {
+	ctx context.Context, gatewayUrl string, licenseKey string, path string, payload any,
+) (*ResponseType, *basemodel.ApiError) {

 	baseUrl := strings.TrimSuffix(gatewayUrl, "/")
 	reqUrl := fmt.Sprintf("%s%s", baseUrl, path)
@@ -288,12 +335,13 @@ func requestGateway[ResponseType any](
 		"X-Consumer-Groups":      "ns:default",
 	}

-	return requestAndParseResponse[ResponseType](ctx, reqUrl, headers, payload, logger)
+	return requestAndParseResponse[ResponseType](ctx, reqUrl, headers, payload)
 }

 func requestAndParseResponse[ResponseType any](
-	ctx context.Context, url string, headers map[string]string, payload any, logger *slog.Logger,
-) (*ResponseType, error) {
+	ctx context.Context, url string, headers map[string]string, payload any,
+) (*ResponseType, *basemodel.ApiError) {
+
 	reqMethod := http.MethodGet
 	var reqBody io.Reader
 	if payload != nil {
@@ -301,14 +349,18 @@ func requestAndParseResponse[ResponseType any](

 		bodyJson, err := json.Marshal(payload)
 		if err != nil {
-			return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't marshal payload")
+			return nil, basemodel.InternalError(fmt.Errorf(
+				"couldn't serialize request payload to JSON: %w", err,
+			))
 		}
-		reqBody = bytes.NewBuffer(bodyJson)
+		reqBody = bytes.NewBuffer([]byte(bodyJson))
 	}

 	req, err := http.NewRequestWithContext(ctx, reqMethod, url, reqBody)
 	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't create req")
+		return nil, basemodel.InternalError(fmt.Errorf(
+			"couldn't prepare request: %w", err,
+		))
 	}

 	for k, v := range headers {
@@ -321,26 +373,23 @@ func requestAndParseResponse[ResponseType any](

 	response, err := client.Do(req)
 	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't make req")
+		return nil, basemodel.InternalError(fmt.Errorf("couldn't make request: %w", err))
 	}

-	defer func() {
-		err = response.Body.Close()
-		if err != nil {
-			logger.ErrorContext(ctx, "couldn't close response body", "error", err)
-		}
-	}()
+	defer response.Body.Close()

 	respBody, err := io.ReadAll(response.Body)
 	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't read response body")
+		return nil, basemodel.InternalError(fmt.Errorf("couldn't read response: %w", err))
 	}

 	var resp ResponseType

 	err = json.Unmarshal(respBody, &resp)
 	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't unmarshal response body")
+		return nil, basemodel.InternalError(fmt.Errorf(
+			"couldn't unmarshal gateway response into %T", resp,
+		))
 	}

 	return &resp, nil
--- a/ee/query-service/app/server.go
+++ b/ee/query-service/app/server.go
@@ -38,6 +38,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/query-service/agentConf"
 	baseapp "github.com/SigNoz/signoz/pkg/query-service/app"
 	"github.com/SigNoz/signoz/pkg/query-service/app/clickhouseReader"
+	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/integrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/logparsingpipeline"
 	"github.com/SigNoz/signoz/pkg/query-service/app/opamp"
@@ -126,6 +127,13 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 		)
 	}

+	cloudIntegrationsController, err := cloudintegrations.NewController(signoz.SQLStore)
+	if err != nil {
+		return nil, fmt.Errorf(
+			"couldn't create cloud provider integrations controller: %w", err,
+		)
+	}
+
 	// ingestion pipelines manager
 	logParsingPipelineController, err := logparsingpipeline.NewLogParsingPipelinesController(
 		signoz.SQLStore,
@@ -159,12 +167,12 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 		RulesManager:                  rm,
 		UsageManager:                  usageManager,
 		IntegrationsController:        integrationsController,
+		CloudIntegrationsController:   cloudIntegrationsController,
 		LogsParsingPipelineController: logParsingPipelineController,
 		FluxInterval:                  config.Querier.FluxInterval,
 		Gateway:                       gatewayProxy,
 		GatewayUrl:                    config.Gateway.URL.String(),
 		GlobalConfig:                  config.Global,
-		Logger:                        signoz.Instrumentation.Logger(),
 	}

 	apiHandler, err := api.NewAPIHandler(apiOpts, signoz)
--- a/frontend/jest.config.ts
+++ b/frontend/jest.config.ts
@@ -17,8 +17,6 @@ const config: Config.InitialOptions = {
 		'^hooks/useSafeNavigate$': USE_SAFE_NAVIGATE_MOCK_PATH,
 		'^src/hooks/useSafeNavigate$': USE_SAFE_NAVIGATE_MOCK_PATH,
 		'^.*/useSafeNavigate$': USE_SAFE_NAVIGATE_MOCK_PATH,
-		'^@signozhq/icons$':
-			'<rootDir>/node_modules/@signozhq/icons/dist/index.esm.js',
 	},
 	globals: {
 		extensionsToTreatAsEsm: ['.ts'],
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -52,7 +52,6 @@
 		"@signozhq/combobox": "0.0.2",
 		"@signozhq/command": "0.0.0",
 		"@signozhq/design-tokens": "2.1.1",
-		"@signozhq/icons": "0.1.0",
 		"@signozhq/input": "0.0.2",
 		"@signozhq/popover": "0.0.0",
 		"@signozhq/resizable": "0.0.0",
--- a/frontend/public/locales/en/titles.json
+++ b/frontend/public/locales/en/titles.json
@@ -1,7 +1,6 @@
 {
 	"SIGN_UP": "SigNoz | Sign Up",
 	"LOGIN": "SigNoz | Login",
-	"FORGOT_PASSWORD": "SigNoz | Forgot Password",
 	"HOME": "SigNoz | Home",
 	"SERVICE_METRICS": "SigNoz | Service Metrics",
 	"SERVICE_MAP": "SigNoz | Service Map",
--- a/frontend/src/AppRoutes/pageComponents.ts
+++ b/frontend/src/AppRoutes/pageComponents.ts
@@ -194,10 +194,6 @@ export const Login = Loadable(
 	() => import(/* webpackChunkName: "Login" */ 'pages/Login'),
 );

-export const ForgotPassword = Loadable(
-	() => import(/* webpackChunkName: "ForgotPassword" */ 'pages/ForgotPassword'),
-);
-
 export const UnAuthorized = Loadable(
 	() => import(/* webpackChunkName: "UnAuthorized" */ 'pages/UnAuthorized'),
 );
--- a/frontend/src/AppRoutes/routes.ts
+++ b/frontend/src/AppRoutes/routes.ts
@@ -17,7 +17,6 @@ import {
 	DashboardWidget,
 	EditRulesPage,
 	ErrorDetails,
-	ForgotPassword,
 	Home,
 	InfrastructureMonitoring,
 	InstalledIntegrations,
@@ -340,13 +339,6 @@ const routes: AppRoutes[] = [
 		isPrivate: false,
 		key: 'LOGIN',
 	},
-	{
-		path: ROUTES.FORGOT_PASSWORD,
-		exact: true,
-		component: ForgotPassword,
-		isPrivate: false,
-		key: 'FORGOT_PASSWORD',
-	},
 	{
 		path: ROUTES.UN_AUTHORIZED,
 		exact: true,
--- a/frontend/src/auto-import-registry.d.ts
+++ b/frontend/src/auto-import-registry.d.ts
@@ -18,7 +18,6 @@ import '@signozhq/checkbox';
 import '@signozhq/combobox';
 import '@signozhq/command';
 import '@signozhq/design-tokens';
-import '@signozhq/icons';
 import '@signozhq/input';
 import '@signozhq/popover';
 import '@signozhq/resizable';
--- a/frontend/src/components/QuickFilters/FilterRenderers/Checkbox/Checkbox.tsx
+++ b/frontend/src/components/QuickFilters/FilterRenderers/Checkbox/Checkbox.tsx
@@ -648,13 +648,7 @@ export default function CheckboxFilter(props: ICheckboxProps): JSX.Element {
 											) : (
 												<Typography.Text
 													className="value-string"
-													ellipsis={{
-														tooltip: {
-															placement: 'top',
-															mouseEnterDelay: 0.2,
-															mouseLeaveDelay: 0,
-														},
-													}}
+													ellipsis={{ tooltip: { placement: 'top' } }}
 												>
 													{String(value)}
 												</Typography.Text>
--- a/frontend/src/constants/routes.ts
+++ b/frontend/src/constants/routes.ts
@@ -1,7 +1,6 @@
 const ROUTES = {
 	SIGN_UP: '/signup',
 	LOGIN: '/login',
-	FORGOT_PASSWORD: '/forgot-password',
 	HOME: '/home',
 	SERVICE_METRICS: '/services/:servicename',
 	SERVICE_TOP_LEVEL_OPERATIONS: '/services/:servicename/top-level-operations',
--- a/frontend/src/container/ApiMonitoring/Explorer/Domains/DomainList.tsx
+++ b/frontend/src/container/ApiMonitoring/Explorer/Domains/DomainList.tsx
@@ -1,7 +1,7 @@
 import { useCallback, useEffect, useMemo, useState } from 'react';
 import { useSelector } from 'react-redux';
 import { LoadingOutlined } from '@ant-design/icons';
-import { Spin, Table } from 'antd';
+import { Spin, Table, Typography } from 'antd';
 import logEvent from 'api/common/logEvent';
 import cx from 'classnames';
 import QuerySearch from 'components/QueryBuilderV2/QueryV2/QuerySearch/QuerySearch';
@@ -14,13 +14,11 @@ import { useQueryOperations } from 'hooks/queryBuilder/useQueryBuilderOperations
 import { useShareBuilderUrl } from 'hooks/queryBuilder/useShareBuilderUrl';
 import { useListOverview } from 'hooks/thirdPartyApis/useListOverview';
 import { get } from 'lodash-es';
-import { MoveUpRight } from 'lucide-react';
 import { AppState } from 'store/reducers';
 import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { HandleChangeQueryDataV5 } from 'types/common/operations.types';
 import { DataSource } from 'types/common/queryBuilder';
 import { GlobalReducer } from 'types/reducer/globalTime';
-import DOCLINKS from 'utils/docLinks';

 import { ApiMonitoringHardcodedAttributeKeys } from '../../constants';
 import { DEFAULT_PARAMS, useApiMonitoringParams } from '../../queryParams';
@@ -127,67 +125,51 @@ function DomainList(): JSX.Element {
 					hardcodedAttributeKeys={ApiMonitoringHardcodedAttributeKeys}
 				/>
 			</div>
-			{!isFetching && !isLoading && formattedDataForTable.length === 0 && (
-				<div className="no-filtered-domains-message-container">
-					<div className="no-filtered-domains-message-content">
-						<img
-							src="/Icons/emptyState.svg"
-							alt="thinking-emoji"
-							className="empty-state-svg"
-						/>
+			<Table
+				className={cx('api-monitoring-domain-list-table')}
+				dataSource={isFetching || isLoading ? [] : formattedDataForTable}
+				columns={columnsConfig}
+				loading={{
+					spinning: isFetching || isLoading,
+					indicator: <Spin indicator={<LoadingOutlined size={14} spin />} />,
+				}}
+				locale={{
+					emptyText:
+						isFetching || isLoading ? null : (
+							<div className="no-filtered-domains-message-container">
+								<div className="no-filtered-domains-message-content">
+									<img
+										src="/Icons/emptyState.svg"
+										alt="thinking-emoji"
+										className="empty-state-svg"
+									/>

-						<div className="no-filtered-domains-message">
-							<div className="no-domain-title">
-								No External API calls detected with applied filters.
+									<Typography.Text className="no-filtered-domains-message">
+										This query had no results. Edit your query and try again!
+									</Typography.Text>
+								</div>
 							</div>
-							<div className="no-domain-subtitle">
-								Ensure all HTTP client spans are being sent with kind as{' '}
-								<span className="attribute">Client</span> and url set in{' '}
-								<span className="attribute">url.full</span> or{' '}
-								<span className="attribute">http.url</span> attribute.
-							</div>
-							<a
-								href={DOCLINKS.EXTERNAL_API_MONITORING}
-								target="_blank"
-								rel="noreferrer"
-								className="external-api-doc-link"
-							>
-								Learn how External API monitoring works in SigNoz{' '}
-								<MoveUpRight size={14} />
-							</a>
-						</div>
-					</div>
-				</div>
-			)}
-			{(isFetching || isLoading || formattedDataForTable.length > 0) && (
-				<Table
-					className="api-monitoring-domain-list-table"
-					dataSource={isFetching || isLoading ? [] : formattedDataForTable}
-					columns={columnsConfig}
-					loading={{
-						spinning: isFetching || isLoading,
-						indicator: <Spin indicator={<LoadingOutlined size={14} spin />} />,
-					}}
-					scroll={{ x: true }}
-					tableLayout="fixed"
-					onRow={(record, index): { onClick: () => void; className: string } => ({
-						onClick: (): void => {
-							if (index !== undefined) {
-								const dataIndex = formattedDataForTable.findIndex(
-									(item) => item.key === record.key,
-								);
-								setSelectedDomainIndex(dataIndex);
-								setParams({ selectedDomain: record.domainName });
-								logEvent('API Monitoring: Domain name row clicked', {});
-							}
-						},
-						className: 'expanded-clickable-row',
-					})}
-					rowClassName={(_, index): string =>
-						index % 2 === 0 ? 'table-row-dark' : 'table-row-light'
-					}
-				/>
-			)}
+						),
+				}}
+				scroll={{ x: true }}
+				tableLayout="fixed"
+				onRow={(record, index): { onClick: () => void; className: string } => ({
+					onClick: (): void => {
+						if (index !== undefined) {
+							const dataIndex = formattedDataForTable.findIndex(
+								(item) => item.key === record.key,
+							);
+							setSelectedDomainIndex(dataIndex);
+							setParams({ selectedDomain: record.domainName });
+							logEvent('API Monitoring: Domain name row clicked', {});
+						}
+					},
+					className: 'expanded-clickable-row',
+				})}
+				rowClassName={(_, index): string =>
+					index % 2 === 0 ? 'table-row-dark' : 'table-row-light'
+				}
+			/>
 			{selectedDomainIndex !== -1 && (
 				<DomainDetails
 					domainData={formattedDataForTable[selectedDomainIndex]}
--- a/frontend/src/container/ApiMonitoring/Explorer/Explorer.styles.scss
+++ b/frontend/src/container/ApiMonitoring/Explorer/Explorer.styles.scss
@@ -180,59 +180,10 @@

 	.no-filtered-domains-message {
 		margin-top: 8px;
-		display: flex;
-		gap: 8px;
-		flex-direction: column;
-
-		.no-domain-title {
-			color: var(--bg-vanilla-100, #fff);
-			font-family: Inter;
-			font-size: 14px;
-			font-style: normal;
-			font-weight: 500;
-			line-height: 20px; /* 142.857% */
-		}
-
-		.no-domain-subtitle {
-			color: var(--bg-vanilla-400, #c0c1c3);
-			font-family: Inter;
-			font-size: 14px;
-			font-style: normal;
-			font-weight: 400;
-			line-height: 20px; /* 142.857% */
-
-			.attribute {
-				font-family: 'Space Mono';
-			}
-		}
-
-		.external-api-doc-link {
-			display: flex;
-			flex-direction: row;
-			gap: 4px;
-			align-items: center;
-		}
 	}
 }

 .lightMode {
-	.no-filtered-domains-message-container {
-		.no-filtered-domains-message-content {
-			.no-filtered-domains-message {
-				.no-domain-title {
-					color: var(--text-ink-500);
-				}
-
-				.no-domain-subtitle {
-					color: var(--text-ink-400);
-
-					.attribute {
-						font-family: 'Space Mono';
-					}
-				}
-			}
-		}
-	}
 	.api-monitoring-domain-list-table {
 		.ant-table {
 			.ant-table-thead > tr > th {
--- a/frontend/src/container/ForgotPassword/ForgotPassword.styles.scss
+++ b/frontend/src/container/ForgotPassword/ForgotPassword.styles.scss
@@ -1,93 +0,0 @@
-.forgot-password-title {
-	font-family: var(--label-large-600-font-family);
-	font-size: var(--label-large-600-font-size);
-	font-weight: var(--label-large-600-font-weight);
-	letter-spacing: var(--label-large-600-letter-spacing);
-	line-height: 1.45;
-	color: var(--l1-foreground);
-	margin: 0;
-}
-
-.forgot-password-description {
-	font-family: var(--paragraph-base-400-font-family);
-	font-size: var(--paragraph-base-400-font-size);
-	font-weight: var(--paragraph-base-400-font-weight);
-	line-height: var(--paragraph-base-400-line-height);
-	letter-spacing: -0.065px;
-	color: var(--l2-foreground);
-	margin: 0;
-	text-align: center;
-	max-width: 317px;
-}
-
-.forgot-password-form {
-	width: 100%;
-
-	// Label styling
-	.forgot-password-label {
-		font-family: Inter, sans-serif;
-		font-size: 13px;
-		font-weight: 600;
-		line-height: 1;
-		letter-spacing: -0.065px;
-		color: var(--l1-foreground);
-		margin-bottom: 12px;
-		display: block;
-
-		.lightMode & {
-			color: var(--text-ink-500);
-		}
-	}
-
-	// Parent container for fields
-	.forgot-password-field {
-		width: 100%;
-		display: flex;
-		flex-direction: column;
-	}
-
-	&.ant-form {
-		display: flex;
-		flex-direction: column;
-		align-items: flex-start;
-
-		.ant-form-item {
-			margin-bottom: 0px;
-			width: 100%;
-		}
-	}
-}
-
-.forgot-password-actions {
-	display: flex;
-	gap: 12px;
-	width: 100%;
-
-	> .forgot-password-back-button,
-	> .login-submit-btn {
-		flex: 1 1 0%;
-	}
-}
-
-.forgot-password-back-button {
-	height: 32px;
-	padding: 10px 16px;
-	border-radius: 2px;
-	font-family: Inter, sans-serif;
-	font-size: 11px;
-	font-weight: 500;
-	line-height: 1;
-	display: flex;
-	align-items: center;
-	justify-content: center;
-	gap: 8px;
-	background: var(--l3-background);
-	border: 1px solid var(--l3-border);
-	color: var(--l1-foreground);
-
-	&:hover:not(:disabled) {
-		background: var(--l3-border);
-		border-color: var(--l3-border);
-		opacity: 0.9;
-	}
-}
--- a/frontend/src/container/ForgotPassword/SuccessScreen.tsx
+++ b/frontend/src/container/ForgotPassword/SuccessScreen.tsx
@@ -1,41 +0,0 @@
-import { Button } from '@signozhq/button';
-import { ArrowLeft, Mail } from '@signozhq/icons';
-
-interface SuccessScreenProps {
-	onBackToLogin: () => void;
-}
-
-function SuccessScreen({ onBackToLogin }: SuccessScreenProps): JSX.Element {
-	return (
-		<div className="login-form-container">
-			<div className="forgot-password-form">
-				<div className="login-form-header">
-					<div className="login-form-emoji">
-						<Mail size={32} />
-					</div>
-					<h4 className="forgot-password-title">Check your email</h4>
-					<p className="forgot-password-description">
-						We&apos;ve sent a password reset link to your email. Please check your
-						inbox and follow the instructions to reset your password.
-					</p>
-				</div>
-
-				<div className="login-form-actions forgot-password-actions">
-					<Button
-						variant="solid"
-						color="primary"
-						type="button"
-						data-testid="back-to-login"
-						className="login-submit-btn"
-						onClick={onBackToLogin}
-						prefixIcon={<ArrowLeft size={12} />}
-					>
-						Back to login
-					</Button>
-				</div>
-			</div>
-		</div>
-	);
-}
-
-export default SuccessScreen;
--- a/frontend/src/container/ForgotPassword/tests/ForgotPassword.test.tsx
+++ b/frontend/src/container/ForgotPassword/tests/ForgotPassword.test.tsx
@@ -1,402 +0,0 @@
-import ROUTES from 'constants/routes';
-import history from 'lib/history';
-import {
-	createErrorResponse,
-	handleInternalServerError,
-	rest,
-	server,
-} from 'mocks-server/server';
-import { render, screen, userEvent, waitFor } from 'tests/test-utils';
-import { OrgSessionContext } from 'types/api/v2/sessions/context/get';
-
-import ForgotPassword, { ForgotPasswordRouteState } from '../index';
-
-// Mock dependencies
-jest.mock('lib/history', () => ({
-	__esModule: true,
-	default: {
-		push: jest.fn(),
-		location: {
-			search: '',
-		},
-	},
-}));
-
-const mockHistoryPush = history.push as jest.MockedFunction<
-	typeof history.push
->;
-
-const FORGOT_PASSWORD_ENDPOINT = '*/api/v2/factor_password/forgot';
-
-// Mock data
-const mockSingleOrg: OrgSessionContext[] = [
-	{
-		id: 'org-1',
-		name: 'Test Organization',
-		authNSupport: {
-			password: [{ provider: 'email_password' }],
-			callback: [],
-		},
-	},
-];
-
-const mockMultipleOrgs: OrgSessionContext[] = [
-	{
-		id: 'org-1',
-		name: 'Organization One',
-		authNSupport: {
-			password: [{ provider: 'email_password' }],
-			callback: [],
-		},
-	},
-	{
-		id: 'org-2',
-		name: 'Organization Two',
-		authNSupport: {
-			password: [{ provider: 'email_password' }],
-			callback: [],
-		},
-	},
-];
-
-const TEST_EMAIL = 'jest.test@signoz.io';
-
-const defaultProps: ForgotPasswordRouteState = {
-	email: TEST_EMAIL,
-	orgs: mockSingleOrg,
-};
-
-const multiOrgProps: ForgotPasswordRouteState = {
-	email: TEST_EMAIL,
-	orgs: mockMultipleOrgs,
-};
-
-describe('ForgotPassword Component', () => {
-	beforeEach(() => {
-		jest.clearAllMocks();
-	});
-
-	afterEach(() => {
-		server.resetHandlers();
-	});
-
-	describe('Initial Render', () => {
-		it('renders forgot password form with all required elements', () => {
-			render(<ForgotPassword {...defaultProps} />);
-
-			expect(screen.getByText(/forgot your password\?/i)).toBeInTheDocument();
-			expect(
-				screen.getByText(/send a reset link to your inbox/i),
-			).toBeInTheDocument();
-			expect(screen.getByTestId('email')).toBeInTheDocument();
-			expect(screen.getByTestId('forgot-password-submit')).toBeInTheDocument();
-			expect(screen.getByTestId('forgot-password-back')).toBeInTheDocument();
-		});
-
-		it('pre-fills email from props', () => {
-			render(<ForgotPassword {...defaultProps} />);
-
-			const emailInput = screen.getByTestId('email');
-			expect(emailInput).toHaveValue(TEST_EMAIL);
-		});
-
-		it('disables email input field', () => {
-			render(<ForgotPassword {...defaultProps} />);
-
-			const emailInput = screen.getByTestId('email');
-			expect(emailInput).toBeDisabled();
-		});
-
-		it('does not show organization dropdown for single org', () => {
-			render(<ForgotPassword {...defaultProps} />);
-
-			expect(screen.queryByTestId('orgId')).not.toBeInTheDocument();
-			expect(screen.queryByText('Organization Name')).not.toBeInTheDocument();
-		});
-
-		it('enables submit button when email is provided with single org', () => {
-			render(<ForgotPassword {...defaultProps} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			expect(submitButton).not.toBeDisabled();
-		});
-	});
-
-	describe('Multiple Organizations', () => {
-		it('shows organization dropdown when multiple orgs exist', () => {
-			render(<ForgotPassword {...multiOrgProps} />);
-
-			expect(screen.getByTestId('orgId')).toBeInTheDocument();
-			expect(screen.getByText('Organization Name')).toBeInTheDocument();
-		});
-
-		it('disables submit button when org is not selected', () => {
-			const propsWithoutOrgId: ForgotPasswordRouteState = {
-				email: TEST_EMAIL,
-				orgs: mockMultipleOrgs,
-			};
-
-			render(<ForgotPassword {...propsWithoutOrgId} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			expect(submitButton).toBeDisabled();
-		});
-
-		it('enables submit button after selecting an organization', async () => {
-			const user = userEvent.setup({ pointerEventsCheck: 0 });
-
-			render(<ForgotPassword {...multiOrgProps} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			expect(submitButton).toBeDisabled();
-
-			// Click on the dropdown to reveal the options
-			await user.click(screen.getByRole('combobox'));
-			await user.click(screen.getByText('Organization One'));
-
-			await waitFor(() => {
-				expect(submitButton).not.toBeDisabled();
-			});
-		});
-
-		it('pre-selects organization when orgId is provided', () => {
-			const propsWithOrgId: ForgotPasswordRouteState = {
-				email: TEST_EMAIL,
-				orgId: 'org-1',
-				orgs: mockMultipleOrgs,
-			};
-
-			render(<ForgotPassword {...propsWithOrgId} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			expect(submitButton).not.toBeDisabled();
-		});
-	});
-
-	describe('Form Submission - Success', () => {
-		it('successfully submits forgot password request and shows success screen', async () => {
-			const user = userEvent.setup({ pointerEventsCheck: 0 });
-
-			server.use(
-				rest.post(FORGOT_PASSWORD_ENDPOINT, (_req, res, ctx) =>
-					res(ctx.status(200), ctx.json({ status: 'success' })),
-				),
-			);
-
-			render(<ForgotPassword {...defaultProps} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			await user.click(submitButton);
-
-			expect(await screen.findByText(/check your email/i)).toBeInTheDocument();
-			expect(
-				screen.getByText(/we've sent a password reset link/i),
-			).toBeInTheDocument();
-		});
-
-		it('shows back to login button on success screen', async () => {
-			const user = userEvent.setup({ pointerEventsCheck: 0 });
-
-			server.use(
-				rest.post(FORGOT_PASSWORD_ENDPOINT, (_req, res, ctx) =>
-					res(ctx.status(200), ctx.json({ status: 'success' })),
-				),
-			);
-
-			render(<ForgotPassword {...defaultProps} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			await user.click(submitButton);
-
-			expect(await screen.findByTestId('back-to-login')).toBeInTheDocument();
-		});
-
-		it('redirects to login when clicking back to login on success screen', async () => {
-			const user = userEvent.setup({ pointerEventsCheck: 0 });
-
-			server.use(
-				rest.post(FORGOT_PASSWORD_ENDPOINT, (_req, res, ctx) =>
-					res(ctx.status(200), ctx.json({ status: 'success' })),
-				),
-			);
-
-			render(<ForgotPassword {...defaultProps} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			await user.click(submitButton);
-
-			expect(await screen.findByTestId('back-to-login')).toBeInTheDocument();
-
-			const backToLoginButton = screen.getByTestId('back-to-login');
-			await user.click(backToLoginButton);
-
-			expect(mockHistoryPush).toHaveBeenCalledWith(ROUTES.LOGIN);
-		});
-	});
-
-	describe('Form Submission - Error Handling', () => {
-		it('displays error message when forgot password API fails', async () => {
-			const user = userEvent.setup({ pointerEventsCheck: 0 });
-
-			server.use(
-				rest.post(
-					FORGOT_PASSWORD_ENDPOINT,
-					createErrorResponse(400, 'USER_NOT_FOUND', 'User not found'),
-				),
-			);
-
-			render(<ForgotPassword {...defaultProps} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			await user.click(submitButton);
-
-			expect(await screen.findByText(/user not found/i)).toBeInTheDocument();
-		});
-
-		it('displays error message when API returns server error', async () => {
-			const user = userEvent.setup({ pointerEventsCheck: 0 });
-
-			server.use(rest.post(FORGOT_PASSWORD_ENDPOINT, handleInternalServerError));
-
-			render(<ForgotPassword {...defaultProps} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			await user.click(submitButton);
-
-			expect(
-				await screen.findByText(/internal server error occurred/i),
-			).toBeInTheDocument();
-		});
-
-		it('clears error message on new submission attempt', async () => {
-			const user = userEvent.setup({ pointerEventsCheck: 0 });
-			let requestCount = 0;
-
-			server.use(
-				rest.post(FORGOT_PASSWORD_ENDPOINT, (_req, res, ctx) => {
-					requestCount += 1;
-					if (requestCount === 1) {
-						return res(
-							ctx.status(400),
-							ctx.json({
-								error: {
-									code: 'USER_NOT_FOUND',
-									message: 'User not found',
-								},
-							}),
-						);
-					}
-					return res(ctx.status(200), ctx.json({ status: 'success' }));
-				}),
-			);
-
-			render(<ForgotPassword {...defaultProps} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			await user.click(submitButton);
-
-			expect(await screen.findByText(/user not found/i)).toBeInTheDocument();
-
-			// Click submit again
-			await user.click(submitButton);
-
-			await waitFor(() => {
-				expect(screen.queryByText(/user not found/i)).not.toBeInTheDocument();
-			});
-			expect(await screen.findByText(/check your email/i)).toBeInTheDocument();
-		});
-	});
-
-	describe('Navigation', () => {
-		it('redirects to login when clicking back button on form', async () => {
-			const user = userEvent.setup({ pointerEventsCheck: 0 });
-
-			render(<ForgotPassword {...defaultProps} />);
-
-			const backButton = screen.getByTestId('forgot-password-back');
-			await user.click(backButton);
-
-			expect(mockHistoryPush).toHaveBeenCalledWith(ROUTES.LOGIN);
-		});
-	});
-
-	describe('Loading States', () => {
-		it('shows loading state during API call', async () => {
-			const user = userEvent.setup({ pointerEventsCheck: 0 });
-
-			server.use(
-				rest.post(FORGOT_PASSWORD_ENDPOINT, (_req, res, ctx) =>
-					res(ctx.delay(100), ctx.status(200), ctx.json({ status: 'success' })),
-				),
-			);
-
-			render(<ForgotPassword {...defaultProps} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			await user.click(submitButton);
-
-			// Button should show loading state
-			expect(await screen.findByText(/sending\.\.\./i)).toBeInTheDocument();
-		});
-
-		it('disables submit button during loading', async () => {
-			const user = userEvent.setup({ pointerEventsCheck: 0 });
-
-			server.use(
-				rest.post(FORGOT_PASSWORD_ENDPOINT, (_req, res, ctx) =>
-					res(ctx.delay(100), ctx.status(200), ctx.json({ status: 'success' })),
-				),
-			);
-
-			render(<ForgotPassword {...defaultProps} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			await user.click(submitButton);
-
-			await waitFor(() => {
-				expect(submitButton).toBeDisabled();
-			});
-		});
-	});
-
-	describe('Edge Cases', () => {
-		it('handles empty email gracefully', () => {
-			const propsWithEmptyEmail: ForgotPasswordRouteState = {
-				email: '',
-				orgs: mockSingleOrg,
-			};
-
-			render(<ForgotPassword {...propsWithEmptyEmail} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			expect(submitButton).toBeDisabled();
-		});
-
-		it('handles whitespace-only email', () => {
-			const propsWithWhitespaceEmail: ForgotPasswordRouteState = {
-				email: '   ',
-				orgs: mockSingleOrg,
-			};
-
-			render(<ForgotPassword {...propsWithWhitespaceEmail} />);
-
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			expect(submitButton).toBeDisabled();
-		});
-
-		it('handles empty orgs array by disabling submission', () => {
-			const propsWithNoOrgs: ForgotPasswordRouteState = {
-				email: TEST_EMAIL,
-				orgs: [],
-			};
-
-			render(<ForgotPassword {...propsWithNoOrgs} />);
-
-			// Should not show org dropdown
-			expect(screen.queryByTestId('orgId')).not.toBeInTheDocument();
-			// Submit should be disabled because no orgId can be determined
-			const submitButton = screen.getByTestId('forgot-password-submit');
-			expect(submitButton).toBeDisabled();
-		});
-	});
-});
--- a/frontend/src/container/ForgotPassword/index.tsx
+++ b/frontend/src/container/ForgotPassword/index.tsx
@@ -1,217 +0,0 @@
-import { useCallback, useEffect, useMemo } from 'react';
-import { Button } from '@signozhq/button';
-import { ArrowLeft, ArrowRight } from '@signozhq/icons';
-import { Input } from '@signozhq/input';
-import { Form, Select } from 'antd';
-import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
-import { useForgotPassword } from 'api/generated/services/users';
-import { AxiosError } from 'axios';
-import AuthError from 'components/AuthError/AuthError';
-import ROUTES from 'constants/routes';
-import history from 'lib/history';
-import { ErrorV2Resp } from 'types/api';
-import APIError from 'types/api/error';
-import { OrgSessionContext } from 'types/api/v2/sessions/context/get';
-
-import SuccessScreen from './SuccessScreen';
-
-import './ForgotPassword.styles.scss';
-import 'container/Login/Login.styles.scss';
-
-type FormValues = {
-	email: string;
-	orgId: string;
-};
-
-export type ForgotPasswordRouteState = {
-	email: string;
-	orgId?: string;
-	orgs: OrgSessionContext[];
-};
-
-function ForgotPassword({
-	email,
-	orgId,
-	orgs,
-}: ForgotPasswordRouteState): JSX.Element {
-	const [form] = Form.useForm<FormValues>();
-	const {
-		mutate: forgotPasswordMutate,
-		isLoading,
-		isSuccess,
-		error: mutationError,
-	} = useForgotPassword();
-
-	const errorMessage = useMemo(() => {
-		if (!mutationError) {
-			return undefined;
-		}
-
-		try {
-			ErrorResponseHandlerV2(mutationError as AxiosError<ErrorV2Resp>);
-		} catch (apiError) {
-			return apiError as APIError;
-		}
-	}, [mutationError]);
-
-	const initialOrgId = useMemo((): string | undefined => {
-		if (orgId) {
-			return orgId;
-		}
-
-		if (orgs.length === 1) {
-			return orgs[0]?.id;
-		}
-
-		return undefined;
-	}, [orgId, orgs]);
-
-	const watchedEmail = Form.useWatch('email', form);
-	const selectedOrgId = Form.useWatch('orgId', form);
-
-	useEffect(() => {
-		form.setFieldsValue({
-			email,
-			orgId: initialOrgId,
-		});
-	}, [email, form, initialOrgId]);
-
-	const hasMultipleOrgs = orgs.length > 1;
-
-	const isSubmitEnabled = useMemo((): boolean => {
-		if (isLoading) {
-			return false;
-		}
-
-		if (!watchedEmail?.trim()) {
-			return false;
-		}
-
-		// Ensure we have an orgId (either selected from dropdown or the initial one)
-		const currentOrgId = hasMultipleOrgs ? selectedOrgId : initialOrgId;
-		return Boolean(currentOrgId);
-	}, [watchedEmail, selectedOrgId, isLoading, initialOrgId, hasMultipleOrgs]);
-
-	const handleSubmit = useCallback((): void => {
-		const values = form.getFieldsValue();
-		const currentOrgId = hasMultipleOrgs ? values.orgId : initialOrgId;
-
-		if (!currentOrgId) {
-			return;
-		}
-
-		// Call the forgot password API
-		forgotPasswordMutate({
-			data: {
-				email: values.email,
-				orgId: currentOrgId,
-				frontendBaseURL: window.location.origin,
-			},
-		});
-	}, [form, forgotPasswordMutate, initialOrgId, hasMultipleOrgs]);
-
-	const handleBackToLogin = useCallback((): void => {
-		history.push(ROUTES.LOGIN);
-	}, []);
-
-	// Success screen
-	if (isSuccess) {
-		return <SuccessScreen onBackToLogin={handleBackToLogin} />;
-	}
-
-	// Form screen
-	return (
-		<div className="login-form-container">
-			<Form
-				form={form}
-				onFinish={handleSubmit}
-				className="forgot-password-form"
-				initialValues={{
-					email,
-					orgId: initialOrgId,
-				}}
-			>
-				<div className="login-form-header">
-					<div className="login-form-emoji">
-						<img src="/svgs/tv.svg" alt="TV" width="32" height="32" />
-					</div>
-					<h4 className="forgot-password-title">Forgot your password?</h4>
-					<p className="forgot-password-description">
-						Send a reset link to your inbox and get back to monitoring.
-					</p>
-				</div>
-
-				<div className="login-form-card">
-					<div className="forgot-password-field">
-						<label className="forgot-password-label" htmlFor="forgotPasswordEmail">
-							Email address
-						</label>
-						<Form.Item name="email">
-							<Input
-								type="email"
-								id="forgotPasswordEmail"
-								data-testid="email"
-								required
-								disabled
-								className="login-form-input"
-							/>
-						</Form.Item>
-					</div>
-
-					{hasMultipleOrgs && (
-						<div className="forgot-password-field">
-							<label className="forgot-password-label" htmlFor="orgId">
-								Organization Name
-							</label>
-							<Form.Item
-								name="orgId"
-								rules={[{ required: true, message: 'Please select your organization' }]}
-							>
-								<Select
-									id="orgId"
-									data-testid="orgId"
-									className="login-form-input login-form-select-no-border"
-									placeholder="Select your organization"
-									options={orgs.map((org) => ({
-										value: org.id,
-										label: org.name || 'default',
-									}))}
-								/>
-							</Form.Item>
-						</div>
-					)}
-				</div>
-
-				{errorMessage && <AuthError error={errorMessage} />}
-
-				<div className="login-form-actions forgot-password-actions">
-					<Button
-						variant="solid"
-						type="button"
-						data-testid="forgot-password-back"
-						className="forgot-password-back-button"
-						onClick={handleBackToLogin}
-						prefixIcon={<ArrowLeft size={12} />}
-					>
-						Back to login
-					</Button>
-
-					<Button
-						disabled={!isSubmitEnabled}
-						loading={isLoading}
-						variant="solid"
-						color="primary"
-						type="submit"
-						data-testid="forgot-password-submit"
-						className="login-submit-btn"
-						suffixIcon={<ArrowRight size={12} />}
-					>
-						{isLoading ? 'Sending...' : 'Send reset link'}
-					</Button>
-				</div>
-			</Form>
-		</div>
-	);
-}
-
-export default ForgotPassword;
--- a/frontend/src/container/IngestionSettings/MultiIngestionSettings.tsx
+++ b/frontend/src/container/IngestionSettings/MultiIngestionSettings.tsx
@@ -2,6 +2,7 @@
 /* eslint-disable jsx-a11y/click-events-have-key-events */
 import { ChangeEvent, useCallback, useEffect, useState } from 'react';
 import { useTranslation } from 'react-i18next';
+import { useMutation } from 'react-query';
 import { useHistory } from 'react-router-dom';
 import { useCopyToClipboard } from 'react-use';
 import { Color } from '@signozhq/design-tokens';
@@ -26,20 +27,12 @@ import {
 } from 'antd';
 import { NotificationInstance } from 'antd/es/notification/interface';
 import { CollapseProps } from 'antd/lib';
-import {
-	useCreateIngestionKey,
-	useCreateIngestionKeyLimit,
-	useDeleteIngestionKey,
-	useDeleteIngestionKeyLimit,
-	useGetIngestionKeys,
-	useSearchIngestionKeys,
-	useUpdateIngestionKey,
-	useUpdateIngestionKeyLimit,
-} from 'api/generated/services/gateway';
-import {
-	GatewaytypesIngestionKeyDTO,
-	RenderErrorResponseDTO,
-} from 'api/generated/services/sigNoz.schemas';
+import createIngestionKeyApi from 'api/IngestionKeys/createIngestionKey';
+import deleteIngestionKey from 'api/IngestionKeys/deleteIngestionKey';
+import createLimitForIngestionKeyApi from 'api/IngestionKeys/limits/createLimitsForKey';
+import deleteLimitsForIngestionKey from 'api/IngestionKeys/limits/deleteLimitsForIngestionKey';
+import updateLimitForIngestionKeyApi from 'api/IngestionKeys/limits/updateLimitsForIngestionKey';
+import updateIngestionKey from 'api/IngestionKeys/updateIngestionKey';
 import { AxiosError } from 'axios';
 import { getYAxisFormattedValue } from 'components/Graph/yAxisConfig';
 import Tags from 'components/Tags/Tags';
@@ -51,6 +44,7 @@ import ROUTES from 'constants/routes';
 import { INITIAL_ALERT_THRESHOLD_STATE } from 'container/CreateAlertV2/context/constants';
 import dayjs from 'dayjs';
 import { useGetGlobalConfig } from 'hooks/globalConfig/useGetGlobalConfig';
+import { useGetAllIngestionsKeys } from 'hooks/IngestionKeys/useGetAllIngestionKeys';
 import useDebouncedFn from 'hooks/useDebouncedFunction';
 import { useNotifications } from 'hooks/useNotifications';
 import { cloneDeep, isNil, isUndefined } from 'lodash-es';
@@ -72,12 +66,16 @@ import {
 } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';
 import { useTimezone } from 'providers/Timezone';
+import { ErrorResponse } from 'types/api';
 import {
 	AddLimitProps,
 	LimitProps,
 	UpdateLimitProps,
 } from 'types/api/ingestionKeys/limits/types';
-import { PaginationProps } from 'types/api/ingestionKeys/types';
+import {
+	IngestionKeyProps,
+	PaginationProps,
+} from 'types/api/ingestionKeys/types';
 import { MeterAggregateOperator } from 'types/common/queryBuilder';
 import { USER_ROLES } from 'types/roles';
 import { getDaysUntilExpiry } from 'utils/timeUtils';
@@ -88,10 +86,6 @@ const { Option } = Select;

 const BYTES = 1073741824;

