Configure serverless Azure metrics
Complete the following steps to configure serverless Azure metrics with Terraform.
Configure Azure authorization
To collect metrics from Azure Monitor, create a service principal with the proper authorization to allow Grafana Cloud to pull Azure metrics on your behalf.
Log in to your Azure account.
az login
List your available subscriptions.
az account list --output table
Create a service principal for each subscription you want to monitor, and give it the appropriate role. If a service principal already exists with this name, it will be updated with the role and scopes you provide. Make sure to replace
<subscription-id>
with the appropriate value.az ad sp create-for-rbac --name grafana-cloud-azure-metrics --role "Monitoring Reader" --scopes "/subscriptions/{subscriptionId}"
When the service principal is created, capture the output of the command. This output includes the credential information that you need for the Terraform configuration steps.
{ "appId": "54321a67-8fd9-123d-45d6-7891234567fd", "displayName": "grafana-cloud-azure-metrics", "password": "asdf1234~4321fdsa", "tenant": "12345a67-8fd9-123d-45d6-7891234567fd" }
Configure Grafana Cloud authentication
You need Grafana Cloud authentication to manage Grafana Cloud observability resources, such as Azure credentials. It’s important to configure Grafana Cloud authentication before you configure the Terraform provider.
Create an Access Policy token
After you create an Access Policy, you can generate a token to authenticate the Terraform provider with the Cloud Provider API.
Complete the following steps to create an Access Policy token:
- Log in to Grafana Cloud.
- In the Cloud Portal, navigate to Security in the menu to the left and select Access Policies.
- Select Create Access Policy.
- Assign the required scopes.
If you don’t see the following scopes listed, use the Add scope text box to search for and add them:
- integration-management: Read
- integration-management: Write
- stacks: Read
- Click Create and follow the prompts to generate an access token. For more information on creating an Access Policy token, refer to the following: Create one or more access policy tokens.
If you need more information on creating an Access Policy, refer to Create an access policy for an organization.
Update the Cloud Provider API URL
Update the Cloud Provider API URL so that the Cloud Provider can communicate with Grafana Cloud.
Retrieve the URL by running the following script:
curl -sH "Authorization: Bearer <Access Token from previous step>" "https://grafana.com/api/instances" | \ jq '[.items[]|{stackName: .slug, clusterName:.clusterSlug, cloudProviderAPIURL: "https://cloud-provider-api-\(.clusterSlug).grafana.net"}]'
Select the hostname for the stack you want to manage. The script above returns a list of all the Grafana stacks you manage, as well as their respective Cloud Provider hostnames.
For example, in the response below, the correct hostname for the
kerokublogpost
stack ishttps://cloud-provider-api-prod-us-central-0.grafana.net
.[ { "stackName": "herokublogpost", "clusterName": "prod-us-central-0", "cloudProviderAPIURL": "https://cloud-provider-api-prod-us-central-0.grafana.net" } ]
Configure the Terraform provider
Create a provider
block in your Terraform configuration file. The provider
block specifies the Grafana Cloud provider and the required authentication details.
Include the Grafana Terraform provider as a dependency in your Terraform configuration file. The version of the provider must be
3.18.0
or later.terraform { required_providers { grafana = { source = "grafana/grafana" version = ">= 3.18.0" } } }
Choose one of the following methods to configure Azure support for the Grafana Terraform provider.
- Use the following snippet to configure Azure support for the Grafana Terraform provider. This snippet uses the access token and Cloud Provider API URL obtained in the previous steps.
provider "grafana" {
cloud_access_policy_token = "<cloud_access_policy_token_from_previous_step>"
cloud_provider_access_token = "<cloud_provider_access_token_from_previous_step>"
cloud_provider_url = "<cloud_provider_url_from_previous_step>"
}
- Use an empty Grafana provider block, and set the Cloud Provider URL , Cloud Provider Access Token, and Cloud Access Policy Token via environment variables (
GRAFANA_CLOUD_PROVIDER_ACCESS_TOKEN
,GRAFANA_CLOUD_PROVIDER_URL,
andGRAFANA_CLOUD_ACCESS_POLICY_TOKEN
) when running Terraform commands.
provider "grafana" {}
The Grafana Terraform provider model
The Grafana Terraform provider enables interaction with Grafana Azure Monitor Metrics through the following resources and data sources.
The following is a sample Terraform snippet for pulling Azure metrics. Resource discovery tags are optional.