Create an AWS IAM role

In this milestone, you’ll create an AWS IAM role that grants Grafana Cloud the necessary permissions to collect metrics from your AWS account. This role uses the principle of least privilege, providing only the read-only access required for monitoring.

The IAM role establishes a secure trust relationship between your AWS account and Grafana Cloud, allowing metric collection without sharing long-term credentials or compromising security.

To create an AWS IAM role for Grafana Cloud, complete the following steps:

From the Configuration tab, click the AWS accounts tile.
At the AWS Accounts page, click Add new account to open the Create new account page.
For Create a new AWS role, leave the Automatically and Use CloudFormation tiles selected.
Click Launch stack, opening a CloudFormation template in your AWS account in a new tab.
The AWS account that you are logged into at the time of clicking the button is the account that opens. To use a different account, log out of the current account and into the account you want to use.
Select the I acknowlege that AWS CloudFormation might create IAM resources with custom names checkbox.
Click Create stack.
Copy the RoleARN in the Outputs tab of the stack to use in a later step.
Return to the Create new account page in Grafana Cloud when you have finished in AWS.

In your next milestone, you’ll use this IAM role to connect your AWS account to Grafana Cloud.

More to explore (optional)

At this point in your journey, you can explore the following paths:

Additional ways to create an AWS IAM role

Navigate to Cloud Provider Observability

page 5 of 10

Connect AWS account

page 5 of 10