-const INITIAL_PAGE_SIZE = 10;
-const SEARCH_PAGE_SIZE = 100;
-const FIRST_PAGE = 1;
-
 const COUNT_MULTIPLIER = {
 	thousand: 1000,
 	million: 1000000,
@@ -117,8 +111,6 @@ export const showErrorNotification = (
 ): void => {
 	notifications.error({
 		message: err.message || SOMETHING_WENT_WRONG,
-		description: (err as AxiosError<RenderErrorResponseDTO>).response?.data?.error
-			?.message,
 	});
 };

@@ -171,20 +163,15 @@ function MultiIngestionSettings(): JSX.Element {
 	const [updatedTags, setUpdatedTags] = useState<string[]>([]);
 	const [isEditModalOpen, setIsEditModalOpen] = useState(false);
 	const [isEditAddLimitOpen, setIsEditAddLimitOpen] = useState(false);
-	const [
-		activeAPIKey,
-		setActiveAPIKey,
-	] = useState<GatewaytypesIngestionKeyDTO | null>(null);
+	const [activeAPIKey, setActiveAPIKey] = useState<IngestionKeyProps | null>();
 	const [activeSignal, setActiveSignal] = useState<LimitProps | null>(null);

 	const [searchValue, setSearchValue] = useState<string>('');
 	const [searchText, setSearchText] = useState<string>('');
-	const [dataSource, setDataSource] = useState<GatewaytypesIngestionKeyDTO[]>(
-		[],
-	);
+	const [dataSource, setDataSource] = useState<IngestionKeyProps[]>([]);
 	const [paginationParams, setPaginationParams] = useState<PaginationProps>({
-		page: FIRST_PAGE,
-		per_page: INITIAL_PAGE_SIZE,
+		page: 1,
+		per_page: 10,
 	});

 	const [totalIngestionKeys, setTotalIngestionKeys] = useState(0);
@@ -199,7 +186,7 @@ function MultiIngestionSettings(): JSX.Element {
 	const [
 		createLimitForIngestionKeyError,
 		setCreateLimitForIngestionKeyError,
-	] = useState<string | null>(null);
+	] = useState<ErrorResponse | null>(null);

 	const [
 		hasUpdateLimitForIngestionKeyError,
@@ -209,7 +196,7 @@ function MultiIngestionSettings(): JSX.Element {
 	const [
 		updateLimitForIngestionKeyError,
 		setUpdateLimitForIngestionKeyError,
-	] = useState<string | null>(null);
+	] = useState<ErrorResponse | null>(null);

 	const { t } = useTranslation(['ingestionKeys']);

@@ -229,11 +216,7 @@ function MultiIngestionSettings(): JSX.Element {
 		handleFormReset();
 	};

-	const showDeleteModal = (apiKey: GatewaytypesIngestionKeyDTO): void => {
-		setHasCreateLimitForIngestionKeyError(false);
-		setCreateLimitForIngestionKeyError(null);
-		setHasUpdateLimitForIngestionKeyError(false);
-		setUpdateLimitForIngestionKeyError(null);
+	const showDeleteModal = (apiKey: IngestionKeyProps): void => {
 		setActiveAPIKey(apiKey);
 		setIsDeleteModalOpen(true);
 	};
@@ -250,11 +233,7 @@ function MultiIngestionSettings(): JSX.Element {
 		setIsAddModalOpen(false);
 	};

-	const showEditModal = (apiKey: GatewaytypesIngestionKeyDTO): void => {
-		setHasCreateLimitForIngestionKeyError(false);
-		setCreateLimitForIngestionKeyError(null);
-		setHasUpdateLimitForIngestionKeyError(false);
-		setUpdateLimitForIngestionKeyError(null);
+	const showEditModal = (apiKey: IngestionKeyProps): void => {
 		setActiveAPIKey(apiKey);
 		handleFormReset();
 		setUpdatedTags(apiKey.tags || []);
@@ -269,10 +248,6 @@ function MultiIngestionSettings(): JSX.Element {
 	};

 	const showAddModal = (): void => {
-		setHasCreateLimitForIngestionKeyError(false);
-		setCreateLimitForIngestionKeyError(null);
-		setHasUpdateLimitForIngestionKeyError(false);
-		setUpdateLimitForIngestionKeyError(null);
 		setUpdatedTags([]);
 		setActiveAPIKey(null);
 		setIsAddModalOpen(true);
@@ -283,62 +258,27 @@ function MultiIngestionSettings(): JSX.Element {
 		setActiveSignal(null);
 	};

-	// Use search API when searchText is present, otherwise use normal get API
-	const isSearching = searchText.length > 0;
-
 	const {
-		data: ingestionKeysData,
-		isLoading: isLoadingGet,
-		isRefetching: isRefetchingGet,
-		refetch: refetchGetAPIKeys,
-		error: getError,
-		isError: isGetError,
-	} = useGetIngestionKeys(
-		{
-			...paginationParams,
-		},
-		{
-			query: {
-				enabled: !isSearching,
-			},
-		},
-	);
-
-	const {
-		data: searchIngestionKeysData,
-		isLoading: isLoadingSearch,
-		isRefetching: isRefetchingSearch,
-		refetch: refetchSearchAPIKeys,
-		error: searchError,
-		isError: isSearchError,
-	} = useSearchIngestionKeys(
-		{
-			page: FIRST_PAGE,
-			per_page: SEARCH_PAGE_SIZE,
-			name: searchText,
-		},
-		{
-			query: {
-				enabled: isSearching,
-			},
-		},
-	);
-
-	// Use the appropriate data based on which API is active
-	const ingestionKeys = isSearching
-		? searchIngestionKeysData
-		: ingestionKeysData;
-	const isLoading = isSearching ? isLoadingSearch : isLoadingGet;
-	const isRefetching = isSearching ? isRefetchingSearch : isRefetchingGet;
-	const refetchAPIKeys = isSearching ? refetchSearchAPIKeys : refetchGetAPIKeys;
-	const error = isSearching ? searchError : getError;
-	const isError = isSearching ? isSearchError : isGetError;
+		data: IngestionKeys,
+		isLoading,
+		isRefetching,
+		refetch: refetchAPIKeys,
+		error,
+		isError,
+	} = useGetAllIngestionsKeys({
+		search: searchText,
+		...paginationParams,
+	});

 	useEffect(() => {
-		setDataSource(ingestionKeys?.data.data?.keys || []);
-		setTotalIngestionKeys(ingestionKeys?.data?.data?._pagination?.total || 0);
+		setActiveAPIKey(IngestionKeys?.data.data[0]);
+	}, [IngestionKeys]);
+
+	useEffect(() => {
+		setDataSource(IngestionKeys?.data.data || []);
+		setTotalIngestionKeys(IngestionKeys?.data?._pagination?.total || 0);
 		// eslint-disable-next-line react-hooks/exhaustive-deps
-	}, [ingestionKeys?.data?.data]);
+	}, [IngestionKeys?.data?.data]);

 	useEffect(() => {
 		if (isError) {
@@ -357,7 +297,6 @@ function MultiIngestionSettings(): JSX.Element {

 	const clearSearch = (): void => {
 		setSearchValue('');
-		setSearchText('');
 	};

 	const {
@@ -370,54 +309,101 @@ function MultiIngestionSettings(): JSX.Element {
 	const {
 		mutate: createIngestionKey,
 		isLoading: isLoadingCreateAPIKey,
-	} = useCreateIngestionKey<AxiosError<RenderErrorResponseDTO>>();
+	} = useMutation(createIngestionKeyApi, {
+		onSuccess: (data) => {
+			setActiveAPIKey(data.payload);
+			setUpdatedTags([]);
+			hideAddViewModal();
+			refetchAPIKeys();
+		},
+		onError: (error) => {
+			showErrorNotification(notifications, error as AxiosError);
+		},
+	});

-	const {
-		mutate: updateAPIKey,
-		isLoading: isLoadingUpdateAPIKey,
-	} = useUpdateIngestionKey<AxiosError<RenderErrorResponseDTO>>();
+	const { mutate: updateAPIKey, isLoading: isLoadingUpdateAPIKey } = useMutation(
+		updateIngestionKey,
+		{
+			onSuccess: () => {
+				refetchAPIKeys();
+				setIsEditModalOpen(false);
+			},
+			onError: (error) => {
+				showErrorNotification(notifications, error as AxiosError);
+			},
+		},
+	);

-	const {
-		mutate: deleteAPIKey,
-		isLoading: isDeleteingAPIKey,
-	} = useDeleteIngestionKey<AxiosError<RenderErrorResponseDTO>>();
+	const { mutate: deleteAPIKey, isLoading: isDeleteingAPIKey } = useMutation(
+		deleteIngestionKey,
+		{
+			onSuccess: () => {
+				refetchAPIKeys();
+				setIsDeleteModalOpen(false);
+			},
+			onError: (error) => {
+				showErrorNotification(notifications, error as AxiosError);
+			},
+		},
+	);

 	const {
 		mutate: createLimitForIngestionKey,
 		isLoading: isLoadingLimitForKey,
-	} = useCreateIngestionKeyLimit<AxiosError<RenderErrorResponseDTO>>();
+	} = useMutation(createLimitForIngestionKeyApi, {
+		onSuccess: () => {
+			setActiveSignal(null);
+			setActiveAPIKey(null);
+			setIsEditAddLimitOpen(false);
+			setUpdatedTags([]);
+			hideAddViewModal();
+			refetchAPIKeys();
+			setHasCreateLimitForIngestionKeyError(false);
+		},
+		onError: (error: ErrorResponse) => {
+			setHasCreateLimitForIngestionKeyError(true);
+			setCreateLimitForIngestionKeyError(error);
+		},
+	});

 	const {
 		mutate: updateLimitForIngestionKey,
 		isLoading: isLoadingUpdatedLimitForKey,
-	} = useUpdateIngestionKeyLimit<AxiosError<RenderErrorResponseDTO>>();
+	} = useMutation(updateLimitForIngestionKeyApi, {
+		onSuccess: () => {
+			setActiveSignal(null);
+			setActiveAPIKey(null);
+			setIsEditAddLimitOpen(false);
+			setUpdatedTags([]);
+			hideAddViewModal();
+			refetchAPIKeys();
+			setHasUpdateLimitForIngestionKeyError(false);
+		},
+		onError: (error: ErrorResponse) => {
+			setHasUpdateLimitForIngestionKeyError(true);
+			setUpdateLimitForIngestionKeyError(error);
+		},
+	});

-	const {
-		mutate: deleteLimitForKey,
-		isLoading: isDeletingLimit,
-	} = useDeleteIngestionKeyLimit<AxiosError<RenderErrorResponseDTO>>();
+	const { mutate: deleteLimitForKey, isLoading: isDeletingLimit } = useMutation(
+		deleteLimitsForIngestionKey,
+		{
+			onSuccess: () => {
+				setIsDeleteModalOpen(false);
+				setIsDeleteLimitModalOpen(false);
+				refetchAPIKeys();
+			},
+			onError: (error) => {
+				showErrorNotification(notifications, error as AxiosError);
+			},
+		},
+	);

 	const onDeleteHandler = (): void => {
 		clearSearch();

-		if (activeAPIKey && activeAPIKey.id) {
-			deleteAPIKey(
-				{
-					pathParams: { keyId: activeAPIKey.id },
-				},
-				{
-					onSuccess: () => {
-						notifications.success({
-							message: 'Ingestion key deleted successfully',
-						});
-						refetchAPIKeys();
-						setIsDeleteModalOpen(false);
-					},
-					onError: (error) => {
-						showErrorNotification(notifications, error as AxiosError);
-					},
-				},
-			);
+		if (activeAPIKey) {
+			deleteAPIKey(activeAPIKey.id);
 		}
 	};

@@ -425,31 +411,15 @@ function MultiIngestionSettings(): JSX.Element {
 		editForm
 			.validateFields()
 			.then((values) => {
-				if (activeAPIKey && activeAPIKey.id) {
-					updateAPIKey(
-						{
-							pathParams: { keyId: activeAPIKey.id },
-							data: {
-								name: values.name,
-								tags: updatedTags,
-								expires_at: new Date(
-									dayjs(values.expires_at).endOf('day').toISOString(),
-								),
-							},
+				if (activeAPIKey) {
+					updateAPIKey({
+						id: activeAPIKey.id,
+						data: {
+							name: values.name,
+							tags: updatedTags,
+							expires_at: dayjs(values.expires_at).endOf('day').toISOString(),
 						},
-						{
-							onSuccess: () => {
-								notifications.success({
-									message: 'Ingestion key updated successfully',
-								});
-								refetchAPIKeys();
-								setIsEditModalOpen(false);
-							},
-							onError: (error) => {
-								showErrorNotification(notifications, error as AxiosError);
-							},
-						},
-					);
+					});
 				}
 			})
 			.catch((errorInfo) => {
@@ -465,30 +435,10 @@ function MultiIngestionSettings(): JSX.Element {
 					const requestPayload = {
 						name: values.name,
 						tags: updatedTags,
-						expires_at: new Date(dayjs(values.expires_at).endOf('day').toISOString()),
+						expires_at: dayjs(values.expires_at).endOf('day').toISOString(),
 					};

-					createIngestionKey(
-						{
-							data: requestPayload,
-						},
-						{
-							onSuccess: (_data) => {
-								notifications.success({
-									message: 'Ingestion key created successfully',
-								});
-								// The new API returns GatewaytypesGettableCreatedIngestionKeyDTO with only id and value
-								// We rely on refetchAPIKeys to get the full key object
-								setActiveAPIKey(null);
-								setUpdatedTags([]);
-								hideAddViewModal();
-								refetchAPIKeys();
-							},
-							onError: (error) => {
-								showErrorNotification(notifications, error as AxiosError);
-							},
-						},
-					);
+					createIngestionKey(requestPayload);
 				}
 			})
 			.catch((errorInfo) => {
@@ -515,7 +465,7 @@ function MultiIngestionSettings(): JSX.Element {
 		formatTimezoneAdjustedTimestamp(date, DATE_TIME_FORMATS.UTC_MONTH_COMPACT);

 	const showDeleteLimitModal = (
-		APIKey: GatewaytypesIngestionKeyDTO,
+		APIKey: IngestionKeyProps,
 		limit: LimitProps,
 	): void => {
 		setActiveAPIKey(APIKey);
@@ -539,17 +489,9 @@ function MultiIngestionSettings(): JSX.Element {

 	/* eslint-disable sonarjs/cognitive-complexity */
 	const handleAddLimit = (
-		APIKey: GatewaytypesIngestionKeyDTO,
+		APIKey: IngestionKeyProps,
 		signalName: string,
 	): void => {
-		if (!APIKey.id) {
-			notifications.error({
-				message: 'Invalid ingestion key',
-				description: 'Cannot create limit for ingestion key without a valid ID',
-			});
-			return;
-		}
-
 		const {
 			dailyLimit,
 			secondsLimit,
@@ -634,49 +576,13 @@ function MultiIngestionSettings(): JSX.Element {
 			return;
 		}

-		createLimitForIngestionKey(
-			{
-				pathParams: { keyId: payload.keyID },
-				data: {
-					signal: payload.signal,
-					config: payload.config,
-				},
-			},
-			{
-				onSuccess: () => {
-					notifications.success({
-						message: 'Limit created successfully',
-					});
-					setActiveSignal(null);
-					setActiveAPIKey(null);
-					setIsEditAddLimitOpen(false);
-					setUpdatedTags([]);
-					hideAddViewModal();
-					refetchAPIKeys();
-					setHasCreateLimitForIngestionKeyError(false);
-				},
-				onError: (error: AxiosError<RenderErrorResponseDTO>) => {
-					setHasCreateLimitForIngestionKeyError(true);
-					setCreateLimitForIngestionKeyError(
-						error.response?.data?.error?.message || 'Failed to create limit',
-					);
-				},
-			},
-		);
+		createLimitForIngestionKey(payload);
 	};

 	const handleUpdateLimit = (
-		APIKey: GatewaytypesIngestionKeyDTO,
+		APIKey: IngestionKeyProps,
 		signal: LimitProps,
 	): void => {
-		if (!signal.id) {
-			notifications.error({
-				message: 'Invalid limit',
-				description: 'Cannot update limit without a valid ID',
-			});
-			return;
-		}
-
 		const {
 			dailyLimit,
 			secondsLimit,
@@ -738,34 +644,7 @@ function MultiIngestionSettings(): JSX.Element {
 			}
 		}

-		updateLimitForIngestionKey(
-			{
-				pathParams: { limitId: payload.limitID },
-				data: {
-					config: payload.config,
-				},
-			},
-			{
-				onSuccess: () => {
-					notifications.success({
-						message: 'Limit updated successfully',
-					});
-					setActiveSignal(null);
-					setActiveAPIKey(null);
-					setIsEditAddLimitOpen(false);
-					setUpdatedTags([]);
-					hideAddViewModal();
-					refetchAPIKeys();
-					setHasUpdateLimitForIngestionKeyError(false);
-				},
-				onError: (error: AxiosError<RenderErrorResponseDTO>) => {
-					setHasUpdateLimitForIngestionKeyError(true);
-					setUpdateLimitForIngestionKeyError(
-						error.response?.data?.error?.message || 'Failed to update limit',
-					);
-				},
-			},
-		);
+		updateLimitForIngestionKey(payload);
 	};
 	/* eslint-enable sonarjs/cognitive-complexity */

@@ -777,7 +656,7 @@ function MultiIngestionSettings(): JSX.Element {
 	};

 	const enableEditLimitMode = (
-		APIKey: GatewaytypesIngestionKeyDTO,
+		APIKey: IngestionKeyProps,
 		signal: LimitProps,
 	): void => {
 		const dayCount = signal?.config?.day?.count;
@@ -786,11 +665,6 @@ function MultiIngestionSettings(): JSX.Element {
 		const dayCountConverted = countToUnit(dayCount || 0);
 		const secondCountConverted = countToUnit(secondCount || 0);

-		setHasCreateLimitForIngestionKeyError(false);
-		setCreateLimitForIngestionKeyError(null);
-		setHasUpdateLimitForIngestionKeyError(false);
-		setUpdateLimitForIngestionKeyError(null);
-
 		setActiveAPIKey(APIKey);
 		setActiveSignal({
 			...signal,
@@ -829,31 +703,14 @@ function MultiIngestionSettings(): JSX.Element {

 	const onDeleteLimitHandler = (): void => {
 		if (activeSignal && activeSignal.id) {
-			deleteLimitForKey(
-				{
-					pathParams: { limitId: activeSignal.id },
-				},
-				{
-					onSuccess: () => {
-						notifications.success({
-							message: 'Limit deleted successfully',
-						});
-						setIsDeleteModalOpen(false);
-						setIsDeleteLimitModalOpen(false);
-						refetchAPIKeys();
-					},
-					onError: (error) => {
-						showErrorNotification(notifications, error as AxiosError);
-					},
-				},
-			);
+			deleteLimitForKey(activeSignal.id);
 		}
 	};

 	const { formatTimezoneAdjustedTimestamp } = useTimezone();

 	const handleCreateAlert = (
-		APIKey: GatewaytypesIngestionKeyDTO,
+		APIKey: IngestionKeyProps,
 		signal: LimitProps,
 	): void => {
 		let metricName = '';
@@ -914,61 +771,31 @@ function MultiIngestionSettings(): JSX.Element {
 		history.push(URL);
 	};

-	const columns: AntDTableProps<GatewaytypesIngestionKeyDTO>['columns'] = [
+	const columns: AntDTableProps<IngestionKeyProps>['columns'] = [
 		{
 			title: 'Ingestion Key',
 			key: 'ingestion-key',
 			// eslint-disable-next-line sonarjs/cognitive-complexity
-			render: (APIKey: GatewaytypesIngestionKeyDTO): JSX.Element => {
-				const createdOn = APIKey?.created_at
-					? getFormattedTime(
-							dayjs(APIKey.created_at).toISOString(),
-							formatTimezoneAdjustedTimestamp,
-					  )
-					: '';
+			render: (APIKey: IngestionKeyProps): JSX.Element => {
+				const createdOn = getFormattedTime(
+					APIKey.created_at,
+					formatTimezoneAdjustedTimestamp,
+				);

 				const expiresOn =
-					!APIKey?.expires_at ||
-					dayjs(APIKey?.expires_at).toISOString() === '0001-01-01T00:00:00.000Z'
+					!APIKey?.expires_at || APIKey?.expires_at === '0001-01-01T00:00:00Z'
 						? 'No Expiry'
-						: getFormattedTime(
-								dayjs(APIKey?.expires_at).toISOString(),
-								formatTimezoneAdjustedTimestamp,
-						  );
+						: getFormattedTime(APIKey?.expires_at, formatTimezoneAdjustedTimestamp);

-				const updatedOn = APIKey?.updated_at
-					? getFormattedTime(
-							dayjs(APIKey.updated_at).toISOString(),
-							formatTimezoneAdjustedTimestamp,
-					  )
-					: '';
-
-				const onCopyKey = (e: React.MouseEvent): void => {
-					e.stopPropagation();
-					e.preventDefault();
-					if (APIKey?.value) {
-						handleCopyKey(APIKey.value);
-					}
-				};
-
-				const onEditKey = (e: React.MouseEvent): void => {
-					e.stopPropagation();
-					e.preventDefault();
-					showEditModal(APIKey);
-				};
-
-				const onDeleteKey = (e: React.MouseEvent): void => {
-					e.stopPropagation();
-					e.preventDefault();
-					showDeleteModal(APIKey);
-				};
+				const updatedOn = getFormattedTime(
+					APIKey?.updated_at,
+					formatTimezoneAdjustedTimestamp,
+				);

 				// Convert array of limits to a dictionary for quick access
 				const limitsDict: Record<string, LimitProps> = {};
-				APIKey.limits?.forEach((limitItem) => {
-					if (limitItem.signal && limitItem.id) {
-						limitsDict[limitItem.signal] = limitItem as LimitProps;
-					}
+				APIKey.limits?.forEach((limitItem: LimitProps) => {
+					limitsDict[limitItem.signal] = limitItem;
 				});

 				const hasLimits = (signalName: string): boolean => !!limitsDict[signalName];
@@ -985,25 +812,39 @@ function MultiIngestionSettings(): JSX.Element {

 									<div className="ingestion-key-value">
 										<Typography.Text>
-											{APIKey?.value?.substring(0, 2)}********
-											{APIKey?.value
-												?.substring(APIKey?.value?.length ? APIKey.value.length - 2 : 0)
-												?.trim()}
+											{APIKey?.value.substring(0, 2)}********
+											{APIKey?.value.substring(APIKey.value.length - 2).trim()}
 										</Typography.Text>

-										<Copy className="copy-key-btn" size={12} onClick={onCopyKey} />
+										<Copy
+											className="copy-key-btn"
+											size={12}
+											onClick={(e): void => {
+												e.stopPropagation();
+												e.preventDefault();
+												handleCopyKey(APIKey.value);
+											}}
+										/>
 									</div>
 								</div>
 								<div className="action-btn">
 									<Button
 										className="periscope-btn ghost"
 										icon={<PenLine size={14} />}
-										onClick={onEditKey}
+										onClick={(e): void => {
+											e.stopPropagation();
+											e.preventDefault();
+											showEditModal(APIKey);
+										}}
 									/>
 									<Button
 										className="periscope-btn ghost"
 										icon={<Trash2 color={Color.BG_CHERRY_500} size={14} />}
-										onClick={onDeleteKey}
+										onClick={(e): void => {
+											e.stopPropagation();
+											e.preventDefault();
+											showDeleteModal(APIKey);
+										}}
 									/>
 								</div>
 							</div>
@@ -1013,7 +854,7 @@ function MultiIngestionSettings(): JSX.Element {
 								<Row>
 									<Col span={6}> ID </Col>
 									<Col span={12}>
-										<Typography.Text>{APIKey?.id}</Typography.Text>
+										<Typography.Text>{APIKey.id}</Typography.Text>
 									</Col>
 								</Row>

@@ -1065,39 +906,6 @@ function MultiIngestionSettings(): JSX.Element {
 													limit?.config?.second?.size !== undefined ||
 													limit?.config?.second?.count !== undefined;

-												const onEditSignalLimit = (e: React.MouseEvent): void => {
-													e.stopPropagation();
-													e.preventDefault();
-													enableEditLimitMode(APIKey, limit);
-												};
-
-												const onDeleteSignalLimit = (e: React.MouseEvent): void => {
-													e.stopPropagation();
-													e.preventDefault();
-													showDeleteLimitModal(APIKey, limit);
-												};
-
-												const onAddSignalLimit = (e: React.MouseEvent): void => {
-													e.stopPropagation();
-													e.preventDefault();
-													enableEditLimitMode(APIKey, {
-														id: signalName,
-														signal: signalName,
-														config: {},
-													});
-												};
-
-												const onSaveSignalLimit = (): void => {
-													if (!hasLimits(signalName)) {
-														handleAddLimit(APIKey, signalName);
-													} else {
-														handleUpdateLimit(APIKey, limitsDict[signalName]);
-													}
-												};
-
-												const onCreateSignalAlert = (): void =>
-													handleCreateAlert(APIKey, limitsDict[signalName]);
-
 												return (
 													<div className="signal" key={signalName}>
 														<div className="header">
@@ -1108,18 +916,22 @@ function MultiIngestionSettings(): JSX.Element {
 																		<Button
 																			className="periscope-btn ghost"
 																			icon={<PenLine size={14} />}
-																			disabled={
-																				!!(activeAPIKey?.id === APIKey?.id && activeSignal)
-																			}
-																			onClick={onEditSignalLimit}
+																			disabled={!!(activeAPIKey?.id === APIKey.id && activeSignal)}
+																			onClick={(e): void => {
+																				e.stopPropagation();
+																				e.preventDefault();
+																				enableEditLimitMode(APIKey, limit);
+																			}}
 																		/>
 																		<Button
 																			className="periscope-btn ghost"
 																			icon={<Trash2 color={Color.BG_CHERRY_500} size={14} />}
-																			disabled={
-																				!!(activeAPIKey?.id === APIKey?.id && activeSignal)
-																			}
-																			onClick={onDeleteSignalLimit}
+																			disabled={!!(activeAPIKey?.id === APIKey.id && activeSignal)}
+																			onClick={(e): void => {
+																				e.stopPropagation();
+																				e.preventDefault();
+																				showDeleteLimitModal(APIKey, limit);
+																			}}
 																		/>
 																	</>
 																) : (
@@ -1128,8 +940,16 @@ function MultiIngestionSettings(): JSX.Element {
 																		size="small"
 																		shape="round"
 																		icon={<PlusIcon size={14} />}
-																		disabled={!!(activeAPIKey?.id === APIKey?.id && activeSignal)}
-																		onClick={onAddSignalLimit}
+																		disabled={!!(activeAPIKey?.id === APIKey.id && activeSignal)}
+																		onClick={(e): void => {
+																			e.stopPropagation();
+																			e.preventDefault();
+																			enableEditLimitMode(APIKey, {
+																				id: signalName,
+																				signal: signalName,
+																				config: {},
+																			});
+																		}}
 																	>
 																		Limits
 																	</Button>
@@ -1138,7 +958,7 @@ function MultiIngestionSettings(): JSX.Element {
 														</div>

 														<div className="signal-limit-values">
-															{activeAPIKey?.id === APIKey?.id &&
+															{activeAPIKey?.id === APIKey.id &&
 															activeSignal?.signal === signalName &&
 															isEditAddLimitOpen ? (
 																<Form
@@ -1334,27 +1154,27 @@ function MultiIngestionSettings(): JSX.Element {
 																		</div>
 																	</div>

-																	{activeAPIKey?.id === APIKey?.id &&
+																	{activeAPIKey?.id === APIKey.id &&
 																		activeSignal.signal === signalName &&
 																		!isLoadingLimitForKey &&
 																		hasCreateLimitForIngestionKeyError &&
-																		createLimitForIngestionKeyError && (
+																		createLimitForIngestionKeyError?.error && (
 																			<div className="error">
-																				{createLimitForIngestionKeyError}
+																				{createLimitForIngestionKeyError?.error}
 																			</div>
 																		)}

-																	{activeAPIKey?.id === APIKey?.id &&
+																	{activeAPIKey?.id === APIKey.id &&
 																		activeSignal.signal === signalName &&
 																		!isLoadingLimitForKey &&
 																		hasUpdateLimitForIngestionKeyError &&
-																		updateLimitForIngestionKeyError && (
+																		updateLimitForIngestionKeyError?.error && (
 																			<div className="error">
-																				{updateLimitForIngestionKeyError}
+																				{updateLimitForIngestionKeyError?.error}
 																			</div>
 																		)}

-																	{activeAPIKey?.id === APIKey?.id &&
+																	{activeAPIKey?.id === APIKey.id &&
 																		activeSignal.signal === signalName &&
 																		isEditAddLimitOpen && (
 																			<div className="signal-limit-save-discard">
@@ -1368,7 +1188,13 @@ function MultiIngestionSettings(): JSX.Element {
 																					loading={
 																						isLoadingLimitForKey || isLoadingUpdatedLimitForKey
 																					}
-																					onClick={onSaveSignalLimit}
+																					onClick={(): void => {
+																						if (!hasLimits(signalName)) {
+																							handleAddLimit(APIKey, signalName);
+																						} else {
+																							handleUpdateLimit(APIKey, limitsDict[signalName]);
+																						}
+																					}}
 																				>
 																					Save
 																				</Button>
@@ -1449,7 +1275,9 @@ function MultiIngestionSettings(): JSX.Element {
 																					className="set-alert-btn periscope-btn ghost"
 																					type="text"
 																					data-testid={`set-alert-btn-${signalName}`}
-																					onClick={onCreateSignalAlert}
+																					onClick={(): void =>
+																						handleCreateAlert(APIKey, limitsDict[signalName])
+																					}
 																				/>
 																			</Tooltip>
 																		)}
@@ -1564,7 +1392,7 @@ function MultiIngestionSettings(): JSX.Element {
 	const handleTableChange = (pagination: TablePaginationConfig): void => {
 		setPaginationParams({
 			page: pagination?.current || 1,
-			per_page: INITIAL_PAGE_SIZE,
+			per_page: 10,
 		});
 	};

@@ -1662,7 +1490,7 @@ function MultiIngestionSettings(): JSX.Element {
 					showHeader={false}
 					onChange={handleTableChange}
 					pagination={{
-						pageSize: isSearching ? SEARCH_PAGE_SIZE : paginationParams?.per_page,
+						pageSize: paginationParams?.per_page,
 						hideOnSinglePage: true,
 						showTotal: (total: number, range: number[]): string =>
 							`${range[0]}-${range[1]} of ${total} Ingestion keys`,
--- a/frontend/src/container/IngestionSettings/tests/MultiIngestionSettings.test.tsx
+++ b/frontend/src/container/IngestionSettings/tests/MultiIngestionSettings.test.tsx
@@ -1,4 +1,3 @@
-import { GatewaytypesGettableIngestionKeysDTO } from 'api/generated/services/sigNoz.schemas';
 import { QueryParams } from 'constants/query';
 import { rest, server } from 'mocks-server/server';
 import { render, screen, userEvent, waitFor } from 'tests/test-utils';
@@ -19,12 +18,6 @@ interface TestAllIngestionKeyProps extends Omit<AllIngestionKeyProps, 'data'> {
 	data: TestIngestionKeyProps[];
 }

-// Gateway API response type (uses actual schema types for contract safety)
-interface TestGatewayIngestionKeysResponse {
-	status: string;
-	data: GatewaytypesGettableIngestionKeysDTO;
-}
-
 // Mock useHistory.push to capture navigation URL used by MultiIngestionSettings
 const mockPush = jest.fn() as jest.MockedFunction<(path: string) => void>;
 jest.mock('react-router-dom', () => {
@@ -93,34 +86,32 @@ describe('MultiIngestionSettings Page', () => {
 		const user = userEvent.setup({ pointerEventsCheck: 0 });

 		// Arrange API response with a metrics daily count limit so the alert button is visible
-		const response: TestGatewayIngestionKeysResponse = {
+		const response: TestAllIngestionKeyProps = {
 			status: 'success',
-			data: {
-				keys: [
-					{
-						name: 'Key One',
-						expires_at: new Date(TEST_EXPIRES_AT),
-						value: 'secret',
-						workspace_id: TEST_WORKSPACE_ID,
-						id: 'k1',
-						created_at: new Date(TEST_CREATED_UPDATED),
-						updated_at: new Date(TEST_CREATED_UPDATED),
-						tags: [],
-						limits: [
-							{
-								id: 'l1',
-								signal: 'metrics',
-								config: { day: { count: 1000 } },
-							},
-						],
-					},
-				],
-				_pagination: { page: 1, per_page: 10, pages: 1, total: 1 },
-			},
+			data: [
+				{
+					name: 'Key One',
+					expires_at: TEST_EXPIRES_AT,
+					value: 'secret',
+					workspace_id: TEST_WORKSPACE_ID,
+					id: 'k1',
+					created_at: TEST_CREATED_UPDATED,
+					updated_at: TEST_CREATED_UPDATED,
+					tags: [],
+					limits: [
+						{
+							id: 'l1',
+							signal: 'metrics',
+							config: { day: { count: 1000 } },
+						},
+					],
+				},
+			],
+			_pagination: { page: 1, per_page: 10, pages: 1, total: 1 },
 		};

 		server.use(
-			rest.get('*/api/v2/gateway/ingestion_keys*', (_req, res, ctx) =>
+			rest.get('*/workspaces/me/keys*', (_req, res, ctx) =>
 				res(ctx.status(200), ctx.json(response)),
 			),
 		);
@@ -266,95 +257,4 @@ describe('MultiIngestionSettings Page', () => {
 			'signoz.meter.log.size',
 		);
 	});
-
-	it('switches to search API when search text is entered', async () => {
-		const user = userEvent.setup({ pointerEventsCheck: 0 });
-
-		const getResponse: TestGatewayIngestionKeysResponse = {
-			status: 'success',
-			data: {
-				keys: [
-					{
-						name: 'Key Regular',
-						expires_at: new Date(TEST_EXPIRES_AT),
-						value: 'secret1',
-						workspace_id: TEST_WORKSPACE_ID,
-						id: 'k1',
-						created_at: new Date(TEST_CREATED_UPDATED),
-						updated_at: new Date(TEST_CREATED_UPDATED),
-						tags: [],
-						limits: [],
-					},
-				],
-				_pagination: { page: 1, per_page: 10, pages: 1, total: 1 },
-			},
-		};
-
-		const searchResponse: TestGatewayIngestionKeysResponse = {
-			status: 'success',
-			data: {
-				keys: [
-					{
-						name: 'Key Search Result',
-						expires_at: new Date(TEST_EXPIRES_AT),
-						value: 'secret2',
-						workspace_id: TEST_WORKSPACE_ID,
-						id: 'k2',
-						created_at: new Date(TEST_CREATED_UPDATED),
-						updated_at: new Date(TEST_CREATED_UPDATED),
-						tags: [],
-						limits: [],
-					},
-				],
-				_pagination: { page: 1, per_page: 10, pages: 1, total: 1 },
-			},
-		};
-
-		const getHandler = jest.fn();
-		const searchHandler = jest.fn();
-
-		server.use(
-			rest.get('*/api/v2/gateway/ingestion_keys', (req, res, ctx) => {
-				if (req.url.pathname.endsWith('/search')) {
-					return undefined;
-				}
-				getHandler();
-				return res(ctx.status(200), ctx.json(getResponse));
-			}),
-			rest.get('*/api/v2/gateway/ingestion_keys/search', (_req, res, ctx) => {
-				searchHandler();
-				return res(ctx.status(200), ctx.json(searchResponse));
-			}),
-		);
-
-		render(<MultiIngestionSettings />, undefined, {
-			initialRoute: INGESTION_SETTINGS_ROUTE,
-		});
-
-		await screen.findByText('Key Regular');
-		expect(getHandler).toHaveBeenCalled();
-		expect(searchHandler).not.toHaveBeenCalled();
-
-		// Reset getHandler count to verify it's not called again during search
-		getHandler.mockClear();
-
-		// Type in search box
-		const searchInput = screen.getByPlaceholderText(
-			'Search for ingestion key...',
-		);
-		await user.type(searchInput, 'test');
-
-		await screen.findByText('Key Search Result');
-		expect(searchHandler).toHaveBeenCalled();
-		expect(getHandler).not.toHaveBeenCalled();
-
-		// Clear search
-		searchHandler.mockClear();
-		getHandler.mockClear();
-		await user.clear(searchInput);
-
-		await screen.findByText('Key Regular');
-		// Search API should be disabled when not searching
-		expect(searchHandler).not.toHaveBeenCalled();
-	});
 });
--- a/frontend/src/container/LogDetailedView/TableView/TableViewActions.styles.scss
+++ b/frontend/src/container/LogDetailedView/TableView/TableViewActions.styles.scss
@@ -35,10 +35,10 @@
 		box-shadow: 4px 10px 16px 2px rgba(0, 0, 0, 0.2);
 		backdrop-filter: blur(20px);
 		padding: 0px;
-		.more-filter-actions {
+		.group-by-clause {
 			display: flex;
 			align-items: center;
-			gap: 8px;
+			gap: 4px;
 			color: var(--bg-vanilla-400);
 			font-family: Inter;
 			font-size: 14px;
@@ -53,7 +53,7 @@
 			}
 		}

-		.more-filter-actions:hover {
+		.group-by-clause:hover {
 			background-color: unset !important;
 		}
 	}
@@ -65,7 +65,7 @@
 			border: 1px solid var(--bg-vanilla-400);
 			background: var(--bg-vanilla-100) !important;

