Amazon Managed Grafana setup (#133)

* Managed Grafana Workspace with Identity Centre Users (#83)

* update kuberenetes and instance type

* initial setup of managed grafana workspace and identity centre identities

* cleanup

* run precommit

* output grafana workspace ID

* add identity store id variable

* remove API key

* update outputs naming convention as per terraform guidelines

* update docs and add versions

* update variables type

* update naming conventions

* add managed policy arn for querying promethues

* update readme

* update workshop references to this

* add role arn type

* cleanup and simplification

* remove workshop

---------

Co-authored-by: charlie keegan <[email protected]>
Co-authored-by: Rodrigue Koffi <[email protected]>

* Rename example

* Update grafana example and base module references

* Update example's reference

* Cleanup and docs ref

* Add docs

* Update docs

* TODO: add link after merge

* Update managed-grafana.md

---------

Co-authored-by: Charlie Keegan <[email protected]>
Co-authored-by: charlie keegan <[email protected]>
Co-authored-by: Mark Beacom <[email protected]>

Author: 4 people

README.md

@@ -91,7 +91,7 @@ View all the configuration options in the module documentation below.
 ### Workload modules
 
 [Workloads modules](./modules) are provided, which essentially provide curated
-metrics collection, alerting rule and Grafana dashboards.
+metrics collection, alerting rules and Grafana dashboards.
 
 #### Infrastructure monitoring
 
@@ -151,9 +151,7 @@ If you are interested in contributing, see the [Contribution guide](https://gith
 
 ## Modules
 
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_managed_grafana"></a> [managed\_grafana](#module\_managed\_grafana) | terraform-aws-modules/managed-service-grafana/aws | ~> 1.3 |
+No modules.
 
 ## Resources
 
@@ -172,7 +170,6 @@ If you are interested in contributing, see the [Contribution guide](https://gith
 |------|-------------|------|---------|:--------:|
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS Region | `string` | n/a | yes |
 | <a name="input_enable_alertmanager"></a> [enable\_alertmanager](#input\_enable\_alertmanager) | Creates Amazon Managed Service for Prometheus AlertManager for all workloads | `bool` | `false` | no |
-| <a name="input_enable_managed_grafana"></a> [enable\_managed\_grafana](#input\_enable\_managed\_grafana) | Creates a new Amazon Managed Grafana Workspace | `bool` | `true` | no |
 | <a name="input_enable_managed_prometheus"></a> [enable\_managed\_prometheus](#input\_enable\_managed\_prometheus) | Creates a new Amazon Managed Service for Prometheus Workspace | `bool` | `true` | no |
 | <a name="input_grafana_api_key"></a> [grafana\_api\_key](#input\_grafana\_api\_key) | Grafana API key for the Amazon Managed Grafana workspace | `string` | n/a | yes |
 | <a name="input_managed_grafana_workspace_id"></a> [managed\_grafana\_workspace\_id](#input\_managed\_grafana\_workspace\_id) | Amazon Managed Grafana Workspace ID | `string` | `""` | no |

docs/eks/index.md

@@ -1,7 +1,7 @@
 # Amazon EKS cluster metrics
 
 This example demonstrates how to monitor your Amazon Elastic Kubernetes Service
-(Amazon EKS) cluster with the Observability Accelerator's 
+(Amazon EKS) cluster with the Observability Accelerator's
 [EKS monitoring module](https://github.com/aws-observability/terraform-aws-observability-accelerator/tree/main/modules/eks-monitoring).
 
 Monitoring Amazon Elastic Kubernetes Service (Amazon EKS) for metrics has two categories:
@@ -72,9 +72,9 @@ aws amp create-workspace --alias observability-accelerator --query '.workspaceId
 
 #### 5. Amazon Managed Grafana workspace
 
-To run this example you need an Amazon Managed Grafana workspace. If you have an existing workspace, create an environment variable as described below.
-To create a new workspace, visit our Amazon Managed Grafana [documentation](https://docs.aws.amazon.com/grafana/latest/userguide/getting-started-with-AMG.html).
-Make sure to provide the workspace with Amazon Managed Service for Prometheus read permissions.
+To run this example you need an Amazon Managed Grafana workspace. If you have
+an existing workspace, create an environment variable as described below.
+To create a new workspace, visit our supporting example for Grafana.
 
 !!! note
     For the URL `https://g-xyz.grafana-workspace.eu-central-1.amazonaws.com`, the workspace ID would be `g-xyz`

