Menu
Documentationbreadcrumb arrow Grafana Cloudbreadcrumb arrow Monitor infrastructurebreadcrumb arrow Cloud Provider Observabilitybreadcrumb arrow AWS Observabilitybreadcrumb arrow CloudWatch metricsbreadcrumb arrow Configure AWS Monitoring with Terraform
Grafana Cloud

Configure AWS Monitoring with Terraform

You can define as code AWS monitoring scrape jobs and accounts using Terraform.

Before you begin

Before you begin, you must have the following installed:

Configure authentication

Configure authentication before using the Grafana Terraform provider.

Create an access policy

To create an access policy for your organization in the Grafana Cloud portal, refer to these steps.

Add scopes to the access policy

Add scopes to the access policy.

  1. Enter a scope in the Add Scope textbox to search for a scope.

  2. Assign the following required permissions (scopes):

    • integration-management:read
    • integration-management:write
    • stacks:read

Create an access policy token

In your Grafana Cloud stack, generate a token to authenticate the provider with the cloud provider API. Follow the on-screen instructions, or refer to the steps in Create one or more access policy tokens.

Obtain URL of cloud provider API

You need the URL for the cloud provider provider API to communicate.

  1. Copy and use the following script to return a list of all the Grafana Cloud stacks you own, along with their respective cloud provider API hostnames.

     curl -sH "Authorization: Bearer <Access Token from previous step>" "https://grafana.com/api/instances" | \
 jq '[.items[]|{stackName: .slug, clusterName:.clusterSlug, cloudProviderAPIURL: "https://cloud-provider-api-\(.clusterSlug).grafana.net"}]'

  2. Select the hostname for the stack you wish to manage. In the following example, the correct hostname for the herokublogpost stack is https://cloud-provider-api-prod-us-central-0.grafana.net.

     [
 {
     "stackName": "herokublogpost",
     "clusterName": "prod-us-central-0",
     "cloudProviderAPIURL": "https://cloud-provider-api-prod-us-central-0.grafana.net"
 }
 ]

Set up provider

Set up the Grafana Terraform provider with either of these methods:

  • Terraform commands
  • Environmental variables

Configuring the Grafana Terraform Provider

  1. Include the provider as a dependency in your Terraform configuration.

     terraform {
   required_providers {
     grafana = {
       source  = "grafana/grafana"
       version = ">= 3.13.1" # minimum required version that includes Cloud Provider support
     }
   }
 }

  2. Configure AWS support for the Grafana Terraform provider with the following snippet, which uses the access token and cloud provider API URL obtained in the previous steps.

     provider "grafana" {
   // ...
   cloud_provider_url = <Cloud Provider API URL from previous step>
   cloud_provider_access_token = <Access Token from previous step>
 }

Environmental variables

When running Terraform commands, set the cloud provider URL and access token in an empty Grafana provider block with environment variables (GRAFANA_CLOUD_PROVIDER_ACCESS_TOKEN and GRAFANA_CLOUD_PROVIDER_URL).

 provider "grafana" {}

Grafana Terraform provider

You can define the following resources and data sources with the Grafana Terraform provider.

Resource descriptions

Resource nameDescriptionDocumentation reference
grafana_cloud_provider_aws_accountRepresents an AWS IAM role that authorizes Grafana Cloud to pull AWS CloudWatch metrics for a set of regions. Usually, there’s one of these resources per configured AWS account.Doc
grafana_cloud_provider_aws_cloudwatch_scrape_jobRepresents a Grafana AWS scrape job. This configures Grafana to fetch a list of metrics/statistics for one or many AWS services, and for a given grafana_cloud_provider_aws_account.Doc

Example Terraform

The following snippets are for obtaining EC2 and RDS metrics. Replace the values with your values.

variable "local_token" {
  type        = string
  sensitive = true
}

terraform {
  required_providers {
    grafana = {
      source  = "grafana/grafana"
      version >= "3.13.1"
    }
  }
}

provider "grafana" {
  # this token is used for calling the grafana.com API, and easily fetching the Grafana instance Stack ID
  cloud_access_policy_token = var.local_token # This token can be the same one created in the sections above
}

provider "aws" {
  region = "us-east-2"
  profile =  "name of the profile for accessing AWS APIs"
}

data "grafana_cloud_stack" "thestack" {
  slug = "name of the stack"
}

resource "grafana_cloud_provider_aws_account" "myaccount" {
  stack_id = data.grafana_cloud_stack.thestack.id
  role_arn = "role arn"
  regions = [
    "us-east-1",
    "us-east-2",
  ]
}

resource "grafana_cloud_provider_aws_cloudwatch_scrape_job" "myaccount-ec2" {
  stack_id                = data.grafana_cloud_stack.thestack.id
  name                    = "tf-managed-scrape-job"
  aws_account_resource_id = grafana_cloud_provider_aws_account.myaccount.resource_id

  service {
    name = "AWS/EC2"

    metric {
      name        = "CPUUtilization"
      statistics  = ["Average"]
    }

    metric {
      name        = "StatusCheckFailed"
      statistics  = ["Maximum"]
    }

    scrape_interval_seconds = 300
    tags_to_add_to_metrics = ["eks:cluster-name"]
  }

  service {
    name = "AWS/RDS"

    metric {
      name        = "CPUUtilization"
      statistics  = ["Average", "Maximum"]
    }

    scrape_interval_seconds = 300
    tags_to_add_to_metrics = ["name"]
  }

  custom_namespace {
    name = "MyApp"

    metric {
      name       = "MyMetric"
      statistics = ["Maximum", "Sum"]
    }

    scrape_interval_seconds = 300
  }
}