-			.more-filter-actions {
+			.group-by-clause {
 				color: var(--bg-ink-400);
 			}
 		}
--- a/frontend/src/container/LogDetailedView/TableView/TableViewActions.tsx
+++ b/frontend/src/container/LogDetailedView/TableView/TableViewActions.tsx
@@ -1,5 +1,4 @@
 /* eslint-disable sonarjs/no-duplicate-string */
-/* eslint-disable sonarjs/cognitive-complexity */
 import React, { useCallback, useMemo, useState } from 'react';
 import { useLocation } from 'react-router-dom';
 import { Color } from '@signozhq/design-tokens';
@@ -17,12 +16,7 @@ import { MetricsType } from 'container/MetricsApplication/constant';
 import { useGetSearchQueryParam } from 'hooks/queryBuilder/useGetSearchQueryParam';
 import { useQueryBuilder } from 'hooks/queryBuilder/useQueryBuilder';
 import { ICurrentQueryData } from 'hooks/useHandleExplorerTabChange';
-import {
-	ArrowDownToDot,
-	ArrowUpFromDot,
-	Ellipsis,
-	RefreshCw,
-} from 'lucide-react';
+import { ArrowDownToDot, ArrowUpFromDot, Ellipsis } from 'lucide-react';
 import { ExplorerViews } from 'pages/LogsExplorer/utils';
 import { useTimezone } from 'providers/Timezone';
 import {
@@ -211,70 +205,6 @@ export default function TableViewActions(
 		viewName,
 	]);

-	const handleReplaceFilter = useCallback((): void => {
-		if (!stagedQuery) {
-			return;
-		}
-		const normalizedDataType: DataTypes | undefined =
-			dataType && Object.values(DataTypes).includes(dataType as DataTypes)
-				? (dataType as DataTypes)
-				: undefined;
-
-		const updatedQuery = updateQueriesData(
-			stagedQuery,
-			'queryData',
-			(item, index) => {
-				// Only replace filters for index 0
-				if (index === 0) {
-					const newFilterItem: BaseAutocompleteData = {
-						key: fieldFilterKey,
-						type: fieldType || '',
-						dataType: normalizedDataType,
-					};
-
-					// Create new filter items array with single IN filter
-					const newFilters = {
-						items: [
-							{
-								id: '',
-								key: newFilterItem,
-								op: OPERATORS.IN,
-								value: [parseFieldValue(fieldData.value)],
-							},
-						],
-						op: 'AND',
-					};
-
-					// Clear the expression and update filters
-					return {
-						...item,
-						filters: newFilters,
-						filter: { expression: '' },
-					};
-				}
-
-				return item;
-			},
-		);
-
-		const queryData: ICurrentQueryData = {
-			name: viewName,
-			id: updatedQuery.id,
-			query: updatedQuery,
-		};
-
-		handleChangeSelectedView?.(ExplorerViews.LIST, queryData);
-	}, [
-		stagedQuery,
-		updateQueriesData,
-		fieldFilterKey,
-		fieldType,
-		dataType,
-		fieldData,
-		handleChangeSelectedView,
-		viewName,
-	]);
-
 	// Memoize textToCopy computation
 	const textToCopy = useMemo(() => {
 		let text = fieldData.value;
@@ -397,21 +327,13 @@ export default function TableViewActions(
 								content={
 									<div>
 										<Button
-											className="more-filter-actions"
+											className="group-by-clause"
 											type="text"
 											icon={<GroupByIcon />}
 											onClick={handleGroupByAttribute}
 										>
 											Group By Attribute
 										</Button>
-										<Button
-											className="more-filter-actions"
-											type="text"
-											icon={<RefreshCw size={14} />}
-											onClick={handleReplaceFilter}
-										>
-											Replace filters with this value
-										</Button>
 									</div>
 								}
 								rootClassName="table-view-actions-content"
@@ -483,21 +405,13 @@ export default function TableViewActions(
 							content={
 								<div>
 									<Button
-										className="more-filter-actions"
+										className="group-by-clause"
 										type="text"
 										icon={<GroupByIcon />}
 										onClick={handleGroupByAttribute}
 									>
 										Group By Attribute
 									</Button>
-									<Button
-										className="more-filter-actions"
-										type="text"
-										icon={<RefreshCw size={14} />}
-										onClick={handleReplaceFilter}
-									>
-										Replace filters with this value
-									</Button>
 								</div>
 							}
 							rootClassName="table-view-actions-content"
--- a/frontend/src/container/Login/Login.styles.scss
+++ b/frontend/src/container/Login/Login.styles.scss
@@ -407,10 +407,6 @@
 				color: var(--text-neutral-light-200) !important;
 			}

-			.ant-select-selection-item {
-				color: var(--text-ink-500) !important;
-			}
-
 			&:hover .ant-select-selector {
 				border-color: var(--bg-vanilla-300) !important;
 			}
--- a/frontend/src/container/Login/index.tsx
+++ b/frontend/src/container/Login/index.tsx
@@ -1,7 +1,7 @@
-import { useCallback, useEffect, useMemo, useState } from 'react';
+import { useEffect, useMemo, useState } from 'react';
 import { useQuery } from 'react-query';
 import { Button } from '@signozhq/button';
-import { Form, Input, Select, Typography } from 'antd';
+import { Form, Input, Select, Tooltip, Typography } from 'antd';
 import getVersion from 'api/v1/version/get';
 import get from 'api/v2/sessions/context/get';
 import post from 'api/v2/sessions/email_password/post';
@@ -220,20 +220,6 @@ function Login(): JSX.Element {
 		}
 	};

-	const handleForgotPasswordClick = useCallback((): void => {
-		const email = form.getFieldValue('email');
-
-		if (!email || !sessionsContext || !sessionsContext?.orgs?.length) {
-			return;
-		}
-
-		history.push(ROUTES.FORGOT_PASSWORD, {
-			email,
-			orgId: sessionsOrgId,
-			orgs: sessionsContext.orgs,
-		});
-	}, [form, sessionsContext, sessionsOrgId]);
-
 	useEffect(() => {
 		if (callbackAuthError) {
 			setErrorMessage(
@@ -359,16 +345,11 @@ function Login(): JSX.Element {
 						<ParentContainer>
 							<div className="password-label-container">
 								<Label htmlFor="Password">Password</Label>
-								<Typography.Link
-									className="forgot-password-link"
-									href="#"
-									onClick={(event): void => {
-										event.preventDefault();
-										handleForgotPasswordClick();
-									}}
-								>
-									Forgot password?
-								</Typography.Link>
+								<Tooltip title="Ask your admin to reset your password and send you a new invite link">
+									<Typography.Link className="forgot-password-link">
+										Forgot password?
+									</Typography.Link>
+								</Tooltip>
 							</div>
 							<FormContainer.Item name="password">
 								<Input.Password
--- a/frontend/src/container/OnboardingV2Container/IngestionDetails/IngestionDetails.tsx
+++ b/frontend/src/container/OnboardingV2Container/IngestionDetails/IngestionDetails.tsx
@@ -2,16 +2,13 @@ import { useEffect, useState } from 'react';
 import { useCopyToClipboard } from 'react-use';
 import { Button, Skeleton, Tooltip, Typography } from 'antd';
 import logEvent from 'api/common/logEvent';
-import { useGetIngestionKeys } from 'api/generated/services/gateway';
-import {
-	GatewaytypesIngestionKeyDTO,
-	RenderErrorResponseDTO,
-} from 'api/generated/services/sigNoz.schemas';
 import { AxiosError } from 'axios';
 import { DOCS_BASE_URL } from 'constants/app';
 import { useGetGlobalConfig } from 'hooks/globalConfig/useGetGlobalConfig';
+import { useGetAllIngestionsKeys } from 'hooks/IngestionKeys/useGetAllIngestionKeys';
 import { useNotifications } from 'hooks/useNotifications';
 import { ArrowUpRight, Copy, Info, Key, TriangleAlert } from 'lucide-react';
+import { IngestionKeyProps } from 'types/api/ingestionKeys/types';

 import './IngestionDetails.styles.scss';

@@ -42,17 +39,17 @@ export default function OnboardingIngestionDetails(): JSX.Element {
 	const { notifications } = useNotifications();
 	const [, handleCopyToClipboard] = useCopyToClipboard();

-	const [
-		firstIngestionKey,
-		setFirstIngestionKey,
-	] = useState<GatewaytypesIngestionKeyDTO>({} as GatewaytypesIngestionKeyDTO);
+	const [firstIngestionKey, setFirstIngestionKey] = useState<IngestionKeyProps>(
+		{} as IngestionKeyProps,
+	);

 	const {
 		data: ingestionKeys,
 		isLoading: isIngestionKeysLoading,
 		error,
 		isError,
-	} = useGetIngestionKeys({
+	} = useGetAllIngestionsKeys({
+		search: '',
 		page: 1,
 		per_page: 10,
 	});
@@ -72,11 +69,8 @@ export default function OnboardingIngestionDetails(): JSX.Element {
 	};

 	useEffect(() => {
-		if (
-			ingestionKeys?.data?.data?.keys &&
-			ingestionKeys?.data.data.keys.length > 0
-		) {
-			setFirstIngestionKey(ingestionKeys?.data.data.keys[0]);
+		if (ingestionKeys?.data.data && ingestionKeys?.data.data.length > 0) {
+			setFirstIngestionKey(ingestionKeys?.data.data[0]);
 		}
 	}, [ingestionKeys]);

@@ -86,10 +80,7 @@ export default function OnboardingIngestionDetails(): JSX.Element {
 				<div className="ingestion-endpoint-section-error-container">
 					<Typography.Text className="ingestion-endpoint-section-error-text error">
 						<TriangleAlert size={14} />{' '}
-						{(error as AxiosError<RenderErrorResponseDTO>)?.response?.data?.error
-							?.message ||
-							(error as AxiosError)?.message ||
-							'Something went wrong'}
+						{(error as AxiosError)?.message || 'Something went wrong'}
 					</Typography.Text>

 					<div className="ingestion-setup-details-links">
@@ -185,7 +176,7 @@ export default function OnboardingIngestionDetails(): JSX.Element {
 										</Typography.Text>

 										<Typography.Text className="ingestion-key-value-copy">
-											{maskKey(firstIngestionKey?.value || '')}
+											{maskKey(firstIngestionKey?.value)}

 											<Copy
 												size={14}
@@ -195,9 +186,7 @@ export default function OnboardingIngestionDetails(): JSX.Element {
 														`${ONBOARDING_V3_ANALYTICS_EVENTS_MAP?.BASE}: ${ONBOARDING_V3_ANALYTICS_EVENTS_MAP?.INGESTION_KEY_COPIED}`,
 														{},
 													);
-													if (firstIngestionKey?.value) {
-														handleCopyKey(firstIngestionKey.value);
-													}
+													handleCopyKey(firstIngestionKey?.value);
 												}}
 											/>
 										</Typography.Text>
--- a/frontend/src/container/SideNav/config.ts
+++ b/frontend/src/container/SideNav/config.ts
@@ -32,7 +32,6 @@ export const routeConfig: Record<string, QueryParams[]> = {
 	[ROUTES.LIST_ALL_ALERT]: [QueryParams.resourceAttributes],
 	[ROUTES.LIST_LICENSES]: [QueryParams.resourceAttributes],
 	[ROUTES.LOGIN]: [QueryParams.resourceAttributes],
-	[ROUTES.FORGOT_PASSWORD]: [QueryParams.resourceAttributes],
 	[ROUTES.LOGS]: [QueryParams.resourceAttributes],
 	[ROUTES.LOGS_BASE]: [QueryParams.resourceAttributes],
 	[ROUTES.MY_SETTINGS]: [QueryParams.resourceAttributes],
--- a/frontend/src/mocks-server/server.ts
+++ b/frontend/src/mocks-server/server.ts
@@ -7,6 +7,4 @@ import { handlers } from './handlers';
 // This configures a request mocking server with the given request handlers.
 export const server = setupServer(...handlers);

-export * from './utils';
-
 export { rest };
--- a/frontend/src/mocks-server/utils.ts
+++ b/frontend/src/mocks-server/utils.ts
@@ -1,26 +0,0 @@
-import { ResponseResolver, restContext, RestRequest } from 'msw';
-
-export const createErrorResponse = (
-	status: number,
-	code: string,
-	message: string,
-): ResponseResolver<RestRequest, typeof restContext> => (
-	_req,
-	res,
-	ctx,
-): ReturnType<ResponseResolver<RestRequest, typeof restContext>> =>
-	res(
-		ctx.status(status),
-		ctx.json({
-			error: {
-				code,
-				message,
-			},
-		}),
-	);
-
-export const handleInternalServerError = createErrorResponse(
-	500,
-	'INTERNAL_SERVER_ERROR',
-	'Internal server error occurred',
-);
--- a/frontend/src/pages/ForgotPassword/tests/ForgotPassword.test.tsx
+++ b/frontend/src/pages/ForgotPassword/tests/ForgotPassword.test.tsx
@@ -1,46 +0,0 @@
-import ROUTES from 'constants/routes';
-import history from 'lib/history';
-import { render, waitFor } from 'tests/test-utils';
-
-import ForgotPassword from '../index';
-
-// Mock dependencies
-jest.mock('lib/history', () => ({
-	__esModule: true,
-	default: {
-		push: jest.fn(),
-		location: {
-			search: '',
-		},
-	},
-}));
-
-const mockHistoryPush = history.push as jest.MockedFunction<
-	typeof history.push
->;
-
-describe('ForgotPassword Page', () => {
-	beforeEach(() => {
-		jest.clearAllMocks();
-	});
-
-	describe('Route State Handling', () => {
-		it('redirects to login when route state is missing', async () => {
-			render(<ForgotPassword />, undefined, {
-				initialRoute: '/forgot-password',
-			});
-
-			await waitFor(() => {
-				expect(mockHistoryPush).toHaveBeenCalledWith(ROUTES.LOGIN);
-			});
-		});
-
-		it('returns null when route state is missing', () => {
-			const { container } = render(<ForgotPassword />, undefined, {
-				initialRoute: '/forgot-password',
-			});
-
-			expect(container.firstChild).toBeNull();
-		});
-	});
-});
--- a/frontend/src/pages/ForgotPassword/index.tsx
+++ b/frontend/src/pages/ForgotPassword/index.tsx
@@ -1,39 +0,0 @@
-import { useEffect } from 'react';
-import { useLocation } from 'react-router-dom';
-import AuthPageContainer from 'components/AuthPageContainer';
-import ROUTES from 'constants/routes';
-import ForgotPasswordContainer, {
-	ForgotPasswordRouteState,
-} from 'container/ForgotPassword';
-import history from 'lib/history';
-
-import '../Login/Login.styles.scss';
-
-function ForgotPassword(): JSX.Element | null {
-	const location = useLocation<ForgotPasswordRouteState | undefined>();
-	const routeState = location.state;
-
-	useEffect(() => {
-		if (!routeState?.email) {
-			history.push(ROUTES.LOGIN);
-		}
-	}, [routeState]);
-
-	if (!routeState?.email) {
-		return null;
-	}
-
-	return (
-		<AuthPageContainer>
-			<div className="auth-form-card">
-				<ForgotPasswordContainer
-					email={routeState.email}
-					orgId={routeState.orgId}
-					orgs={routeState.orgs}
-				/>
-			</div>
-		</AuthPageContainer>
-	);
-}
-
-export default ForgotPassword;
--- a/frontend/src/utils/docLinks.ts
+++ b/frontend/src/utils/docLinks.ts
@@ -6,8 +6,6 @@ const DOCLINKS = {
 		'https://signoz.io/docs/product-features/trace-explorer/?utm_source=product&utm_medium=traces-explorer-trace-tab#traces-view',
 	METRICS_EXPLORER_EMPTY_STATE:
 		'https://signoz.io/docs/userguide/send-metrics-cloud/',
-	EXTERNAL_API_MONITORING:
-		'https://signoz.io/docs/external-api-monitoring/overview/',
 };

 export default DOCLINKS;
--- a/frontend/src/utils/permission/index.ts
+++ b/frontend/src/utils/permission/index.ts
@@ -68,7 +68,6 @@ export const routePermission: Record<keyof typeof ROUTES, ROLES[]> = {
 	ALERT_HISTORY: ['ADMIN', 'EDITOR', 'VIEWER'],
 	ALERT_OVERVIEW: ['ADMIN', 'EDITOR', 'VIEWER'],
 	LOGIN: ['ADMIN', 'EDITOR', 'VIEWER'],
-	FORGOT_PASSWORD: ['ADMIN', 'EDITOR', 'VIEWER'],
 	NOT_FOUND: ['ADMIN', 'VIEWER', 'EDITOR'],
 	PASSWORD_RESET: ['ADMIN', 'EDITOR', 'VIEWER'],
 	SERVICE_METRICS: ['ADMIN', 'EDITOR', 'VIEWER'],
--- a/frontend/yarn.lock
+++ b/frontend/yarn.lock
@@ -5038,7 +5038,7 @@
  resolved "https://registry.yarnpkg.com/@signozhq/design-tokens/-/design-tokens-2.1.1.tgz#9c36d433fd264410713cc0c5ebdd75ce0ebecba3"
  integrity sha512-SdziCHg5Lwj+6oY6IRUPplaKZ+kTHjbrlhNj//UoAJ8aQLnRdR2F/miPzfSi4vrYw88LtXxNA9J9iJyacCp37A==

-"@signozhq/icons@0.1.0", "@signozhq/icons@^0.1.0":
+"@signozhq/icons@^0.1.0":
  version "0.1.0"
  resolved "https://registry.yarnpkg.com/@signozhq/icons/-/icons-0.1.0.tgz#00dfb430dbac423bfff715876f91a7b8a72509e4"
  integrity sha512-kGWDhCpQkFWaNwyWfy88AIbg902wBbgTFTBAtmo6DkHyLGoqWAf0Jcq8BX+7brFqJF9PnLoSJDj1lvCpUsI/Ig==
--- a/pkg/http/middleware/recovery.go
+++ b/pkg/http/middleware/recovery.go
@@ -1,44 +0,0 @@
-package middleware
-
-import (
-	"log/slog"
-	"net/http"
-	"runtime/debug"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/http/render"
-)
-
-// Recovery is a middleware that recovers from panics, logs the panic,
-// and returns a 500 Internal Server Error.
-type Recovery struct {
-	logger *slog.Logger
-}
-
-// NewRecovery creates a new Recovery middleware.
-func NewRecovery(logger *slog.Logger) Wrapper {
-	return &Recovery{
-		logger: logger.With("pkg", "http-middleware-recovery"),
-	}
-}
-
-// Wrap is the middleware handler.
-func (m *Recovery) Wrap(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		defer func() {
-			if err := recover(); err != nil {
-				m.logger.ErrorContext(
-					r.Context(),
-					"panic recovered",
-					"err", err, "stack", string(debug.Stack()),
-				)
-
-				render.Error(w, errors.NewInternalf(
-					errors.CodeInternal, "internal server error",
-				))
-			}
-		}()
-
-		next.ServeHTTP(w, r)
-	})
-}
--- a/pkg/http/render/render.go
+++ b/pkg/http/render/render.go
@@ -57,7 +57,7 @@ func Error(rw http.ResponseWriter, cause error) {
 	case errors.TypeUnauthenticated:
 		httpCode = http.StatusUnauthorized
 	case errors.TypeUnsupported:
-		httpCode = http.StatusNotImplemented
+		httpCode = http.StatusUnprocessableEntity
 	case errors.TypeForbidden:
 		httpCode = http.StatusForbidden
 	case errors.TypeCanceled:
--- a/pkg/modules/organization/implorganization/setter.go
+++ b/pkg/modules/organization/implorganization/setter.go
@@ -6,18 +6,20 @@ import (
 	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/quickfilter"
+	"github.com/SigNoz/signoz/pkg/modules/rootuser"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )

 type setter struct {
-	store        types.OrganizationStore
-	alertmanager alertmanager.Alertmanager
-	quickfilter  quickfilter.Module
+	store              types.OrganizationStore
+	alertmanager       alertmanager.Alertmanager
+	quickfilter        quickfilter.Module
+	rootUserReconciler rootuser.Reconciler
 }

-func NewSetter(store types.OrganizationStore, alertmanager alertmanager.Alertmanager, quickfilter quickfilter.Module) organization.Setter {
-	return &setter{store: store, alertmanager: alertmanager, quickfilter: quickfilter}
+func NewSetter(store types.OrganizationStore, alertmanager alertmanager.Alertmanager, quickfilter quickfilter.Module, rootUserReconciler rootuser.Reconciler) organization.Setter {
+	return &setter{store: store, alertmanager: alertmanager, quickfilter: quickfilter, rootUserReconciler: rootUserReconciler}
 }

 func (module *setter) Create(ctx context.Context, organization *types.Organization, createManagedRoles func(context.Context, valuer.UUID) error) error {
@@ -37,6 +39,10 @@ func (module *setter) Create(ctx context.Context, organization *types.Organizati
 		return err
 	}

+	if err := module.rootUserReconciler.ReconcileForOrg(ctx, organization); err != nil {
+		return err
+	}
+
 	return nil
 }

--- a/pkg/modules/rootuser/implrootuser/module.go
+++ b/pkg/modules/rootuser/implrootuser/module.go
@@ -0,0 +1,72 @@
+package implrootuser
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/authz"
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/modules/rootuser"
+	"github.com/SigNoz/signoz/pkg/modules/user"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type module struct {
+	store    types.RootUserStore
+	settings factory.ScopedProviderSettings
+	config   user.RootUserConfig
+	authz    authz.AuthZ
+}
+
+func NewModule(store types.RootUserStore, providerSettings factory.ProviderSettings, config user.RootUserConfig, authz authz.AuthZ) rootuser.Module {
+	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/modules/rootuser/implrootuser")
+	return &module{
+		store:    store,
+		settings: settings,
+		config:   config,
+		authz:    authz,
+	}
+}
+
+func (m *module) Authenticate(ctx context.Context, orgID valuer.UUID, email valuer.Email, password string) (*authtypes.Identity, error) {
+	// get the root user by email and org id
+	rootUser, err := m.store.GetByEmailAndOrgID(ctx, orgID, email)
+	if err != nil {
+		return nil, err
+	}
+
+	// verify the password
+	if !rootUser.VerifyPassword(password) {
+		return nil, errors.New(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "invalid email or password")
+	}
+
+	// create a root user identity
+	identity := authtypes.NewRootIdentity(rootUser.ID, orgID, rootUser.Email)
+
+	// make sure the returning identity has admin role
+	err = m.authz.Grant(ctx, orgID, roletypes.SigNozAdminRoleName, authtypes.MustNewSubject(authtypes.TypeableUser, rootUser.ID.StringValue(), rootUser.OrgID, nil))
+	if err != nil {
+		return nil, err
+	}
+
+	return identity, nil
+}
+
+func (m *module) ExistsByOrgID(ctx context.Context, orgID valuer.UUID) (bool, error) {
+	return m.store.ExistsByOrgID(ctx, orgID)
+}
+
+func (m *module) GetByEmailAndOrgID(ctx context.Context, orgID valuer.UUID, email valuer.Email) (*types.RootUser, error) {
+	return m.store.GetByEmailAndOrgID(ctx, orgID, email)
+}
+
+func (m *module) GetByOrgIDAndID(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*types.RootUser, error) {
+	return m.store.GetByOrgIDAndID(ctx, orgID, id)
+}
+
+func (m *module) GetByEmailAndOrgIDs(ctx context.Context, orgIDs []valuer.UUID, email valuer.Email) ([]*types.RootUser, error) {
+	return m.store.GetByEmailAndOrgIDs(ctx, orgIDs, email)
+}
--- a/pkg/modules/rootuser/implrootuser/reconciler.go
+++ b/pkg/modules/rootuser/implrootuser/reconciler.go
@@ -0,0 +1,165 @@
+package implrootuser
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/modules/organization"
+	"github.com/SigNoz/signoz/pkg/modules/rootuser"
+	"github.com/SigNoz/signoz/pkg/modules/user"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type reconciler struct {
+	store     types.RootUserStore
+	settings  factory.ScopedProviderSettings
+	orgGetter organization.Getter
+	config    user.RootUserConfig
+}
+
+func NewReconciler(store types.RootUserStore, settings factory.ProviderSettings, orgGetter organization.Getter, config user.RootUserConfig) rootuser.Reconciler {
+	scopedSettings := factory.NewScopedProviderSettings(settings, "github.com/SigNoz/signoz/pkg/modules/rootuser/implrootuser/reconciler")
+
+	return &reconciler{
+		store:     store,
+		settings:  scopedSettings,
+		orgGetter: orgGetter,
+		config:    config,
+	}
+}
+
+func (r *reconciler) Reconcile(ctx context.Context) error {
+	if !r.config.IsConfigured() {
+		r.settings.Logger().InfoContext(ctx, "reconciler: root user is not configured, skipping reconciliation")
+		return nil
+	}
+
+	r.settings.Logger().InfoContext(ctx, "reconciler: reconciling root user(s)")
+
+	// get the organizations that are owned by this instance of signoz
+	orgs, err := r.orgGetter.ListByOwnedKeyRange(ctx)
+	if err != nil {
+		return errors.WrapInternalf(err, errors.CodeInternal, "failed to get list of organizations owned by this instance of signoz")
+	}
+
+	if len(orgs) == 0 {
+		r.settings.Logger().InfoContext(ctx, "reconciler: no organizations owned by this instance of signoz, skipping reconciliation")
+		return nil
+	}
+
+	for _, org := range orgs {
+		r.settings.Logger().InfoContext(ctx, "reconciler: reconciling root user for organization", "organization_id", org.ID, "organization_name", org.Name)
+
+		err := r.reconcileRootUserForOrg(ctx, org)
+		if err != nil {
+			return errors.WrapInternalf(err, errors.CodeInternal, "reconciler: failed to reconcile root user for organization %s (%s)", org.Name, org.ID)
+		}
+
+		r.settings.Logger().InfoContext(ctx, "reconciler: root user reconciled for organization", "organization_id", org.ID, "organization_name", org.Name)
+	}
+
+	r.settings.Logger().InfoContext(ctx, "reconciler: reconciliation complete")
+
+	return nil
+}
+
+func (r *reconciler) ReconcileForOrg(ctx context.Context, org *types.Organization) error {
+	if !r.config.IsConfigured() {
+		r.settings.Logger().InfoContext(ctx, "reconciler: root user is not configured, skipping reconciliation")
+		return nil
+	}
+
+	r.settings.Logger().InfoContext(ctx, "reconciler: reconciling root user for organization", "organization_id", org.ID, "organization_name", org.Name)
+
+	err := r.reconcileRootUserForOrg(ctx, org)
+	if err != nil {
+		return errors.WrapInternalf(err, errors.CodeInternal, "reconciler: failed to reconcile root user for organization %s (%s)", org.Name, org.ID)
+	}
+
+	r.settings.Logger().InfoContext(ctx, "reconciler: root user reconciled for organization", "organization_id", org.ID, "organization_name", org.Name)
+
+	return nil
+}
+
+func (r *reconciler) reconcileRootUserForOrg(ctx context.Context, org *types.Organization) error {
+
+	// try creating the user optimisitically
+	err := r.createRootUserForOrg(ctx, org.ID)
+	if err == nil {
+		// success - yay
+		return nil
+	}
+
+	// if error is not "alredy exists", something really went wrong
+	if !errors.Asc(err, types.ErrCodeRootUserAlreadyExists) {
+		return err
+	}
+
+	// here means the root user already exists - just make sure it is configured correctly
+	// this could be the case where the root user was created by some other means
+	// either previously or by some other instance of signoz
+	r.settings.Logger().InfoContext(ctx, "reconciler: root user already exists for organization", "organization_id", org.ID, "organization_name", org.Name)
+
+	// check if the root user already exists for the org
+	existingRootUser, err := r.store.GetByOrgID(ctx, org.ID)
+	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+		return err
+	}
+
+	// make updates to the existing root user if needed
+	return r.updateRootUserForOrg(ctx, org.ID, existingRootUser)
+}
+
+func (r *reconciler) createRootUserForOrg(ctx context.Context, orgID valuer.UUID) error {
+	rootUser, err := types.NewRootUser(
+		valuer.MustNewEmail(r.config.Email),
+		r.config.Password,
+		orgID,
+	)
+	if err != nil {
+		return err
+	}
+
+	r.settings.Logger().InfoContext(ctx, "reconciler: creating new root user for organization", "organization_id", orgID, "email", r.config.Email)
+
+	err = r.store.Create(ctx, rootUser)
+	if err != nil {
+		return err
+	}
+
+	r.settings.Logger().InfoContext(ctx, "reconciler: root user created for organization", "organization_id", orgID, "email", r.config.Email)
+
+	return nil
+}
+
+func (r *reconciler) updateRootUserForOrg(ctx context.Context, orgID valuer.UUID, rootUser *types.RootUser) error {
+	needsUpdate := false
+
+	if rootUser.Email != valuer.MustNewEmail(r.config.Email) {
+		rootUser.Email = valuer.MustNewEmail(r.config.Email)
+		needsUpdate = true
+	}
+
+	if !rootUser.VerifyPassword(r.config.Password) {
+		passwordHash, err := types.NewHashedPassword(r.config.Password)
+		if err != nil {
+			return err
+		}
+		rootUser.PasswordHash = passwordHash
+		needsUpdate = true
+	}
+
+	if needsUpdate {
+		r.settings.Logger().InfoContext(ctx, "reconciler: updating root user for organization", "organization_id", orgID, "email", r.config.Email)
+		err := r.store.Update(ctx, orgID, rootUser.ID, rootUser)
+		if err != nil {
+			return err
+		}
+		r.settings.Logger().InfoContext(ctx, "reconciler: root user updated for organization", "organization_id", orgID, "email", r.config.Email)
+		return nil
+	}
+
+	return nil
+}
--- a/pkg/modules/rootuser/implrootuser/store.go
+++ b/pkg/modules/rootuser/implrootuser/store.go
@@ -0,0 +1,126 @@
+package implrootuser
+
+import (
+	"context"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/uptrace/bun"
+)
+
+type store struct {
+	sqlstore sqlstore.SQLStore
+	settings factory.ProviderSettings
+}
+
+func NewStore(sqlstore sqlstore.SQLStore, settings factory.ProviderSettings) types.RootUserStore {
+	return &store{
+		sqlstore: sqlstore,
+		settings: settings,
+	}
+}
+
+func (store *store) Create(ctx context.Context, rootUser *types.RootUser) error {
+	_, err := store.sqlstore.BunDBCtx(ctx).
+		NewInsert().
+		Model(rootUser).
+		Exec(ctx)
+	if err != nil {
+		return store.sqlstore.WrapAlreadyExistsErrf(err, types.ErrCodeRootUserAlreadyExists, "root user with email %s already exists in org %s", rootUser.Email, rootUser.OrgID)
+	}
+
+	return nil
+}
+
+func (store *store) GetByOrgID(ctx context.Context, orgID valuer.UUID) (*types.RootUser, error) {
+	rootUser := new(types.RootUser)
+
+	err := store.sqlstore.BunDBCtx(ctx).
+		NewSelect().
+		Model(rootUser).
+		Where("org_id = ?", orgID).
+		Scan(ctx)
+	if err != nil {
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeRootUserNotFound, "root user with org_id %s does not exist", orgID)
+	}
+	return rootUser, nil
+}
+
+func (store *store) GetByEmailAndOrgID(ctx context.Context, orgID valuer.UUID, email valuer.Email) (*types.RootUser, error) {
+	rootUser := new(types.RootUser)
+
+	err := store.sqlstore.BunDBCtx(ctx).
+		NewSelect().
+		Model(rootUser).
+		Where("email = ?", email).
+		Where("org_id = ?", orgID).
+		Scan(ctx)
+	if err != nil {
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeRootUserNotFound, "root user with email %s does not exist in org %s", email, orgID)
+	}
+	return rootUser, nil
+}
+
+func (store *store) GetByOrgIDAndID(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*types.RootUser, error) {
+	rootUser := new(types.RootUser)
+
+	err := store.sqlstore.BunDBCtx(ctx).
+		NewSelect().
+		Model(rootUser).
+		Where("id = ?", id).
+		Where("org_id = ?", orgID).
+		Scan(ctx)
+	if err != nil {
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeRootUserNotFound, "root user with id %s does not exist in org %s", id, orgID)
+	}
+	return rootUser, nil
+}
+
+func (store *store) GetByEmailAndOrgIDs(ctx context.Context, orgIDs []valuer.UUID, email valuer.Email) ([]*types.RootUser, error) {
+	rootUsers := []*types.RootUser{}
+
+	err := store.sqlstore.BunDBCtx(ctx).
+		NewSelect().
+		Model(&rootUsers).
+		Where("email = ?", email).
+		Where("org_id IN (?)", bun.In(orgIDs)).
+		Scan(ctx)
+	if err != nil {
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeRootUserNotFound, "root user with email %s does not exist in orgs %s", email, orgIDs)
+	}
+
+	return rootUsers, nil
+}
+
+func (store *store) ExistsByOrgID(ctx context.Context, orgID valuer.UUID) (bool, error) {
+	exists, err := store.sqlstore.BunDBCtx(ctx).
+		NewSelect().
+		Model(new(types.RootUser)).
+		Where("org_id = ?", orgID).
+		Exists(ctx)
+	if err != nil {
+		return false, err
+	}
+
+	return exists, nil
+}
+
+func (store *store) Update(ctx context.Context, orgID valuer.UUID, id valuer.UUID, rootUser *types.RootUser) error {
+	rootUser.UpdatedAt = time.Now()
+	_, err := store.sqlstore.BunDBCtx(ctx).
+		NewUpdate().
+		Model(rootUser).
+		Column("email").
+		Column("password_hash").
+		Column("updated_at").
+		Where("id = ?", id).
+		Where("org_id = ?", orgID).
+		Exec(ctx)
+	if err != nil {
+		return store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeRootUserNotFound, "root user with id %s does not exist", id)
+	}
+	return nil
+}
--- a/pkg/modules/rootuser/rootuser.go
+++ b/pkg/modules/rootuser/rootuser.go
@@ -0,0 +1,34 @@
+package rootuser
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type Module interface {
+	// Authenticate a root user by email and password
+	Authenticate(ctx context.Context, orgID valuer.UUID, email valuer.Email, password string) (*authtypes.Identity, error)
+
+	// Get the root user by email and orgID.
+	GetByEmailAndOrgID(ctx context.Context, orgID valuer.UUID, email valuer.Email) (*types.RootUser, error)
+
+	// Get the root user by orgID and ID.
+	GetByOrgIDAndID(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*types.RootUser, error)
+
+	// Get the root users by email and org IDs.
+	GetByEmailAndOrgIDs(ctx context.Context, orgIDs []valuer.UUID, email valuer.Email) ([]*types.RootUser, error)
+
+	// Checks if a root user exists for an organization
+	ExistsByOrgID(ctx context.Context, orgID valuer.UUID) (bool, error)
+}
+
+type Reconciler interface {
+	// Reconcile the root users.
+	Reconcile(ctx context.Context) error
+
+	// Reconcile the root user for the given org.
+	ReconcileForOrg(ctx context.Context, org *types.Organization) error
+}
--- a/pkg/modules/session/implsession/module.go
+++ b/pkg/modules/session/implsession/module.go
@@ -12,6 +12,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/modules/authdomain"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
+	"github.com/SigNoz/signoz/pkg/modules/rootuser"
 	"github.com/SigNoz/signoz/pkg/modules/session"
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/tokenizer"
@@ -21,24 +22,26 @@ import (
 )

 type module struct {
-	settings   factory.ScopedProviderSettings
-	authNs     map[authtypes.AuthNProvider]authn.AuthN
-	user       user.Module
-	userGetter user.Getter
-	authDomain authdomain.Module
-	tokenizer  tokenizer.Tokenizer
-	orgGetter  organization.Getter
+	settings       factory.ScopedProviderSettings
+	authNs         map[authtypes.AuthNProvider]authn.AuthN
+	user           user.Module
+	userGetter     user.Getter
+	authDomain     authdomain.Module
+	tokenizer      tokenizer.Tokenizer
+	orgGetter      organization.Getter
+	rootUserModule rootuser.Module
 }

-func NewModule(providerSettings factory.ProviderSettings, authNs map[authtypes.AuthNProvider]authn.AuthN, user user.Module, userGetter user.Getter, authDomain authdomain.Module, tokenizer tokenizer.Tokenizer, orgGetter organization.Getter) session.Module {
+func NewModule(providerSettings factory.ProviderSettings, authNs map[authtypes.AuthNProvider]authn.AuthN, user user.Module, userGetter user.Getter, authDomain authdomain.Module, tokenizer tokenizer.Tokenizer, orgGetter organization.Getter, rootUserModule rootuser.Module) session.Module {
 	return &module{
-		settings:   factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/modules/session/implsession"),
-		authNs:     authNs,
-		user:       user,
-		userGetter: userGetter,
-		authDomain: authDomain,
-		tokenizer:  tokenizer,
-		orgGetter:  orgGetter,
+		settings:       factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/modules/session/implsession"),
+		authNs:         authNs,
+		user:           user,
+		userGetter:     userGetter,
+		authDomain:     authDomain,
+		tokenizer:      tokenizer,
+		orgGetter:      orgGetter,
+		rootUserModule: rootUserModule,
 	}
 }

@@ -60,6 +63,19 @@ func (module *module) GetSessionContext(ctx context.Context, email valuer.Email,
 		orgIDs = append(orgIDs, org.ID)
 	}

+	// ROOT USER
+	// if this email is a root user email, we will only allow password authentication
+	if module.rootUserModule != nil {
+		rootUserContexts, err := module.getRootUserSessionContext(ctx, orgs, orgIDs, email)
+		if err != nil {
+			return nil, err
+		}
+		if rootUserContexts.Exists {
+			return rootUserContexts, nil
+		}
+	}
+
+	// REGULAR USER
 	users, err := module.userGetter.ListUsersByEmailAndOrgIDs(ctx, email, orgIDs)
 	if err != nil {
 		return nil, err
@@ -108,6 +124,22 @@ func (module *module) GetSessionContext(ctx context.Context, email valuer.Email,
 }

 func (module *module) CreatePasswordAuthNSession(ctx context.Context, authNProvider authtypes.AuthNProvider, email valuer.Email, password string, orgID valuer.UUID) (*authtypes.Token, error) {
+	// Root User Authentication
+	if module.rootUserModule != nil {
+		// Ignore root user authentication errors and continue with regular user authentication.
+		// This error can be either not found or incorrect password, in both cases we continue with regular user authentication.
+		identity, err := module.rootUserModule.Authenticate(ctx, orgID, email, password)
+		if err != nil && !errors.Asc(err, types.ErrCodeRootUserNotFound) && !errors.Ast(err, errors.TypeUnauthenticated) {
+			// something else went wrong, we should report back to the caller
+			return nil, err
+		}
+		if identity != nil {
+			// root user authentication successful
+			return module.tokenizer.CreateToken(ctx, identity, map[string]string{})
+		}
+	}
+
+	// Regular User Authentication
 	passwordAuthN, err := getProvider[authn.PasswordAuthN](authNProvider, module.authNs)
 	if err != nil {
 		return nil, err
@@ -215,3 +247,31 @@ func getProvider[T authn.AuthN](authNProvider authtypes.AuthNProvider, authNs ma

 	return provider, nil
 }
+
+func (module *module) getRootUserSessionContext(ctx context.Context, orgs []*types.Organization, orgIDs []valuer.UUID, email valuer.Email) (*authtypes.SessionContext, error) {
+	context := authtypes.NewSessionContext()
+
+	rootUsers, err := module.rootUserModule.GetByEmailAndOrgIDs(ctx, orgIDs, email)
+	if err != nil && !errors.Asc(err, types.ErrCodeRootUserNotFound) {
+		// something else went wrong, report back to the caller
+		return nil, err
+	}
+
+	for _, rootUser := range rootUsers {
+		idx := slices.IndexFunc(orgs, func(org *types.Organization) bool {
+			return org.ID == rootUser.OrgID
+		})
+
+		if idx == -1 {
+			continue
+		}
+
+		org := orgs[idx]
+
+		context.Exists = true
+		orgContext := authtypes.NewOrgSessionContext(org.ID, org.Name).AddPasswordAuthNSupport(authtypes.AuthNProviderEmailPassword)
+		context = context.AddOrgContext(orgContext)
+	}
+
+	return context, nil
+}
--- a/pkg/modules/user/config.go
+++ b/pkg/modules/user/config.go
@@ -5,15 +5,26 @@ import (

