By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Accessing Grafana through IAM Identity Center Account in Organization

1

Hi,

we have an existing Grafana environment in one of our AWS accounts and were previously able to login to Grafana through the assigned user from the IAM Identity Center in the same account. We have now restructured our AWS organization by introducing a new management account which now hosts the IAM Identity Center. Assignments have been updated and the new user is assigned in Grafana as Admin. Unfortunately, we are now unable to sign in to Grafana with IAM Idendity Center. We get "Login Failed - internal server error". Login Failed

Is somebody able to help us with this issue?

Thanks! Manfred

Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
AWS OrganizationsAmazon GrafanaAWS IAM Identity Center
Language
English
Manfred
asked a year ago866 views
3 Answers
0

There are a few potential causes for this error message when trying to sign in to Grafana using IAM Identity Center. Some possible solutions include:

  1. Ensure that the IAM role that you are using to sign in to Grafana has the correct permissions.
  2. Check that the IAM Identity Provider that you are using is properly configured in Grafana.
  3. Check that the Grafana server is running and accessible.
  4. Check the Grafana server logs for more information on the error.
  5. Make sure that the IAM user you are trying to sign in with has the correct permissions in IAM.

It's important to check the grafana server log to understand more about the error, because it could be a internal error with Grafana, with the IAM role or with the IAM user.

profile picture
Emmanuel Oluwayemisi
answered a year ago
  • Manfred
    a year ago

    Hi Emmanuel,

    thanks for your response! Could you please let us know where we can find the Grafana server log if we are unable to access Grafana. Currently, we only have access to the AWS Grafana Workspace management tool.

    Thanks! Manfred

0

Hi,

can somebody please let us know where to find the Grafana server log, when unable to access Grafana.

Thank you!

Manfred

Manfred
answered a year ago
0

We had almost exactly the same problem with our Managed Grafana instance. We changed some groups and permissions with our users in IAM Identity and only one of our users could no longer login. We received the same 500 Internal Server Error message toast.

After reviewing and comparing permissions between users, we found no differences. The solution that worked for us was to delete the user from within Grafana (but not in IAM Identity), and then login to Grafana again with that user. The user was automatically re-created in Grafana and everything is now working as expected.

Our team has searched extensively through the AWS and Grafana documents and the Github repo for Grafana, but we have not found any documentation on how AWS creates and/or syncs users when an IAM Identity (previously SSO) user logs into Managed Grafana.

GL Manfred, HTH!

always-writing-software
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content