Plugins 〉X-Ray


Sign up to receive occasional product news and updates:

Data Source


  • Overview
  • Installation
  • Change log
  • Related content

X-Ray data source

X-Ray datasource plugin provides a support for AWS X-Ray. Add it as a data source, then you are ready to build dashboards or use Explore with X-Ray to look at traces, analytics, or insights.

Add the data source

  1. In the side menu under the Configuration link, click on Data Sources.
  2. Click the Add data source button.
  3. Select X-Ray in the Distributed tracing section.

Note: If you have issues getting this data source to work and Grafana is giving you undescriptive errors, check your log file (/var/log/grafana/grafana.log).

NameThe data source name. This is how you refer to the data source in panels and queries.
DefaultDefault data source means that it will be pre-selected for new panels.
Default RegionUsed in query editor to set region. (can be changed on per query basis)
Auth ProviderSpecify the provider to get credentials.
Credentials profile nameSpecify the name of the profile to use (if you use ~/.aws/credentials file), leave blank for default.
Assume Role ArnSpecify the ARN of the role to assume.
External IDIf you are assuming a role in another account that was created with an external ID, specify the external ID here.


In this section we will go through the different type of authentication you can use for the AWS X-Ray data source.

IAM Roles

Currently all access to X-Ray is done server-side by the Grafana backend using the official AWS SDK. If your Grafana server is running on AWS you can use IAM Roles and authentication will be handled automatically.

See the AWS documentation on IAM Roles

Note: AWS Role Switching is not currently supported.

IAM Policies

Grafana needs permissions granted via IAM to be able to read X-Ray data and EC2 tags/instances/regions. You can attach these permissions to IAM roles and utilize Grafana's built-in support for assuming roles.

Here is a basic policy example:

  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Action": [
      "Resource": "*"

Example AWS credentials

If the Auth Provider is Credentials file, Grafana tries to obtain credentials in the following order:

  • Hard-code credentials
  • Environment variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY)
  • Existing default config files
  • ~/.aws/credentials
  • IAM role for Amazon EC2

See Configuring the AWS SDK for Go in the AWS documentation for more information.

AWS credentials file

Create a file at ~/.aws/credentials. That is the HOME path for users running grafana-server.

Note: If the credentials file is in the correct directory, but it is not working, try moving your .aws file to '/usr/share/grafana/'. Make sure your credentials file has at most 0644 permissions.

Example credential file:

aws_access_key_id = <your access key>
aws_secret_access_key = <your access key>
region = us-west-2

Query editor

The most important field in the query editor is the query type. There are five query types:

  • Trace List (Traces in AWS)
  • Trace Statistics
  • Trace Analytics (Analytics in AWS)
  • Insights
  • Service map


Trace List

The Trace List type allows you to search for traces which are shown in a table. Clicking on the trace id in the first column opens the trace on the right side. Notice the query field in the editor. You can write queries, filter expressions, or insert a single trace ID that will be shown in a trace view. You can find more detail about filter expressions in AWS X-Ray documentation.


Note: The Trace List will only show the first 1000 traces.

Trace Statistics

In Trace Statistics you can see a graph and a table showing information about error, fault, throttle, success, and total count. You can use the columns field in the query editor to only see specified columns.


Trace Analytics

In Trace Analytics you can visualize the following tables:

  • Root Cause
    • Response Time
      • Root Cause Service (Last service in path)
      • Path (multiple paths)
    • Error
      • Root Cause Service (Last service in path)
      • Path
      • Error Message
    • Fault
      • Root Cause Service (Last service in path)
      • Path
      • Error Message
  • End user Impact
  • URL
  • HTTP Status Code


In Insights you can see the summary table for Insights. Clicking the InsightId will take you to AWS console.

Service map

Service map in Grafana enables customers to view a map of their applications built using microservices architecture. Each node on the map represents a service such as an AWS Lambda function or an API running on an API Gateway or DynamoDB table. With this map, customers can easily detect performance issues, or increase in error, fault or throttle rates in any of their services and dive deep into corresponding traces and root cause.

Service map

Service Map query type shows the same data as a service map inside X-ray console.

To display the service map:

  • Use the Node graph panel visualization in Grafana 7.4 plus.
  • Use Explore in Grafana version 7.4 and later.
  • Show the data in a simple table. This is the only option if the Node graph panel is unavailable.

You can pan and zoom the view with buttons or use your mouse. For details about the visualization, see Node graph panel.

Service map navigation

Similar to X-ray root nodes, nodes in the service map representing the client application are on the left side of the map.

Each service in the map is represented as a circle. Numbers on the inside shows average time per transaction and transactions per minute.

A colored circle around the service also matches colors and meaning from X-ray console representing percentage of requests.

  • green = success
  • red = fault
  • yellow = errors
  • purple = throttled responses

Click on the service or the edge to see a context menu with links additional links for quick navigation to other relevant information from X-ray. You can use the links to quickly navigate to a list of all error traces for a particular service and then continue to specific trace.

For more information about Service map, refer to the official AWS X-ray documentation.


Since X-Ray queries can return numeric data, alerts are supported. See the Alerting documentation for more on Grafana alerts.


With AWS X-Ray, there are no upfront fees or commitments. You pay only for what you use, based on the number of traces recorded, retrieved, and scanned. The first 1,000,000 traces retrieved or scanned each month are free. Beyond the free tier, traces scanned cost $0.50 per 1 million traces scanned ($0.0000005 per trace). Please see the X-Ray pricing page for more details.

Configure the data source with provisioning

You can configure data sources using config files with Grafana's provisioning system. For more information regarding how it works and all available settings, see Provision Grafana.

Here are some provisioning examples for this data source.

