AWS re:Post Knowledge Center Feedback Survey

Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.

Configuring AWS Managed Grafana with CloudWatch Integration using CloudFormation

7 minute read

Content level: Advanced

This article explores how to use AWS CloudFormation to configure an AWS Managed Grafana workspace with seamless integration to Amazon CloudWatch. The goal is to provide a comprehensive, automated solution that simplifies the process of setting up a powerful monitoring and observability platform within the AWS ecosystem.

Introduction

Organizations today rely heavily on cloud-based infrastructure and services to power their applications and workloads. As these cloud environments become more complex, the need for robust monitoring and observability solutions increases. One such critical service is Amazon CloudWatch, which provides comprehensive monitoring and alerting capabilities for AWS resources and services. Grafana, an open-source data visualization and analytics platform, has become a popular choice for organizations to build custom dashboards and visualizations for their monitoring data. AWS offers Amazon Managed Grafana, a fully managed service that simplifies the deployment and operation of Grafana within the AWS ecosystem. Amazon Managed Grafana provides scalable and secure data visualization for your operational metrics, logs, and traces, allowing organizations to easily monitor and analyze their infrastructure and applications without the overhead of managing the underlying Grafana platform. By integrating AWS Managed Grafana with Amazon CloudWatch, organizations can benefit from a powerful, unified monitoring and observability solution. This integration allows teams to create custom dashboards, visualizations, and alerts based on the rich metrics and logs collected by CloudWatch across their entire AWS infrastructure.

The purpose of this CloudFormation template is to automate the process of setting up an AWS Managed Grafana workspace with a direct integration to Amazon CloudWatch. This template aims to provide a reproducible, infrastructure-as-code approach to configuring the necessary components to enable this integration, making it easier for organizations to deploy and maintain their Grafana-based monitoring solution.

Key Benefits

Using this CloudFormation template offers several key benefits:

Automated Provisioning: The template allows you to provision an AWS Managed Grafana workspace, including the necessary IAM role and CloudWatch data source, through a single CloudFormation stack creation process. This eliminates the need for manual configuration and ensures consistency across different environments.
Seamless CloudWatch Integration: By setting up the CloudWatch data source within the Grafana workspace, the template enables you to directly query and visualize CloudWatch metrics and logs using the powerful Grafana interface. This simplifies the process of building comprehensive monitoring dashboards.
Customizable Configuration: The template is parameterized, allowing you to customize certain aspects of the Grafana workspace, such as the workspace name, description, authentication provider, and permission type. This flexibility ensures the template can be adapted to fit your specific requirements.
Infrastructure as Code: By using CloudFormation, this template promotes an infrastructure-as-code approach to your monitoring and observability setup. This makes the configuration easily version-controlled, tested, and deployed across different environments, from development to production.
Simplified Maintenance: The automated provisioning and infrastructure-as-code nature of this template simplify the maintenance and updates of your Grafana-CloudWatch integration. Changes can be made to the template and applied to existing deployments, ensuring your monitoring solution remains up-to-date and aligned with your evolving needs.

Prerequisites

Before using this CloudFormation template, ensure you have the following:

AWS Account: You need an active AWS account with the necessary permissions to create the resources defined in this template.
AWS CLI or AWS Console access: To deploy this CloudFormation template, you'll need access to either the AWS Management Console or the AWS Command Line Interface (CLI).
IAM Permissions: The user or role executing this template must have permissions to create IAM roles, Grafana workspaces, and CloudWatch data sources.
AWS SSO or SAML: Depending on your chosen authentication method, you'll need either:
- AWS Single Sign-On (SSO) configured in your AWS account, or
- A SAML identity provider set up for Grafana authentication
Service Quotas: Ensure you have available quota for creating AWS Managed Grafana workspaces in your account or request an increase if needed.
Network Configuration: If you plan to access Grafana from a specific network, ensure you have the necessary network access rules in place.
CloudWatch Metrics: To make the most of this integration, ensure you have CloudWatch metrics set up for the AWS services you want to monitor.
Knowledge of CloudFormation: Basic understanding of AWS CloudFormation and how to create and update stacks.

Please review the AWS Managed Grafana documentation for more detailed information on requirements and best practices.

Solution Walkthrough

Below is the sample CloudFormation template for AWS Managed Grafana with CloudWatch Integration. This template automates the setup of an AWS Managed Grafana workspace with direct access to CloudWatch metrics. The main features of this template include:

Parameterized Configuration: Customize workspace name, description, authentication, and permissions.
IAM Role Creation: Sets up the necessary permissions for Grafana to access CloudWatch.
Grafana Workspace: Provisions an AWS Managed Grafana workspace.
CloudWatch Data Source: Automatically configures CloudWatch as a data source in Grafana.
Outputs: Provides essential information like workspace URL and IDs for easy access.

