In December, we launched the preview of Amazon Managed Grafana, a totally managed service developed in collaboration with Grafana Labs that makes it simple to make use of the open-source and the enterprise variations of Grafana to visualise and analyze your information from a number of sources. With Amazon Managed Grafana, you’ll be able to analyze your metrics, logs, and traces with out having to provision servers, or configure and replace software program.
In the course of the preview, Amazon Managed Grafana was up to date with new capabilities. Right this moment, I’m glad to announce that Amazon Managed Grafana is now typically accessible with further new options:
- Grafana has been upgraded to model eight and gives new information sources, visualizations, and options, together with library panels which you could construct as soon as and re-use on a number of dashboards, a Prometheus metrics browser to shortly discover and question metrics, and new state timeline and standing historical past visualizations.
- To centralize the querying of further information sources inside an Amazon Managed Grafana workspace, now you can question information utilizing the JSON information supply plugin. Now you can additionally question Redis, SAP HANA, Salesforce, ServiceNow, Atlassian Jira, and lots of extra information sources.
- You should utilize Grafana API keys to publish your individual dashboards or give programmatic entry to your Grafana workspace. For instance, it is a Terraform recipe that you need to use so as to add information sources and dashboards.
- You may allow single sign-on to your Amazon Managed Grafana workspaces utilizing Safety Assertion Markup Language 2.zero (SAML 2.zero). We now have labored with these identification suppliers (IdP) to have them built-in at launch: CyberArk, Okta, OneLogin, Ping Id, and Azure Energetic Listing.
- All calls from the Amazon Managed Grafana console and code calls to Amazon Managed Grafana API operations are captured by AWS CloudTrail. On this means, you’ll be able to have a report of actions taken in Amazon Managed Grafana by a consumer, position, or AWS service. Moreover, now you can audit mutating modifications that happen in your Amazon Managed Grafana workspace, comparable to when a dashboard is deleted or information supply permissions are modified.
- The service is out there in ten AWS Areas (full checklist on the finish of the publish).
Let’s do a fast walkthrough to see how this works in apply.
Utilizing Amazon Managed Grafana
Within the Amazon Managed Grafana console, I select Create workspace. A workspace is a logically remoted, extremely accessible Grafana server. I enter a reputation and an outline for the workspace, after which select Subsequent.
I can use AWS Single Signal-On (AWS SSO) or an exterior identification supplier through SAML to authenticate the customers of my workspace. For simplicity, I choose AWS SSO. Later within the publish, I’ll present how SAML authentication works. If that is your first time utilizing AWS SSO, you’ll be able to see the conditions (comparable to having AWS Organizations arrange) within the documentation.
Then, I select the Service managed permission kind. On this means, Amazon Managed Grafana will mechanically provision the required IAM permissions to entry the AWS Companies that I choose within the subsequent step.
In Service managed permission settings, I select to watch sources in my present AWS account. For those who use AWS Organizations to centrally handle your AWS atmosphere, you need to use Grafana to watch sources in your organizational items (OUs).
I can optionally choose the AWS information sources that I’m planning to make use of. This configuration creates an AWS Id and Entry Administration (IAM) position that allows Amazon Managed Grafana to entry these sources in my account. Later, within the Grafana console, I can arrange the chosen companies as information sources. For now, I choose Amazon CloudWatch in order that I can shortly visualize CloudWatch metrics in my Grafana dashboards.
Right here I additionally configure permissions to make use of Amazon Managed Service for Prometheus (AMP) as an information supply and have a totally managed monitoring resolution for my purposes. For instance, I can accumulate Prometheus metrics from Amazon Elastic Kubernetes Service (EKS) and Amazon Elastic Container Service (Amazon ECS) environments, utilizing AWS Distro for OpenTelemetry or Prometheus servers as assortment brokers.
On this step I additionally choose Amazon Easy Notification Service (SNS) as a notification channel. Much like the info sources earlier than, this selection offers Amazon Managed Grafana entry to SNS however doesn’t arrange the notification channel. I can try this later within the Grafana console. Particularly, this setting provides SNS publish permissions to subjects that begin with
grafana to the IAM position created by the Amazon Managed Grafana console. For those who desire to have tighter management on permissions for SNS or any information supply, you’ll be able to edit the position within the IAM console or use customer-managed permissions in your workspace.
Lastly, I overview all of the choices and create the workspace.
After a couple of minutes, the workspace is prepared, and I discover the workspace URL that I can use to entry the Grafana console.
I have to assign not less than one consumer or group to the Grafana workspace to have the ability to entry the workspace URL. I select Assign new consumer or group after which choose one in all my AWS SSO customers.
By default, the consumer is assigned a Viewer consumer kind and has view-only entry to the workspace. To offer this consumer permissions to create and handle dashboards and alerts, I choose the consumer after which select Make admin.
Again to the workspace abstract, I comply with the workspace URL and check in utilizing my AWS SSO consumer credentials. I’m now utilizing the open-source model of Grafana. If you’re a Grafana consumer, every little thing is acquainted. For my first configurations, I’ll give attention to AWS information sources so I select the AWS brand on the left vertical bar.
Right here, I select CloudWatch. Permissions are already set as a result of I chosen CloudWatch within the service-managed permission settings earlier. I choose the default AWS Area and add the info supply. I select the CloudWatch information supply and on the Dashboards tab, I discover a couple of dashboards for AWS companies comparable to Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Block Retailer (EBS), AWS Lambda, Amazon Relational Database Service (RDS), and CloudWatch Logs.
I import the AWS Lambda dashboard. I can now use Grafana to watch invocations, errors, and throttles for Lambda capabilities in my account. I’ll prevent the screenshot as a result of I don’t have any fascinating information on this Area.
Utilizing SAML Authentication
If I don’t have AWS SSO enabled, I can authenticate customers to the Amazon Managed Grafana workspace utilizing an exterior identification supplier (IdP) by choosing the SAML authentication possibility after I create the workspace. For present workspaces, I can select Setup SAML configuration within the workspace abstract.
First, I’ve to supply the workspace ID and URL data to my IdP with a purpose to generate IdP metadata for configuring this workspace.
After my IdP is configured, I import the IdP metadata by specifying a URL or copying and pasting to the editor.
Lastly, I can map consumer permissions in my IdP to Grafana consumer permissions, comparable to specifying which customers can have Administrator, Editor, and Viewer permissions in my Amazon Managed Grafana workspace.
Availability and Pricing
Amazon Managed Grafana is out there at the moment in ten AWS Areas: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Eire), Europe (Frankfurt), Europe (London), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), and Asia Pacific (Seoul). For extra data, see the AWS Regional Companies Record.
With Amazon Managed Grafana, you pay for the energetic customers per workspace every month. Grafana API keys used to publish dashboards are billed as an API consumer license per workspace every month. You may improve to Grafana Enterprise to have entry to enterprise plugins, assist, and on-demand coaching immediately from Grafana Labs. For extra data, see the Amazon Managed Grafana pricing web page.
To study extra, you might be invited to this webinar on Thursday, September 9 at 9:00 am PDT / 12:00 pm EDT / 6:00 pm CEST.
Begin utilizing Amazon Managed Grafana at the moment to visualise and analyze your operational information at any scale.