Too Long; Didn't Read
Using Terraform, Python and Zappa, CloudWatch, and DynamoDB, IAM, and Lambda, the solution is simple. A Lambda function can run a specific Log Insights query and store the results in a custom metric. DynamoDB table contains all the data I need to run each query, such as the log group that I want to investigate and the name of the target metric. IAM will require a list of security groups to grant access to specific groups to specific network components.