 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+var (
+	minRootUserPasswordLength = 12
 )

 type Config struct {
-	Password PasswordConfig `mapstructure:"password"`
+	Password       PasswordConfig `mapstructure:"password"`
+	RootUserConfig RootUserConfig `mapstructure:"root"`
 }
 type PasswordConfig struct {
 	Reset ResetConfig `mapstructure:"reset"`
 }

+type RootUserConfig struct {
+	Email    string `mapstructure:"email"`
+	Password string `mapstructure:"password"`
+}
+
 type ResetConfig struct {
 	AllowSelf        bool          `mapstructure:"allow_self"`
 	MaxTokenLifetime time.Duration `mapstructure:"max_token_lifetime"`
@@ -31,6 +42,10 @@ func newConfig() factory.Config {
 				MaxTokenLifetime: 6 * time.Hour,
 			},
 		},
+		RootUserConfig: RootUserConfig{
+			Email:    "",
+			Password: "",
+		},
 	}
 }

@@ -39,5 +54,40 @@ func (c Config) Validate() error {
 		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "user::password::reset::max_token_lifetime must be positive")
 	}

+	if err := c.RootUserConfig.Validate(); err != nil {
+		return err
+	}
+
 	return nil
 }
+
+func (r RootUserConfig) Validate() error {
+	if (r.Email == "") != (r.Password == "") {
+		// all or nothing case
+		return errors.Newf(
+			errors.TypeInvalidInput,
+			errors.CodeInvalidInput,
+			"user::root requires both email and password to be set, or neither",
+		)
+	}
+
+	// nothing case
+	if !r.IsConfigured() {
+		return nil
+	}
+
+	_, err := valuer.NewEmail(r.Email)
+	if err != nil {
+		return errors.WrapInvalidInputf(err, errors.CodeInvalidInput, "invalid user::root::email %s", r.Email)
+	}
+
+	if len(r.Password) < minRootUserPasswordLength {
+		return errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "user::root::password must be at least %d characters long", minRootUserPasswordLength)
+	}
+
+	return nil
+}
+
+func (r RootUserConfig) IsConfigured() bool {
+	return r.Email != "" && r.Password != ""
+}
--- a/pkg/modules/user/impluser/handler.go
+++ b/pkg/modules/user/impluser/handler.go
@@ -10,21 +10,22 @@ import (
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/http/binding"
 	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/modules/rootuser"
 	root "github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/integrationstypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
 )

 type handler struct {
-	module root.Module
-	getter root.Getter
+	module         root.Module
+	getter         root.Getter
+	rootUserModule rootuser.Module
 }

-func NewHandler(module root.Module, getter root.Getter) root.Handler {
-	return &handler{module: module, getter: getter}
+func NewHandler(module root.Module, getter root.Getter, rootUserModule rootuser.Module) root.Handler {
+	return &handler{module: module, getter: getter, rootUserModule: rootUserModule}
 }

 func (h *handler) AcceptInvite(w http.ResponseWriter, r *http.Request) {
@@ -62,6 +63,23 @@ func (h *handler) CreateInvite(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

+	// ROOT USER CHECK - START
+	// if the to-be-invited email is one of the root users, we forbid this operation
+	if h.rootUserModule != nil {
+		rootUser, err := h.rootUserModule.GetByEmailAndOrgID(ctx, valuer.MustNewUUID(claims.OrgID), req.Email)
+		if err != nil && !errors.Asc(err, types.ErrCodeRootUserNotFound) {
+			// something else went wrong, report back to UI
+			render.Error(rw, err)
+			return
+		}
+
+		if rootUser != nil {
+			render.Error(rw, errors.New(errors.TypeForbidden, errors.CodeForbidden, "cannot invite this email id"))
+			return
+		}
+	}
+	// ROOT USER CHECK - END
+
 	invites, err := h.module.CreateBulkInvite(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID), &types.PostableBulkInviteRequest{
 		Invites: []types.PostableInvite{req},
 	})
@@ -95,6 +113,25 @@ func (h *handler) CreateBulkInvite(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

+	// ROOT USER CHECK - START
+	// if the to-be-invited email is one of the root users, we forbid this operation
+	if h.rootUserModule != nil {
+		for _, invite := range req.Invites {
+			rootUser, err := h.rootUserModule.GetByEmailAndOrgID(ctx, valuer.MustNewUUID(claims.OrgID), invite.Email)
+			if err != nil && !errors.Asc(err, types.ErrCodeRootUserNotFound) {
+				// something else went wrong, report back to UI
+				render.Error(rw, err)
+				return
+			}
+
+			if rootUser != nil {
+				render.Error(rw, errors.New(errors.TypeForbidden, errors.CodeForbidden, "reserved email(s) found, failed to invite users"))
+				return
+			}
+		}
+	}
+	// ROOT USER CHECK - END
+
 	_, err = h.module.CreateBulkInvite(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID), &req)
 	if err != nil {
 		render.Error(rw, err)
@@ -193,6 +230,37 @@ func (h *handler) GetMyUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	// ROOT USER
+	if h.rootUserModule != nil {
+		rootUser, err := h.rootUserModule.GetByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID))
+		if err != nil && !errors.Asc(err, types.ErrCodeRootUserNotFound) {
+			// something else is wrong report back in UI
+			render.Error(w, err)
+			return
+		}
+
+		if rootUser != nil {
+			// root user detected
+			rUser := types.User{
+				Identifiable: types.Identifiable{
+					ID: rootUser.ID,
+				},
+				DisplayName: "Root User",
+				Email:       rootUser.Email,
+				Role:        types.RoleAdmin,
+				OrgID:       rootUser.OrgID,
+				TimeAuditable: types.TimeAuditable{
+					CreatedAt: rootUser.CreatedAt,
+					UpdatedAt: rootUser.UpdatedAt,
+				},
+			}
+
+			render.Success(w, http.StatusOK, rUser)
+			return
+		}
+	}
+
+	// NORMAL USER
 	user, err := h.getter.GetByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID))
 	if err != nil {
 		render.Error(w, err)
@@ -260,6 +328,11 @@ func (h *handler) DeleteUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	if claims.UserID == id {
+		render.Error(w, errors.Newf(errors.TypeForbidden, errors.CodeForbidden, "users cannot delete themselves"))
+		return
+	}
+
 	if err := h.module.DeleteUser(ctx, valuer.MustNewUUID(claims.OrgID), id, claims.UserID); err != nil {
 		render.Error(w, err)
 		return
@@ -463,7 +536,7 @@ func (h *handler) UpdateAPIKey(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if slices.Contains(integrationstypes.IntegrationUserEmails, createdByUser.Email) {
+	if slices.Contains(types.AllIntegrationUserEmails, types.IntegrationUserEmail(createdByUser.Email.String())) {
 		render.Error(w, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "API Keys for integration users cannot be revoked"))
 		return
 	}
@@ -508,7 +581,7 @@ func (h *handler) RevokeAPIKey(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if slices.Contains(integrationstypes.IntegrationUserEmails, createdByUser.Email) {
+	if slices.Contains(types.AllIntegrationUserEmails, types.IntegrationUserEmail(createdByUser.Email.String())) {
 		render.Error(w, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "API Keys for integration users cannot be revoked"))
 		return
 	}
--- a/pkg/modules/user/impluser/module.go
+++ b/pkg/modules/user/impluser/module.go
@@ -19,7 +19,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/emailtypes"
-	"github.com/SigNoz/signoz/pkg/types/integrationstypes"
 	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/dustin/go-humanize"
@@ -172,7 +171,7 @@ func (m *Module) DeleteInvite(ctx context.Context, orgID string, id valuer.UUID)
 func (module *Module) CreateUser(ctx context.Context, input *types.User, opts ...root.CreateUserOption) error {
 	createUserOpts := root.NewCreateUserOptions(opts...)

-	// since assign is idempotent multiple calls to assign won't cause issues in case of retries.
+	// since assign is idempotant multiple calls to assign won't cause issues in case of retries.
 	err := module.authz.Grant(ctx, input.OrgID, roletypes.MustGetSigNozManagedRoleFromExistingRole(input.Role), authtypes.MustNewSubject(authtypes.TypeableUser, input.ID.StringValue(), input.OrgID, nil))
 	if err != nil {
 		return err
@@ -287,7 +286,7 @@ func (module *Module) DeleteUser(ctx context.Context, orgID valuer.UUID, id stri
 		return err
 	}

-	if slices.Contains(integrationstypes.IntegrationUserEmails, user.Email) {
+	if slices.Contains(types.AllIntegrationUserEmails, types.IntegrationUserEmail(user.Email.String())) {
 		return errors.New(errors.TypeForbidden, errors.CodeForbidden, "integration user cannot be deleted")
 	}

@@ -301,7 +300,7 @@ func (module *Module) DeleteUser(ctx context.Context, orgID valuer.UUID, id stri
 		return errors.New(errors.TypeForbidden, errors.CodeForbidden, "cannot delete the last admin")
 	}

-	// since revoke is idempotent multiple calls to revoke won't cause issues in case of retries
+	// since revoke is idempotant multiple calls to revoke won't cause issues in case of retries
 	err = module.authz.Revoke(ctx, orgID, roletypes.MustGetSigNozManagedRoleFromExistingRole(user.Role), authtypes.MustNewSubject(authtypes.TypeableUser, id, orgID, nil))
 	if err != nil {
 		return err
--- a/pkg/query-service/app/cloudintegrations/store/accountsRepo.go
+++ b/pkg/query-service/app/cloudintegrations/store/accountsRepo.go
@@ -1,4 +1,4 @@
-package store
+package cloudintegrations

 import (
 	"context"
@@ -7,50 +7,49 @@ import (
 	"strings"
 	"time"

-	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/query-service/model"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/integrationstypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )

-var (
-	CodeCloudIntegrationAccountNotFound errors.Code = errors.MustNewCode("cloud_integration_account_not_found")
-)
+type cloudProviderAccountsRepository interface {
+	listConnected(ctx context.Context, orgId string, provider string) ([]types.CloudIntegration, *model.ApiError)

-type CloudProviderAccountsRepository interface {
-	ListConnected(ctx context.Context, orgId string, provider string) ([]integrationstypes.CloudIntegration, error)
+	get(ctx context.Context, orgId string, provider string, id string) (*types.CloudIntegration, *model.ApiError)

-	Get(ctx context.Context, orgId string, provider string, id string) (*integrationstypes.CloudIntegration, error)
-
-	GetConnectedCloudAccount(ctx context.Context, orgId, provider string, accountID string) (*integrationstypes.CloudIntegration, error)
+	getConnectedCloudAccount(ctx context.Context, orgId string, provider string, accountID string) (*types.CloudIntegration, *model.ApiError)

 	// Insert an account or update it by (cloudProvider, id)
 	// for specified non-empty fields
-	Upsert(
+	upsert(
 		ctx context.Context,
 		orgId string,
 		provider string,
 		id *string,
-		config []byte,
+		config *types.AccountConfig,
 		accountId *string,
-		agentReport *integrationstypes.AgentReport,
+		agentReport *types.AgentReport,
 		removedAt *time.Time,
-	) (*integrationstypes.CloudIntegration, error)
+	) (*types.CloudIntegration, *model.ApiError)
 }

-func NewCloudProviderAccountsRepository(store sqlstore.SQLStore) CloudProviderAccountsRepository {
-	return &cloudProviderAccountsSQLRepository{store: store}
+func newCloudProviderAccountsRepository(store sqlstore.SQLStore) (
+	*cloudProviderAccountsSQLRepository, error,
+) {
+	return &cloudProviderAccountsSQLRepository{
+		store: store,
+	}, nil
 }

 type cloudProviderAccountsSQLRepository struct {
 	store sqlstore.SQLStore
 }

-func (r *cloudProviderAccountsSQLRepository) ListConnected(
+func (r *cloudProviderAccountsSQLRepository) listConnected(
 	ctx context.Context, orgId string, cloudProvider string,
-) ([]integrationstypes.CloudIntegration, error) {
-	accounts := []integrationstypes.CloudIntegration{}
+) ([]types.CloudIntegration, *model.ApiError) {
+	accounts := []types.CloudIntegration{}

 	err := r.store.BunDB().NewSelect().
 		Model(&accounts).
@@ -63,16 +62,18 @@ func (r *cloudProviderAccountsSQLRepository) ListConnected(
 		Scan(ctx)

 	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "could not query connected cloud accounts")
+		return nil, model.InternalError(fmt.Errorf(
+			"could not query connected cloud accounts: %w", err,
+		))
 	}

 	return accounts, nil
 }

-func (r *cloudProviderAccountsSQLRepository) Get(
+func (r *cloudProviderAccountsSQLRepository) get(
 	ctx context.Context, orgId string, provider string, id string,
-) (*integrationstypes.CloudIntegration, error) {
-	var result integrationstypes.CloudIntegration
+) (*types.CloudIntegration, *model.ApiError) {
+	var result types.CloudIntegration

 	err := r.store.BunDB().NewSelect().
 		Model(&result).
@@ -81,25 +82,23 @@ func (r *cloudProviderAccountsSQLRepository) Get(
 		Where("id = ?", id).
 		Scan(ctx)

-	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
-			return nil, errors.WrapNotFoundf(
-				err,
-				CodeCloudIntegrationAccountNotFound,
-				"couldn't find account with Id %s", id,
-			)
-		}
-
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't query cloud provider account")
+	if err == sql.ErrNoRows {
+		return nil, model.NotFoundError(fmt.Errorf(
+			"couldn't find account with Id %s", id,
+		))
+	} else if err != nil {
+		return nil, model.InternalError(fmt.Errorf(
+			"couldn't query cloud provider accounts: %w", err,
+		))
 	}

 	return &result, nil
 }

-func (r *cloudProviderAccountsSQLRepository) GetConnectedCloudAccount(
+func (r *cloudProviderAccountsSQLRepository) getConnectedCloudAccount(
 	ctx context.Context, orgId string, provider string, accountId string,
-) (*integrationstypes.CloudIntegration, error) {
-	var result integrationstypes.CloudIntegration
+) (*types.CloudIntegration, *model.ApiError) {
+	var result types.CloudIntegration

 	err := r.store.BunDB().NewSelect().
 		Model(&result).
@@ -110,25 +109,29 @@ func (r *cloudProviderAccountsSQLRepository) GetConnectedCloudAccount(
 		Where("removed_at is NULL").
 		Scan(ctx)

-	if errors.Is(err, sql.ErrNoRows) {
-		return nil, errors.WrapNotFoundf(err, CodeCloudIntegrationAccountNotFound, "couldn't find connected cloud account %s", accountId)
+	if err == sql.ErrNoRows {
+		return nil, model.NotFoundError(fmt.Errorf(
+			"couldn't find connected cloud account %s", accountId,
+		))
 	} else if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't query cloud provider account")
+		return nil, model.InternalError(fmt.Errorf(
+			"couldn't query cloud provider accounts: %w", err,
+		))
 	}

 	return &result, nil
 }

-func (r *cloudProviderAccountsSQLRepository) Upsert(
+func (r *cloudProviderAccountsSQLRepository) upsert(
 	ctx context.Context,
 	orgId string,
 	provider string,
 	id *string,
-	config []byte,
+	config *types.AccountConfig,
 	accountId *string,
-	agentReport *integrationstypes.AgentReport,
+	agentReport *types.AgentReport,
 	removedAt *time.Time,
-) (*integrationstypes.CloudIntegration, error) {
+) (*types.CloudIntegration, *model.ApiError) {
 	// Insert
 	if id == nil {
 		temp := valuer.GenerateUUID().StringValue()
@@ -178,7 +181,7 @@ func (r *cloudProviderAccountsSQLRepository) Upsert(
 		)
 	}

-	integration := integrationstypes.CloudIntegration{
+	integration := types.CloudIntegration{
 		OrgID:        orgId,
 		Provider:     provider,
 		Identifiable: types.Identifiable{ID: valuer.MustNewUUID(*id)},
@@ -192,18 +195,22 @@ func (r *cloudProviderAccountsSQLRepository) Upsert(
 		RemovedAt:       removedAt,
 	}

-	_, err := r.store.BunDB().NewInsert().
+	_, dbErr := r.store.BunDB().NewInsert().
 		Model(&integration).
 		On(onConflictClause).
 		Exec(ctx)

-	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't upsert cloud integration account")
+	if dbErr != nil {
+		return nil, model.InternalError(fmt.Errorf(
+			"could not upsert cloud account record: %w", dbErr,
+		))
 	}

-	upsertedAccount, err := r.Get(ctx, orgId, provider, *id)
-	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't get upserted cloud integration account")
+	upsertedAccount, apiErr := r.get(ctx, orgId, provider, *id)
+	if apiErr != nil {
+		return nil, model.InternalError(fmt.Errorf(
+			"couldn't fetch upserted account by id: %w", apiErr.ToError(),
+		))
 	}

 	return upsertedAccount, nil
--- a/pkg/query-service/app/cloudintegrations/constants.go
+++ b/pkg/query-service/app/cloudintegrations/constants.go
@@ -1,4 +1,4 @@
-package integrationstypes
+package cloudintegrations

