IntegrationsCurrently available IntegrationsCloudWatch Integration

CloudWatch Integration for Grafana Cloud

The CloudWatch integration enables you to quickly pull in CloudWatch metrics to Grafana Cloud. The integration also provides a number of prebuilt dashboards to help you monitor your Amazon Web Services (AWS). No agent is required and you can create multiple configurations called scrape jobs to organize your data.

Install CloudWatch Integration for Grafana Cloud

  1. In your Grafana instance, Click Onboarding (lightning bolt icon), then select Integrations Manager.

  2. Click the CloudWatch Metrics tile and follow the installation instructions.

Configure scrape jobs

You can create scrape job configurations automatically using two possible alternatives described below, or configure them manually.

Automatically configure scrape jobs using CloudFormation

Scrape jobs can be named and connected to a specific AWS CloudWatch account. Each scrape job contains a number of services available to scrape. For example, you can create a job that scrapes metrics from your EC2 instances from a specific AWS account.

  1. In the CloudWatch Metrics tile, click Add scrape job.

  2. Select Create Automatically in the first step of creating a new AWS role.

  3. Follow the steps to create an IAM role for CloudFormation.

  4. In the scrape job configuration UI, enter the ARN from your AWS IAM role in the scrape job field.

  5. Select relevant regions.

  6. Test the connection.

  7. Name the scrape job and select the services to import data from.

  8. Click Configure Integration to create the scrape job.

    You’ll see a success page and can navigate to the dashboards that have been installed.

Automatically configure scrape jobs using Terraform

You’ll find a Terraform snippet in this section that can be used to provision the IAM role needed to create the scrape jobs.

The input variables are:

  • external_id: your Grafana Cloud identifier used for security purposes.

  • iam_role_name: customizable name of the IAM role used by Grafana for the CloudWatch integration. The default value is GrafanaCloudWatchIntegration.

The output value is:

  • role_arn: the IAM role ARN you need to use when creating the scrape job.

To run the Terraform file:

  1. Configure the AWS CLI.

  2. Copy this snippet into your Terraform file

    terraform {
      required_providers {
        aws = {
          source  = "hashicorp/aws"
          version = "~> 3.0"
        }
      }
    }
    
    locals {
      grafana_account_id = "008923505280"
    }
    
    variable "external_id" {
      type        = string
      description = "This is your Grafana Cloud identifier and is used for security purposes."
    
      validation {
        condition     = length(var.external_id) > 0
        error_message = "ExternalID is required."
      }
    }
    
    variable "iam_role_name" {
      type        = string
      default     = "GrafanaLabsCloudWatchIntegration"
      description = "Customize the name of the IAM role used by Grafana for the CloudWatch Integration."
    }
    
    data "aws_iam_policy_document" "trust_grafana" {
      statement {
        effect = "Allow"
    
        principals {
          type        = "AWS"
          identifiers = ["arn:aws:iam::${local.grafana_account_id}:root"]
        }
    
        actions = ["sts:AssumeRole"]
        condition {
          test     = "StringEquals"
          variable = "sts:ExternalId"
          values   = [var.external_id]
        }
      }
    }
    
    resource "aws_iam_role" "grafana_labs_cloudwatch_integration" {
      name        = var.iam_role_name
      description = "Role used by Grafana CloudWatch Integration."
    
      # Allow Grafana Labs' AWS account to assume this role.
      assume_role_policy = data.aws_iam_policy_document.trust_grafana.json
    
      # This policy allows the role to discover metrics via tags and export them.
      inline_policy {
        name = var.iam_role_name
        policy = jsonencode({
          Version = "2012-10-17"
          Statement = [
            {
              Effect = "Allow"
              Action = [
                "tag:GetResources",
                "cloudwatch:GetMetricData",
                "cloudwatch:GetMetricStatistics",
                "cloudwatch:ListMetrics"
              ]
              Resource = "*"
            }
          ]
        })
      }
    }
    
    output "role_arn" {
      value       = aws_iam_role.grafana_labs_cloudwatch_integration.arn
      description = "The ARN for the role created, copy this into Grafana Cloud installation."
    }
    
  3. Run the terraform apply command in one of the following ways:

  • By setting variables directly CLI

    terraform apply \
       -var="grafana_importer_external_id=<your external ID>" \
       -var="iam_role_name=GrafanaCloudWatchIntegration"
    
  • Create a tfvars file

    <your-tfvars-file>.tfvars

    Add the following text:

    grafana_importer_external_id="<your external ID>"
    iam_role_name="GrafanaCloudWatchIntegration"
    

    Run the following command:

    terraform apply -var-file="<your-tfvars-file>.tfvars"
    

Once the terraform apply command has finished creating the IAM Role, it will output your role_arn. For example:

role_arn = "arn:aws:iam::<yourAWSAccountID>:role/<iam_role_name>"

Use the role_arn in the next step of the scrape job creation.