AWS Managed Grafana with CloudWatch Integration: CloudFormation Template

AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS Managed Grafana workspace with CloudWatch integration'

Parameters:
  # Customize these parameters when creating the CloudFormation stack
  WorkspaceName:
    Type: String
    Default: 'CloudWatchMetricsMonitoringWorkspace'
    Description: 'Name of the Grafana workspace'

  WorkspaceDescription:
    Type: String
    Default: 'Grafana workspace for monitoring CloudWatch metrics'
    Description: 'Description of the Grafana workspace'

  AuthenticationProvider:
    Type: String
    Default: 'AWS_SSO'
    AllowedValues:
      - 'AWS_SSO'
      - 'SAML'
    Description: 'Authentication provider for the Grafana workspace'

  PermissionType:
    Type: String
    Default: 'SERVICE_MANAGED'
    AllowedValues:
      - 'SERVICE_MANAGED'
      - 'CUSTOMER_MANAGED'
    Description: 'Permission type for the Grafana workspace'

  AccountAccessType:
    Type: String
    Default: 'CURRENT_ACCOUNT'
    AllowedValues:
      - 'CURRENT_ACCOUNT'
      - 'ORGANIZATION'
    Description: 'Account access type for the Grafana workspace'

Resources:
  # IAM role for Grafana to access CloudWatch
  GrafanaWorkspaceRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: grafana.amazonaws.com
            Action: 'sts:AssumeRole'
      Policies:
        - PolicyName: GrafanaCloudWatchAccess
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              # Permissions to read CloudWatch metrics
              - Effect: Allow
                Action:
                  - 'cloudwatch:DescribeAlarmsForMetric'
                  - 'cloudwatch:DescribeAlarmHistory'
                  - 'cloudwatch:DescribeAlarms'
                  - 'cloudwatch:ListMetrics'
                  - 'cloudwatch:GetMetricStatistics'
                  - 'cloudwatch:GetMetricData'
                Resource: '*'

  # AWS Managed Grafana workspace
  GrafanaWorkspace:
    Type: 'AWS::Grafana::Workspace'
    Properties:
      AccountAccessType: !Ref AccountAccessType
      AuthenticationProviders: 
        - !Ref AuthenticationProvider
      PermissionType: !Ref PermissionType
      DataSources: 
        - CLOUDWATCH  # Enables CloudWatch as a data source
      Name: !Ref WorkspaceName
      Description: !Ref WorkspaceDescription
      RoleArn: !GetAtt GrafanaWorkspaceRole.Arn  # Attaches the IAM role to the workspace

Outputs:
  # Useful information about the created resources
  GrafanaWorkspaceId:
    Description: 'The ID of the Grafana workspace'
    Value: !Ref GrafanaWorkspace
  GrafanaWorkspaceUrl:
    Description: 'The URL of the Grafana workspace'
    Value: !GetAtt GrafanaWorkspace.Endpoint

Conclusion

In summary, this CloudFormation template offers a streamlined approach to integrating AWS Managed Grafana with CloudWatch, addressing the growing need for robust monitoring and observability solutions in complex cloud environments. By automating the setup process, it significantly reduces the time and effort required to deploy a comprehensive monitoring solution, while ensuring consistency and adherence to best practices. The template's parameterized nature allows for easy customization, making it adaptable to various organizational needs. Furthermore, by embracing an infrastructure-as-code methodology, it enables version control, easier replication across environments, and simplified maintenance of your observability stack. Whether you're a small team looking to quickly set up monitoring or a large enterprise aiming to standardize your observability approach across multiple AWS accounts, this template provides a solid foundation for leveraging the powerful combination of Grafana's visualization capabilities and CloudWatch's extensive metrics collection. Ultimately, this solution empowers organizations to gain deeper insights into their AWS infrastructure and applications, leading to improved performance, faster troubleshooting, and more informed decision-making.

Topics: Infrastructure as Code Management & Governance Networking & Content Delivery
Tags: Amazon Grafana Infrastructure as Code Amazon CloudWatch AWS CloudFormation
Language: English

EXPERT

Jatinder Singh

published a year ago641 views

No comments

Relevant content

Amazon Managed Grafana now supports AWS CloudFormation
EXPERT
Mengdi Chen
published 3 years ago
Simplifying Amazon FSx for NetApp ONTAP monitoring using Amazon Managed Grafana
EXPERT
Jatinder Singh
published a year ago
Amazon Managed Grafana now supports workspace configuration with version 9.4 option
EXPERT
Mengdi Chen
published 3 years ago
AWS Managed Grafana workspace cannot be configured with Athena workgroup
Edgardo Reinoso
asked a year ago
How to access resources in a multi account setup for a Managed Grafana Workspace
Accepted Answer
Edgardo Reinoso
asked 2 years ago
Error while configuring Athena data source on Grafana
Sreelakshmy
asked 8 months ago
Why do I get an "HTTP 504 Gateway Timeout" error from an outbound VPC connection to AWS services in Amazon Managed Grafana?
AWS OFFICIALUpdated 3 years ago
How do I grant administrator access to SAML authenticated users in my Amazon Managed Grafana workspace?
AWS OFFICIALUpdated 3 years ago
How do I connect my Amazon Managed Grafana dashboard to OpenSearch Serverless?
AWS OFFICIALUpdated 10 months ago
How can I use Harvest and Grafana to monitor my FSx for ONTAP file systems in a cross account scenario?
AWS OFFICIALUpdated 2 years ago