 import (
 	"github.com/SigNoz/signoz/pkg/errors"
--- a/pkg/query-service/app/cloudintegrations/controller.go
+++ b/pkg/query-service/app/cloudintegrations/controller.go
@@ -0,0 +1,624 @@
+package cloudintegrations
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"slices"
+	"strings"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations/services"
+	"github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"golang.org/x/exp/maps"
+)
+
+var SupportedCloudProviders = []string{
+	"aws",
+}
+
+func validateCloudProviderName(name string) *model.ApiError {
+	if !slices.Contains(SupportedCloudProviders, name) {
+		return model.BadRequest(fmt.Errorf("invalid cloud provider: %s", name))
+	}
+	return nil
+}
+
+type Controller struct {
+	accountsRepo      cloudProviderAccountsRepository
+	serviceConfigRepo ServiceConfigDatabase
+}
+
+func NewController(sqlStore sqlstore.SQLStore) (*Controller, error) {
+	accountsRepo, err := newCloudProviderAccountsRepository(sqlStore)
+	if err != nil {
+		return nil, fmt.Errorf("couldn't create cloud provider accounts repo: %w", err)
+	}
+
+	serviceConfigRepo, err := newServiceConfigRepository(sqlStore)
+	if err != nil {
+		return nil, fmt.Errorf("couldn't create cloud provider service config repo: %w", err)
+	}
+
+	return &Controller{
+		accountsRepo:      accountsRepo,
+		serviceConfigRepo: serviceConfigRepo,
+	}, nil
+}
+
+type ConnectedAccountsListResponse struct {
+	Accounts []types.Account `json:"accounts"`
+}
+
+func (c *Controller) ListConnectedAccounts(ctx context.Context, orgId string, cloudProvider string) (
+	*ConnectedAccountsListResponse, *model.ApiError,
+) {
+	if apiErr := validateCloudProviderName(cloudProvider); apiErr != nil {
+		return nil, apiErr
+	}
+
+	accountRecords, apiErr := c.accountsRepo.listConnected(ctx, orgId, cloudProvider)
+	if apiErr != nil {
+		return nil, model.WrapApiError(apiErr, "couldn't list cloud accounts")
+	}
+
+	connectedAccounts := []types.Account{}
+	for _, a := range accountRecords {
+		connectedAccounts = append(connectedAccounts, a.Account())
+	}
+
+	return &ConnectedAccountsListResponse{
+		Accounts: connectedAccounts,
+	}, nil
+}
+
+type GenerateConnectionUrlRequest struct {
+	// Optional. To be specified for updates.
+	AccountId *string `json:"account_id,omitempty"`
+
+	AccountConfig types.AccountConfig `json:"account_config"`
+
+	AgentConfig SigNozAgentConfig `json:"agent_config"`
+}
+
+type SigNozAgentConfig struct {
+	// The region in which SigNoz agent should be installed.
+	Region string `json:"region"`
+
+	IngestionUrl string `json:"ingestion_url"`
+	IngestionKey string `json:"ingestion_key"`
+	SigNozAPIUrl string `json:"signoz_api_url"`
+	SigNozAPIKey string `json:"signoz_api_key"`
+
+	Version string `json:"version,omitempty"`
+}
+
+type GenerateConnectionUrlResponse struct {
+	AccountId     string `json:"account_id"`
+	ConnectionUrl string `json:"connection_url"`
+}
+
+func (c *Controller) GenerateConnectionUrl(ctx context.Context, orgId string, cloudProvider string, req GenerateConnectionUrlRequest) (*GenerateConnectionUrlResponse, *model.ApiError) {
+	// Account connection with a simple connection URL may not be available for all providers.
+	if cloudProvider != "aws" {
+		return nil, model.BadRequest(fmt.Errorf("unsupported cloud provider: %s", cloudProvider))
+	}
+
+	account, apiErr := c.accountsRepo.upsert(
+		ctx, orgId, cloudProvider, req.AccountId, &req.AccountConfig, nil, nil, nil,
+	)
+	if apiErr != nil {
+		return nil, model.WrapApiError(apiErr, "couldn't upsert cloud account")
+	}
+
+	agentVersion := "v0.0.8"
+	if req.AgentConfig.Version != "" {
+		agentVersion = req.AgentConfig.Version
+	}
+
+	connectionUrl := fmt.Sprintf(
+		"https://%s.console.aws.amazon.com/cloudformation/home?region=%s#/stacks/quickcreate?",
+		req.AgentConfig.Region, req.AgentConfig.Region,
+	)
+
+	for qp, value := range map[string]string{
+		"param_SigNozIntegrationAgentVersion": agentVersion,
+		"param_SigNozApiUrl":                  req.AgentConfig.SigNozAPIUrl,
+		"param_SigNozApiKey":                  req.AgentConfig.SigNozAPIKey,
+		"param_SigNozAccountId":               account.ID.StringValue(),
+		"param_IngestionUrl":                  req.AgentConfig.IngestionUrl,
+		"param_IngestionKey":                  req.AgentConfig.IngestionKey,
+		"stackName":                           "signoz-integration",
+		"templateURL": fmt.Sprintf(
+			"https://signoz-integrations.s3.us-east-1.amazonaws.com/aws-quickcreate-template-%s.json",
+			agentVersion,
+		),
+	} {
+		connectionUrl += fmt.Sprintf("&%s=%s", qp, url.QueryEscape(value))
+	}
+
+	return &GenerateConnectionUrlResponse{
+		AccountId:     account.ID.StringValue(),
+		ConnectionUrl: connectionUrl,
+	}, nil
+}
+
+type AccountStatusResponse struct {
+	Id             string              `json:"id"`
+	CloudAccountId *string             `json:"cloud_account_id,omitempty"`
+	Status         types.AccountStatus `json:"status"`
+}
+
+func (c *Controller) GetAccountStatus(ctx context.Context, orgId string, cloudProvider string, accountId string) (
+	*AccountStatusResponse, *model.ApiError,
+) {
+	if apiErr := validateCloudProviderName(cloudProvider); apiErr != nil {
+		return nil, apiErr
+	}
+
+	account, apiErr := c.accountsRepo.get(ctx, orgId, cloudProvider, accountId)
+	if apiErr != nil {
+		return nil, apiErr
+	}
+
+	resp := AccountStatusResponse{
+		Id:             account.ID.StringValue(),
+		CloudAccountId: account.AccountID,
+		Status:         account.Status(),
+	}
+
+	return &resp, nil
+}
+
+type AgentCheckInRequest struct {
+	ID        string `json:"account_id"`
+	AccountID string `json:"cloud_account_id"`
+	// Arbitrary cloud specific Agent data
+	Data map[string]any `json:"data,omitempty"`
+}
+
+type AgentCheckInResponse struct {
+	AccountId      string     `json:"account_id"`
+	CloudAccountId string     `json:"cloud_account_id"`
+	RemovedAt      *time.Time `json:"removed_at"`
+
+	IntegrationConfig IntegrationConfigForAgent `json:"integration_config"`
+}
+
+type IntegrationConfigForAgent struct {
+	EnabledRegions []string `json:"enabled_regions"`
+
+	TelemetryCollectionStrategy *CompiledCollectionStrategy `json:"telemetry,omitempty"`
+}
+
+func (c *Controller) CheckInAsAgent(ctx context.Context, orgId string, cloudProvider string, req AgentCheckInRequest) (*AgentCheckInResponse, error) {
+	if apiErr := validateCloudProviderName(cloudProvider); apiErr != nil {
+		return nil, apiErr
+	}
+
+	existingAccount, apiErr := c.accountsRepo.get(ctx, orgId, cloudProvider, req.ID)
+	if existingAccount != nil && existingAccount.AccountID != nil && *existingAccount.AccountID != req.AccountID {
+		return nil, model.BadRequest(fmt.Errorf(
+			"can't check in with new %s account id %s for account %s with existing %s id %s",
+			cloudProvider, req.AccountID, existingAccount.ID.StringValue(), cloudProvider, *existingAccount.AccountID,
+		))
+	}
+
+	existingAccount, apiErr = c.accountsRepo.getConnectedCloudAccount(ctx, orgId, cloudProvider, req.AccountID)
+	if existingAccount != nil && existingAccount.ID.StringValue() != req.ID {
+		return nil, model.BadRequest(fmt.Errorf(
+			"can't check in to %s account %s with id %s. already connected with id %s",
+			cloudProvider, req.AccountID, req.ID, existingAccount.ID.StringValue(),
+		))
+	}
+
+	agentReport := types.AgentReport{
+		TimestampMillis: time.Now().UnixMilli(),
+		Data:            req.Data,
+	}
+
+	account, apiErr := c.accountsRepo.upsert(
+		ctx, orgId, cloudProvider, &req.ID, nil, &req.AccountID, &agentReport, nil,
+	)
+	if apiErr != nil {
+		return nil, model.WrapApiError(apiErr, "couldn't upsert cloud account")
+	}
+
+	// prepare and return integration config to be consumed by agent
+	compiledStrategy, err := NewCompiledCollectionStrategy(cloudProvider)
+	if err != nil {
+		return nil, model.InternalError(fmt.Errorf(
+			"couldn't init telemetry collection strategy: %w", err,
+		))
+	}
+
+	agentConfig := IntegrationConfigForAgent{
+		EnabledRegions:              []string{},
+		TelemetryCollectionStrategy: compiledStrategy,
+	}
+
+	if account.Config != nil && account.Config.EnabledRegions != nil {
+		agentConfig.EnabledRegions = account.Config.EnabledRegions
+	}
+
+	services, err := services.Map(cloudProvider)
+	if err != nil {
+		return nil, err
+	}
+
+	svcConfigs, apiErr := c.serviceConfigRepo.getAllForAccount(
+		ctx, orgId, account.ID.StringValue(),
+	)
+	if apiErr != nil {
+		return nil, model.WrapApiError(
+			apiErr, "couldn't get service configs for cloud account",
+		)
+	}
+
+	// accumulate config in a fixed order to ensure same config generated across runs
+	configuredServices := maps.Keys(svcConfigs)
+	slices.Sort(configuredServices)
+
+	for _, svcType := range configuredServices {
+		definition, ok := services[svcType]
+		if !ok {
+			continue
+		}
+		config := svcConfigs[svcType]
+
+		err := AddServiceStrategy(svcType, compiledStrategy, definition.Strategy, config)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &AgentCheckInResponse{
+		AccountId:         account.ID.StringValue(),
+		CloudAccountId:    *account.AccountID,
+		RemovedAt:         account.RemovedAt,
+		IntegrationConfig: agentConfig,
+	}, nil
+}
+
+type UpdateAccountConfigRequest struct {
+	Config types.AccountConfig `json:"config"`
+}
+
+func (c *Controller) UpdateAccountConfig(ctx context.Context, orgId string, cloudProvider string, accountId string, req UpdateAccountConfigRequest) (*types.Account, *model.ApiError) {
+	if apiErr := validateCloudProviderName(cloudProvider); apiErr != nil {
+		return nil, apiErr
+	}
+
+	accountRecord, apiErr := c.accountsRepo.upsert(
+		ctx, orgId, cloudProvider, &accountId, &req.Config, nil, nil, nil,
+	)
+	if apiErr != nil {
+		return nil, model.WrapApiError(apiErr, "couldn't upsert cloud account")
+	}
+
+	account := accountRecord.Account()
+
+	return &account, nil
+}
+
+func (c *Controller) DisconnectAccount(ctx context.Context, orgId string, cloudProvider string, accountId string) (*types.CloudIntegration, *model.ApiError) {
+	if apiErr := validateCloudProviderName(cloudProvider); apiErr != nil {
+		return nil, apiErr
+	}
+
+	account, apiErr := c.accountsRepo.get(ctx, orgId, cloudProvider, accountId)
+	if apiErr != nil {
+		return nil, model.WrapApiError(apiErr, "couldn't disconnect account")
+	}
+
+	tsNow := time.Now()
+	account, apiErr = c.accountsRepo.upsert(
+		ctx, orgId, cloudProvider, &accountId, nil, nil, nil, &tsNow,
+	)
+	if apiErr != nil {
+		return nil, model.WrapApiError(apiErr, "couldn't disconnect account")
+	}
+
+	return account, nil
+}
+
+type ListServicesResponse struct {
+	Services []ServiceSummary `json:"services"`
+}
+
+func (c *Controller) ListServices(
+	ctx context.Context,
+	orgID string,
+	cloudProvider string,
+	cloudAccountId *string,
+) (*ListServicesResponse, *model.ApiError) {
+	if apiErr := validateCloudProviderName(cloudProvider); apiErr != nil {
+		return nil, apiErr
+	}
+
+	definitions, apiErr := services.List(cloudProvider)
+	if apiErr != nil {
+		return nil, model.WrapApiError(apiErr, "couldn't list cloud services")
+	}
+
+	svcConfigs := map[string]*types.CloudServiceConfig{}
+	if cloudAccountId != nil {
+		activeAccount, apiErr := c.accountsRepo.getConnectedCloudAccount(
+			ctx, orgID, cloudProvider, *cloudAccountId,
+		)
+		if apiErr != nil {
+			return nil, model.WrapApiError(apiErr, "couldn't get active account")
+		}
+		svcConfigs, apiErr = c.serviceConfigRepo.getAllForAccount(
+			ctx, orgID, activeAccount.ID.StringValue(),
+		)
+		if apiErr != nil {
+			return nil, model.WrapApiError(
+				apiErr, "couldn't get service configs for cloud account",
+			)
+		}
+	}
+
+	summaries := []ServiceSummary{}
+	for _, def := range definitions {
+		summary := ServiceSummary{
+			Metadata: def.Metadata,
+		}
+		summary.Config = svcConfigs[summary.Id]
+
+		summaries = append(summaries, summary)
+	}
+
+	return &ListServicesResponse{
+		Services: summaries,
+	}, nil
+}
+
+func (c *Controller) GetServiceDetails(
+	ctx context.Context,
+	orgID string,
+	cloudProvider string,
+	serviceId string,
+	cloudAccountId *string,
+) (*ServiceDetails, error) {
+	if apiErr := validateCloudProviderName(cloudProvider); apiErr != nil {
+		return nil, apiErr
+	}
+
+	definition, err := services.GetServiceDefinition(cloudProvider, serviceId)
+	if err != nil {
+		return nil, err
+	}
+
+	details := ServiceDetails{
+		Definition: *definition,
+	}
+
+	if cloudAccountId != nil {
+
+		activeAccount, apiErr := c.accountsRepo.getConnectedCloudAccount(
+			ctx, orgID, cloudProvider, *cloudAccountId,
+		)
+		if apiErr != nil {
+			return nil, model.WrapApiError(apiErr, "couldn't get active account")
+		}
+
+		config, apiErr := c.serviceConfigRepo.get(
+			ctx, orgID, activeAccount.ID.StringValue(), serviceId,
+		)
+		if apiErr != nil && apiErr.Type() != model.ErrorNotFound {
+			return nil, model.WrapApiError(apiErr, "couldn't fetch service config")
+		}
+
+		if config != nil {
+			details.Config = config
+
+			enabled := false
+			if config.Metrics != nil && config.Metrics.Enabled {
+				enabled = true
+			}
+
+			// add links to service dashboards, making them clickable.
+			for i, d := range definition.Assets.Dashboards {
+				dashboardUuid := c.dashboardUuid(
+					cloudProvider, serviceId, d.Id,
+				)
+				if enabled {
+					definition.Assets.Dashboards[i].Url = fmt.Sprintf("/dashboard/%s", dashboardUuid)
+				} else {
+					definition.Assets.Dashboards[i].Url = "" // to unset the in-memory URL if enabled once and disabled afterwards
+				}
+			}
+		}
+	}
+
+	return &details, nil
+}
+
+type UpdateServiceConfigRequest struct {
+	CloudAccountId string                   `json:"cloud_account_id"`
+	Config         types.CloudServiceConfig `json:"config"`
+}
+
+func (u *UpdateServiceConfigRequest) Validate(def *services.Definition) error {
+	if def.Id != services.S3Sync && u.Config.Logs != nil && u.Config.Logs.S3Buckets != nil {
+		return errors.NewInvalidInputf(errors.CodeInvalidInput, "s3 buckets can only be added to service-type[%s]", services.S3Sync)
+	} else if def.Id == services.S3Sync && u.Config.Logs != nil && u.Config.Logs.S3Buckets != nil {
+		for region := range u.Config.Logs.S3Buckets {
+			if _, found := ValidAWSRegions[region]; !found {
+				return errors.NewInvalidInputf(CodeInvalidCloudRegion, "invalid cloud region: %s", region)
+			}
+		}
+	}
+
+	return nil
+}
+
+type UpdateServiceConfigResponse struct {
+	Id     string                   `json:"id"`
+	Config types.CloudServiceConfig `json:"config"`
+}
+
+func (c *Controller) UpdateServiceConfig(
+	ctx context.Context,
+	orgID string,
+	cloudProvider string,
+	serviceType string,
+	req *UpdateServiceConfigRequest,
+) (*UpdateServiceConfigResponse, error) {
+	if apiErr := validateCloudProviderName(cloudProvider); apiErr != nil {
+		return nil, apiErr
+	}
+
+	// can only update config for a valid service.
+	definition, err := services.GetServiceDefinition(cloudProvider, serviceType)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := req.Validate(definition); err != nil {
+		return nil, err
+	}
+
+	// can only update config for a connected cloud account id
+	_, apiErr := c.accountsRepo.getConnectedCloudAccount(
+		ctx, orgID, cloudProvider, req.CloudAccountId,
+	)
+	if apiErr != nil {
+		return nil, model.WrapApiError(apiErr, "couldn't find connected cloud account")
+	}
+
+	updatedConfig, apiErr := c.serviceConfigRepo.upsert(
+		ctx, orgID, cloudProvider, req.CloudAccountId, serviceType, req.Config,
+	)
+	if apiErr != nil {
+		return nil, model.WrapApiError(apiErr, "couldn't update service config")
+	}
+
+	return &UpdateServiceConfigResponse{
+		Id:     serviceType,
+		Config: *updatedConfig,
+	}, nil
+}
+
+// All dashboards that are available based on cloud integrations configuration
+// across all cloud providers
+func (c *Controller) AvailableDashboards(ctx context.Context, orgId valuer.UUID) ([]*dashboardtypes.Dashboard, *model.ApiError) {
+	allDashboards := []*dashboardtypes.Dashboard{}
+
+	for _, provider := range []string{"aws"} {
+		providerDashboards, apiErr := c.AvailableDashboardsForCloudProvider(ctx, orgId, provider)
+		if apiErr != nil {
+			return nil, model.WrapApiError(
+				apiErr, fmt.Sprintf("couldn't get available dashboards for %s", provider),
+			)
+		}
+
+		allDashboards = append(allDashboards, providerDashboards...)
+	}
+
+	return allDashboards, nil
+}
+
+func (c *Controller) AvailableDashboardsForCloudProvider(ctx context.Context, orgID valuer.UUID, cloudProvider string) ([]*dashboardtypes.Dashboard, *model.ApiError) {
+	accountRecords, apiErr := c.accountsRepo.listConnected(ctx, orgID.StringValue(), cloudProvider)
+	if apiErr != nil {
+		return nil, model.WrapApiError(apiErr, "couldn't list connected cloud accounts")
+	}
+
+	// for v0, service dashboards are only available when metrics are enabled.
+	servicesWithAvailableMetrics := map[string]*time.Time{}
+
+	for _, ar := range accountRecords {
+		if ar.AccountID != nil {
+			configsBySvcId, apiErr := c.serviceConfigRepo.getAllForAccount(
+				ctx, orgID.StringValue(), ar.ID.StringValue(),
+			)
+			if apiErr != nil {
+				return nil, apiErr
+			}
+
+			for svcId, config := range configsBySvcId {
+				if config.Metrics != nil && config.Metrics.Enabled {
+					servicesWithAvailableMetrics[svcId] = &ar.CreatedAt
+				}
+			}
+		}
+	}
+
+	allServices, apiErr := services.List(cloudProvider)
+	if apiErr != nil {
+		return nil, apiErr
+	}
+
+	svcDashboards := []*dashboardtypes.Dashboard{}
+	for _, svc := range allServices {
+		serviceDashboardsCreatedAt := servicesWithAvailableMetrics[svc.Id]
+		if serviceDashboardsCreatedAt != nil {
+			for _, d := range svc.Assets.Dashboards {
+				author := fmt.Sprintf("%s-integration", cloudProvider)
+				svcDashboards = append(svcDashboards, &dashboardtypes.Dashboard{
+					ID:     c.dashboardUuid(cloudProvider, svc.Id, d.Id),
+					Locked: true,
+					Data:   *d.Definition,
+					TimeAuditable: types.TimeAuditable{
+						CreatedAt: *serviceDashboardsCreatedAt,
+						UpdatedAt: *serviceDashboardsCreatedAt,
+					},
+					UserAuditable: types.UserAuditable{
+						CreatedBy: author,
+						UpdatedBy: author,
+					},
+					OrgID: orgID,
+				})
+			}
+			servicesWithAvailableMetrics[svc.Id] = nil
+		}
+	}
+
+	return svcDashboards, nil
+}
+func (c *Controller) GetDashboardById(ctx context.Context, orgId valuer.UUID, dashboardUuid string) (*dashboardtypes.Dashboard, *model.ApiError) {
+	cloudProvider, _, _, apiErr := c.parseDashboardUuid(dashboardUuid)
+	if apiErr != nil {
+		return nil, apiErr
+	}
+
+	allDashboards, apiErr := c.AvailableDashboardsForCloudProvider(ctx, orgId, cloudProvider)
+	if apiErr != nil {
+		return nil, model.WrapApiError(apiErr, "couldn't list available dashboards")
+	}
+
+	for _, d := range allDashboards {
+		if d.ID == dashboardUuid {
+			return d, nil
+		}
+	}
+
+	return nil, model.NotFoundError(fmt.Errorf("couldn't find dashboard with uuid: %s", dashboardUuid))
+}
+
+func (c *Controller) dashboardUuid(
+	cloudProvider string, svcId string, dashboardId string,
+) string {
+	return fmt.Sprintf("cloud-integration--%s--%s--%s", cloudProvider, svcId, dashboardId)
+}
+
+func (c *Controller) parseDashboardUuid(dashboardUuid string) (cloudProvider string, svcId string, dashboardId string, apiErr *model.ApiError) {
+	parts := strings.SplitN(dashboardUuid, "--", 4)
+	if len(parts) != 4 || parts[0] != "cloud-integration" {
+		return "", "", "", model.BadRequest(fmt.Errorf("invalid cloud integration dashboard id"))
+	}
+
+	return parts[1], parts[2], parts[3], nil
+}
+
+func (c *Controller) IsCloudIntegrationDashboardUuid(dashboardUuid string) bool {
+	_, _, _, apiErr := c.parseDashboardUuid(dashboardUuid)
+	return apiErr == nil
+}
--- a/pkg/query-service/app/cloudintegrations/implawsprovider/awsprovider.go
+++ b/pkg/query-service/app/cloudintegrations/implawsprovider/awsprovider.go
@@ -1,996 +0,0 @@
-package implawsprovider
-
-import (
-	"context"
-	"fmt"
-	"log/slog"
-	"net/url"
-	"slices"
-	"sort"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations/services"
-	integrationstore "github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations/store"
-	"github.com/SigNoz/signoz/pkg/query-service/interfaces"
-	"github.com/SigNoz/signoz/pkg/query-service/model"
-	v3 "github.com/SigNoz/signoz/pkg/query-service/model/v3"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/types/integrationstypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"golang.org/x/exp/maps"
-)
-
-var (
-	CodeInvalidAWSRegion  = errors.MustNewCode("invalid_aws_region")
-	CodeDashboardNotFound = errors.MustNewCode("dashboard_not_found")
-)
-
-type awsProvider struct {
-	logger                *slog.Logger
-	querier               interfaces.Querier
-	accountsRepo          integrationstore.CloudProviderAccountsRepository
-	serviceConfigRepo     integrationstore.ServiceConfigDatabase
-	awsServiceDefinitions *services.AWSServicesProvider
-	reader                interfaces.Reader
-}
-
-func NewAWSCloudProvider(
-	logger *slog.Logger,
-	accountsRepo integrationstore.CloudProviderAccountsRepository,
-	serviceConfigRepo integrationstore.ServiceConfigDatabase,
-	reader interfaces.Reader,
-	querier interfaces.Querier,
-) integrationstypes.CloudProvider {
-	awsServiceDefinitions, err := services.NewAWSCloudProviderServices()
-	if err != nil {
-		panic("failed to initialize AWS service definitions: " + err.Error())
-	}
-
-	return &awsProvider{
-		logger:                logger,
-		reader:                reader,
-		querier:               querier,
-		accountsRepo:          accountsRepo,
-		serviceConfigRepo:     serviceConfigRepo,
-		awsServiceDefinitions: awsServiceDefinitions,
-	}
-}
-
-func (a *awsProvider) GetAccountStatus(ctx context.Context, orgID, accountID string) (*integrationstypes.GettableAccountStatus, error) {
-	accountRecord, err := a.accountsRepo.Get(ctx, orgID, a.GetName().String(), accountID)
-	if err != nil {
-		return nil, err
-	}
-
-	return &integrationstypes.GettableAccountStatus{
-		Id:             accountRecord.ID.String(),
-		CloudAccountId: accountRecord.AccountID,
-		Status:         accountRecord.Status(),
-	}, nil
-}
-
-func (a *awsProvider) ListConnectedAccounts(ctx context.Context, orgID string) (*integrationstypes.GettableConnectedAccountsList, error) {
-	accountRecords, err := a.accountsRepo.ListConnected(ctx, orgID, a.GetName().String())
-	if err != nil {
-		return nil, err
-	}
-
-	connectedAccounts := make([]*integrationstypes.Account, 0, len(accountRecords))
-	for _, r := range accountRecords {
-		connectedAccounts = append(connectedAccounts, r.Account(a.GetName()))
-	}
-
-	return &integrationstypes.GettableConnectedAccountsList{
-		Accounts: connectedAccounts,
-	}, nil
-}
-
-func (a *awsProvider) AgentCheckIn(ctx context.Context, req *integrationstypes.PostableAgentCheckInPayload) (any, error) {
-	// agent can't check in unless the account is already created
-	existingAccount, err := a.accountsRepo.Get(ctx, req.OrgID, a.GetName().String(), req.ID)
-	if err != nil {
-		return nil, err
-	}
-
-	if existingAccount != nil && existingAccount.AccountID != nil && *existingAccount.AccountID != req.AccountID {
-		return nil, model.BadRequest(fmt.Errorf(
-			"can't check in with new %s account id %s for account %s with existing %s id %s",
-			a.GetName().String(), req.AccountID, existingAccount.ID.StringValue(), a.GetName().String(),
-			*existingAccount.AccountID,
-		))
-	}
-
-	existingAccount, err = a.accountsRepo.GetConnectedCloudAccount(ctx, req.OrgID, a.GetName().String(), req.AccountID)
-	if existingAccount != nil && existingAccount.ID.StringValue() != req.ID {
-		return nil, model.BadRequest(fmt.Errorf(
-			"can't check in to %s account %s with id %s. already connected with id %s",
-			a.GetName().String(), req.AccountID, req.ID, existingAccount.ID.StringValue(),
-		))
-	}
-
-	agentReport := integrationstypes.AgentReport{
-		TimestampMillis: time.Now().UnixMilli(),
-		Data:            req.Data,
-	}
-
-	account, err := a.accountsRepo.Upsert(
-		ctx, req.OrgID, a.GetName().String(), &req.ID, nil, &req.AccountID, &agentReport, nil,
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	agentConfig, err := a.getAWSAgentConfig(ctx, account)
-	if err != nil {
-		return nil, err
-	}
-
-	return &integrationstypes.GettableAWSAgentCheckIn{
-		AccountId:         account.ID.StringValue(),
-		CloudAccountId:    *account.AccountID,
-		RemovedAt:         account.RemovedAt,
-		IntegrationConfig: *agentConfig,
-	}, nil
-}
-
-func (a *awsProvider) getAWSAgentConfig(ctx context.Context, account *integrationstypes.CloudIntegration) (*integrationstypes.AWSAgentIntegrationConfig, error) {
-	// prepare and return integration config to be consumed by agent
-	agentConfig := &integrationstypes.AWSAgentIntegrationConfig{
-		EnabledRegions: []string{},
-		TelemetryCollectionStrategy: &integrationstypes.AWSCollectionStrategy{
-			Provider:   a.GetName(),
-			AWSMetrics: &integrationstypes.AWSMetricsStrategy{},
-			AWSLogs:    &integrationstypes.AWSLogsStrategy{},
-			S3Buckets:  map[string][]string{},
-		},
-	}
-
-	accountConfig := new(integrationstypes.AWSAccountConfig)
-	err := accountConfig.Unmarshal(account.Config)
-	if err != nil {
-		return nil, err
-	}
-
-	if accountConfig != nil && accountConfig.EnabledRegions != nil {
-		agentConfig.EnabledRegions = accountConfig.EnabledRegions
-	}
-
-	svcConfigs, err := a.serviceConfigRepo.GetAllForAccount(
-		ctx, account.OrgID, account.ID.StringValue(),
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	// accumulate config in a fixed order to ensure same config generated across runs
-	configuredServices := maps.Keys(svcConfigs)
-	slices.Sort(configuredServices)
-
-	for _, svcType := range configuredServices {
-		definition, err := a.awsServiceDefinitions.GetServiceDefinition(ctx, svcType)
-		if err != nil {
-			continue
-		}
-		config := svcConfigs[svcType]
-
-		serviceConfig := new(integrationstypes.AWSCloudServiceConfig)
-		err = serviceConfig.Unmarshal(config)
-		if err != nil {
-			continue
-		}
-
-		if serviceConfig.Logs != nil && serviceConfig.Logs.Enabled {
-			if svcType == integrationstypes.S3Sync {
-				// S3 bucket sync; No cloudwatch logs are appended for this service type;
-				// Though definition is populated with a custom cloudwatch group that helps in calculating logs connection status
-				agentConfig.TelemetryCollectionStrategy.S3Buckets = serviceConfig.Logs.S3Buckets
-			} else if definition.Strategy.AWSLogs != nil { // services that includes a logs subscription
-				agentConfig.TelemetryCollectionStrategy.AWSLogs.Subscriptions = append(
-					agentConfig.TelemetryCollectionStrategy.AWSLogs.Subscriptions,
-					definition.Strategy.AWSLogs.Subscriptions...,
-				)
-			}
-		}
-
-		if serviceConfig.Metrics != nil && serviceConfig.Metrics.Enabled && definition.Strategy.AWSMetrics != nil {
-			agentConfig.TelemetryCollectionStrategy.AWSMetrics.StreamFilters = append(
-				agentConfig.TelemetryCollectionStrategy.AWSMetrics.StreamFilters,
-				definition.Strategy.AWSMetrics.StreamFilters...,
-			)
-		}
-	}
-
-	return agentConfig, nil
-}
-
-func (a *awsProvider) GetName() integrationstypes.CloudProviderType {
-	return integrationstypes.CloudProviderAWS
-}
-
-func (a *awsProvider) ListServices(ctx context.Context, orgID string, cloudAccountID *string) (any, error) {
-	svcConfigs := make(map[string]*integrationstypes.AWSCloudServiceConfig)
-	if cloudAccountID != nil {
-		activeAccount, err := a.accountsRepo.GetConnectedCloudAccount(ctx, orgID, a.GetName().String(), *cloudAccountID)
-		if err != nil {
-			return nil, err
-		}
-
-		serviceConfigs, err := a.serviceConfigRepo.GetAllForAccount(ctx, orgID, activeAccount.ID.String())
-		if err != nil {
-			return nil, err
-		}
-
-		for svcType, config := range serviceConfigs {
-			serviceConfig := new(integrationstypes.AWSCloudServiceConfig)
-			err = serviceConfig.Unmarshal(config)
-			if err != nil {
-				return nil, err
-			}
-			svcConfigs[svcType] = serviceConfig
-		}
-	}
-
-	summaries := make([]integrationstypes.AWSServiceSummary, 0)
-
-	definitions, err := a.awsServiceDefinitions.ListServiceDefinitions(ctx)
-	if err != nil {
-		return nil, model.InternalError(fmt.Errorf("couldn't list aws service definitions: %w", err))
-	}
-
-	for _, def := range definitions {
-		summary := integrationstypes.AWSServiceSummary{
-			DefinitionMetadata: def.DefinitionMetadata,
-			Config:             nil,
-		}
-
-		summary.Config = svcConfigs[summary.Id]
-
-		summaries = append(summaries, summary)
-	}
-
-	sort.Slice(summaries, func(i, j int) bool {
-		return summaries[i].DefinitionMetadata.Title < summaries[j].DefinitionMetadata.Title
-	})
-
-	return &integrationstypes.GettableAWSServices{
-		Services: summaries,
-	}, nil
-}
-
-func (a *awsProvider) GetServiceDetails(ctx context.Context, req *integrationstypes.GetServiceDetailsReq) (any, error) {
-	details := new(integrationstypes.GettableAWSServiceDetails)
-
-	awsDefinition, err := a.awsServiceDefinitions.GetServiceDefinition(ctx, req.ServiceId)
-	if err != nil {
-		return nil, model.InternalError(fmt.Errorf("couldn't get aws service definition: %w", err))
-	}
-
-	details.AWSServiceDefinition = *awsDefinition
-	details.Strategy.Provider = a.GetName()
-	if req.CloudAccountID == nil {
-		return details, nil
-	}
-
-	config, err := a.getServiceConfig(ctx, &details.AWSServiceDefinition, req.OrgID, a.GetName().String(), req.ServiceId, *req.CloudAccountID)
-	if err != nil {
-		return nil, err
-	}
-
-	if config == nil {
-		return details, nil
-	}
-
-	details.Config = config
-
-	connectionStatus, err := a.calculateCloudIntegrationServiceConnectionStatus(
-		ctx,
-		req.OrgID,
-		*req.CloudAccountID,
-		&details.AWSServiceDefinition,
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	details.ConnectionStatus = connectionStatus
-
-	return details, nil
-}
-
-func (a *awsProvider) calculateCloudIntegrationServiceConnectionStatus(
-	ctx context.Context,
-	orgID valuer.UUID,
-	cloudAccountId string,
-	svcDetails *integrationstypes.AWSServiceDefinition,
-) (*integrationstypes.ServiceConnectionStatus, error) {
-	telemetryCollectionStrategy := svcDetails.Strategy
-	if telemetryCollectionStrategy == nil {
-		return nil, model.InternalError(fmt.Errorf(
-			"service doesn't have telemetry collection strategy: %s", svcDetails.Id,
-		))
-	}
-
-	result := &integrationstypes.ServiceConnectionStatus{}
-	errors := make([]error, 0)
-	var resultLock sync.Mutex
-
-	var wg sync.WaitGroup
-
-	// Calculate metrics connection status
-	if telemetryCollectionStrategy.AWSMetrics != nil {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-
-			metricsConnStatus, apiErr := a.calculateAWSIntegrationSvcMetricsConnectionStatus(
-				ctx, cloudAccountId, telemetryCollectionStrategy.AWSMetrics, svcDetails.DataCollected.Metrics,
-			)
-
-			resultLock.Lock()
-			defer resultLock.Unlock()
-
-			if apiErr != nil {
-				errors = append(errors, apiErr)
-			} else {
-				result.Metrics = metricsConnStatus
-			}
-		}()
-	}
-
-	// Calculate logs connection status
-	if telemetryCollectionStrategy.AWSLogs != nil {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-
-			logsConnStatus, apiErr := a.calculateAWSIntegrationSvcLogsConnectionStatus(
-				ctx, orgID, cloudAccountId, telemetryCollectionStrategy.AWSLogs,
-			)
-
-			resultLock.Lock()
-			defer resultLock.Unlock()
-
-			if apiErr != nil {
-				errors = append(errors, apiErr)
-			} else {
-				result.Logs = logsConnStatus
-			}
-		}()
-	}
-
-	wg.Wait()
-
-	if len(errors) > 0 {
-		return nil, errors[0]
-	}
-
-	return result, nil
-
-}
-func (a *awsProvider) calculateAWSIntegrationSvcMetricsConnectionStatus(
-	ctx context.Context,
-	cloudAccountId string,
-	strategy *integrationstypes.AWSMetricsStrategy,
-	metricsCollectedBySvc []integrationstypes.CollectedMetric,
-) (*integrationstypes.SignalConnectionStatus, *model.ApiError) {
-	if strategy == nil || len(strategy.StreamFilters) < 1 {
-		return nil, nil
-	}
-
-	expectedLabelValues := map[string]string{
-		"cloud_provider":   "aws",
-		"cloud_account_id": cloudAccountId,
-	}
-
-	metricsNamespace := strategy.StreamFilters[0].Namespace
-	metricsNamespaceParts := strings.Split(metricsNamespace, "/")
-
-	if len(metricsNamespaceParts) >= 2 {
-		expectedLabelValues["service_namespace"] = metricsNamespaceParts[0]
-		expectedLabelValues["service_name"] = metricsNamespaceParts[1]
-	} else {
-		// metrics for single word namespaces like "CWAgent" do not
-		// have the service_namespace label populated
-		expectedLabelValues["service_name"] = metricsNamespaceParts[0]
-	}
-
-	metricNamesCollectedBySvc := []string{}
-	for _, cm := range metricsCollectedBySvc {
-		metricNamesCollectedBySvc = append(metricNamesCollectedBySvc, cm.Name)
-	}
-
-	statusForLastReceivedMetric, apiErr := a.reader.GetLatestReceivedMetric(
-		ctx, metricNamesCollectedBySvc, expectedLabelValues,
-	)
-	if apiErr != nil {
-		return nil, apiErr
-	}
-
-	if statusForLastReceivedMetric != nil {
-		return &integrationstypes.SignalConnectionStatus{
-			LastReceivedTsMillis: statusForLastReceivedMetric.LastReceivedTsMillis,
-			LastReceivedFrom:     "signoz-aws-integration",
-		}, nil
-	}
-
-	return nil, nil
-}
-
-func (a *awsProvider) calculateAWSIntegrationSvcLogsConnectionStatus(
-	ctx context.Context,
-	orgID valuer.UUID,
-	cloudAccountId string,
-	strategy *integrationstypes.AWSLogsStrategy,
-) (*integrationstypes.SignalConnectionStatus, *model.ApiError) {
-	if strategy == nil || len(strategy.Subscriptions) < 1 {
-		return nil, nil
-	}
-
-	logGroupNamePrefix := strategy.Subscriptions[0].LogGroupNamePrefix
-	if len(logGroupNamePrefix) < 1 {
-		return nil, nil
-	}
-
-	logsConnTestFilter := &v3.FilterSet{
-		Operator: "AND",
-		Items: []v3.FilterItem{
-			{
-				Key: v3.AttributeKey{
-					Key:      "cloud.account.id",
-					DataType: v3.AttributeKeyDataTypeString,
-					Type:     v3.AttributeKeyTypeResource,
-				},
-				Operator: "=",
-				Value:    cloudAccountId,
-			},
-			{
-				Key: v3.AttributeKey{
-					Key:      "aws.cloudwatch.log_group_name",
-					DataType: v3.AttributeKeyDataTypeString,
-					Type:     v3.AttributeKeyTypeResource,
-				},
-				Operator: "like",
-				Value:    logGroupNamePrefix + "%",
-			},
-		},
-	}
-
-	// TODO(Raj): Receive this as a param from UI in the future.
-	lookbackSeconds := int64(30 * 60)
-
-	qrParams := &v3.QueryRangeParamsV3{
-		Start: time.Now().UnixMilli() - (lookbackSeconds * 1000),
-		End:   time.Now().UnixMilli(),
-		CompositeQuery: &v3.CompositeQuery{
-			PanelType: v3.PanelTypeList,
-			QueryType: v3.QueryTypeBuilder,
-			BuilderQueries: map[string]*v3.BuilderQuery{
-				"A": {
-					PageSize:          1,
-					Filters:           logsConnTestFilter,
-					QueryName:         "A",
-					DataSource:        v3.DataSourceLogs,
-					Expression:        "A",
-					AggregateOperator: v3.AggregateOperatorNoOp,
-				},
-			},
-		},
-	}
-	queryRes, _, err := a.querier.QueryRange(
-		ctx, orgID, qrParams,
-	)
-	if err != nil {
-		return nil, model.InternalError(fmt.Errorf(
-			"could not query for integration connection status: %w", err,
-		))
-	}
-	if len(queryRes) > 0 && queryRes[0].List != nil && len(queryRes[0].List) > 0 {
-		lastLog := queryRes[0].List[0]
-
-		return &integrationstypes.SignalConnectionStatus{
-			LastReceivedTsMillis: lastLog.Timestamp.UnixMilli(),
-			LastReceivedFrom:     "signoz-aws-integration",
-		}, nil
-	}
-
-	return nil, nil
-}
-
-//func (a *awsProvider) getServiceConnectionStatus(
-//	ctx context.Context,
-//	cloudAccountID string,
-//	orgID string,
-//	def *integrationstypes.AWSServiceDefinition,
-//	serviceConfig *integrationstypes.AWSCloudServiceConfig,
-//) (*integrationstypes.ServiceConnectionStatus, error) {
-//	if def.Strategy == nil {
-//		return nil, nil
-//	}
-//
-//	resp := new(integrationstypes.ServiceConnectionStatus)
-//
-//	wg := sync.WaitGroup{}
-//	wg.Add(2)
-//
-//	if def.Strategy.AWSMetrics != nil && serviceConfig.Metrics.Enabled {
-//		go func() {
-//			defer func() {
-//				if r := recover(); r != nil {
-//					a.logger.ErrorContext(
-//						ctx, "panic while getting service metrics connection status",
-//						"error", r,
-//						"service", def.DefinitionMetadata.Id,
-//					)
-//				}
-//			}()
-//			defer wg.Done()
-//			status, _ := a.getServiceMetricsConnectionStatus(ctx, cloudAccountID, orgID, def)
-//			resp.Metrics = status
-//		}()
-//	}
-//
-//	if def.Strategy.AWSLogs != nil && serviceConfig.Logs.Enabled {
-//		go func() {
-//			defer func() {
-//				if r := recover(); r != nil {
-//					a.logger.ErrorContext(
-//						ctx, "panic while getting service logs connection status",
-//						"error", r,
-//						"service", def.DefinitionMetadata.Id,
-//					)
-//				}
-//			}()
-//			defer wg.Done()
-//			status, _ := a.getServiceLogsConnectionStatus(ctx, cloudAccountID, orgID, def)
-//			resp.Logs = status
-//		}()
-//	}
-//
-//	wg.Wait()
-//
-//	return resp, nil
-//}
-
-//func (a *awsProvider) getServiceMetricsConnectionStatus(
-//	ctx context.Context,
-//	cloudAccountID string,
-//	orgID string,
-//	def *integrationstypes.AWSServiceDefinition,
-//) ([]*integrationstypes.SignalConnectionStatus, error) {
-//	if def.Strategy == nil ||
-//		len(def.Strategy.AWSMetrics.StreamFilters) < 1 ||
-//		len(def.DataCollected.Metrics) < 1 {
-//		return nil, nil
-//	}
-//
-//	statusResp := make([]*integrationstypes.SignalConnectionStatus, 0)
-//
-//	for _, category := range def.IngestionStatusCheck.Metrics {
-//		queries := make([]qbtypes.QueryEnvelope, 0)
-//
-//		for _, check := range category.Checks {
-//			filterExpression := fmt.Sprintf(`cloud.provider="aws" AND cloud.account.id="%s"`, cloudAccountID)
-//			f := ""
-//			for _, attribute := range check.Attributes {
-//				f = fmt.Sprintf("%s %s", attribute.Name, attribute.Operator)
-//				if attribute.Value != "" {
-//					f = fmt.Sprintf("%s '%s'", f, attribute.Value)
-//				}
-//
-//				filterExpression = fmt.Sprintf("%s AND %s", filterExpression, f)
-//			}
-//
-//			queries = append(queries, qbtypes.QueryEnvelope{
-//				Type: qbtypes.QueryTypeBuilder,
-//				Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-//					Name:   valuer.GenerateUUID().String(),
-//					Signal: telemetrytypes.SignalMetrics,
-//					Aggregations: []qbtypes.MetricAggregation{{
-//						MetricName:       check.Key,
-//						TimeAggregation:  metrictypes.TimeAggregationAvg,
-//						SpaceAggregation: metrictypes.SpaceAggregationAvg,
-//					}},
-//					Filter: &qbtypes.Filter{
-//						Expression: filterExpression,
-//					},
-//				},
-//			})
-//		}
-//
-//		resp, err := a.querier.QueryRange(ctx, valuer.MustNewUUID(orgID), &qbtypes.QueryRangeRequest{
-//			SchemaVersion: "v5",
-//			Start:         uint64(time.Now().Add(-time.Hour).UnixMilli()),
-//			End:           uint64(time.Now().UnixMilli()),
-//			RequestType:   qbtypes.RequestTypeScalar,
-//			CompositeQuery: qbtypes.CompositeQuery{
-//				Queries: queries,
-//			},
-//		})
-//		if err != nil {
-//			a.logger.DebugContext(ctx,
-//				"error querying for service metrics connection status",
-//				"error", err,
-//				"service", def.DefinitionMetadata.Id,
-//			)
-//			continue
-//		}
-//
-//		if resp != nil && len(resp.Data.Results) < 1 {
-//			continue
-//		}
-//
-//		queryResponse, ok := resp.Data.Results[0].(*qbtypes.TimeSeriesData)
-//		if !ok {
-//			continue
-//		}
-//
-//		if queryResponse == nil ||
-//			len(queryResponse.Aggregations) < 1 ||
-//			len(queryResponse.Aggregations[0].Series) < 1 ||
-//			len(queryResponse.Aggregations[0].Series[0].Values) < 1 {
-//			continue
-//		}
-//
-//		statusResp = append(statusResp, &integrationstypes.SignalConnectionStatus{
-//			CategoryID:           category.Category,
-//			CategoryDisplayName:  category.DisplayName,
-//			LastReceivedTsMillis: queryResponse.Aggregations[0].Series[0].Values[0].Timestamp,
-//			LastReceivedFrom:     "signoz-aws-integration",
-//		})
-//	}
-//
-//	return statusResp, nil
-//}
-//
-//func (a *awsProvider) getServiceLogsConnectionStatus(
-//	ctx context.Context,
-//	cloudAccountID string,
-//	orgID string,
-//	def *integrationstypes.AWSServiceDefinition,
-//) ([]*integrationstypes.SignalConnectionStatus, error) {
-//	if def.Strategy == nil ||
-//		len(def.Strategy.AWSLogs.Subscriptions) < 1 ||
-//		len(def.DataCollected.Logs) < 1 {
-//		return nil, nil
-//	}
-//
-//	statusResp := make([]*integrationstypes.SignalConnectionStatus, 0)
-//
-//	for _, category := range def.IngestionStatusCheck.Logs {
-//		queries := make([]qbtypes.QueryEnvelope, 0)
-//
-//		for _, check := range category.Checks {
-//			filterExpression := fmt.Sprintf(`cloud.account.id="%s"`, cloudAccountID)
-//			f := ""
-//			for _, attribute := range check.Attributes {
-//				f = fmt.Sprintf("%s %s", attribute.Name, attribute.Operator)
-//				if attribute.Value != "" {
-//					f = fmt.Sprintf("%s '%s'", f, attribute.Value)
-//				}
-//
-//				filterExpression = fmt.Sprintf("%s AND %s", filterExpression, f)
-//			}
-//
-//			queries = append(queries, qbtypes.QueryEnvelope{
-//				Type: qbtypes.QueryTypeBuilder,
-//				Spec: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
-//					Name:   valuer.GenerateUUID().String(),
-//					Signal: telemetrytypes.SignalLogs,
-//					Aggregations: []qbtypes.LogAggregation{{
-//						Expression: "count()",
-//					}},
-//					Filter: &qbtypes.Filter{
-//						Expression: filterExpression,
-//					},
-//					Limit:  10,
-//					Offset: 0,
-//				},
-//			})
-//		}
-//
-//		resp, err := a.querier.QueryRange(ctx, valuer.MustNewUUID(orgID), &qbtypes.QueryRangeRequest{
-//			SchemaVersion: "v1",
-//			Start:         uint64(time.Now().Add(-time.Hour * 1).UnixMilli()),
-//			End:           uint64(time.Now().UnixMilli()),
-//			RequestType:   qbtypes.RequestTypeTimeSeries,
-//			CompositeQuery: qbtypes.CompositeQuery{
-//				Queries: queries,
-//			},
-//		})
-//		if err != nil {
-//			a.logger.DebugContext(ctx,
-//				"error querying for service logs connection status",
-//				"error", err,
-//				"service", def.DefinitionMetadata.Id,
-//			)
-//			continue
-//		}
-//
-//		if resp != nil && len(resp.Data.Results) < 1 {
-//			continue
-//		}
-//
-//		queryResponse, ok := resp.Data.Results[0].(*qbtypes.TimeSeriesData)
-//		if !ok {
-//			continue
-//		}
-//
-//		if queryResponse == nil ||
-//			len(queryResponse.Aggregations) < 1 ||
-//			len(queryResponse.Aggregations[0].Series) < 1 ||
-//			len(queryResponse.Aggregations[0].Series[0].Values) < 1 {
-//			continue
-//		}
-//
-//		statusResp = append(statusResp, &integrationstypes.SignalConnectionStatus{
-//			CategoryID:           category.Category,
-//			CategoryDisplayName:  category.DisplayName,
-//			LastReceivedTsMillis: queryResponse.Aggregations[0].Series[0].Values[0].Timestamp,
-//			LastReceivedFrom:     "signoz-aws-integration",
-//		})
-//	}
-//
-//	return statusResp, nil
-//}
-
-func (a *awsProvider) getServiceConfig(ctx context.Context,
-	def *integrationstypes.AWSServiceDefinition, orgID valuer.UUID, cloudProvider, serviceId, cloudAccountId string,
-) (*integrationstypes.AWSCloudServiceConfig, error) {
-	activeAccount, err := a.accountsRepo.GetConnectedCloudAccount(ctx, orgID.String(), cloudProvider, cloudAccountId)
-	if err != nil {
-		return nil, err
-	}
-
-	config, err := a.serviceConfigRepo.Get(ctx, orgID.String(), activeAccount.ID.StringValue(), serviceId)
-	if err != nil {
-		if errors.Ast(err, errors.TypeNotFound) {
-			return nil, nil
-		}
-
-		return nil, err
-	}
-
-	serviceConfig := new(integrationstypes.AWSCloudServiceConfig)
-	err = serviceConfig.Unmarshal(config)
-	if err != nil {
-		return nil, err
-	}
-
-	if config != nil && serviceConfig.Metrics != nil && serviceConfig.Metrics.Enabled {
-		def.PopulateDashboardURLs(serviceId)
-	}
-
-	return serviceConfig, nil
-}
-
-func (a *awsProvider) GetAvailableDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error) {
-	accountRecords, err := a.accountsRepo.ListConnected(ctx, orgID.StringValue(), a.GetName().String())
-	if err != nil {
-		return nil, err
-	}
-
-	// for now service dashboards are only available when metrics are enabled.
-	servicesWithAvailableMetrics := map[string]*time.Time{}
-
-	for _, ar := range accountRecords {
-		if ar.AccountID != nil {
-			configsBySvcId, err := a.serviceConfigRepo.GetAllForAccount(ctx, orgID.StringValue(), ar.ID.StringValue())
-			if err != nil {
-				return nil, err
-			}
-
-			for svcId, config := range configsBySvcId {
-				serviceConfig := new(integrationstypes.AWSCloudServiceConfig)
-				err = serviceConfig.Unmarshal(config)
-				if err != nil {
-					return nil, err
-				}
-
-				if serviceConfig.Metrics != nil && serviceConfig.Metrics.Enabled {
-					servicesWithAvailableMetrics[svcId] = &ar.CreatedAt
-				}
-			}
-		}
-	}
-
-	svcDashboards := make([]*dashboardtypes.Dashboard, 0)
-
-	allServices, err := a.awsServiceDefinitions.ListServiceDefinitions(ctx)
-	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "failed to list aws service definitions")
-	}
-
-	for _, svc := range allServices {
-		serviceDashboardsCreatedAt, ok := servicesWithAvailableMetrics[svc.Id]
-		if ok {
-			svcDashboards = integrationstypes.GetDashboardsFromAssets(svc.Id, a.GetName(), serviceDashboardsCreatedAt, svc.Assets)
-			servicesWithAvailableMetrics[svc.Id] = nil
-		}
-	}
-
-	return svcDashboards, nil
-}
-
-func (a *awsProvider) GetDashboard(ctx context.Context, req *integrationstypes.GettableDashboard) (*dashboardtypes.Dashboard, error) {
-	allDashboards, err := a.GetAvailableDashboards(ctx, req.OrgID)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, d := range allDashboards {
-		if d.ID == req.ID {
-			return d, nil
-		}
-	}
-
-	return nil, errors.NewNotFoundf(CodeDashboardNotFound, "dashboard with id %s not found", req.ID)
-}
-
-func (a *awsProvider) GenerateConnectionArtifact(ctx context.Context, req *integrationstypes.PostableConnectionArtifact) (any, error) {
-	connection := new(integrationstypes.PostableAWSConnectionUrl)
-
-	err := connection.Unmarshal(req.Data)
-	if err != nil {
-		return nil, err
-	}
-
-	if connection.AccountConfig != nil {
-		for _, region := range connection.AccountConfig.EnabledRegions {
-			if integrationstypes.ValidAWSRegions[region] {
-				continue
-			}
-
-			return nil, errors.NewInvalidInputf(CodeInvalidAWSRegion, "invalid aws region: %s", region)
-		}
-	}
-
-	config, err := connection.AccountConfig.Marshal()
-	if err != nil {
-		return nil, err
-	}
-
-	account, err := a.accountsRepo.Upsert(
-		ctx, req.OrgID, integrationstypes.CloudProviderAWS.String(), nil, config,
-		nil, nil, nil,
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	agentVersion := "v0.0.8"
-	if connection.AgentConfig.Version != "" {
-		agentVersion = connection.AgentConfig.Version
-	}
-
-	baseURL := fmt.Sprintf("https://%s.console.aws.amazon.com/cloudformation/home",
-		connection.AgentConfig.Region)
-	u, _ := url.Parse(baseURL)
-
-	q := u.Query()
-	q.Set("region", connection.AgentConfig.Region)
-	u.Fragment = "/stacks/quickcreate"
-
-	u.RawQuery = q.Encode()
-
-	q = u.Query()
-	q.Set("stackName", "signoz-integration")
-	q.Set("templateURL", fmt.Sprintf("https://signoz-integrations.s3.us-east-1.amazonaws.com/aws-quickcreate-template-%s.json", agentVersion))
-	q.Set("param_SigNozIntegrationAgentVersion", agentVersion)
-	q.Set("param_SigNozApiUrl", connection.AgentConfig.SigNozAPIUrl)
-	q.Set("param_SigNozApiKey", connection.AgentConfig.SigNozAPIKey)
-	q.Set("param_SigNozAccountId", account.ID.StringValue())
-	q.Set("param_IngestionUrl", connection.AgentConfig.IngestionUrl)
-	q.Set("param_IngestionKey", connection.AgentConfig.IngestionKey)
-
-	return &integrationstypes.GettableAWSConnectionUrl{
-		AccountId:     account.ID.StringValue(),
-		ConnectionUrl: u.String() + "?&" + q.Encode(), // this format is required by AWS
-	}, nil
-}
-
-func (a *awsProvider) UpdateServiceConfig(ctx context.Context, req *integrationstypes.PatchableServiceConfig) (any, error) {
-	definition, err := a.awsServiceDefinitions.GetServiceDefinition(ctx, req.ServiceId)
-	if err != nil {
-		return nil, model.InternalError(fmt.Errorf("couldn't get aws service definition: %w", err))
-	}
-
-	serviceConfig := new(integrationstypes.PatchableAWSCloudServiceConfig)
-	err = serviceConfig.Unmarshal(req.Config)
-	if err != nil {
-		return nil, err
-	}
-
-	if err = serviceConfig.Config.Validate(definition); err != nil {
-		return nil, err
-	}
-
-	// can only update config for a connected cloud account id
-	_, err = a.accountsRepo.GetConnectedCloudAccount(
-		ctx, req.OrgID, a.GetName().String(), serviceConfig.CloudAccountId,
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	serviceConfigBytes, err := serviceConfig.Config.Marshal()
-	if err != nil {
-		return nil, err
-	}
-
-	updatedConfig, err := a.serviceConfigRepo.Upsert(
-		ctx, req.OrgID, a.GetName().String(), serviceConfig.CloudAccountId, req.ServiceId, serviceConfigBytes,
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	if err = serviceConfig.Unmarshal(updatedConfig); err != nil {
-		return nil, err
-	}
-
-	return &integrationstypes.PatchServiceConfigResponse{
-		ServiceId: req.ServiceId,
-		Config:    serviceConfig,
-	}, nil
-}
-
-func (a *awsProvider) UpdateAccountConfig(ctx context.Context, req *integrationstypes.PatchableAccountConfig) (any, error) {
-	config := new(integrationstypes.PatchableAWSAccountConfig)
-
-	err := config.Unmarshal(req.Data)
-	if err != nil {
-		return nil, err
-	}
-
-	if config.Config == nil {
-		return nil, errors.NewInvalidInputf(errors.CodeInvalidInput, "account config can't be null")
-	}
-
-	for _, region := range config.Config.EnabledRegions {
-		if integrationstypes.ValidAWSRegions[region] {
-			continue
-		}
-
-		return nil, errors.NewInvalidInputf(CodeInvalidAWSRegion, "invalid aws region: %s", region)
-	}
-
-	configBytes, err := config.Config.Marshal()
-	if err != nil {
-		return nil, err
-	}
-
-	// account must exist to update config, but it doesn't need to be connected
-	_, err = a.accountsRepo.Get(ctx, req.OrgID, a.GetName().String(), req.AccountId)
-	if err != nil {
-		return nil, err
-	}
-
-	accountRecord, err := a.accountsRepo.Upsert(
-		ctx, req.OrgID, a.GetName().String(), &req.AccountId, configBytes, nil, nil, nil,
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	return accountRecord.Account(a.GetName()), nil
-}
-
-func (a *awsProvider) DisconnectAccount(ctx context.Context, orgID, accountID string) (*integrationstypes.CloudIntegration, error) {
-	account, err := a.accountsRepo.Get(ctx, orgID, a.GetName().String(), accountID)
-	if err != nil {
-		return nil, err
-	}
-
-	tsNow := time.Now()
-	account, err = a.accountsRepo.Upsert(
-		ctx, orgID, a.GetName().String(), &accountID, nil, nil, nil, &tsNow,
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	return account, nil
-}
--- a/pkg/query-service/app/cloudintegrations/models.go
+++ b/pkg/query-service/app/cloudintegrations/models.go
@@ -1 +1,94 @@
 package cloudintegrations
+
+import (
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations/services"
+	"github.com/SigNoz/signoz/pkg/types"
+)
+
+type ServiceSummary struct {
+	services.Metadata
+
+	Config *types.CloudServiceConfig `json:"config"`
+}
+
+type ServiceDetails struct {
+	services.Definition
+
+	Config           *types.CloudServiceConfig `json:"config"`
+	ConnectionStatus *ServiceConnectionStatus  `json:"status,omitempty"`
+}
+
+type AccountStatus struct {
+	Integration AccountIntegrationStatus `json:"integration"`
+}
+
+type AccountIntegrationStatus struct {
+	LastHeartbeatTsMillis *int64 `json:"last_heartbeat_ts_ms"`
+}
+
+type LogsConfig struct {
+	Enabled   bool                `json:"enabled"`
+	S3Buckets map[string][]string `json:"s3_buckets,omitempty"`
+}
+
+type MetricsConfig struct {
+	Enabled bool `json:"enabled"`
+}
+
+type ServiceConnectionStatus struct {
+	Logs    *SignalConnectionStatus `json:"logs"`
+	Metrics *SignalConnectionStatus `json:"metrics"`
+}
+
+type SignalConnectionStatus struct {
+	LastReceivedTsMillis int64  `json:"last_received_ts_ms"` // epoch milliseconds
+	LastReceivedFrom     string `json:"last_received_from"`  // resource identifier
+}
+
+type CompiledCollectionStrategy = services.CollectionStrategy
+
+func NewCompiledCollectionStrategy(provider string) (*CompiledCollectionStrategy, error) {
+	if provider == "aws" {
+		return &CompiledCollectionStrategy{
+			Provider:   "aws",
+			AWSMetrics: &services.AWSMetricsStrategy{},
+			AWSLogs:    &services.AWSLogsStrategy{},
+		}, nil
+	}
+	return nil, errors.NewNotFoundf(services.CodeUnsupportedCloudProvider, "unsupported cloud provider: %s", provider)
+}
+
+// Helper for accumulating strategies for enabled services.
+func AddServiceStrategy(serviceType string, cs *CompiledCollectionStrategy,
+	definitionStrat *services.CollectionStrategy, config *types.CloudServiceConfig) error {
+	if definitionStrat.Provider != cs.Provider {
+		return errors.NewInternalf(CodeMismatchCloudProvider, "can't add %s service strategy to compiled strategy for %s",
+			definitionStrat.Provider, cs.Provider)
+	}
+
+	if cs.Provider == "aws" {
+		if config.Logs != nil && config.Logs.Enabled {
+			if serviceType == services.S3Sync {
+				// S3 bucket sync; No cloudwatch logs are appended for this service type;
+				// Though definition is populated with a custom cloudwatch group that helps in calculating logs connection status
+				cs.S3Buckets = config.Logs.S3Buckets
+			} else if definitionStrat.AWSLogs != nil { // services that includes a logs subscription
+				cs.AWSLogs.Subscriptions = append(
+					cs.AWSLogs.Subscriptions,
+					definitionStrat.AWSLogs.Subscriptions...,
+				)
+			}
+		}
+		if config.Metrics != nil && config.Metrics.Enabled && definitionStrat.AWSMetrics != nil {
+			cs.AWSMetrics.StreamFilters = append(
+				cs.AWSMetrics.StreamFilters,
+				definitionStrat.AWSMetrics.StreamFilters...,
+			)
+		}
+
+		return nil
+	}
+
+	return errors.NewNotFoundf(services.CodeUnsupportedCloudProvider, "unsupported cloud provider: %s", cs.Provider)
+}
--- a/pkg/query-service/app/cloudintegrations/providerregistry.go
+++ b/pkg/query-service/app/cloudintegrations/providerregistry.go
@@ -1,28 +0,0 @@
-package cloudintegrations
-
-import (
-	"log/slog"
-
-	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations/implawsprovider"
-	integrationstore "github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations/store"
-	"github.com/SigNoz/signoz/pkg/query-service/interfaces"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/integrationstypes"
-)
-
-func NewCloudProviderRegistry(
-	logger *slog.Logger,
-	store sqlstore.SQLStore,
-	reader interfaces.Reader,
-	querier interfaces.Querier,
-) map[integrationstypes.CloudProviderType]integrationstypes.CloudProvider {
-	registry := make(map[integrationstypes.CloudProviderType]integrationstypes.CloudProvider)
-
-	accountsRepo := integrationstore.NewCloudProviderAccountsRepository(store)
-	serviceConfigRepo := integrationstore.NewServiceConfigRepository(store)
-
-	awsProviderImpl := implawsprovider.NewAWSCloudProvider(logger, accountsRepo, serviceConfigRepo, reader, querier)
-	registry[integrationstypes.CloudProviderAWS] = awsProviderImpl
-
-	return registry
-}
--- a/pkg/query-service/app/cloudintegrations/store/serviceconfig_db.go
+++ b/pkg/query-service/app/cloudintegrations/store/serviceconfig_db.go
@@ -1,63 +1,64 @@
-package store
+package cloudintegrations

 import (
 	"context"
 	"database/sql"
+	"fmt"
 	"time"