docs/helpers/managed-grafana.md

@@ -0,0 +1,57 @@
+# Creating a new Amazon Managed Grafana Workspace
+
+This example creates an Amazon Managed Grafana Workspace with
+Amazon CloudWatch, AWS X-Ray and Amazon Managed Service for Prometheus
+datasources.
+
+The authentication method chosen for this example is with IAM Identity
+Center (former SSO). You can extend this example to add SAML.
+
+## Prerequisites
+
+!!! note
+    Make sure to complete the [prerequisites section](https://aws-observability.github.io/terraform-aws-observability-accelerator/concepts/#prerequisites) before proceeding.
+
+## Setup
+
+### 1. Download sources and initialize Terraform
+
+```
+git clone https://github.com/aws-observability/terraform-aws-observability-accelerator.git
+cd examples/managed-grafana-workspace
+terraform init
+```
+
+### 2. AWS Region
+
+Specify the AWS Region where the resources will be deployed:
+
+```bash
+export TF_VAR_aws_region=xxx
+```
+
+## Deploy
+
+Simply run this command to deploy the example
+
+```bash
+terraform apply
+```
+
+## Authentication
+
+After apply, Terraform will output the Worksapce's URL, but you need to:
+
+- [Setup user(s)](https://docs.aws.amazon.com/singlesignon/latest/userguide/getting-started.html) in the IAM Identity Center (former SSO)
+- [Assign the user(s) to the workspace](https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-users-and-groups-AMG.html) with proper permissions
+
+<img width="1936" alt="Screenshot 2023-03-19 at 12 04 45" src="https://user-images.githubusercontent.com/10175027/226172947-f8588ed3-3751-47c1-a3ed-fb4c2d4d847e.png">
+
+
+## Cleanup
+
+To clean up your environment, destroy the Terraform example by running
+
+```sh
+terraform destroy
+```

docs/images/dark-o11y-accelerator-amp-xray.drawio

@@ -50,9 +50,11 @@ Add your cluster name for `eks_cluster_id="..."` to the `terraform.tfvars` or us
 
 4. Amazon Managed Grafana workspace
 
-To run this example you need an Amazon Managed Grafana workspace. If you have an existing workspace, create an environment variable `export TF_VAR_managed_grafana_workspace_id=g-xxx`.
-To create a new one, visit our Amazon Managed Grafana [documentation](https://docs.aws.amazon.com/grafana/latest/userguide/getting-started-with-AMG.html).
-Make sure to provide the workspace with Amazon Managed Service for Prometheus read permissions.
+To run this example you need an Amazon Managed Grafana workspace. If you have
+an existing workspace, create an environment variable
+`export TF_VAR_managed_grafana_workspace_id=g-xxx`.
+
+To create a new one, visit [this example](../managed-grafana-workspace).
 
 > In the URL `https://g-xyz.grafana-workspace.eu-central-1.amazonaws.com`, the workspace ID would be `g-xyz`
 

docs/images/light-o11y-accelerator-amp-xray.drawio

@@ -47,7 +47,6 @@ module "aws_observability_accelerator" {
   managed_prometheus_workspace_id = var.managed_prometheus_workspace_id
 
   # reusing existing Amazon Managed Grafana workspace
-  enable_managed_grafana       = false
   managed_grafana_workspace_id = var.managed_grafana_workspace_id
   grafana_api_key              = var.grafana_api_key
 

examples/existing-cluster-java/README.md

@@ -49,9 +49,11 @@ Add your cluster name for `eks_cluster_id="..."` to the `terraform.tfvars` or us
 
 4. Amazon Managed Grafana workspace
 
-To run this example you need an Amazon Managed Grafana workspace. If you have an existing workspace, create an environment variable `export TF_VAR_managed_grafana_workspace_id=g-xxx`.
-To create a new one, visit our Amazon Managed Grafana [documentation](https://docs.aws.amazon.com/grafana/latest/userguide/getting-started-with-AMG.html).
-Make sure to provide the workspace with Amazon Managed Service for Prometheus read permissions.
+To run this example you need an Amazon Managed Grafana workspace. If you have
+an existing workspace, create an environment variable
+`export TF_VAR_managed_grafana_workspace_id=g-xxx`.
+
+To create a new one, visit [this example](../managed-grafana-workspace).
 
 > In the URL `https://g-xyz.grafana-workspace.eu-central-1.amazonaws.com`, the workspace ID would be `g-xyz`
 

examples/existing-cluster-java/main.tf

@@ -47,7 +47,6 @@ module "aws_observability_accelerator" {
   managed_prometheus_workspace_id = var.managed_prometheus_workspace_id
 
   # reusing existing Amazon Managed Grafana workspace
-  enable_managed_grafana       = false
   managed_grafana_workspace_id = var.managed_grafana_workspace_id
   grafana_api_key              = var.grafana_api_key
 

examples/existing-cluster-nginx/README.md

@@ -47,9 +47,11 @@ Add your cluster name for `eks_cluster_id="..."` to the `terraform.tfvars` or us
 
 4. Amazon Managed Grafana workspace
 
-To run this example you need an Amazon Managed Grafana workspace. If you have an existing workspace, create an environment variable `export TF_VAR_managed_grafana_workspace_id=g-xxx`.
-To create a new one, visit our Amazon Managed Grafana [documentation](https://docs.aws.amazon.com/grafana/latest/userguide/getting-started-with-AMG.html).
-Make sure to provide the workspace with Amazon Managed Service for Prometheus read permissions.
+To run this example you need an Amazon Managed Grafana workspace. If you have
+an existing workspace, create an environment variable
+`export TF_VAR_managed_grafana_workspace_id=g-xxx`.
+
+To create a new one, visit [this example](../managed-grafana-workspace).
 
 > In the URL `https://g-xyz.grafana-workspace.eu-central-1.amazonaws.com`, the workspace ID would be `g-xyz`