By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Request from AWS Grafana timed out after VPC Configurations

0

Hi all,

Hope you are doing well. I ran into some issues while I was working with AWS Grafana and VPC. Been stuck for a while now.

I have S3 bucket saving the critical data. I used Athena as query engine and AWS Grafana to create visualizations. After I configured this pipeline, the charts I created on AWS Grafana was working fine.

After that I was thinking about configuring VPC so that the traffic is within the VPC instead of public internet. I created an VPC and had an S3 gateway endpoint set up as well. The security group is just the default one which has everything open.

Then I went to S3 bucket and updated the policy to deny access that's not from the S3 VPC endpoint. Then I went ahead and queried on Athena, the query failed because of this policy, which was expected. However, I did want to figure out how to have athena query work even after the VPC configurations for S3.

Then I went to AWS Grafana workspace Outbound VPC connection. I changed it to the VPC I created. Chose the default security group which has everything open. After I configured this, I logged into the workspace, the charts kept loading and after a while I have this error: Enter image description here How should I fix this and make athena and grafana work again? Any leads would be appreciated

Topics
StorageAnalyticsNetworking & Content DeliveryManagement & Governance
Tags
Amazon Simple Storage ServiceAmazon AthenaAmazon VPCAmazon GrafanaSecurity Group
Language
English
ian_z
asked 2 months ago88 views
1 Answer
1
Accepted Answer

Could you please use the below for your troubleshooting

  • Check Logs:
    • Check the CloudWatch Logs for both Athena and Grafana for detailed error messages.
  • Test Connectivity:
    • Use tools like telnet or curl from an EC2 instance in the same VPC to test connectivity to the VPC endpoints.
  • Revert Changes:
    • If the issue persists, temporarily revert the S3 bucket policy and Grafana VPC configuration to the previous working state and troubleshoot incrementally.
profile picture
EXPERT
Adeleke Adebowale Julius
answered 2 months ago
  • ian_z
    2 months ago

    Hi Adeleke, your answer is awesome. Following your suggestion, I was able to create the STS endpoint and it worked after that. I specified the network access control in the AWS Grafana management console as the same VPC I created where I also created STS, athena, and S3 endpoint. I also created security groups for Grafana, sts, and s3. The charts worked well. However, something weird happened. Now when I ran queries on Athena query editor, the query succeeded even without any S3 bucket policy. I checked IAM and there was not any role associated with Athena. Do you know what could go wrong?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content