-	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/query-service/model"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/integrationstypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )

-var (
-	CodeServiceConfigNotFound = errors.MustNewCode("service_config_not_found")
-)
-
 type ServiceConfigDatabase interface {
-	Get(
+	get(
 		ctx context.Context,
 		orgID string,
 		cloudAccountId string,
 		serviceType string,
-	) ([]byte, error)
+	) (*types.CloudServiceConfig, *model.ApiError)

-	Upsert(
+	upsert(
 		ctx context.Context,
 		orgID string,
 		cloudProvider string,
 		cloudAccountId string,
 		serviceId string,
-		config []byte,
-	) ([]byte, error)
+		config types.CloudServiceConfig,
+	) (*types.CloudServiceConfig, *model.ApiError)

-	GetAllForAccount(
+	getAllForAccount(
 		ctx context.Context,
 		orgID string,
 		cloudAccountId string,
 	) (
-		map[string][]byte,
-		error,
+		configsBySvcId map[string]*types.CloudServiceConfig,
+		apiErr *model.ApiError,
 	)
 }

-func NewServiceConfigRepository(store sqlstore.SQLStore) ServiceConfigDatabase {
-	return &serviceConfigSQLRepository{store: store}
+func newServiceConfigRepository(store sqlstore.SQLStore) (
+	*serviceConfigSQLRepository, error,
+) {
+	return &serviceConfigSQLRepository{
+		store: store,
+	}, nil
 }

 type serviceConfigSQLRepository struct {
 	store sqlstore.SQLStore
 }

-func (r *serviceConfigSQLRepository) Get(
+func (r *serviceConfigSQLRepository) get(
 	ctx context.Context,
 	orgID string,
 	cloudAccountId string,
 	serviceType string,
-) ([]byte, error) {
-	var result integrationstypes.CloudIntegrationService
+) (*types.CloudServiceConfig, *model.ApiError) {
+
+	var result types.CloudIntegrationService

 	err := r.store.BunDB().NewSelect().
 		Model(&result).
@@ -66,30 +67,36 @@ func (r *serviceConfigSQLRepository) Get(
 		Where("ci.id = ?", cloudAccountId).
 		Where("cis.type = ?", serviceType).
 		Scan(ctx)
-	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
-			return nil, errors.WrapNotFoundf(err, CodeServiceConfigNotFound, "couldn't find config for cloud account %s", cloudAccountId)
-		}

-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't query cloud service config")
+	if err == sql.ErrNoRows {
+		return nil, model.NotFoundError(fmt.Errorf(
+			"couldn't find config for cloud account %s",
+			cloudAccountId,
+		))
+	} else if err != nil {
+		return nil, model.InternalError(fmt.Errorf(
+			"couldn't query cloud service config: %w", err,
+		))
 	}

-	return result.Config, nil
+	return &result.Config, nil
+
 }

-func (r *serviceConfigSQLRepository) Upsert(
+func (r *serviceConfigSQLRepository) upsert(
 	ctx context.Context,
 	orgID string,
 	cloudProvider string,
 	cloudAccountId string,
 	serviceId string,
-	config []byte,
-) ([]byte, error) {
+	config types.CloudServiceConfig,
+) (*types.CloudServiceConfig, *model.ApiError) {
+
 	// get cloud integration id from account id
 	// if the account is not connected, we don't need to upsert the config
 	var cloudIntegrationId string
 	err := r.store.BunDB().NewSelect().
-		Model((*integrationstypes.CloudIntegration)(nil)).
+		Model((*types.CloudIntegration)(nil)).
 		Column("id").
 		Where("provider = ?", cloudProvider).
 		Where("account_id = ?", cloudAccountId).
@@ -97,18 +104,14 @@ func (r *serviceConfigSQLRepository) Upsert(
 		Where("removed_at is NULL").
 		Where("last_agent_report is not NULL").
 		Scan(ctx, &cloudIntegrationId)
+
 	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
-			return nil, errors.WrapNotFoundf(
-				err,
-				CodeCloudIntegrationAccountNotFound,
-				"couldn't find active cloud integration account",
-			)
-		}
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't query cloud integration id")
+		return nil, model.InternalError(fmt.Errorf(
+			"couldn't query cloud integration id: %w", err,
+		))
 	}

-	serviceConfig := integrationstypes.CloudIntegrationService{
+	serviceConfig := types.CloudIntegrationService{
 		Identifiable: types.Identifiable{ID: valuer.GenerateUUID()},
 		TimeAuditable: types.TimeAuditable{
 			CreatedAt: time.Now(),
@@ -123,18 +126,21 @@ func (r *serviceConfigSQLRepository) Upsert(
 		On("conflict(cloud_integration_id, type) do update set config=excluded.config, updated_at=excluded.updated_at").
 		Exec(ctx)
 	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't upsert cloud service config")
+		return nil, model.InternalError(fmt.Errorf(
+			"could not upsert cloud service config: %w", err,
+		))
 	}

-	return config, nil
+	return &serviceConfig.Config, nil
+
 }

-func (r *serviceConfigSQLRepository) GetAllForAccount(
+func (r *serviceConfigSQLRepository) getAllForAccount(
 	ctx context.Context,
 	orgID string,
 	cloudAccountId string,
-) (map[string][]byte, error) {
-	var serviceConfigs []integrationstypes.CloudIntegrationService
+) (map[string]*types.CloudServiceConfig, *model.ApiError) {
+	serviceConfigs := []types.CloudIntegrationService{}

 	err := r.store.BunDB().NewSelect().
 		Model(&serviceConfigs).
@@ -143,13 +149,15 @@ func (r *serviceConfigSQLRepository) GetAllForAccount(
 		Where("ci.org_id = ?", orgID).
 		Scan(ctx)
 	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't query service configs from db")
+		return nil, model.InternalError(fmt.Errorf(
+			"could not query service configs from db: %w", err,
+		))
 	}

-	result := make(map[string][]byte)
+	result := map[string]*types.CloudServiceConfig{}

 	for _, r := range serviceConfigs {
-		result[r.Type] = r.Config
+		result[r.Type] = &r.Config
 	}

 	return result, nil
--- a/pkg/query-service/app/cloudintegrations/services/definitions/aws/api-gateway/integration.json
+++ b/pkg/query-service/app/cloudintegrations/services/definitions/aws/api-gateway/integration.json
@@ -148,146 +148,6 @@
        "name": "aws_ApiGateway_Latency_sum",
        "unit": "Milliseconds",
        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_4xx_sum",
-        "unit": "Bytes",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_4xx_max",
-        "unit": "Bytes",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_4xx_min",
-        "unit": "Bytes",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_4xx_count",
-        "unit": "Bytes",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_5xx_sum",
-        "unit": "Bytes",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_5xx_max",
-        "unit": "Bytes",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_5xx_min",
-        "unit": "Bytes",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_5xx_count",
-        "unit": "Bytes",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_DataProcessed_sum",
-        "unit": "Bytes",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_DataProcessed_max",
-        "unit": "Bytes",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_DataProcessed_min",
-        "unit": "Bytes",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_DataProcessed_count",
-        "unit": "Bytes",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_ExecutionError_sum",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_ExecutionError_max",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_ExecutionError_min",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_ExecutionError_count",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_ClientError_sum",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_ClientError_max",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_ClientError_min",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_ClientError_count",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_IntegrationError_sum",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_IntegrationError_max",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_IntegrationError_min",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_IntegrationError_count",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_ConnectCount_sum",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_ConnectCount_max",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_ConnectCount_min",
-        "unit": "Count",
-        "type": "Gauge"
-      },
-      {
-        "name": "aws_ApiGateway_ConnectCount_count",
-        "unit": "Count",
-        "type": "Gauge"
      }
    ],
    "logs": [
--- a/pkg/query-service/app/cloudintegrations/services/definitions/aws/dynamodb/integration.json
+++ b/pkg/query-service/app/cloudintegrations/services/definitions/aws/dynamodb/integration.json
@@ -391,4 +391,4 @@
      }
    ]
  }
-}
+}
--- a/pkg/query-service/app/cloudintegrations/services/definitions/aws/ec2/integration.json
+++ b/pkg/query-service/app/cloudintegrations/services/definitions/aws/ec2/integration.json
@@ -515,4 +515,4 @@
      }
    ]
  }
-}
+}
--- a/pkg/query-service/app/cloudintegrations/services/definitions/aws/eks/integration.json
+++ b/pkg/query-service/app/cloudintegrations/services/definitions/aws/eks/integration.json
--- a/pkg/query-service/app/cloudintegrations/services/definitions/aws/elasticache/integration.json
+++ b/pkg/query-service/app/cloudintegrations/services/definitions/aws/elasticache/integration.json
@@ -1928,7 +1928,7 @@
        "unit": "Percent",
        "type": "Gauge",
        "description": ""
-      }
+      }                      
    ]
  },
  "telemetry_collection_strategy": {
@@ -1951,4 +1951,4 @@
      }
    ]
  }
-}
+}
--- a/pkg/query-service/app/cloudintegrations/services/definitions/aws/msk/integration.json
+++ b/pkg/query-service/app/cloudintegrations/services/definitions/aws/msk/integration.json
@@ -1088,3 +1088,4 @@
      ]
    }
  }
+  
--- a/pkg/query-service/app/cloudintegrations/services/definitions/aws/rds/integration.json
+++ b/pkg/query-service/app/cloudintegrations/services/definitions/aws/rds/integration.json
@@ -800,4 +800,4 @@
      }
    ]
  }
-}
+}
--- a/pkg/query-service/app/cloudintegrations/services/definitions/aws/sns/integration.json
+++ b/pkg/query-service/app/cloudintegrations/services/definitions/aws/sns/integration.json
@@ -127,4 +127,4 @@
      }
    ]
  }
-}
+}
--- a/pkg/query-service/app/cloudintegrations/services/definitions/aws/sqs/integration.json
+++ b/pkg/query-service/app/cloudintegrations/services/definitions/aws/sqs/integration.json
@@ -247,4 +247,4 @@
      }
    ]
  }
-}
+}
--- a/pkg/query-service/app/cloudintegrations/services/models.go
+++ b/pkg/query-service/app/cloudintegrations/services/models.go
@@ -0,0 +1,91 @@
+package services
+
+import (
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+)
+
+type Metadata struct {
+	Id    string `json:"id"`
+	Title string `json:"title"`
+	Icon  string `json:"icon"`
+}
+
+type Definition struct {
+	Metadata
+
+	Overview string `json:"overview"` // markdown
+
+	Assets Assets `json:"assets"`
+
+	SupportedSignals SupportedSignals `json:"supported_signals"`
+
+	DataCollected DataCollected `json:"data_collected"`
+
+	Strategy *CollectionStrategy `json:"telemetry_collection_strategy"`
+}
+
+type Assets struct {
+	Dashboards []Dashboard `json:"dashboards"`
+}
+
+type SupportedSignals struct {
+	Logs    bool `json:"logs"`
+	Metrics bool `json:"metrics"`
+}
+
+type DataCollected struct {
+	Logs    []CollectedLogAttribute `json:"logs"`
+	Metrics []CollectedMetric       `json:"metrics"`
+}
+
+type CollectedLogAttribute struct {
+	Name string `json:"name"`
+	Path string `json:"path"`
+	Type string `json:"type"`
+}
+
+type CollectedMetric struct {
+	Name        string `json:"name"`
+	Type        string `json:"type"`
+	Unit        string `json:"unit"`
+	Description string `json:"description"`
+}
+
+type CollectionStrategy struct {
+	Provider string `json:"provider"`
+
+	AWSMetrics *AWSMetricsStrategy `json:"aws_metrics,omitempty"`
+	AWSLogs    *AWSLogsStrategy    `json:"aws_logs,omitempty"`
+	S3Buckets  map[string][]string `json:"s3_buckets,omitempty"` // Only available in S3 Sync Service Type
+}
+
+type AWSMetricsStrategy struct {
+	// to be used as https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-metricstream.html#cfn-cloudwatch-metricstream-includefilters
+	StreamFilters []struct {
+		// json tags here are in the shape expected by AWS API as detailed at
+		// https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudwatch-metricstream-metricstreamfilter.html
+		Namespace   string   `json:"Namespace"`
+		MetricNames []string `json:"MetricNames,omitempty"`
+	} `json:"cloudwatch_metric_stream_filters"`
+}
+
+type AWSLogsStrategy struct {
+	Subscriptions []struct {
+		// subscribe to all logs groups with specified prefix.
+		// eg: `/aws/rds/`
+		LogGroupNamePrefix string `json:"log_group_name_prefix"`
+
+		// https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
+		// "" implies no filtering is required.
+		FilterPattern string `json:"filter_pattern"`
+	} `json:"cloudwatch_logs_subscriptions"`
+}
+
+type Dashboard struct {
+	Id          string                                `json:"id"`
+	Url         string                                `json:"url"`
+	Title       string                                `json:"title"`
+	Description string                                `json:"description"`
+	Image       string                                `json:"image"`
+	Definition  *dashboardtypes.StorableDashboardData `json:"definition,omitempty"`
+}
--- a/pkg/query-service/app/cloudintegrations/services/services.go
+++ b/pkg/query-service/app/cloudintegrations/services/services.go
@@ -2,90 +2,128 @@ package services

 import (
 	"bytes"
-	"context"
 	"embed"
 	"encoding/json"
 	"fmt"
 	"io/fs"
 	"path"
+	"sort"

 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/query-service/app/integrations"
-	"github.com/SigNoz/signoz/pkg/types/integrationstypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/SigNoz/signoz/pkg/query-service/model"
 	koanfJson "github.com/knadh/koanf/parsers/json"
+	"golang.org/x/exp/maps"
+)
+
+const (
+	S3Sync = "s3sync"
 )

 var (
-	CodeServiceDefinitionNotFound = errors.MustNewCode("service_definition_not_dound")
+	CodeUnsupportedCloudProvider = errors.MustNewCode("unsupported_cloud_provider")
+	CodeUnsupportedServiceType   = errors.MustNewCode("unsupported_service_type")
 )

-type (
-	AWSServicesProvider struct {
-		definitions map[string]*integrationstypes.AWSServiceDefinition
+func List(cloudProvider string) ([]Definition, *model.ApiError) {
+	cloudServices, found := supportedServices[cloudProvider]
+	if !found || cloudServices == nil {
+		return nil, model.NotFoundError(fmt.Errorf(
+			"unsupported cloud provider: %s", cloudProvider,
+		))
 	}
-)

-func (a *AWSServicesProvider) ListServiceDefinitions(ctx context.Context) (map[string]*integrationstypes.AWSServiceDefinition, error) {
-	return a.definitions, nil
+	services := maps.Values(cloudServices)
+	sort.Slice(services, func(i, j int) bool {
+		return services[i].Id < services[j].Id
+	})
+
+	return services, nil
 }

-func (a *AWSServicesProvider) GetServiceDefinition(ctx context.Context, serviceName string) (*integrationstypes.AWSServiceDefinition, error) {
-	def, ok := a.definitions[serviceName]
-	if !ok {
-		return nil, errors.NewNotFoundf(CodeServiceDefinitionNotFound, "aws service definition not found: %s", serviceName)
-	}
-
-	return def, nil
-}
-
-func NewAWSCloudProviderServices() (*AWSServicesProvider, error) {
-	definitions, err := readAllServiceDefinitions(integrationstypes.CloudProviderAWS)
-	if err != nil {
-		return nil, err
-	}
-
-	serviceDefinitions := make(map[string]*integrationstypes.AWSServiceDefinition)
-	for id, def := range definitions {
-		typedDef, ok := def.(*integrationstypes.AWSServiceDefinition)
-		if !ok {
-			return nil, fmt.Errorf("invalid type for AWS service definition %s", id)
-		}
-		serviceDefinitions[id] = typedDef
-	}
-
-	return &AWSServicesProvider{
-		definitions: serviceDefinitions,
-	}, nil
-}
-
-//go:embed definitions/*
-var definitionFiles embed.FS
-
-func readAllServiceDefinitions(cloudProvider valuer.String) (map[string]any, error) {
-	rootDirName := "definitions"
-
-	cloudProviderDirPath := path.Join(rootDirName, cloudProvider.String())
-
-	cloudServices, err := readServiceDefinitionsFromDir(cloudProvider, cloudProviderDirPath)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(cloudServices) < 1 {
-		return nil, errors.NewInternalf(errors.CodeInternal, "no service definitions found in %s", cloudProviderDirPath)
+func Map(cloudProvider string) (map[string]Definition, error) {
+	cloudServices, found := supportedServices[cloudProvider]
+	if !found || cloudServices == nil {
+		return nil, errors.Newf(errors.TypeNotFound, CodeUnsupportedCloudProvider, "unsupported cloud provider: %s", cloudProvider)
 	}

 	return cloudServices, nil
 }

-func readServiceDefinitionsFromDir(cloudProvider valuer.String, cloudProviderDirPath string) (map[string]any, error) {
-	svcDefDirs, err := fs.ReadDir(definitionFiles, cloudProviderDirPath)
-	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't list integrations dirs")
+func GetServiceDefinition(cloudProvider, serviceType string) (*Definition, error) {
+	cloudServices := supportedServices[cloudProvider]
+	if cloudServices == nil {
+		return nil, errors.Newf(errors.TypeNotFound, CodeUnsupportedCloudProvider, "unsupported cloud provider: %s", cloudProvider)
 	}

-	svcDefs := make(map[string]any)
+	svc, exists := cloudServices[serviceType]
+	if !exists {
+		return nil, errors.Newf(errors.TypeNotFound, CodeUnsupportedServiceType, "%s service not found: %s", cloudProvider, serviceType)
+	}
+
+	return &svc, nil
+}
+
+// End of API. Logic for reading service definition files follows
+
+// Service details read from ./serviceDefinitions
+// { "providerName": { "service_id": {...}} }
+var supportedServices map[string]map[string]Definition
+
+func init() {
+	err := readAllServiceDefinitions()
+	if err != nil {
+		panic(fmt.Errorf(
+			"couldn't read cloud service definitions: %w", err,
+		))
+	}
+}
+
+//go:embed definitions/*
+var definitionFiles embed.FS
+
+func readAllServiceDefinitions() error {
+	supportedServices = map[string]map[string]Definition{}
+
+	rootDirName := "definitions"
+
+	cloudProviderDirs, err := fs.ReadDir(definitionFiles, rootDirName)
+	if err != nil {
+		return fmt.Errorf("couldn't read dirs in %s: %w", rootDirName, err)
+	}
+
+	for _, d := range cloudProviderDirs {
+		if !d.IsDir() {
+			continue
+		}
+
+		cloudProvider := d.Name()
+
+		cloudProviderDirPath := path.Join(rootDirName, cloudProvider)
+		cloudServices, err := readServiceDefinitionsFromDir(cloudProvider, cloudProviderDirPath)
+		if err != nil {
+			return fmt.Errorf("couldn't read %s service definitions: %w", cloudProvider, err)
+		}
+
+		if len(cloudServices) < 1 {
+			return fmt.Errorf("no %s services could be read", cloudProvider)
+		}
+
+		supportedServices[cloudProvider] = cloudServices
+	}
+
+	return nil
+}
+
+func readServiceDefinitionsFromDir(cloudProvider string, cloudProviderDirPath string) (
+	map[string]Definition, error,
+) {
+	svcDefDirs, err := fs.ReadDir(definitionFiles, cloudProviderDirPath)
+	if err != nil {
+		return nil, fmt.Errorf("couldn't list integrations dirs: %w", err)
+	}
+
+	svcDefs := map[string]Definition{}

 	for _, d := range svcDefDirs {
 		if !d.IsDir() {
@@ -95,71 +133,103 @@ func readServiceDefinitionsFromDir(cloudProvider valuer.String, cloudProviderDir
 		svcDirPath := path.Join(cloudProviderDirPath, d.Name())
 		s, err := readServiceDefinition(cloudProvider, svcDirPath)
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("couldn't read svc definition for %s: %w", d.Name(), err)
 		}

-		_, exists := svcDefs[s.GetId()]
+		_, exists := svcDefs[s.Id]
 		if exists {
-			return nil, errors.NewInternalf(errors.CodeInternal, "duplicate service definition for id %s at %s", s.GetId(), d.Name())
+			return nil, fmt.Errorf(
+				"duplicate service definition for id %s at %s", s.Id, d.Name(),
+			)
 		}
-		svcDefs[s.GetId()] = s
+		svcDefs[s.Id] = *s
 	}

 	return svcDefs, nil
 }

-func readServiceDefinition(cloudProvider valuer.String, svcDirpath string) (integrationstypes.Definition, error) {
+func readServiceDefinition(cloudProvider string, svcDirpath string) (*Definition, error) {
 	integrationJsonPath := path.Join(svcDirpath, "integration.json")

 	serializedSpec, err := definitionFiles.ReadFile(integrationJsonPath)
 	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't read integration definition in %s", svcDirpath)
+		return nil, fmt.Errorf(
+			"couldn't find integration.json in %s: %w",
+			svcDirpath, err,
+		)
 	}

 	integrationSpec, err := koanfJson.Parser().Unmarshal(serializedSpec)
 	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't parse integration definition in %s", svcDirpath)
+		return nil, fmt.Errorf(
+			"couldn't parse integration.json from %s: %w",
+			integrationJsonPath, err,
+		)
 	}

-	hydrated, err := integrations.HydrateFileUris(integrationSpec, definitionFiles, svcDirpath)
+	hydrated, err := integrations.HydrateFileUris(
+		integrationSpec, definitionFiles, svcDirpath,
+	)
 	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't hydrate integration definition in %s", svcDirpath)
+		return nil, fmt.Errorf(
+			"couldn't hydrate files referenced in service definition %s: %w",
+			integrationJsonPath, err,
+		)
 	}
 	hydratedSpec := hydrated.(map[string]any)

-	var serviceDef integrationstypes.Definition
-
-	switch cloudProvider {
-	case integrationstypes.CloudProviderAWS:
-		serviceDef = &integrationstypes.AWSServiceDefinition{}
-	default:
-		// ideally this shouldn't happen hence throwing internal error
-		return nil, errors.NewInternalf(errors.CodeInternal, "unsupported cloud provider: %s", cloudProvider)
+	serviceDef, err := ParseStructWithJsonTagsFromMap[Definition](hydratedSpec)
+	if err != nil {
+		return nil, fmt.Errorf(
+			"couldn't parse hydrated JSON spec read from %s: %w",
+			integrationJsonPath, err,
+		)
 	}

-	err = parseStructWithJsonTagsFromMap(hydratedSpec, serviceDef)
+	err = validateServiceDefinition(serviceDef)
 	if err != nil {
-		return nil, err
-	}
-	err = serviceDef.Validate()
-	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("invalid service definition %s: %w", serviceDef.Id, err)
 	}

+	serviceDef.Strategy.Provider = cloudProvider
+
 	return serviceDef, nil
+
 }

-func parseStructWithJsonTagsFromMap(data map[string]any, target interface{}) error {
-	mapJson, err := json.Marshal(data)
-	if err != nil {
-		return errors.WrapInternalf(err, errors.CodeInternal, "couldn't marshal service definition json data")
+func validateServiceDefinition(s *Definition) error {
+	// Validate dashboard data
+	seenDashboardIds := map[string]interface{}{}
+	for _, dd := range s.Assets.Dashboards {
+		if _, seen := seenDashboardIds[dd.Id]; seen {
+			return fmt.Errorf("multiple dashboards found with id %s", dd.Id)
+		}
+		seenDashboardIds[dd.Id] = nil
 	}

-	decoder := json.NewDecoder(bytes.NewReader(mapJson))
-	decoder.DisallowUnknownFields()
-	err = decoder.Decode(target)
-	if err != nil {
-		return errors.WrapInternalf(err, errors.CodeInternal, "couldn't unmarshal service definition json data")
+	if s.Strategy == nil {
+		return fmt.Errorf("telemetry_collection_strategy is required")
 	}
+
+	// potentially more to follow
+
 	return nil
 }
+
+func ParseStructWithJsonTagsFromMap[StructType any](data map[string]any) (
+	*StructType, error,
+) {
+	mapJson, err := json.Marshal(data)
+	if err != nil {
+		return nil, fmt.Errorf("couldn't marshal map to json: %w", err)
+	}
+
+	var res StructType
+	decoder := json.NewDecoder(bytes.NewReader(mapJson))
+	decoder.DisallowUnknownFields()
+	err = decoder.Decode(&res)
+	if err != nil {
+		return nil, fmt.Errorf("couldn't unmarshal json back to struct: %w", err)
+	}
+	return &res, nil
+}
--- a/pkg/query-service/app/cloudintegrations/services/services_test.go
+++ b/pkg/query-service/app/cloudintegrations/services/services_test.go
@@ -1,3 +1,35 @@
 package services

-// TODO: add more tests for services package
+import (
+	"testing"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAvailableServices(t *testing.T) {
+	require := require.New(t)
+
+	// should be able to list available services.
+	_, apiErr := List("bad-cloud-provider")
+	require.NotNil(apiErr)
+	require.Equal(model.ErrorNotFound, apiErr.Type())
+
+	awsSvcs, apiErr := List("aws")
+	require.Nil(apiErr)
+	require.Greater(len(awsSvcs), 0)
+
+	// should be able to get details of a service
+	_, err := GetServiceDefinition(
+		"aws", "bad-service-id",
+	)
+	require.NotNil(err)
+	require.True(errors.Ast(err, errors.TypeNotFound))
+
+	svc, err := GetServiceDefinition(
+		"aws", awsSvcs[0].Id,
+	)
+	require.Nil(err)
+	require.Equal(*svc, awsSvcs[0])
+}
--- a/pkg/query-service/app/http_handler.go
+++ b/pkg/query-service/app/http_handler.go
@@ -6,7 +6,11 @@ import (
 	"database/sql"
 	"encoding/json"
 	"fmt"
-	"log/slog"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/flagger"
+	"github.com/SigNoz/signoz/pkg/modules/thirdpartyapi"
+	"github.com/SigNoz/signoz/pkg/queryparser"

 	"io"
 	"math"
@@ -21,19 +25,14 @@ import (
 	"time"

 	"github.com/SigNoz/signoz/pkg/alertmanager"
-	"github.com/SigNoz/signoz/pkg/errors"
 	errorsV2 "github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/flagger"
 	"github.com/SigNoz/signoz/pkg/http/middleware"
 	"github.com/SigNoz/signoz/pkg/http/render"
 	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/modules/thirdpartyapi"
-	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations"
+	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations/services"
 	"github.com/SigNoz/signoz/pkg/query-service/app/integrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/metricsexplorer"
-	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/signoz"
-	"github.com/SigNoz/signoz/pkg/types/integrationstypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/prometheus/prometheus/promql"

@@ -45,6 +44,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/contextlinks"
 	traceFunnelsModule "github.com/SigNoz/signoz/pkg/modules/tracefunnel"
 	"github.com/SigNoz/signoz/pkg/query-service/agentConf"
+	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/inframetrics"
 	queues2 "github.com/SigNoz/signoz/pkg/query-service/app/integrations/messagingQueues/queues"
 	"github.com/SigNoz/signoz/pkg/query-service/app/logs"
@@ -113,7 +113,7 @@ type APIHandler struct {

 	IntegrationsController *integrations.Controller

-	cloudIntegrationsRegistry map[integrationstypes.CloudProviderType]integrationstypes.CloudProvider
+	CloudIntegrationsController *cloudintegrations.Controller

 	LogsParsingPipelineController *logparsingpipeline.LogParsingPipelineController

@@ -162,6 +162,9 @@ type APIHandlerOpts struct {
 	// Integrations
 	IntegrationsController *integrations.Controller

+	// Cloud Provider Integrations
+	CloudIntegrationsController *cloudintegrations.Controller
+
 	// Log parsing pipelines
 	LogsParsingPipelineController *logparsingpipeline.LogParsingPipelineController

@@ -177,8 +180,6 @@ type APIHandlerOpts struct {
 	QueryParserAPI *queryparser.API

 	Signoz *signoz.SigNoz
-
-	Logger *slog.Logger
 }

 // NewAPIHandler returns an APIHandler
@@ -214,19 +215,12 @@ func NewAPIHandler(opts APIHandlerOpts) (*APIHandler, error) {
 	summaryService := metricsexplorer.NewSummaryService(opts.Reader, opts.RuleManager, opts.Signoz.Modules.Dashboard)
 	//quickFilterModule := quickfilter.NewAPI(opts.QuickFilterModule)

-	cloudIntegrationsRegistry := cloudintegrations.NewCloudProviderRegistry(
-		opts.Logger,
-		opts.Signoz.SQLStore,
-		opts.Reader,
-		querier,
-	)
-
 	aH := &APIHandler{
 		reader:                        opts.Reader,
 		temporalityMap:                make(map[string]map[v3.Temporality]bool),
 		ruleManager:                   opts.RuleManager,
 		IntegrationsController:        opts.IntegrationsController,
-		cloudIntegrationsRegistry:     cloudIntegrationsRegistry,
+		CloudIntegrationsController:   opts.CloudIntegrationsController,
 		LogsParsingPipelineController: opts.LogsParsingPipelineController,
 		querier:                       querier,
 		querierV2:                     querierv2,
@@ -1223,22 +1217,13 @@ func (aH *APIHandler) Get(rw http.ResponseWriter, r *http.Request) {
 	}

 	dashboard := new(dashboardtypes.Dashboard)
-	if integrationstypes.IsCloudIntegrationDashboardUuid(id) {
-		cloudProvider, err := integrationstypes.GetCloudProviderFromDashboardID(id)
-		if err != nil {
-			render.Error(rw, err)
+	if aH.CloudIntegrationsController.IsCloudIntegrationDashboardUuid(id) {
+		cloudIntegrationDashboard, apiErr := aH.CloudIntegrationsController.GetDashboardById(ctx, orgID, id)
+		if apiErr != nil {
+			render.Error(rw, errorsV2.Wrapf(apiErr, errorsV2.TypeInternal, errorsV2.CodeInternal, "failed to get dashboard"))
 			return
 		}
-
-		integrationDashboard, err := aH.cloudIntegrationsRegistry[cloudProvider].GetDashboard(ctx, &integrationstypes.GettableDashboard{
-			ID:    id,
-			OrgID: orgID,
-		})
-		if err != nil {
-			render.Error(rw, err)
-			return
-		}
-		dashboard = integrationDashboard
+		dashboard = cloudIntegrationDashboard
 	} else if aH.IntegrationsController.IsInstalledIntegrationDashboardID(id) {
 		integrationDashboard, apiErr := aH.IntegrationsController.GetInstalledIntegrationDashboardById(ctx, orgID, id)
 		if apiErr != nil {
@@ -1302,13 +1287,11 @@ func (aH *APIHandler) List(rw http.ResponseWriter, r *http.Request) {
 		dashboards = append(dashboards, installedIntegrationDashboards...)
 	}

-	for _, provider := range aH.cloudIntegrationsRegistry {
-		cloudIntegrationDashboards, err := provider.GetAvailableDashboards(ctx, orgID)
-		if err != nil {
-			zap.L().Error("failed to get dashboards for cloud integrations", zap.Error(apiErr))
-		} else {
-			dashboards = append(dashboards, cloudIntegrationDashboards...)
-		}
+	cloudIntegrationDashboards, apiErr := aH.CloudIntegrationsController.AvailableDashboards(ctx, orgID)
+	if apiErr != nil {
+		zap.L().Error("failed to get dashboards for cloud integrations", zap.Error(apiErr))
+	} else {
+		dashboards = append(dashboards, cloudIntegrationDashboards...)
 	}

 	gettableDashboards, err := dashboardtypes.NewGettableDashboardsFromDashboards(dashboards)
@@ -3284,15 +3267,15 @@ func (aH *APIHandler) GetIntegrationConnectionStatus(w http.ResponseWriter, r *h
 		lookbackSeconds = 15 * 60
 	}

-	connectionStatus, err := aH.calculateConnectionStatus(
+	connectionStatus, apiErr := aH.calculateConnectionStatus(
 		r.Context(), orgID, connectionTests, lookbackSeconds,
 	)
-	if err != nil {
-		render.Error(w, err)
+	if apiErr != nil {
+		RespondError(w, apiErr, "Failed to calculate integration connection status")
 		return
 	}

-	render.Success(w, http.StatusOK, connectionStatus)
+	aH.Respond(w, connectionStatus)
 }

 func (aH *APIHandler) calculateConnectionStatus(
@@ -3300,11 +3283,10 @@ func (aH *APIHandler) calculateConnectionStatus(
 	orgID valuer.UUID,
 	connectionTests *integrations.IntegrationConnectionTests,
 	lookbackSeconds int64,
-) (*integrations.IntegrationConnectionStatus, error) {
+) (*integrations.IntegrationConnectionStatus, *model.ApiError) {
 	// Calculate connection status for signals in parallel

 	result := &integrations.IntegrationConnectionStatus{}
-	// TODO: migrate to errors package
 	errors := []*model.ApiError{}
 	var resultLock sync.Mutex

@@ -3502,14 +3484,12 @@ func (aH *APIHandler) UninstallIntegration(w http.ResponseWriter, r *http.Reques
 	aH.Respond(w, map[string]interface{}{})
 }

-// RegisterCloudIntegrationsRoutes register routes for cloud provider integrations
+// cloud provider integrations
 func (aH *APIHandler) RegisterCloudIntegrationsRoutes(router *mux.Router, am *middleware.AuthZ) {
 	subRouter := router.PathPrefix("/api/v1/cloud-integrations").Subrouter()

-	subRouter.Use(middleware.NewRecovery(aH.Signoz.Instrumentation.Logger()).Wrap)
-
 	subRouter.HandleFunc(
-		"/{cloudProvider}/accounts/generate-connection-url", am.EditAccess(aH.CloudIntegrationsGenerateConnectionArtifact),
+		"/{cloudProvider}/accounts/generate-connection-url", am.EditAccess(aH.CloudIntegrationsGenerateConnectionUrl),
 	).Methods(http.MethodPost)

 	subRouter.HandleFunc(
@@ -3543,199 +3523,170 @@ func (aH *APIHandler) RegisterCloudIntegrationsRoutes(router *mux.Router, am *mi
 	subRouter.HandleFunc(
 		"/{cloudProvider}/services/{serviceId}/config", am.EditAccess(aH.CloudIntegrationsUpdateServiceConfig),
 	).Methods(http.MethodPost)
+
 }

-func (aH *APIHandler) CloudIntegrationsGenerateConnectionArtifact(w http.ResponseWriter, r *http.Request) {
-	cloudProviderString := mux.Vars(r)["cloudProvider"]
+func (aH *APIHandler) CloudIntegrationsListConnectedAccounts(
+	w http.ResponseWriter, r *http.Request,
+) {
+	cloudProvider := mux.Vars(r)["cloudProvider"]

-	cloudProvider, err := integrationstypes.NewCloudProvider(cloudProviderString)
-	if err != nil {
-		render.Error(w, err)
+	claims, errv2 := authtypes.ClaimsFromContext(r.Context())
+	if errv2 != nil {
+		render.Error(w, errv2)
 		return
 	}

-	claims, err := authtypes.ClaimsFromContext(r.Context())
-	if err != nil {
-		render.Error(w, err)
+	resp, apiErr := aH.CloudIntegrationsController.ListConnectedAccounts(
+		r.Context(), claims.OrgID, cloudProvider,
+	)
+
+	if apiErr != nil {
+		RespondError(w, apiErr, nil)
 		return
 	}
-
-	reqBody, err := io.ReadAll(r.Body)
-	if err != nil {
-		render.Error(w, errors.WrapInternalf(err, errors.CodeInternal, "failed to read request body"))
-		return
-	}
-
-	resp, err := aH.cloudIntegrationsRegistry[cloudProvider].GenerateConnectionArtifact(r.Context(), &integrationstypes.PostableConnectionArtifact{
-		OrgID: claims.OrgID,
-		Data:  reqBody,
-	})
-	if err != nil {
-		aH.Signoz.Instrumentation.Logger().ErrorContext(r.Context(),
-			"failed to generate connection artifact for cloud integration",
-			slog.String("cloudProvider", cloudProviderString),
-			slog.String("orgID", claims.OrgID),
-		)
-		render.Error(w, err)
-		return
-	}
-
-	render.Success(w, http.StatusOK, resp)
+	aH.Respond(w, resp)
 }

-func (aH *APIHandler) CloudIntegrationsListConnectedAccounts(w http.ResponseWriter, r *http.Request) {
-	cloudProviderString := mux.Vars(r)["cloudProvider"]
+func (aH *APIHandler) CloudIntegrationsGenerateConnectionUrl(
+	w http.ResponseWriter, r *http.Request,
+) {
+	cloudProvider := mux.Vars(r)["cloudProvider"]

-	claims, err := authtypes.ClaimsFromContext(r.Context())
-	if err != nil {
-		render.Error(w, err)
+	req := cloudintegrations.GenerateConnectionUrlRequest{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
 		return
 	}

-	cloudProvider, err := integrationstypes.NewCloudProvider(cloudProviderString)
-	if err != nil {
-		render.Error(w, err)
+	claims, errv2 := authtypes.ClaimsFromContext(r.Context())
+	if errv2 != nil {
+		render.Error(w, errv2)
 		return
 	}