Using a credentials file

If you are using the Credentials file authentication type, use a config similar to this:

apiVersion: 1


  • name: X-Ray type: grafana-x-ray-datasource jsonData: authType: credentials defaultRegion: eu-west-2

Using accessKey and secretKey

apiVersion: 1


  • name: X-Ray type: grafana-x-ray-datasource jsonData: authType: keys defaultRegion: eu-west-2 secureJsonData: accessKey: ‘<your access key>’ secretKey: ‘<your secret key>’

Cross-Account Observability

The X-Ray plugin allows you to monitor traces across multiple AWS accounts within a region with the Cross-Account Observability feature. Using cross-account observability, you can seamlessly search, visualize and analyze AWS traces without worrying about account boundaries.

Getting started

To enable cross-account observability, first enable the feature in AWS using the official CloudWatch docs, then add two API actions to the IAM policy attached to the role/user running the plugin.

This feature is currently behind the cloudWatchCrossAccountQuerying feature toggle.

You can enable feature toggles through configuration file or environment variables. See configuration [docs]({{< relref "../setup-grafana/configure-grafana/#feature_toggles" >}}) for details. Grafana Cloud users can access this feature by opening a support ticket in the Cloud Portal.

Filtering Traces by Account Id

Once the feature is enabled, you will be able to display traces across multiple accounts and filter those traces by account ID. When you select the Service Map query type in Grafana, an account dropdown displays and populates with the account IDs shown in the traces returned in the selected time frame.

You can also add account ID as part of a query filter expression in the Trace List query type.

Installing X-Ray on Grafana Cloud:

For more information, visit the docs on plugin installation.

Change Log

All notable changes to this project will be documented in this file.



  • Update grafana/aws-sdk-go to 0.20.0 in


  • Bump from 0.37.0 to 0.44.0 by @dependabot in
  • Bump from 1.58.2 to 1.58.3 by @dependabot in
  • Bump from 0.45.0 to 0.46.0 by @dependabot in
  • Upgrade underscore, d3-color, debug, cosmiconfig, yaml dependencies by @fridgepoet in

Full Changelog:


  • Migrate ConfigEditor and QueryEditor to the new form styling #211

  • Bump from 1.54.0 to 1.56.3 in #210

  • Support Node 18 in 201


  • Fix X-Ray Service Map filter trace list query by @jamesrwhite in


  • Update @grafana/aws-sdk to fix a bug in temporary credentials


  • Update grafana-aws-sdk to v0.19.1 to add il-central-1 to the opt-in region list


  • Bump grafana/aws-sdk-react dependency #191
  • Remove code coverage workflow #188


  • Update grafana-aws-sdk version to include new region in opt-in region list
  • Security: Upgrade Go in build process to 1.20.4
  • Update grafana-plugin-sdk-go version to 0.161.0 to avoid a potential http header problem.


  • Update backend dependencies


  • Add SQL to trace by @kevinwcyu in


  • Add spellcheck and fix misspellings by @sunker in
  • Migrate to create-plugin by @iwysiu in
  • Update code coverage workflow by @idastambuk in
  • Update @grafana/aws-sdk by @kevinwcyu in
  • Dependencies: Update @grafana dependencies to 9.3.2 by @idastambuk in
  • Small Refactor: Do not fetch account id if not on service map page by @sarahzinger in
  • Upgrade grafana-aws-sdk to v0.12.0 by @fridgepoet in

Full Changelog:****


  • Feature: Make it possible to filter on account id in


  • Make properties of SummaryStatistics optional


  • Security: Upgrade Go in build process to 1.19.3


  • Security: Upgrade Go in build process to 1.19.2


  • Bump terser from 4.8.0 to 4.8.1 by @dependabot in
  • Fix Trace List with variable by @iwysiu in
  • Upgrade to grafana-aws-sdk v0.11.0 by @fridgepoet in

Full Changelog:


  • Bug fix for auth with keys:
  • Code Coverage Changes
  • Code owners changes


What's Changed

  • Stopping support for Grafana versions under 8.0.0 by @yaelleC in

Bug fixes

  • Update minimum IAM policy by @iwysiu in
  • Fix deprecated use of strings.Title by @fridgepoet in


  • Update grafana-aws-sdk by @andresmgot in


Bug fixes

  • Use non opt-in region when obtaining tokens for assumed roles
  • Fix wrong start and end times #89
  • Fix time durations after format change #88
  • Avoid error if the URL in tags cannot be parsed #84


  • Modify the User-Agent for requests. Now it will follow this form: "aws-sdk-go/$aws-sdk-version ($go-version; $OS;) X-ray/$X-ray-version-$git-hash Grafana/$grafana-version"


Bug fixes

  • Add readable names for stats in service map legend #82
  • Upgrade grafana-aws-sdk version fixing issue with assuming role #81


  • Bump prismjs from 1.23.0 to 1.24.0 #80



  • Bump grafana/aws-sdk and Grafana dependency version #77


Features / Enhancements

  • Use ConnectionConfig from grafana-aws-sdk #73
  • Bump prismjs from 1.21.0 to 1.23.0 #70


Bug fixes

  • Remove usage of non backward compatible API preventing using the 1.3.0 version in Grafana before 7.4.0. #67


  • Locks Grafana dependencies on latest stable release preventing compilation fails in CI. #68


Features / Enhancements

  • Add Service Map query type that allows visualizing service map data in similar way to X-Ray console. #60


Features / Enhancements

  • Updates the authentication settings in the plugin config page to include SDK default authentication mechanism and use our Grafana specific auth SDK for AWS. #59


Features / Enhancements

  • Add regions selector to the query editor. #57


  • Version bump needed for CI automated release


  • Initial Release