By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Is there a way to alias the managed grafana endpoint in Route53?

4

I am able to create a CNAME in Route53 but it's not working as expected.

Topics
Networking & Content DeliveryManagement & Governance
Tags
Amazon Route 53Amazon Grafana
Language
English
smithatlanta
asked 2 years ago4112 views
3 Answers
1

You haven't said what you expect to happen and what is "not working as expected".

However, a big guess:

If you have a DNS entry for an endpoint that uses TLS (HTTPS is a good example of this) which is (say) endpoint.example.com and you use that name on the client; the client expects the server to answer with a certificate that matches the name endpoint.example.com.

If you create a CNAME for that DNS entry (say) other-endpoint.example.com the client will connect to endpoint.example.com (because that's where the CNAME points to) and the server will present a certificate for endpoint.example.com but the client is expecting other-endpoint.example.com and the connection will fail unless the client is told to ignore the remote certificate (not generally a good idea for security).

As above: This is a complete guess based on not very much information.

profile pictureAWS
EXPERT
Brettski-AWS
answered 2 years ago
  • NadirS
    2 years ago

    I believe Brettski correctly hit on the existing pain point. As a user of AWS Managed Grafana, I would like to create a prettier URL in my Route53 hosted zone for my Grafana workspace. Searching through the docs and clicking around the console, it appears there is no way to associate an Amazon ACM certificate with the Grafana workspace. As a result, users are unable to create the CNAME record because the certificate in the Grafana workspace won't match the CNAME record in the Route53 hosted zone.

    I would like to see AWS add support for customer-managed ACM certificates associated with Grafana workspaces.

  • ClaytonO
    2 years ago

    I second this request. These URL's are not very user friendly and we need ACM support please!

  • Brettski-AWS EXPERT
    2 years ago

    I think the way to do this would be to put a CloudFront distribution in front of Grafana. That way, you can create a "friendlier" DNS name and certificate to go with it. https://grafana.com/grafana/dashboards/674

0

Seems a bit extreme and and an unnecessary expense but I suppose that's an option. Can we ask if this is on the road map for AMG at all though?

ClaytonO
answered 2 years ago
  • Brettski-AWS EXPERT
    2 years ago

    Please reach out to your local AWS Solutions Architect to discuss roadmap items and also to provide feedback to us on features that you require.

  • Brettski-AWS EXPERT
    2 years ago

    As far as pricing goes: The CloudFront Pricing Page mentions that you get 1 TB of traffic free every month so you should definitely check it out. It also brings other benefits like a Web Application Firewall which is a good tool for protecting your Internet-facing web assets.

0

The easiest way is:

Route53 host record --> S3 (static website) --> Amazon Managed Graphana (AMG) dashboard URL

  1. Create the AMG workspace and copy the URL. i.e. g-98xxxxxxxx.grafana-workspace.ap-southeast-2.amazonaws.com
  2. Create S3 static website and configure a redirect (https) to the AMG URL.
  3. Create a CNAME record in Route53 with value set to URL of S3 static website.

All done.

AWS
carcel
answered 2 years ago
  • AWS-User-6847149
    a year ago

    Hi carcel can you provide the detailed steps ? I tried following this but it didn't worked.

  • scott_amazonReporting
    a year ago

    If you create a CNAME after the redirect, the CNAME never gets hit. Your 30x redirect in step 2 just gets you to the grafana URL. Step 3 doesn't do anything.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content