-	resp, err := aH.cloudIntegrationsRegistry[cloudProvider].ListConnectedAccounts(r.Context(), claims.OrgID)
-	if err != nil {
-		render.Error(w, err)
+	result, apiErr := aH.CloudIntegrationsController.GenerateConnectionUrl(
+		r.Context(), claims.OrgID, cloudProvider, req,
+	)
+
+	if apiErr != nil {
+		RespondError(w, apiErr, nil)
 		return
 	}

-	render.Success(w, http.StatusOK, resp)
+	aH.Respond(w, result)
 }

-func (aH *APIHandler) CloudIntegrationsGetAccountStatus(w http.ResponseWriter, r *http.Request) {
-	cloudProviderString := mux.Vars(r)["cloudProvider"]
-
-	cloudProvider, err := integrationstypes.NewCloudProvider(cloudProviderString)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
+func (aH *APIHandler) CloudIntegrationsGetAccountStatus(
+	w http.ResponseWriter, r *http.Request,
+) {
+	cloudProvider := mux.Vars(r)["cloudProvider"]
 	accountId := mux.Vars(r)["accountId"]

-	claims, err := authtypes.ClaimsFromContext(r.Context())
-	if err != nil {
-		render.Error(w, err)
+	claims, errv2 := authtypes.ClaimsFromContext(r.Context())
+	if errv2 != nil {
+		render.Error(w, errv2)
 		return
 	}

-	resp, err := aH.cloudIntegrationsRegistry[cloudProvider].GetAccountStatus(r.Context(), claims.OrgID, accountId)
-	if err != nil {
-		render.Error(w, err)
+	resp, apiErr := aH.CloudIntegrationsController.GetAccountStatus(
+		r.Context(), claims.OrgID, cloudProvider, accountId,
+	)
+
+	if apiErr != nil {
+		RespondError(w, apiErr, nil)
 		return
 	}
-
-	render.Success(w, http.StatusOK, resp)
+	aH.Respond(w, resp)
 }

-func (aH *APIHandler) CloudIntegrationsAgentCheckIn(w http.ResponseWriter, r *http.Request) {
-	cloudProviderString := mux.Vars(r)["cloudProvider"]
+func (aH *APIHandler) CloudIntegrationsAgentCheckIn(
+	w http.ResponseWriter, r *http.Request,
+) {
+	cloudProvider := mux.Vars(r)["cloudProvider"]
+
+	req := cloudintegrations.AgentCheckInRequest{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	claims, errv2 := authtypes.ClaimsFromContext(r.Context())
+	if errv2 != nil {
+		render.Error(w, errv2)
+		return
+	}
+
+	result, err := aH.CloudIntegrationsController.CheckInAsAgent(
+		r.Context(), claims.OrgID, cloudProvider, req,
+	)

-	cloudProvider, err := integrationstypes.NewCloudProvider(cloudProviderString)
 	if err != nil {
 		render.Error(w, err)
 		return
 	}

-	req := new(integrationstypes.PostableAgentCheckInPayload)
-	if err = json.NewDecoder(r.Body).Decode(req); err != nil {
-		render.Error(w, errors.WrapInvalidInputf(err, errors.CodeInvalidInput, "invalid request body"))
-		return
-	}
-
-	claims, err := authtypes.ClaimsFromContext(r.Context())
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	req.OrgID = claims.OrgID
-
-	resp, err := aH.cloudIntegrationsRegistry[cloudProvider].AgentCheckIn(r.Context(), req)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	render.Success(w, http.StatusOK, resp)
+	aH.Respond(w, result)
 }

-func (aH *APIHandler) CloudIntegrationsUpdateAccountConfig(w http.ResponseWriter, r *http.Request) {
-	cloudProviderString := mux.Vars(r)["cloudProvider"]
-
-	cloudProvider, err := integrationstypes.NewCloudProvider(cloudProviderString)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	claims, err := authtypes.ClaimsFromContext(r.Context())
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
+func (aH *APIHandler) CloudIntegrationsUpdateAccountConfig(
+	w http.ResponseWriter, r *http.Request,
+) {
+	cloudProvider := mux.Vars(r)["cloudProvider"]
 	accountId := mux.Vars(r)["accountId"]

-	reqBody, err := io.ReadAll(r.Body)
-	if err != nil {
-		render.Error(w, errors.WrapInternalf(err, errors.CodeInternal, "failed to read request body"))
+	req := cloudintegrations.UpdateAccountConfigRequest{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
 		return
 	}

-	resp, err := aH.cloudIntegrationsRegistry[cloudProvider].UpdateAccountConfig(r.Context(), &integrationstypes.PatchableAccountConfig{
-		OrgID:     claims.OrgID,
-		AccountId: accountId,
-		Data:      reqBody,
-	})
-	if err != nil {
-		render.Error(w, err)
+	claims, errv2 := authtypes.ClaimsFromContext(r.Context())
+	if errv2 != nil {
+		render.Error(w, errv2)
 		return
 	}

-	render.Success(w, http.StatusOK, resp)
-	return
+	result, apiErr := aH.CloudIntegrationsController.UpdateAccountConfig(
+		r.Context(), claims.OrgID, cloudProvider, accountId, req,
+	)
+
+	if apiErr != nil {
+		RespondError(w, apiErr, nil)
+		return
+	}
+
+	aH.Respond(w, result)
 }

-func (aH *APIHandler) CloudIntegrationsDisconnectAccount(w http.ResponseWriter, r *http.Request) {
-	cloudProviderString := mux.Vars(r)["cloudProvider"]
-
-	cloudProvider, err := integrationstypes.NewCloudProvider(cloudProviderString)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
+func (aH *APIHandler) CloudIntegrationsDisconnectAccount(
+	w http.ResponseWriter, r *http.Request,
+) {
+	cloudProvider := mux.Vars(r)["cloudProvider"]
 	accountId := mux.Vars(r)["accountId"]

-	claims, err := authtypes.ClaimsFromContext(r.Context())
-	if err != nil {
-		render.Error(w, err)
+	claims, errv2 := authtypes.ClaimsFromContext(r.Context())
+	if errv2 != nil {
+		render.Error(w, errv2)
 		return
 	}

-	result, err := aH.cloudIntegrationsRegistry[cloudProvider].DisconnectAccount(r.Context(), claims.OrgID, accountId)
-	if err != nil {
-		render.Error(w, err)
+	result, apiErr := aH.CloudIntegrationsController.DisconnectAccount(
+		r.Context(), claims.OrgID, cloudProvider, accountId,
+	)
+
+	if apiErr != nil {
+		RespondError(w, apiErr, nil)
 		return
 	}

-	render.Success(w, http.StatusOK, result)
+	aH.Respond(w, result)
 }

-func (aH *APIHandler) CloudIntegrationsListServices(w http.ResponseWriter, r *http.Request) {
-	cloudProviderString := mux.Vars(r)["cloudProvider"]
-
-	cloudProvider, err := integrationstypes.NewCloudProvider(cloudProviderString)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
+func (aH *APIHandler) CloudIntegrationsListServices(
+	w http.ResponseWriter, r *http.Request,
+) {
+	cloudProvider := mux.Vars(r)["cloudProvider"]

 	var cloudAccountId *string

@@ -3744,22 +3695,26 @@ func (aH *APIHandler) CloudIntegrationsListServices(w http.ResponseWriter, r *ht
 		cloudAccountId = &cloudAccountIdQP
 	}

-	claims, err := authtypes.ClaimsFromContext(r.Context())
-	if err != nil {
-		render.Error(w, err)
+	claims, errv2 := authtypes.ClaimsFromContext(r.Context())
+	if errv2 != nil {
+		render.Error(w, errv2)
 		return
 	}

-	resp, err := aH.cloudIntegrationsRegistry[cloudProvider].ListServices(r.Context(), claims.OrgID, cloudAccountId)
-	if err != nil {
-		render.Error(w, err)
+	resp, apiErr := aH.CloudIntegrationsController.ListServices(
+		r.Context(), claims.OrgID, cloudProvider, cloudAccountId,
+	)
+
+	if apiErr != nil {
+		RespondError(w, apiErr, nil)
 		return
 	}
-
-	render.Success(w, http.StatusOK, resp)
+	aH.Respond(w, resp)
 }

-func (aH *APIHandler) CloudIntegrationsGetServiceDetails(w http.ResponseWriter, r *http.Request) {
+func (aH *APIHandler) CloudIntegrationsGetServiceDetails(
+	w http.ResponseWriter, r *http.Request,
+) {
 	claims, err := authtypes.ClaimsFromContext(r.Context())
 	if err != nil {
 		render.Error(w, err)
@@ -3771,14 +3726,7 @@ func (aH *APIHandler) CloudIntegrationsGetServiceDetails(w http.ResponseWriter,
 		return
 	}

-	cloudProviderString := mux.Vars(r)["cloudProvider"]
-
-	cloudProvider, err := integrationstypes.NewCloudProvider(cloudProviderString)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
+	cloudProvider := mux.Vars(r)["cloudProvider"]
 	serviceId := mux.Vars(r)["serviceId"]

 	var cloudAccountId *string
@@ -3788,59 +3736,270 @@ func (aH *APIHandler) CloudIntegrationsGetServiceDetails(w http.ResponseWriter,
 		cloudAccountId = &cloudAccountIdQP
 	}

-	resp, err := aH.cloudIntegrationsRegistry[cloudProvider].GetServiceDetails(r.Context(), &integrationstypes.GetServiceDetailsReq{
-		OrgID:          orgID,
-		ServiceId:      serviceId,
-		CloudAccountID: cloudAccountId,
-	})
-	if err != nil {
-		render.Error(w, err)
+	claims, errv2 := authtypes.ClaimsFromContext(r.Context())
+	if errv2 != nil {
+		render.Error(w, errv2)
 		return
 	}

-	render.Success(w, http.StatusOK, resp)
-	return
-}
-
-func (aH *APIHandler) CloudIntegrationsUpdateServiceConfig(w http.ResponseWriter, r *http.Request) {
-	cloudProviderString := mux.Vars(r)["cloudProvider"]
-
-	cloudProvider, err := integrationstypes.NewCloudProvider(cloudProviderString)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	serviceId := mux.Vars(r)["serviceId"]
-
-	claims, err := authtypes.ClaimsFromContext(r.Context())
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	reqBody, err := io.ReadAll(r.Body)
-	if err != nil {
-		render.Error(w, errors.WrapInternalf(err,
-			errors.CodeInternal,
-			"failed to read update service config request body",
-		))
-		return
-	}
-
-	result, err := aH.cloudIntegrationsRegistry[cloudProvider].UpdateServiceConfig(
-		r.Context(), &integrationstypes.PatchableServiceConfig{
-			OrgID:     claims.OrgID,
-			ServiceId: serviceId,
-			Config:    reqBody,
-		},
+	resp, err := aH.CloudIntegrationsController.GetServiceDetails(
+		r.Context(), claims.OrgID, cloudProvider, serviceId, cloudAccountId,
 	)
 	if err != nil {
 		render.Error(w, err)
 		return
 	}

-	render.Success(w, http.StatusOK, result)
+	// Add connection status for the 2 signals.
+	if cloudAccountId != nil {
+		connStatus, apiErr := aH.calculateCloudIntegrationServiceConnectionStatus(
+			r.Context(), orgID, cloudProvider, *cloudAccountId, resp,
+		)
+		if apiErr != nil {
+			RespondError(w, apiErr, nil)
+			return
+		}
+		resp.ConnectionStatus = connStatus
+	}
+
+	aH.Respond(w, resp)
+}
+
+func (aH *APIHandler) calculateCloudIntegrationServiceConnectionStatus(
+	ctx context.Context,
+	orgID valuer.UUID,
+	cloudProvider string,
+	cloudAccountId string,
+	svcDetails *cloudintegrations.ServiceDetails,
+) (*cloudintegrations.ServiceConnectionStatus, *model.ApiError) {
+	if cloudProvider != "aws" {
+		// TODO(Raj): Make connection check generic for all providers in a follow up change
+		return nil, model.BadRequest(
+			fmt.Errorf("unsupported cloud provider: %s", cloudProvider),
+		)
+	}
+
+	telemetryCollectionStrategy := svcDetails.Strategy
+	if telemetryCollectionStrategy == nil {
+		return nil, model.InternalError(fmt.Errorf(
+			"service doesn't have telemetry collection strategy: %s", svcDetails.Id,
+		))
+	}
+
+	result := &cloudintegrations.ServiceConnectionStatus{}
+	errors := []*model.ApiError{}
+	var resultLock sync.Mutex
+
+	var wg sync.WaitGroup
+
+	// Calculate metrics connection status
+	if telemetryCollectionStrategy.AWSMetrics != nil {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+
+			metricsConnStatus, apiErr := aH.calculateAWSIntegrationSvcMetricsConnectionStatus(
+				ctx, cloudAccountId, telemetryCollectionStrategy.AWSMetrics, svcDetails.DataCollected.Metrics,
+			)
+
+			resultLock.Lock()
+			defer resultLock.Unlock()
+
+			if apiErr != nil {
+				errors = append(errors, apiErr)
+			} else {
+				result.Metrics = metricsConnStatus
+			}
+		}()
+	}
+
+	// Calculate logs connection status
+	if telemetryCollectionStrategy.AWSLogs != nil {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+
+			logsConnStatus, apiErr := aH.calculateAWSIntegrationSvcLogsConnectionStatus(
+				ctx, orgID, cloudAccountId, telemetryCollectionStrategy.AWSLogs,
+			)
+
+			resultLock.Lock()
+			defer resultLock.Unlock()
+
+			if apiErr != nil {
+				errors = append(errors, apiErr)
+			} else {
+				result.Logs = logsConnStatus
+			}
+		}()
+	}
+
+	wg.Wait()
+
+	if len(errors) > 0 {
+		return nil, errors[0]
+	}
+
+	return result, nil
+
+}
+func (aH *APIHandler) calculateAWSIntegrationSvcMetricsConnectionStatus(
+	ctx context.Context,
+	cloudAccountId string,
+	strategy *services.AWSMetricsStrategy,
+	metricsCollectedBySvc []services.CollectedMetric,
+) (*cloudintegrations.SignalConnectionStatus, *model.ApiError) {
+	if strategy == nil || len(strategy.StreamFilters) < 1 {
+		return nil, nil
+	}
+
+	expectedLabelValues := map[string]string{
+		"cloud_provider":   "aws",
+		"cloud_account_id": cloudAccountId,
+	}
+
+	metricsNamespace := strategy.StreamFilters[0].Namespace
+	metricsNamespaceParts := strings.Split(metricsNamespace, "/")
+
+	if len(metricsNamespaceParts) >= 2 {
+		expectedLabelValues["service_namespace"] = metricsNamespaceParts[0]
+		expectedLabelValues["service_name"] = metricsNamespaceParts[1]
+	} else {
+		// metrics for single word namespaces like "CWAgent" do not
+		// have the service_namespace label populated
+		expectedLabelValues["service_name"] = metricsNamespaceParts[0]
+	}
+
+	metricNamesCollectedBySvc := []string{}
+	for _, cm := range metricsCollectedBySvc {
+		metricNamesCollectedBySvc = append(metricNamesCollectedBySvc, cm.Name)
+	}
+
+	statusForLastReceivedMetric, apiErr := aH.reader.GetLatestReceivedMetric(
+		ctx, metricNamesCollectedBySvc, expectedLabelValues,
+	)
+	if apiErr != nil {
+		return nil, apiErr
+	}
+
+	if statusForLastReceivedMetric != nil {
+		return &cloudintegrations.SignalConnectionStatus{
+			LastReceivedTsMillis: statusForLastReceivedMetric.LastReceivedTsMillis,
+			LastReceivedFrom:     "signoz-aws-integration",
+		}, nil
+	}
+
+	return nil, nil
+}
+
+func (aH *APIHandler) calculateAWSIntegrationSvcLogsConnectionStatus(
+	ctx context.Context,
+	orgID valuer.UUID,
+	cloudAccountId string,
+	strategy *services.AWSLogsStrategy,
+) (*cloudintegrations.SignalConnectionStatus, *model.ApiError) {
+	if strategy == nil || len(strategy.Subscriptions) < 1 {
+		return nil, nil
+	}
+
+	logGroupNamePrefix := strategy.Subscriptions[0].LogGroupNamePrefix
+	if len(logGroupNamePrefix) < 1 {
+		return nil, nil
+	}
+
+	logsConnTestFilter := &v3.FilterSet{
+		Operator: "AND",
+		Items: []v3.FilterItem{
+			{
+				Key: v3.AttributeKey{
+					Key:      "cloud.account.id",
+					DataType: v3.AttributeKeyDataTypeString,
+					Type:     v3.AttributeKeyTypeResource,
+				},
+				Operator: "=",
+				Value:    cloudAccountId,
+			},
+			{
+				Key: v3.AttributeKey{
+					Key:      "aws.cloudwatch.log_group_name",
+					DataType: v3.AttributeKeyDataTypeString,
+					Type:     v3.AttributeKeyTypeResource,
+				},
+				Operator: "like",
+				Value:    logGroupNamePrefix + "%",
+			},
+		},
+	}
+
+	// TODO(Raj): Receive this as a param from UI in the future.
+	lookbackSeconds := int64(30 * 60)
+
+	qrParams := &v3.QueryRangeParamsV3{
+		Start: time.Now().UnixMilli() - (lookbackSeconds * 1000),
+		End:   time.Now().UnixMilli(),
+		CompositeQuery: &v3.CompositeQuery{
+			PanelType: v3.PanelTypeList,
+			QueryType: v3.QueryTypeBuilder,
+			BuilderQueries: map[string]*v3.BuilderQuery{
+				"A": {
+					PageSize:          1,
+					Filters:           logsConnTestFilter,
+					QueryName:         "A",
+					DataSource:        v3.DataSourceLogs,
+					Expression:        "A",
+					AggregateOperator: v3.AggregateOperatorNoOp,
+				},
+			},
+		},
+	}
+	queryRes, _, err := aH.querier.QueryRange(
+		ctx, orgID, qrParams,
+	)
+	if err != nil {
+		return nil, model.InternalError(fmt.Errorf(
+			"could not query for integration connection status: %w", err,
+		))
+	}
+	if len(queryRes) > 0 && queryRes[0].List != nil && len(queryRes[0].List) > 0 {
+		lastLog := queryRes[0].List[0]
+
+		return &cloudintegrations.SignalConnectionStatus{
+			LastReceivedTsMillis: lastLog.Timestamp.UnixMilli(),
+			LastReceivedFrom:     "signoz-aws-integration",
+		}, nil
+	}
+
+	return nil, nil
+}
+
+func (aH *APIHandler) CloudIntegrationsUpdateServiceConfig(
+	w http.ResponseWriter, r *http.Request,
+) {
+	cloudProvider := mux.Vars(r)["cloudProvider"]
+	serviceId := mux.Vars(r)["serviceId"]
+
+	req := cloudintegrations.UpdateServiceConfigRequest{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	claims, errv2 := authtypes.ClaimsFromContext(r.Context())
+	if errv2 != nil {
+		render.Error(w, errv2)
+		return
+	}
+
+	result, err := aH.CloudIntegrationsController.UpdateServiceConfig(
+		r.Context(), claims.OrgID, cloudProvider, serviceId, &req,
+	)
+
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	aH.Respond(w, result)
 }

 // logs
--- a/pkg/query-service/app/integrations/manager.go
+++ b/pkg/query-service/app/integrations/manager.go
@@ -11,7 +11,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/types/integrationstypes"
 	"github.com/SigNoz/signoz/pkg/types/pipelinetypes"
 	ruletypes "github.com/SigNoz/signoz/pkg/types/ruletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
@@ -108,7 +107,7 @@ type IntegrationsListItem struct {

 type Integration struct {
 	IntegrationDetails
-	Installation *integrationstypes.InstalledIntegration `json:"installation"`
+	Installation *types.InstalledIntegration `json:"installation"`
 }

 type Manager struct {
@@ -224,7 +223,7 @@ func (m *Manager) InstallIntegration(
 	ctx context.Context,
 	orgId string,
 	integrationId string,
-	config integrationstypes.InstalledIntegrationConfig,
+	config types.InstalledIntegrationConfig,
 ) (*IntegrationsListItem, *model.ApiError) {
 	integrationDetails, apiErr := m.getIntegrationDetails(ctx, integrationId)
 	if apiErr != nil {
@@ -430,7 +429,7 @@ func (m *Manager) getInstalledIntegration(
 	ctx context.Context,
 	orgId string,
 	integrationId string,
-) (*integrationstypes.InstalledIntegration, *model.ApiError) {
+) (*types.InstalledIntegration, *model.ApiError) {
 	iis, apiErr := m.installedIntegrationsRepo.get(
 		ctx, orgId, []string{integrationId},
 	)
@@ -458,7 +457,7 @@ func (m *Manager) getInstalledIntegrations(
 		return nil, apiErr
 	}

-	installedTypes := utils.MapSlice(installations, func(i integrationstypes.InstalledIntegration) string {
+	installedTypes := utils.MapSlice(installations, func(i types.InstalledIntegration) string {
 		return i.Type
 	})
 	integrationDetails, apiErr := m.availableIntegrationsRepo.get(ctx, installedTypes)
--- a/pkg/query-service/app/integrations/repo.go
+++ b/pkg/query-service/app/integrations/repo.go
@@ -4,22 +4,22 @@ import (
 	"context"

 	"github.com/SigNoz/signoz/pkg/query-service/model"
-	"github.com/SigNoz/signoz/pkg/types/integrationstypes"
+	"github.com/SigNoz/signoz/pkg/types"
 )

 type InstalledIntegrationsRepo interface {
-	list(ctx context.Context, orgId string) ([]integrationstypes.InstalledIntegration, *model.ApiError)
+	list(ctx context.Context, orgId string) ([]types.InstalledIntegration, *model.ApiError)

 	get(
 		ctx context.Context, orgId string, integrationTypes []string,
-	) (map[string]integrationstypes.InstalledIntegration, *model.ApiError)
+	) (map[string]types.InstalledIntegration, *model.ApiError)

 	upsert(
 		ctx context.Context,
 		orgId string,
 		integrationType string,
-		config integrationstypes.InstalledIntegrationConfig,
-	) (*integrationstypes.InstalledIntegration, *model.ApiError)
+		config types.InstalledIntegrationConfig,
+	) (*types.InstalledIntegration, *model.ApiError)

 	delete(ctx context.Context, orgId string, integrationType string) *model.ApiError
 }
--- a/pkg/query-service/app/integrations/sqlite_repo.go
+++ b/pkg/query-service/app/integrations/sqlite_repo.go
@@ -7,7 +7,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/query-service/model"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/integrationstypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -27,8 +26,8 @@ func NewInstalledIntegrationsSqliteRepo(store sqlstore.SQLStore) (
 func (r *InstalledIntegrationsSqliteRepo) list(
 	ctx context.Context,
 	orgId string,
-) ([]integrationstypes.InstalledIntegration, *model.ApiError) {
-	integrations := []integrationstypes.InstalledIntegration{}
+) ([]types.InstalledIntegration, *model.ApiError) {
+	integrations := []types.InstalledIntegration{}

 	err := r.store.BunDB().NewSelect().
 		Model(&integrations).
@@ -45,8 +44,8 @@ func (r *InstalledIntegrationsSqliteRepo) list(

 func (r *InstalledIntegrationsSqliteRepo) get(
 	ctx context.Context, orgId string, integrationTypes []string,
-) (map[string]integrationstypes.InstalledIntegration, *model.ApiError) {
-	integrations := []integrationstypes.InstalledIntegration{}
+) (map[string]types.InstalledIntegration, *model.ApiError) {
+	integrations := []types.InstalledIntegration{}

 	typeValues := []interface{}{}
 	for _, integrationType := range integrationTypes {
@@ -63,7 +62,7 @@ func (r *InstalledIntegrationsSqliteRepo) get(
 		))
 	}

-	result := map[string]integrationstypes.InstalledIntegration{}
+	result := map[string]types.InstalledIntegration{}
 	for _, ii := range integrations {
 		result[ii.Type] = ii
 	}
@@ -75,10 +74,10 @@ func (r *InstalledIntegrationsSqliteRepo) upsert(
 	ctx context.Context,
 	orgId string,
 	integrationType string,
-	config integrationstypes.InstalledIntegrationConfig,
-) (*integrationstypes.InstalledIntegration, *model.ApiError) {
+	config types.InstalledIntegrationConfig,
+) (*types.InstalledIntegration, *model.ApiError) {

-	integration := integrationstypes.InstalledIntegration{
+	integration := types.InstalledIntegration{
 		Identifiable: types.Identifiable{
 			ID: valuer.GenerateUUID(),
 		},
@@ -115,7 +114,7 @@ func (r *InstalledIntegrationsSqliteRepo) delete(
 	ctx context.Context, orgId string, integrationType string,
 ) *model.ApiError {
 	_, dbErr := r.store.BunDB().NewDelete().
-		Model(&integrationstypes.InstalledIntegration{}).
+		Model(&types.InstalledIntegration{}).
 		Where("type = ?", integrationType).
 		Where("org_id = ?", orgId).
 		Exec(ctx)
--- a/pkg/query-service/app/server.go
+++ b/pkg/query-service/app/server.go
@@ -26,6 +26,7 @@ import (
 	querierAPI "github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/query-service/agentConf"
 	"github.com/SigNoz/signoz/pkg/query-service/app/clickhouseReader"
+	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/integrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/logparsingpipeline"
 	"github.com/SigNoz/signoz/pkg/query-service/app/opamp"
@@ -70,6 +71,11 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 		return nil, err
 	}

+	cloudIntegrationsController, err := cloudintegrations.NewController(signoz.SQLStore)
+	if err != nil {
+		return nil, err
+	}
+
 	cacheForTraceDetail, err := memorycache.New(context.TODO(), signoz.Instrumentation.ToProviderSettings(), cache.Config{
 		Provider: "memory",
 		Memory: cache.Memory{
@@ -121,6 +127,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 		Reader:                        reader,
 		RuleManager:                   rm,
 		IntegrationsController:        integrationsController,
+		CloudIntegrationsController:   cloudIntegrationsController,
 		LogsParsingPipelineController: logParsingPipelineController,
 		FluxInterval:                  config.Querier.FluxInterval,
 		AlertmanagerAPI:               alertmanager.NewAPI(signoz.Alertmanager),
@@ -128,7 +135,6 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 		Signoz:                        signoz,
 		QuerierAPI:                    querierAPI.NewAPI(signoz.Instrumentation.ToProviderSettings(), signoz.Querier, signoz.Analytics),
 		QueryParserAPI:                queryparser.NewAPI(signoz.Instrumentation.ToProviderSettings(), signoz.QueryParser),
-		Logger:                        signoz.Instrumentation.Logger(),
 	})
 	if err != nil {
 		return nil, err
--- a/pkg/signoz/handler_test.go
+++ b/pkg/signoz/handler_test.go
@@ -13,6 +13,8 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory/factorytest"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
+	"github.com/SigNoz/signoz/pkg/modules/rootuser/implrootuser"
+	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/sharder"
 	"github.com/SigNoz/signoz/pkg/sharder/noopsharder"
@@ -40,7 +42,8 @@ func TestNewHandlers(t *testing.T) {
 	queryParser := queryparser.New(providerSettings)
 	require.NoError(t, err)
 	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), providerSettings, nil, orgGetter, queryParser)
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule)
+	rootUserReconciler := implrootuser.NewReconciler(implrootuser.NewStore(sqlstore, providerSettings), providerSettings, orgGetter, user.RootUserConfig{})
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, rootUserReconciler)

 	handlers := NewHandlers(modules, providerSettings, nil, nil, nil, nil, nil, nil, nil)
 	reflectVal := reflect.ValueOf(handlers)
--- a/pkg/signoz/module.go
+++ b/pkg/signoz/module.go
@@ -25,6 +25,8 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/quickfilter/implquickfilter"
 	"github.com/SigNoz/signoz/pkg/modules/rawdataexport"
 	"github.com/SigNoz/signoz/pkg/modules/rawdataexport/implrawdataexport"
+	"github.com/SigNoz/signoz/pkg/modules/rootuser"
+	"github.com/SigNoz/signoz/pkg/modules/rootuser/implrootuser"
 	"github.com/SigNoz/signoz/pkg/modules/savedview"
 	"github.com/SigNoz/signoz/pkg/modules/savedview/implsavedview"
 	"github.com/SigNoz/signoz/pkg/modules/services"
@@ -66,6 +68,7 @@ type Modules struct {
 	SpanPercentile  spanpercentile.Module
 	MetricsExplorer metricsexplorer.Module
 	Promote         promote.Module
+	RootUser        rootuser.Module
 }

 func NewModules(
@@ -85,13 +88,16 @@ func NewModules(
 	queryParser queryparser.QueryParser,
 	config Config,
 	dashboard dashboard.Module,
+	rootUserReconciler rootuser.Reconciler,
 ) Modules {
 	quickfilter := implquickfilter.NewModule(implquickfilter.NewStore(sqlstore))
-	orgSetter := implorganization.NewSetter(implorganization.NewStore(sqlstore), alertmanager, quickfilter)
+	orgSetter := implorganization.NewSetter(implorganization.NewStore(sqlstore), alertmanager, quickfilter, rootUserReconciler)
 	user := impluser.NewModule(impluser.NewStore(sqlstore, providerSettings), tokenizer, emailing, providerSettings, orgSetter, authz, analytics, config.User)
 	userGetter := impluser.NewGetter(impluser.NewStore(sqlstore, providerSettings))
 	ruleStore := sqlrulestore.NewRuleStore(sqlstore, queryParser, providerSettings)

+	rootUser := implrootuser.NewModule(implrootuser.NewStore(sqlstore, providerSettings), providerSettings, config.User.RootUserConfig, authz)
+
 	return Modules{
 		OrgGetter:       orgGetter,
 		OrgSetter:       orgSetter,
@@ -105,10 +111,11 @@ func NewModules(
 		TraceFunnel:     impltracefunnel.NewModule(impltracefunnel.NewStore(sqlstore)),
 		RawDataExport:   implrawdataexport.NewModule(querier),
 		AuthDomain:      implauthdomain.NewModule(implauthdomain.NewStore(sqlstore), authNs),
-		Session:         implsession.NewModule(providerSettings, authNs, user, userGetter, implauthdomain.NewModule(implauthdomain.NewStore(sqlstore), authNs), tokenizer, orgGetter),
+		Session:         implsession.NewModule(providerSettings, authNs, user, userGetter, implauthdomain.NewModule(implauthdomain.NewStore(sqlstore), authNs), tokenizer, orgGetter, rootUser),
 		SpanPercentile:  implspanpercentile.NewModule(querier, providerSettings),
 		Services:        implservices.NewModule(querier, telemetryStore),
 		MetricsExplorer: implmetricsexplorer.NewModule(telemetryStore, telemetryMetadataStore, cache, ruleStore, dashboard, providerSettings, config.MetricsExplorer),
 		Promote:         implpromote.NewModule(telemetryMetadataStore, telemetryStore),
+		RootUser:        rootUser,
 	}
 }
--- a/pkg/signoz/module_test.go
+++ b/pkg/signoz/module_test.go
@@ -13,6 +13,8 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory/factorytest"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
+	"github.com/SigNoz/signoz/pkg/modules/rootuser/implrootuser"
+	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/sharder"
 	"github.com/SigNoz/signoz/pkg/sharder/noopsharder"
@@ -40,7 +42,8 @@ func TestNewModules(t *testing.T) {
 	queryParser := queryparser.New(providerSettings)
 	require.NoError(t, err)
 	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), providerSettings, nil, orgGetter, queryParser)
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule)
+	rootUserReconciler := implrootuser.NewReconciler(implrootuser.NewStore(sqlstore, providerSettings), providerSettings, orgGetter, user.RootUserConfig{})
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, rootUserReconciler)

 	reflectVal := reflect.ValueOf(modules)
 	for i := 0; i < reflectVal.NumField(); i++ {
--- a/pkg/signoz/provider.go
+++ b/pkg/signoz/provider.go
@@ -167,6 +167,7 @@ func NewSQLMigrationProviderFactories(
 		sqlmigration.NewMigrateRbacToAuthzFactory(sqlstore),
 		sqlmigration.NewMigratePublicDashboardsFactory(sqlstore),
 		sqlmigration.NewAddAnonymousPublicDashboardTransactionFactory(sqlstore),
+		sqlmigration.NewAddRootUserFactory(sqlstore, sqlschema),
 	)
 }

@@ -237,7 +238,7 @@ func NewAPIServerProviderFactories(orgGetter organization.Getter, authz authz.Au
 			orgGetter,
 			authz,
 			implorganization.NewHandler(modules.OrgGetter, modules.OrgSetter),
-			impluser.NewHandler(modules.User, modules.UserGetter),
+			impluser.NewHandler(modules.User, modules.UserGetter, modules.RootUser),
 			implsession.NewHandler(modules.Session),
 			implauthdomain.NewHandler(modules.AuthDomain),
 			implpreference.NewHandler(modules.Preference),
--- a/pkg/signoz/signoz.go
+++ b/pkg/signoz/signoz.go
@@ -21,6 +21,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
+	"github.com/SigNoz/signoz/pkg/modules/rootuser/implrootuser"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
 	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/querier"
@@ -266,6 +267,10 @@ func New(
 	// Initialize organization getter
 	orgGetter := implorganization.NewGetter(implorganization.NewStore(sqlstore), sharder)

+	// Initialize and run the root user reconciler
+	rootUserStore := implrootuser.NewStore(sqlstore, providerSettings)
+	rootUserReconciler := implrootuser.NewReconciler(rootUserStore, providerSettings, orgGetter, config.User.RootUserConfig)
+
 	// Initialize tokenizer from the available tokenizer provider factories
 	tokenizer, err := factory.NewProviderFromNamedMap(
 		ctx,
@@ -387,7 +392,7 @@ func New(
 	}

 	// Initialize all modules
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard, rootUserReconciler)

 	// Initialize all handlers for the modules
 	handlers := NewHandlers(modules, providerSettings, querier, licensing, global, flagger, gateway, telemetryMetadataStore, authz)
@@ -443,6 +448,12 @@ func New(
 		return nil, err
 	}

+	err = rootUserReconciler.Reconcile(ctx)
+	if err != nil {
+		// Question: Should we fail the startup if the root user reconciliation fails?
+		return nil, err
+	}
+
 	return &SigNoz{
 		Registry:               registry,
 		Analytics:              analytics,
--- a/pkg/sqlmigration/064_add_root_user.go
+++ b/pkg/sqlmigration/064_add_root_user.go
@@ -0,0 +1,103 @@
+package sqlmigration
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlschema"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/migrate"
+)
+
+type addRootUser struct {
+	sqlStore  sqlstore.SQLStore
+	sqlSchema sqlschema.SQLSchema
+}
+
+func NewAddRootUserFactory(sqlStore sqlstore.SQLStore, sqlSchema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
+	return factory.NewProviderFactory(
+		factory.MustNewName("add_root_user"),
+		func(ctx context.Context, settings factory.ProviderSettings, config Config) (SQLMigration, error) {
+			return newAddRootUser(ctx, settings, config, sqlStore, sqlSchema)
+		},
+	)
+} 
+
+func newAddRootUser(_ context.Context, _ factory.ProviderSettings, _ Config, sqlStore sqlstore.SQLStore, sqlSchema sqlschema.SQLSchema) (SQLMigration, error) {
+	return &addRootUser{sqlStore: sqlStore, sqlSchema: sqlSchema}, nil
+}
+
+func (migration *addRootUser) Register(migrations *migrate.Migrations) error {
+	if err := migrations.Register(migration.Up, migration.Down); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (migration *addRootUser) Up(ctx context.Context, db *bun.DB) error {
+
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		_ = tx.Rollback()
+	}()
+
+	sqls := [][]byte{}
+
+	// create root_users table sqls
+	tableSQLs := migration.sqlSchema.Operator().CreateTable(
+		&sqlschema.Table{
+			Name: "root_users",
+			Columns: []*sqlschema.Column{
+				{Name: "id", DataType: sqlschema.DataTypeText, Nullable: false},
+				{Name: "email", DataType: sqlschema.DataTypeText, Nullable: false},
+				{Name: "password_hash", DataType: sqlschema.DataTypeText, Nullable: false},
+				{Name: "created_at", DataType: sqlschema.DataTypeTimestamp, Nullable: false},
+				{Name: "updated_at", DataType: sqlschema.DataTypeTimestamp, Nullable: false},
+				{Name: "org_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			},
+			PrimaryKeyConstraint: &sqlschema.PrimaryKeyConstraint{
+				ColumnNames: []sqlschema.ColumnName{"id"},
+			},
+			ForeignKeyConstraints: []*sqlschema.ForeignKeyConstraint{
+				{
+					ReferencingColumnName: sqlschema.ColumnName("org_id"),
+					ReferencedTableName:   sqlschema.TableName("organizations"),
+					ReferencedColumnName:  sqlschema.ColumnName("id"),
+				},
+			},
+		},
+	)
+
+	sqls = append(sqls, tableSQLs...)
+
+	// create index sqls
+	indexSQLs := migration.sqlSchema.Operator().CreateIndex(
+		&sqlschema.UniqueIndex{
+			TableName:   sqlschema.TableName("root_users"),
+			ColumnNames: []sqlschema.ColumnName{"org_id"},
+		},
+	)
+
+	sqls = append(sqls, indexSQLs...)
+
+	for _, sqlStmt := range sqls {
+		if _, err := tx.ExecContext(ctx, string(sqlStmt)); err != nil {
+			return err
+		}
+	}
+
+	if err := tx.Commit(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (migration *addRootUser) Down(ctx context.Context, db *bun.DB) error {
+	return nil
+}
--- a/pkg/tokenizer/tokenizerstore/sqltokenizerstore/store.go
+++ b/pkg/tokenizer/tokenizerstore/sqltokenizerstore/store.go
@@ -2,6 +2,7 @@ package sqltokenizerstore

 import (
 	"context"
+	"database/sql"

 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
@@ -34,6 +35,7 @@ func (store *store) Create(ctx context.Context, token *authtypes.StorableToken)
 }

 func (store *store) GetIdentityByUserID(ctx context.Context, userID valuer.UUID) (*authtypes.Identity, error) {
+	// try to get the user from the user table - this will be most common case
 	user := new(types.User)

 	err := store.
@@ -43,11 +45,36 @@ func (store *store) GetIdentityByUserID(ctx context.Context, userID valuer.UUID)
 		Model(user).
 		Where("id = ?", userID).
 		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user with id: %s does not exist", userID)
+	// if err != nil {
+	// 	return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user with id: %s does not exist", userID)
+	// }
+
+	if err == nil {
+		// we found the user, return the identity
+		return authtypes.NewIdentity(userID, user.OrgID, user.Email, types.Role(user.Role)), nil
 	}

-	return authtypes.NewIdentity(userID, user.OrgID, user.Email, types.Role(user.Role)), nil
+	if err != sql.ErrNoRows {
+		// this is not a not found error, return the error, something else went wrong
+		return nil, err
+	}
+
+	// if the user not found, try to find that in root_user table
+	rootUser := new(types.RootUser)
+
+	err = store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(rootUser).
+		Where("id = ?", userID).
+		Scan(ctx)
+
+	if err == nil {
+		return authtypes.NewRootIdentity(userID, rootUser.OrgID, rootUser.Email), nil
+	}
+
+	return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user with id: %s does not exist", userID)
 }

 func (store *store) GetByAccessToken(ctx context.Context, accessToken string) (*authtypes.StorableToken, error) {
@@ -130,6 +157,24 @@ func (store *store) ListByOrgID(ctx context.Context, orgID valuer.UUID) ([]*auth
 		return nil, err
 	}