Manually configure scrape jobs

Please note that we recommend using automation as a best practice. Creating the role in the AWS IAM console requires many more steps.

  1. Open the CloudWatch Integration (configuration), click Add scrape job.

  2. Select Manual and create a new role in your AWS IAM console.

Configure the your AWS settings

  1. Click the link to open the AWS IAM console and do the following:

  2. In Roles, click Create role.

  3. Choose Another AWS account.

  4. In Account ID, enter the Grafana AWS account ID shown in the scrape job configuration.

  5. Select Require external ID and enter the Grafana external ID shown in the scrape job configuration.

  6. Click Next: Permissions.

  7. Click Create policy.

  8. Go to the JSON section. Overwrite existing code with the code provided in the Grafana Cloud instructions.

  9. At the bottom of each screen, click Next: Tags > Next: Review > Create policy.

  10. Return to the scrape job configuration UI and do the following:

    • Paste the ARN from your AWS IAM role in the scrape job field.
    • Select relevant regions.
    • Test the connection.
    • Name the scrape job and select the services to import data from.
    • Click Configure Integration to create the scrape job.

    You’ll see a success page and can navigate to the dashboards that have been installed.

Dashboards

After you have successfully configured the CloudWatch integration, prebuilt dashboards will be installed in your Grafana instance to help you monitor your AWS services.

Managing Your Integration

After you’ve successfully configured a scrape job, no other management is needed. Grafana Cloud will manage the scraping of metrics from CloudWatch into Grafana Cloud.

You can view, edit or delete your existing scrap jobs at any time by navigating to the integrations management page via the onboarding button (lightning bolt icon) on the left hand side and selecting the CloudWatch Metrics tile.

Services and metrics captured by Grafana CloudWatch Integration

Services

The CloudWatch integration allows you to pull in metrics from the following AWS services:

  • Amazon Elastic Block Store (Amazon EBS)
  • EC2
  • Lamba
  • RDS
  • S3

Note: You must add tags to AWS resources so Grafana Cloud can discover their metrics. For more information, see the AWS tagging documentation.

Metrics

Below is a list of the metrics per service that are automatically written to your Grafana Cloud instance when you select a service to connect to. The metrics will be named using the following naming convention: aws_servicename_metricname_statistic. For example aws_ebs_volume_total_read_time_average is how the time series that measures the average VolumeTotalReadTime for Amazon Elastic Block Store (EBS) will be named.

Amazon Elastic Block Store

  • VolumeReadBytes (Average, Sum)
  • VolumeWriteBytes (Average, Sum)
  • VolumeReadOps (Average, Sum)
  • VolumeWriteOps (Average, Sum)
  • VolumeTotalReadTime (Average, Sum)
  • VolumeTotalWriteTime (Average, Sum)
  • VolumeIdleTime (Average)
  • VolumeQueueLength (Average, Sum)
  • VolumeThroughputPercentage (Average)
  • VolumeConsumedReadWriteOps (Average, Sum)
  • BurstBalance (Average, Sum)

EC2

  • CPUUtilization (Maximum)
  • NetworkIn (Average, Sum)
  • NetworkOut (Average, Sum)
  • NetworkPacketsIn (Sum)
  • NetworkPacketsOut (Sum)
  • DiskReadBytes (Sum)
  • DiskWriteBytes (Sum)
  • DiskReadOps (Sum)
  • DiskWriteOps (Sum)
  • StatusCheckFailed (Sum)
  • StatusCheckFailed_Instance (Sum)
  • StatusCheckFailed_System (Sum)

Lambda

  • Invocations (Sum)
  • Errors (Sum)
  • Throttles (Sum)
  • Duration (Maximum, Minimum, Sum, p90)

RDS

  • CPUUtilization (Maximum)
  • DatabaseConnections (Sum)
  • FreeableMemory (Average)
  • FreeStorageSpace (Average)
  • ReadThroughput (Average)
  • WriteThroughput (Average)
  • ReadLatency (Maximum)
  • WriteLatency (Maximum)
  • ReadIOPS (Average)
  • WriteIOPS (Average)

S3

  • NumberOfObjects (Average)
  • BucketSizeBytes (Average)
  • AllRequests (Sum)
  • 4xxErrors (Average, Sum)
  • 5xxErrors (Average, Sum)
  • FirstByteLatency (Average, p95)
  • TotalRequestLatency (Average, p95)
  • GetRequests (Sum)
  • BytesUploaded (Average, Sum)
  • BytesDownloaded (Average, Sum)

Cost

By connecting your AWS CloudWatch Metrics to Grafana Cloud you might incur charges. For more information, use the following links:

The CloudWatch integration uses the GetMetricData API from Amazon. To learn more, see the CloudWatch API reference.