Monitoring AWS Services By Integrating Cloudwatch With Grafana
In this article , We will learn to Use Cloudwatch metrics with Grafana and setup Dashboard for monitoring AWS services.
As Grafana comes with built-in support for Cloudwatch , We can add cloudwatch as a Data source in Grafana and then we can build dashboard and make use of AWS services metrics collected by Cloudwatch.
Installing Grafana
First We need to have Grafana installed. If you havn’t installed Grafana yet , Check this article
Once you have grafana UP and running , We can move to the next step.
Method 1 : Integrating Cloudwatch With Grafana Using IAM Role
Create IAM User With Cloudwatch Access
In this step , We need to create an IAM user with Cloudwatch Read-only access.
And also the user should require AWS Credentials (ACCESS_KEY & SECRET_ACCESS_KEY).
To create an IAM user , Login to IAM Console.
In the navigation pane , Choose Users , Click Add user
Provide a name for the IAM user.
For AWS access type , Choose Programmatic access type.
and then Click Next: permissions
Under Set permissions , Select Attach existing policies directly
and search for CloudwatchRead , Choose CloudwatchReadOnlyAccess policy.
and then click Next: Tags
You can optionally add tags to the IAM user.
Click Next: Review
Review the settings and choose Create user.
You should get the Successful user creation message along with the User security Credentials.
You can download the security credentials as .csv file to your system.
Make a note of Access Key ID and Secret access key , We will be using it shortly.
Creating IAM Policy
First we need to create an IAM policy with cloudwatch read access.
To create an IAM policy , In the navigation pane , Choose Policies
Click Create Policy and choose JSON , Remove the existing policy and then add the below policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowReadingMetricsFromCloudWatch",
"Effect": "Allow",
"Action": [
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:GetMetricData"
],
"Resource": "*"
},
{ "Sid": "AllowReadingTagsInstancesRegionsFromEC2",
"Effect": "Allow",
"Action": ["ec2:DescribeTags", "ec2:DescribeInstances", "ec2:DescribeRegions"],
"Resource": "*"
}
]
}and click Review policy , provide a name for the IAM policy and click Create policy
Creating IAM Role
Next We need to create an IAM Role and attach the IAM policy with it.
Click Roles and then choose Create role , For AWS Service , Choose EC2 and click Next: permissions
Search for the policy that you have created and select it.
Click Next: Tags , Provide a name for the IAM Role and then click Create role.
After the role is created , Click the Role and there you will find a Role ARN as shown below.
arn:aws:iam::00000000000:role/role_name
Copy the Role ARN and the click Trust relationships , Click Edit trust relationship , Under Principal after Service , Add the Role ARN as shown below.
"AWS": "arn:aws:iam::00000000000:role/role_name"
Finally It should look similar to this.
And click Update Trust Policy
Attaching IAM Role With Grafana Instance
Now we need to attach the IAM role which we have created in the previous step with the Grafana EC2 Instance.
Login to EC2 Console , Choose Instances , Select the Grafana EC2 Instance.
under Actions , Hover to Instance settings and then click Attach/Replace IAM Role
Choose the IAM Role which you have created and Click Apply
Method 2 : Integrating Cloudwatch With Grafana Using Credentials
This method should be used only if you are not running Grafana in AWS EC2 instance.
Configure Credentials
Login to the Grafana server , and then create a folder .aws and then within the folder create credentials file
mkdir .aws
touch credentials
And the add the AWS security credentials as shown below.
[default] aws_access_key_id = ACCESS_KEY_ID aws_secret_access_key = SECRET_ACCESS_KEY region = AWS_REGION
Replace ACCESS_KEY_ID AND SECRET_ACCESS_KEY with the actual values which we have generated before.
And also replace the AWS_REGION. For example : ap-southeast-1 : Singapore.
And Set the file permission as shown below.
chmod 600 credentials
Integrating Cloudwatch With Grafana
As said earlier , Cloudwatch can be integrated with Grafana in two methods.
- Using Role ARN
- Using Security Credentials
Method 1 : Integrating using IAM Role ARN
Login to Grafana Console , In the navigation , Hover to Settings icon and click Data Sources
Click Add data source
and then choose Cloudwatch
Under Cloudwatch details , For Auth Provider , Choose ARN
For Assume Role ARN , Paste the Role ARN of the IAM role and then choose the Default Region.
Click Save & Test.You should get a message as shown below.
We have successfully integrated Cloudwatch with Grafana using IAM Role.
Method 2 : Integrating using Security Credentials
Login to Grafana Console , In the navigation , Hover to Settings icon and click Data Sources
Click Add data source
and then choose Cloudwatch
Under Cloudwatch details , For Auth Provider , Choose Credentials file
Credentials profile name be default.
Choose the Default AWS region and then click Save & Test.
You should get the below response.
We have integrated Cloudwatch with Grafana using Security Credentials.
Creating Dashboards
Lets go ahead and setup first dashboard.
Hover to + icon and click Dashboard , Click Choose Visualization , Select Graph
Click Query icon , Under Query , Choose Cloudwatch
The dashboard settings will look as shown below.
We have to add Metric and Dimensions
Click default and choose the AWS region.
Click select namespace and Choose the AWS service you want to monitor.
Click select metric , Choose the type of metric you want to monitor for the AWS service you have chosen.
For Stats , Choose Minimum
It should look something as shown below.
And For Dimensions , Choose EngineName = mysql
For this tutorial , I have created dashboard for RDS.Likewise we can create dashboard for other AWS services as well and we can setup alerting for the same.
Thanks for reading this article.
Hope you found it helpful.Please do check out my other articles.