+	// ROOT USER TOKENS
+	rootUserTokens := make([]*authtypes.StorableToken, 0)
+
+	err = store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(&rootUserTokens).
+		Join("JOIN root_users").
+		JoinOn("root_users.id = auth_token.user_id").
+		Where("org_id = ?", orgID).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	tokens = append(tokens, rootUserTokens...)
+
 	return tokens, nil
 }

@@ -151,6 +196,26 @@ func (store *store) ListByOrgIDs(ctx context.Context, orgIDs []valuer.UUID) ([]*
 		return nil, err
 	}

+	// ROOT USER TOKENS
+	rootUserTokens := make([]*authtypes.StorableToken, 0)
+
+	err = store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(&rootUserTokens).
+		Join("JOIN root_users").
+		JoinOn("root_users.id = auth_token.user_id").
+		Join("JOIN organizations").
+		JoinOn("organizations.id = root_users.org_id").
+		Where("organizations.id IN (?)", bun.In(orgIDs)).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	tokens = append(tokens, rootUserTokens...)
+
 	return tokens, nil
 }

--- a/pkg/types/authtypes/authn.go
+++ b/pkg/types/authtypes/authn.go
@@ -29,6 +29,7 @@ type Identity struct {
 	OrgID  valuer.UUID  `json:"orgId"`
 	Email  valuer.Email `json:"email"`
 	Role   types.Role   `json:"role"`
+	IsRoot bool         `json:"isRoot"`
 }

 type CallbackIdentity struct {
@@ -84,6 +85,17 @@ func NewIdentity(userID valuer.UUID, orgID valuer.UUID, email valuer.Email, role
 		OrgID:  orgID,
 		Email:  email,
 		Role:   role,
+		IsRoot: false,
+	}
+}
+
+func NewRootIdentity(userID valuer.UUID, orgID valuer.UUID, email valuer.Email) *Identity {
+	return &Identity{
+		UserID: userID,
+		OrgID:  orgID,
+		Email:  email,
+		Role:   types.RoleAdmin,
+		IsRoot: true,
 	}
 }

--- a/pkg/types/integration.go
+++ b/pkg/types/integration.go
@@ -0,0 +1,244 @@
+package types
+
+import (
+	"database/sql/driver"
+	"encoding/json"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/uptrace/bun"
+)
+
+type IntegrationUserEmail string
+
+const (
+	AWSIntegrationUserEmail IntegrationUserEmail = "aws-integration@signoz.io"
+)
+
+var AllIntegrationUserEmails = []IntegrationUserEmail{
+	AWSIntegrationUserEmail,
+}
+
+// --------------------------------------------------------------------------
+// Normal integration uses just the installed_integration table
+// --------------------------------------------------------------------------
+
+type InstalledIntegration struct {
+	bun.BaseModel `bun:"table:installed_integration"`
+
+	Identifiable
+	Type        string                     `json:"type" bun:"type,type:text,unique:org_id_type"`
+	Config      InstalledIntegrationConfig `json:"config" bun:"config,type:text"`
+	InstalledAt time.Time                  `json:"installed_at" bun:"installed_at,default:current_timestamp"`
+	OrgID       string                     `json:"org_id" bun:"org_id,type:text,unique:org_id_type,references:organizations(id),on_delete:cascade"`
+}
+
+type InstalledIntegrationConfig map[string]interface{}
+
+// For serializing from db
+func (c *InstalledIntegrationConfig) Scan(src interface{}) error {
+	var data []byte
+	switch v := src.(type) {
+	case []byte:
+		data = v
+	case string:
+		data = []byte(v)
+	default:
+		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
+	}
+
+	return json.Unmarshal(data, c)
+}
+
+// For serializing to db
+func (c *InstalledIntegrationConfig) Value() (driver.Value, error) {
+	filterSetJson, err := json.Marshal(c)
+	if err != nil {
+		return nil, errors.WrapInternalf(err, errors.CodeInternal, "could not serialize integration config to JSON")
+	}
+	return filterSetJson, nil
+}
+
+// --------------------------------------------------------------------------
+// Cloud integration uses the cloud_integration table
+// and cloud_integrations_service table
+// --------------------------------------------------------------------------
+
+type CloudIntegration struct {
+	bun.BaseModel `bun:"table:cloud_integration"`
+
+	Identifiable
+	TimeAuditable
+	Provider        string         `json:"provider" bun:"provider,type:text,unique:provider_id"`
+	Config          *AccountConfig `json:"config" bun:"config,type:text"`
+	AccountID       *string        `json:"account_id" bun:"account_id,type:text"`
+	LastAgentReport *AgentReport   `json:"last_agent_report" bun:"last_agent_report,type:text"`
+	RemovedAt       *time.Time     `json:"removed_at" bun:"removed_at,type:timestamp,nullzero"`
+	OrgID           string         `bun:"org_id,type:text,unique:provider_id"`
+}
+
+func (a *CloudIntegration) Status() AccountStatus {
+	status := AccountStatus{}
+	if a.LastAgentReport != nil {
+		lastHeartbeat := a.LastAgentReport.TimestampMillis
+		status.Integration.LastHeartbeatTsMillis = &lastHeartbeat
+	}
+	return status
+}
+
+func (a *CloudIntegration) Account() Account {
+	ca := Account{Id: a.ID.StringValue(), Status: a.Status()}
+
+	if a.AccountID != nil {
+		ca.CloudAccountId = *a.AccountID
+	}
+
+	if a.Config != nil {
+		ca.Config = *a.Config
+	} else {
+		ca.Config = DefaultAccountConfig()
+	}
+	return ca
+}
+
+type Account struct {
+	Id             string        `json:"id"`
+	CloudAccountId string        `json:"cloud_account_id"`
+	Config         AccountConfig `json:"config"`
+	Status         AccountStatus `json:"status"`
+}
+
+type AccountStatus struct {
+	Integration AccountIntegrationStatus `json:"integration"`
+}
+
+type AccountIntegrationStatus struct {
+	LastHeartbeatTsMillis *int64 `json:"last_heartbeat_ts_ms"`
+}
+
+func DefaultAccountConfig() AccountConfig {
+	return AccountConfig{
+		EnabledRegions: []string{},
+	}
+}
+
+type AccountConfig struct {
+	EnabledRegions []string `json:"regions"`
+}
+
+// For serializing from db
+func (c *AccountConfig) Scan(src any) error {
+	var data []byte
+	switch v := src.(type) {
+	case []byte:
+		data = v
+	case string:
+		data = []byte(v)
+	default:
+		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
+	}
+
+	return json.Unmarshal(data, c)
+}
+
+// For serializing to db
+func (c *AccountConfig) Value() (driver.Value, error) {
+	if c == nil {
+		return nil, errors.NewInternalf(errors.CodeInternal, "cloud account config is nil")
+	}
+
+	serialized, err := json.Marshal(c)
+	if err != nil {
+		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't serialize cloud account config to JSON")
+	}
+	return serialized, nil
+}
+
+type AgentReport struct {
+	TimestampMillis int64          `json:"timestamp_millis"`
+	Data            map[string]any `json:"data"`
+}
+
+// For serializing from db
+func (r *AgentReport) Scan(src any) error {
+	var data []byte
+	switch v := src.(type) {
+	case []byte:
+		data = v
+	case string:
+		data = []byte(v)
+	default:
+		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
+	}
+
+	return json.Unmarshal(data, r)
+}
+
+// For serializing to db
+func (r *AgentReport) Value() (driver.Value, error) {
+	if r == nil {
+		return nil, errors.NewInternalf(errors.CodeInternal, "agent report is nil")
+	}
+
+	serialized, err := json.Marshal(r)
+	if err != nil {
+		return nil, errors.WrapInternalf(
+			err, errors.CodeInternal, "couldn't serialize agent report to JSON",
+		)
+	}
+	return serialized, nil
+}
+
+type CloudIntegrationService struct {
+	bun.BaseModel `bun:"table:cloud_integration_service,alias:cis"`
+
+	Identifiable
+	TimeAuditable
+	Type               string             `bun:"type,type:text,notnull,unique:cloud_integration_id_type"`
+	Config             CloudServiceConfig `bun:"config,type:text"`
+	CloudIntegrationID string             `bun:"cloud_integration_id,type:text,notnull,unique:cloud_integration_id_type,references:cloud_integrations(id),on_delete:cascade"`
+}
+
+type CloudServiceLogsConfig struct {
+	Enabled   bool                `json:"enabled"`
+	S3Buckets map[string][]string `json:"s3_buckets,omitempty"`
+}
+
+type CloudServiceMetricsConfig struct {
+	Enabled bool `json:"enabled"`
+}
+
+type CloudServiceConfig struct {
+	Logs    *CloudServiceLogsConfig    `json:"logs,omitempty"`
+	Metrics *CloudServiceMetricsConfig `json:"metrics,omitempty"`
+}
+
+// For serializing from db
+func (c *CloudServiceConfig) Scan(src any) error {
+	var data []byte
+	switch src := src.(type) {
+	case []byte:
+		data = src
+	case string:
+		data = []byte(src)
+	default:
+		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
+	}
+
+	return json.Unmarshal(data, c)
+}
+
+// For serializing to db
+func (c *CloudServiceConfig) Value() (driver.Value, error) {
+	if c == nil {
+		return nil, errors.NewInternalf(errors.CodeInternal, "cloud service config is nil")
+	}
+
+	serialized, err := json.Marshal(c)
+	if err != nil {
+		return nil, errors.WrapInternalf(
+			err, errors.CodeInternal, "couldn't serialize cloud service config to JSON",
+		)
+	}
+	return serialized, nil
+}
--- a/pkg/types/integrationstypes/cloudintegration.go
+++ b/pkg/types/integrationstypes/cloudintegration.go
@@ -1,464 +0,0 @@
-package integrationstypes
-
-import (
-	"context"
-	"database/sql/driver"
-	"encoding/json"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/uptrace/bun"
-)
-
-// CloudProvider defines the interface to be implemented by different cloud providers.
-// This is generic interface so it will be accepting and returning generic types instead of concrete.
-// It's the cloud provider's responsibility to cast them to appropriate types and validate
-type CloudProvider interface {
-	GetName() CloudProviderType
-
-	AgentCheckIn(ctx context.Context, req *PostableAgentCheckInPayload) (any, error)
-	GenerateConnectionArtifact(ctx context.Context, req *PostableConnectionArtifact) (any, error)
-	GetAccountStatus(ctx context.Context, orgID, accountID string) (*GettableAccountStatus, error)
-
-	ListServices(ctx context.Context, orgID string, accountID *string) (any, error) // returns either GettableAWSServices
-	GetServiceDetails(ctx context.Context, req *GetServiceDetailsReq) (any, error)
-	ListConnectedAccounts(ctx context.Context, orgID string) (*GettableConnectedAccountsList, error)
-	GetDashboard(ctx context.Context, req *GettableDashboard) (*dashboardtypes.Dashboard, error)
-	GetAvailableDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error)
-
-	UpdateAccountConfig(ctx context.Context, req *PatchableAccountConfig) (any, error) // req can be either PatchableAWSAccountConfig
-	UpdateServiceConfig(ctx context.Context, req *PatchableServiceConfig) (any, error)
-
-	DisconnectAccount(ctx context.Context, orgID, accountID string) (*CloudIntegration, error)
-}
-
-type GettableDashboard struct {
-	ID    string
-	OrgID valuer.UUID
-}
-
-type GettableCloudIntegrationConnectionParams struct {
-	IngestionUrl string `json:"ingestion_url,omitempty"`
-	IngestionKey string `json:"ingestion_key,omitempty"`
-	SigNozAPIUrl string `json:"signoz_api_url,omitempty"`
-	SigNozAPIKey string `json:"signoz_api_key,omitempty"`
-}
-
-type GettableIngestionKey struct {
-	Name  string `json:"name"`
-	Value string `json:"value"`
-	// other attributes from gateway response not included here since they are not being used.
-}
-
-type GettableIngestionKeysSearch struct {
-	Status string                 `json:"status"`
-	Data   []GettableIngestionKey `json:"data"`
-	Error  string                 `json:"error"`
-}
-
-type GettableCreateIngestionKey struct {
-	Status string               `json:"status"`
-	Data   GettableIngestionKey `json:"data"`
-	Error  string               `json:"error"`
-}
-
-type GettableDeployment struct {
-	Name        string `json:"name"`
-	ClusterInfo struct {
-		Region struct {
-			DNS string `json:"dns"`
-		} `json:"region"`
-	} `json:"cluster"`
-}
-
-type GettableConnectedAccountsList struct {
-	Accounts []*Account `json:"accounts"`
-}
-
-// SigNozAWSAgentConfig represents requirements for agent deployment in user's AWS account
-type SigNozAWSAgentConfig struct {
-	// The region in which SigNoz agent should be installed.
-	Region string `json:"region"`
-
-	IngestionUrl string `json:"ingestion_url"`
-	IngestionKey string `json:"ingestion_key"`
-	SigNozAPIUrl string `json:"signoz_api_url"`
-	SigNozAPIKey string `json:"signoz_api_key"`
-
-	Version string `json:"version,omitempty"`
-}
-
-type PostableConnectionArtifact struct {
-	OrgID string
-	Data  []byte // either PostableAWSConnectionUrl
-}
-
-type PostableAWSConnectionUrl struct {
-	// Optional. To be specified for updates.
-	// TODO: evaluate and remove if not needed.
-	AccountId     *string               `json:"account_id,omitempty"`
-	AccountConfig *AWSAccountConfig     `json:"account_config"`
-	AgentConfig   *SigNozAWSAgentConfig `json:"agent_config"`
-}
-
-func (p *PostableAWSConnectionUrl) Unmarshal(src any) error {
-	var data []byte
-	switch src := src.(type) {
-	case []byte:
-		data = src
-	case string:
-		data = []byte(src)
-	default:
-		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
-	}
-
-	err := json.Unmarshal(data, p)
-	if err != nil {
-		return errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't deserialize aws connection url request from JSON",
-		)
-	}
-
-	return nil
-}
-
-type GettableAWSConnectionUrl struct {
-	AccountId     string `json:"account_id"`
-	ConnectionUrl string `json:"connection_url"`
-}
-
-type GettableAccountStatus struct {
-	Id             string        `json:"id"`
-	CloudAccountId *string       `json:"cloud_account_id,omitempty"`
-	Status         AccountStatus `json:"status"`
-}
-
-type PostableAgentCheckInPayload struct {
-	ID        string `json:"account_id"`
-	AccountID string `json:"cloud_account_id"`
-	// Arbitrary cloud specific Agent data
-	Data  map[string]any `json:"data,omitempty"`
-	OrgID string         `json:"-"`
-}
-
-type GettableAWSAgentCheckIn struct {
-	AccountId      string     `json:"account_id"`
-	CloudAccountId string     `json:"cloud_account_id"`
-	RemovedAt      *time.Time `json:"removed_at"`
-
-	IntegrationConfig AWSAgentIntegrationConfig `json:"integration_config"`
-}
-
-type AWSAgentIntegrationConfig struct {
-	EnabledRegions              []string               `json:"enabled_regions"`
-	TelemetryCollectionStrategy *AWSCollectionStrategy `json:"telemetry,omitempty"`
-}
-
-type PatchableServiceConfig struct {
-	OrgID     string `json:"org_id"`
-	ServiceId string `json:"service_id"`
-	Config    []byte `json:"config"` // json serialized config
-}
-
-type PatchableAWSCloudServiceConfig struct {
-	CloudAccountId string                 `json:"cloud_account_id"`
-	Config         *AWSCloudServiceConfig `json:"config"`
-}
-
-type AWSCloudServiceConfig struct {
-	Logs    *AWSCloudServiceLogsConfig    `json:"logs,omitempty"`
-	Metrics *AWSCloudServiceMetricsConfig `json:"metrics,omitempty"`
-}
-
-// Unmarshal unmarshalls data from src
-func (c *PatchableAWSCloudServiceConfig) Unmarshal(src []byte) error {
-	err := json.Unmarshal(src, c)
-	if err != nil {
-		return errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't deserialize aws service config req from JSON",
-		)
-	}
-
-	return nil
-}
-
-// Marshal serializes data to bytes
-func (c *PatchableAWSCloudServiceConfig) Marshal() ([]byte, error) {
-	serialized, err := json.Marshal(c)
-	if err != nil {
-		return nil, errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't serialize aws service config req to JSON",
-		)
-	}
-	return serialized, nil
-}
-
-// Unmarshal unmarshalls data from src
-func (a *AWSCloudServiceConfig) Unmarshal(src []byte) error {
-	err := json.Unmarshal(src, a)
-	if err != nil {
-		return errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't deserialize cloud service config from JSON",
-		)
-	}
-
-	return nil
-}
-
-// Marshal serializes data to bytes
-func (a *AWSCloudServiceConfig) Marshal() ([]byte, error) {
-	serialized, err := json.Marshal(a)
-	if err != nil {
-		return nil, errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't serialize cloud service config to JSON",
-		)
-	}
-	return serialized, nil
-}
-
-func (a *AWSCloudServiceConfig) Validate(def *AWSServiceDefinition) error {
-	if def.Id != S3Sync && a.Logs != nil && a.Logs.S3Buckets != nil {
-		return errors.NewInvalidInputf(errors.CodeInvalidInput, "s3 buckets can only be added to service-type[%s]", S3Sync)
-	} else if def.Id == S3Sync && a.Logs != nil && a.Logs.S3Buckets != nil {
-		for region := range a.Logs.S3Buckets {
-			if _, found := ValidAWSRegions[region]; !found {
-				return errors.NewInvalidInputf(CodeInvalidCloudRegion, "invalid cloud region: %s", region)
-			}
-		}
-	}
-
-	return nil
-}
-
-type PatchServiceConfigResponse struct {
-	ServiceId string `json:"id"`
-	Config    any    `json:"config"`
-}
-
-type PatchableAccountConfig struct {
-	OrgID     string
-	AccountId string
-	Data      []byte // can be either AWSAccountConfig
-}
-
-type PatchableAWSAccountConfig struct {
-	Config *AWSAccountConfig `json:"config"`
-}
-
-func (p *PatchableAWSAccountConfig) Unmarshal(src []byte) error {
-	err := json.Unmarshal(src, p)
-	if err != nil {
-		return errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't deserialize patchable account config from JSON",
-		)
-	}
-
-	return nil
-}
-
-func (p *PatchableAWSAccountConfig) Marshal() ([]byte, error) {
-	if p == nil {
-		return nil, errors.NewInternalf(errors.CodeInternal, "patchable account config is nil")
-	}
-
-	serialized, err := json.Marshal(p)
-	if err != nil {
-		return nil, errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't serialize patchable account config to JSON",
-		)
-	}
-	return serialized, nil
-}
-
-type AWSAccountConfig struct {
-	EnabledRegions []string `json:"regions"`
-}
-
-// Unmarshal unmarshalls data from src
-func (c *AWSAccountConfig) Unmarshal(src []byte) error {
-	err := json.Unmarshal(src, c)
-	if err != nil {
-		return errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't deserialize AWS account config from JSON",
-		)
-	}
-
-	return nil
-}
-
-// Marshal serializes data to bytes
-func (c *AWSAccountConfig) Marshal() ([]byte, error) {
-	if c == nil {
-		return nil, errors.NewInternalf(errors.CodeInternal, "cloud account config is nil")
-	}
-
-	serialized, err := json.Marshal(c)
-	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't serialize cloud account config to JSON")
-	}
-	return serialized, nil
-}
-
-type GettableAWSServices struct {
-	Services []AWSServiceSummary `json:"services"`
-}
-
-type GetServiceDetailsReq struct {
-	OrgID          valuer.UUID
-	ServiceId      string
-	CloudAccountID *string
-}
-
-// --------------------------------------------------------------------------
-// DATABASE TYPES
-// --------------------------------------------------------------------------
-
-// --------------------------------------------------------------------------
-// Cloud integration uses the cloud_integration table
-// and cloud_integrations_service table
-// --------------------------------------------------------------------------
-
-type CloudIntegration struct {
-	bun.BaseModel `bun:"table:cloud_integration"`
-
-	types.Identifiable
-	types.TimeAuditable
-	Provider        string       `json:"provider" bun:"provider,type:text,unique:provider_id"`
-	Config          []byte       `json:"config" bun:"config,type:text"` // json serialized config
-	AccountID       *string      `json:"account_id" bun:"account_id,type:text"`
-	LastAgentReport *AgentReport `json:"last_agent_report" bun:"last_agent_report,type:text"`
-	RemovedAt       *time.Time   `json:"removed_at" bun:"removed_at,type:timestamp,nullzero"`
-	OrgID           string       `bun:"org_id,type:text,unique:provider_id"`
-}
-
-func (a *CloudIntegration) Status() AccountStatus {
-	status := AccountStatus{}
-	if a.LastAgentReport != nil {
-		lastHeartbeat := a.LastAgentReport.TimestampMillis
-		status.Integration.LastHeartbeatTsMillis = &lastHeartbeat
-	}
-	return status
-}
-
-func (a *CloudIntegration) Account(cloudProvider CloudProviderType) *Account {
-	ca := &Account{Id: a.ID.StringValue(), Status: a.Status()}
-
-	if a.AccountID != nil {
-		ca.CloudAccountId = *a.AccountID
-	}
-
-	ca.Config = map[string]interface{}{}
-
-	if len(a.Config) < 1 {
-		return ca
-	}
-
-	switch cloudProvider {
-	case CloudProviderAWS:
-		config := new(AWSAccountConfig)
-		_ = config.Unmarshal(a.Config)
-		ca.Config = config
-	default:
-	}
-
-	return ca
-}
-
-type Account struct {
-	Id             string        `json:"id"`
-	CloudAccountId string        `json:"cloud_account_id"`
-	Config         any           `json:"config"` // AWSAccountConfig
-	Status         AccountStatus `json:"status"`
-}
-
-type AccountStatus struct {
-	Integration AccountIntegrationStatus `json:"integration"`
-}
-
-type AccountIntegrationStatus struct {
-	LastHeartbeatTsMillis *int64 `json:"last_heartbeat_ts_ms"`
-}
-
-func DefaultAWSAccountConfig() AWSAccountConfig {
-	return AWSAccountConfig{
-		EnabledRegions: []string{},
-	}
-}
-
-type AWSServiceSummary struct {
-	DefinitionMetadata
-	Config *AWSCloudServiceConfig `json:"config"`
-}
-
-type GettableAWSServiceDetails struct {
-	AWSServiceDefinition
-	Config           *AWSCloudServiceConfig   `json:"config"`
-	ConnectionStatus *ServiceConnectionStatus `json:"status,omitempty"`
-}
-
-type ServiceConnectionStatus struct {
-	Logs    *SignalConnectionStatus `json:"logs"`
-	Metrics *SignalConnectionStatus `json:"metrics"`
-}
-
-type SignalConnectionStatus struct {
-	LastReceivedTsMillis int64  `json:"last_received_ts_ms"` // epoch milliseconds
-	LastReceivedFrom     string `json:"last_received_from"`  // resource identifier
-}
-
-type AgentReport struct {
-	TimestampMillis int64          `json:"timestamp_millis"`
-	Data            map[string]any `json:"data"`
-}
-
-// Scan scans data from db
-func (r *AgentReport) Scan(src any) error {
-	var data []byte
-	switch v := src.(type) {
-	case []byte:
-		data = v
-	case string:
-		data = []byte(v)
-	default:
-		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
-	}
-
-	return json.Unmarshal(data, r)
-}
-
-// Value serializes data to bytes for db insertion
-func (r *AgentReport) Value() (driver.Value, error) {
-	if r == nil {
-		return nil, errors.NewInternalf(errors.CodeInternal, "agent report is nil")
-	}
-
-	serialized, err := json.Marshal(r)
-	if err != nil {
-		return nil, errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't serialize agent report to JSON",
-		)
-	}
-	return serialized, nil
-}
-
-type CloudIntegrationService struct {
-	bun.BaseModel `bun:"table:cloud_integration_service,alias:cis"`
-
-	types.Identifiable
-	types.TimeAuditable
-	Type               string `bun:"type,type:text,notnull,unique:cloud_integration_id_type"`
-	Config             []byte `bun:"config,type:text"` // json serialized config
-	CloudIntegrationID string `bun:"cloud_integration_id,type:text,notnull,unique:cloud_integration_id_type,references:cloud_integrations(id),on_delete:cascade"`
-}
-
-type AWSCloudServiceLogsConfig struct {
-	Enabled   bool                `json:"enabled"`
-	S3Buckets map[string][]string `json:"s3_buckets,omitempty"`
-}
-
-type AWSCloudServiceMetricsConfig struct {
-	Enabled bool `json:"enabled"`
-}
--- a/pkg/types/integrationstypes/cloudservicedefinitions.go
+++ b/pkg/types/integrationstypes/cloudservicedefinitions.go
@@ -1,183 +0,0 @@
-package integrationstypes
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-const (
-	S3Sync = "s3sync"
-)
-
-type DefinitionMetadata struct {
-	Id    string `json:"id"`
-	Title string `json:"title"`
-	Icon  string `json:"icon"`
-}
-
-type Definition interface {
-	GetId() string
-	Validate() error
-	PopulateDashboardURLs(svcId string)
-}
-
-var _ Definition = &AWSServiceDefinition{}
-
-type AWSServiceDefinition struct {
-	DefinitionMetadata
-	Overview             string                 `json:"overview"` // markdown
-	Assets               Assets                 `json:"assets"`
-	SupportedSignals     SupportedSignals       `json:"supported_signals"`
-	DataCollected        DataCollected          `json:"data_collected"`
-	Strategy             *AWSCollectionStrategy `json:"telemetry_collection_strategy"`
-	IngestionStatusCheck *IngestionStatusCheck  `json:"ingestion_status_check"`
-}
-
-type IngestionStatusCheck struct {
-	Metrics []*IngestionStatusCheckCategory `json:"metrics"`
-	Logs    []*IngestionStatusCheckCategory `json:"logs"`
-}
-
-type IngestionStatusCheckCategory struct {
-	Category    string                           `json:"category"`
-	DisplayName string                           `json:"display_name"`
-	Checks      []*IngestionStatusCheckAttribute `json:"checks"`
-}
-
-type IngestionStatusCheckAttribute struct {
-	Key        string                                 `json:"key"` // search key (metric name or log message)
-	Attributes []*IngestionStatusCheckAttributeFilter `json:"attributes"`
-}
-
-type IngestionStatusCheckAttributeFilter struct {
-	Name     string `json:"name"`
-	Operator string `json:"operator"`
-	Value    string `json:"value"`
-}
-
-func (def *AWSServiceDefinition) GetId() string {
-	return def.Id
-}
-
-func (def *AWSServiceDefinition) Validate() error {
-	seenDashboardIds := map[string]interface{}{}
-
-	if def.Strategy == nil {
-		return errors.NewInternalf(errors.CodeInternal, "telemetry_collection_strategy is required")
-	}
-
-	for _, dd := range def.Assets.Dashboards {
-		if _, seen := seenDashboardIds[dd.Id]; seen {
-			return errors.NewInternalf(errors.CodeInternal, "multiple dashboards found with id %s for AWS Integration", dd.Id)
-		}
-		seenDashboardIds[dd.Id] = nil
-	}
-
-	return nil
-}
-
-func (def *AWSServiceDefinition) PopulateDashboardURLs(serviceId string) {
-	for i := range def.Assets.Dashboards {
-		dashboardId := def.Assets.Dashboards[i].Id
-		url := "/dashboard/" + GetCloudIntegrationDashboardID(CloudProviderAWS, serviceId, dashboardId)
-		def.Assets.Dashboards[i].Url = url
-	}
-}
-
-type Assets struct {
-	Dashboards []Dashboard `json:"dashboards"`
-}
-
-type SupportedSignals struct {
-	Logs    bool `json:"logs"`
-	Metrics bool `json:"metrics"`
-}
-
-type DataCollected struct {
-	Logs    []CollectedLogAttribute `json:"logs"`
-	Metrics []CollectedMetric       `json:"metrics"`
-}
-
-type CollectedLogAttribute struct {
-	Name string `json:"name"`
-	Path string `json:"path"`
-	Type string `json:"type"`
-}
-
-type CollectedMetric struct {
-	Name        string `json:"name"`
-	Type        string `json:"type"`
-	Unit        string `json:"unit"`
-	Description string `json:"description"`
-}
-
-type AWSCollectionStrategy struct {
-	Provider valuer.String `json:"provider"`
-
-	AWSMetrics *AWSMetricsStrategy `json:"aws_metrics,omitempty"`
-	AWSLogs    *AWSLogsStrategy    `json:"aws_logs,omitempty"`
-	S3Buckets  map[string][]string `json:"s3_buckets,omitempty"` // Only available in S3 Sync Service Type
-}
-
-type AWSMetricsStrategy struct {
-	// to be used as https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-metricstream.html#cfn-cloudwatch-metricstream-includefilters
-	StreamFilters []struct {
-		// json tags here are in the shape expected by AWS API as detailed at
-		// https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudwatch-metricstream-metricstreamfilter.html
-		Namespace   string   `json:"Namespace"`
-		MetricNames []string `json:"MetricNames,omitempty"`
-	} `json:"cloudwatch_metric_stream_filters"`
-}
-
-type AWSLogsStrategy struct {
-	Subscriptions []struct {
-		// subscribe to all logs groups with specified prefix.
-		// eg: `/aws/rds/`
-		LogGroupNamePrefix string `json:"log_group_name_prefix"`
-
-		// https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
-		// "" implies no filtering is required.
-		FilterPattern string `json:"filter_pattern"`
-	} `json:"cloudwatch_logs_subscriptions"`
-}
-
-type Dashboard struct {
-	Id          string                                `json:"id"`
-	Url         string                                `json:"url"`
-	Title       string                                `json:"title"`
-	Description string                                `json:"description"`
-	Image       string                                `json:"image"`
-	Definition  *dashboardtypes.StorableDashboardData `json:"definition,omitempty"`
-}
-
-func GetCloudIntegrationDashboardID(cloudProvider valuer.String, svcId, dashboardId string) string {
-	return fmt.Sprintf("cloud-integration--%s--%s--%s", cloudProvider, svcId, dashboardId)
-}
-
-func GetDashboardsFromAssets(svcId string, cloudProvider CloudProviderType, createdAt *time.Time, assets Assets) []*dashboardtypes.Dashboard {
-	dashboards := make([]*dashboardtypes.Dashboard, 0)
-
-	for _, d := range assets.Dashboards {
-		author := fmt.Sprintf("%s-integration", cloudProvider)
-		dashboards = append(dashboards, &dashboardtypes.Dashboard{
-			ID:     GetCloudIntegrationDashboardID(cloudProvider, svcId, d.Id),
-			Locked: true,
-			Data:   *d.Definition,
-			TimeAuditable: types.TimeAuditable{
-				CreatedAt: *createdAt,
-				UpdatedAt: *createdAt,
-			},
-			UserAuditable: types.UserAuditable{
-				CreatedBy: author,
-				UpdatedBy: author,
-			},
-		})
-	}
-
-	return dashboards
-}
--- a/pkg/types/integrationstypes/integration.go
+++ b/pkg/types/integrationstypes/integration.go
@@ -1,106 +0,0 @@
-package integrationstypes
-
-import (
-	"database/sql/driver"
-	"encoding/json"
-	"strings"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/uptrace/bun"
-)
-
-// CloudProviderType type alias
-type CloudProviderType = valuer.String
-
-var (
-	CloudProviderAWS = valuer.NewString("aws")
-)
-
-var (
-	CodeCloudProviderInvalidInput = errors.MustNewCode("invalid_cloud_provider")
-)
-
-func NewCloudProvider(provider string) (CloudProviderType, error) {
-	switch provider {
-	case CloudProviderAWS.String():
-		return valuer.NewString(provider), nil
-	default:
-		return CloudProviderType{}, errors.NewInvalidInputf(CodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider)
-	}
-}
-
-var (
-	AWSIntegrationUserEmail = valuer.MustNewEmail("aws-integration@signoz.io")
-)
-
-var IntegrationUserEmails = []valuer.Email{
-	AWSIntegrationUserEmail,
-}
-
-func IsCloudIntegrationDashboardUuid(dashboardUuid string) bool {
-	parts := strings.SplitN(dashboardUuid, "--", 4)
-	if len(parts) != 4 {
-		return false
-	}
-
-	return parts[0] == "cloud-integration"
-}
-
-func GetCloudProviderFromDashboardID(dashboardUuid string) (CloudProviderType, error) {
-	parts := strings.SplitN(dashboardUuid, "--", 4)
-	if len(parts) != 4 {
-		return valuer.String{}, errors.NewInvalidInputf(CodeCloudProviderInvalidInput, "invalid dashboard uuid: %s", dashboardUuid)
-	}
-
-	providerStr := parts[1]
-
-	cloudProvider, err := NewCloudProvider(providerStr)
-	if err != nil {
-		return CloudProviderType{}, err
-	}
-
-	return cloudProvider, nil
-}
-
-// --------------------------------------------------------------------------
-// Normal integration uses just the installed_integration table
-// --------------------------------------------------------------------------
-
-type InstalledIntegration struct {
-	bun.BaseModel `bun:"table:installed_integration"`
-
-	types.Identifiable
-	Type        string                     `json:"type" bun:"type,type:text,unique:org_id_type"`
-	Config      InstalledIntegrationConfig `json:"config" bun:"config,type:text"`
-	InstalledAt time.Time                  `json:"installed_at" bun:"installed_at,default:current_timestamp"`
-	OrgID       string                     `json:"org_id" bun:"org_id,type:text,unique:org_id_type,references:organizations(id),on_delete:cascade"`
-}
-
-type InstalledIntegrationConfig map[string]interface{}
-
-// Scan scans data from db
-func (c *InstalledIntegrationConfig) Scan(src interface{}) error {
-	var data []byte
-	switch v := src.(type) {
-	case []byte:
-		data = v
-	case string:
-		data = []byte(v)
-	default:
-		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
-	}
-
-	return json.Unmarshal(data, c)
-}
-
-// Value serializes data to db
-func (c *InstalledIntegrationConfig) Value() (driver.Value, error) {
-	filterSetJson, err := json.Marshal(c)
-	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "could not serialize integration config to JSON")
-	}
-	return filterSetJson, nil
-}
--- a/pkg/types/rootuser.go
+++ b/pkg/types/rootuser.go
@@ -0,0 +1,73 @@
+package types
+
+import (
+	"context"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/uptrace/bun"
+	"golang.org/x/crypto/bcrypt"
+)
+
+var (
+	ErrCodeRootUserAlreadyExists = errors.MustNewCode("root_user_already_exists")
+	ErrCodeRootUserNotFound      = errors.MustNewCode("root_user_not_found")
+)
+
+type RootUser struct {
+	bun.BaseModel `bun:"table:root_users"`
+
+	Identifiable               // gives ID field
+	Email         valuer.Email `bun:"email,type:text" json:"email"`
+	PasswordHash  string       `bun:"password_hash,type:text" json:"-"`
+	OrgID         valuer.UUID  `bun:"org_id,type:text" json:"orgId"`
+	TimeAuditable              // gives CreatedAt and UpdatedAt fields
+}
+
+func NewRootUser(email valuer.Email, password string, orgID valuer.UUID) (*RootUser, error) {
+	passwordHash, err := NewHashedPassword(password)
+	if err != nil {
+		return nil, errors.WrapInternalf(err, errors.CodeInternal, "failed to generate password hash")
+	}
+
+	return &RootUser{
+		Identifiable: Identifiable{
+			ID: valuer.GenerateUUID(),
+		},
+		Email:        email,
+		PasswordHash: string(passwordHash),
+		OrgID:        orgID,
+		TimeAuditable: TimeAuditable{
+			CreatedAt: time.Now(),
+			UpdatedAt: time.Now(),
+		},
+	}, nil
+}
+
+func (r *RootUser) VerifyPassword(password string) bool {
+	return bcrypt.CompareHashAndPassword([]byte(r.PasswordHash), []byte(password)) == nil
+}
+
+type RootUserStore interface {
+	// Creates a new root user. Returns ErrCodeRootUserAlreadyExists if a root user already exists for the organization.
+	Create(ctx context.Context, rootUser *RootUser) error
+
+	// Gets the root user by organization ID. Returns ErrCodeRootUserNotFound if a root user does not exist.
+	GetByOrgID(ctx context.Context, orgID valuer.UUID) (*RootUser, error)
+
+	// Gets a root user by email and organization ID. Returns ErrCodeRootUserNotFound if a root user does not exist.
+	GetByEmailAndOrgID(ctx context.Context, orgID valuer.UUID, email valuer.Email) (*RootUser, error)
+
+	// Gets a root user by organization ID and ID. Returns ErrCodeRootUserNotFound if a root user does not exist.
+	GetByOrgIDAndID(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*RootUser, error)
+
+	// Gets all root users by email and organization IDs. Returns ErrCodeRootUserNotFound if a root user does not exist.
+	GetByEmailAndOrgIDs(ctx context.Context, orgIDs []valuer.UUID, email valuer.Email) ([]*RootUser, error)
+
+	// Updates the password of a root user. Returns ErrCodeRootUserNotFound if a root user does not exist.
+	Update(ctx context.Context, orgID valuer.UUID, id valuer.UUID, rootUser *RootUser) error
+
+	// Checks if a root user exists for an organization. Returns true if a root user exists, false otherwise.
+	ExistsByOrgID(ctx context.Context, orgID valuer.UUID) (bool, error)
+}
Author	SHA1	Message	Date
Karan Balani	0cf1384892	chore: rename db migration file	2026-02-11 16:47:40 +05:30
Karan Balani	5aa655f875	chore: fix message	2026-02-11 16:27:22 +05:30
Karan Balani	ffde89d905	chore: use authz instead of granter	2026-02-11 16:17:14 +05:30
Karan Balani	ff732c6d6c	feat: add reconciliation logic for fresh signoz instance	2026-02-11 16:14:30 +05:30
Karan Balani	30d902f92d	fix: xor condition for user config validation	2026-02-11 16:11:57 +05:30
Karan Balani	6a9a8b14b3	fix: make reconciler flow idempotent	2026-02-11 16:11:57 +05:30
Karan Balani	4e7d2f8fb8	fix: improve validation for root user config	2026-02-11 16:11:57 +05:30
Karan Balani	bbc7f7bb3d	chore: move to new migration format and minor other changes	2026-02-11 16:11:54 +05:30
Karan Balani	c3294cf704	fix: comments	2026-02-11 16:11:22 +05:30
Karan Balani	e94b2a66d7	chore: minor changes	2026-02-11 16:11:22 +05:30
Karan Balani	ceca9fbd42	fix: reconciler logic for finding root users if email is changed in config	2026-02-11 16:11:22 +05:30
Karan Balani	14cec7b465	chore: various cursor bug bot comments addressed	2026-02-11 16:11:22 +05:30
Karan Balani	04753e2d57	chore: better response for bulk invite failed cases	2026-02-11 16:11:22 +05:30
Karan Balani	85ba9a6840	chore: handle root user invite in bulk invite api	2026-02-11 16:11:22 +05:30
Karan Balani	230b5ab7b7	chore: add check if the user is trying to delete their own user	2026-02-11 16:11:22 +05:30
Karan Balani	93c7c7fc93	chore: dummy push	2026-02-11 16:11:22 +05:30
Karan Balani	3011c24662	chore: handle various edge cases for root user login and operations	2026-02-11 16:11:22 +05:30
Karan Balani	559631f217	fix: go lint	2026-02-11 16:11:22 +05:30
Karan Balani	80bcc8971f	chore: minor fixes, still stuck on reconciler	2026-02-11 16:11:22 +05:30
Karan Balani	d8e3134729	feat(authn): root user	2026-02-11 16:11:19 +05:30