Amazon Managed Grafana Documentation

Amazon Managed Grafana is a fully managed service for open source Grafana, providing interactive data visualization for your monitoring and operational data. Using Amazon Managed Grafana, you can visualize, analyze, and alarm on your metrics, logs, and traces collected from multiple data sources in your observability system, including AWS, third-party ISVs, and other resources across your IT portfolio. Amazon Managed Grafana is designed to offload the operational management of Grafana by scaling compute and database infrastructure as usage demands increase, with version updates and security patching. Amazon Managed Grafana natively integrates with AWS services so you can add, query, visualize, and analyze your AWS data across multiple accounts and regions. Amazon Managed Grafana integrates with AWS IAM Identity Center (successor to AWS Single Sign-On (AWS SSO)) and supports Security Assertion Markup Language (SAML) 2.0, so you can set up user access to specific dashboards and data sources for only certain users in your corporate directory. 

Amazon Managed Grafana is designed to connect to multiple data sources, enabling you to visualize, analyze, and correlate your metrics, logs, and traces in a unified dashboard. Amazon Managed Grafana natively integrates with AWS services such as Amazon Managed Service for Prometheus, so you can query your AWS data across multiple accounts and multiple Regions in a single console. For example, you can create a dashboard that correlates container metrics from Amazon Managed Service for Prometheus, AWS services metrics from Amazon CloudWatch, and logs from Amazon OpenSearch Service to help you monitor the health and performance of your applications running in containers. In the same console, you can layer and visualize data from self-managed data sources and third-party ISVs in the same dashboard. 

Amazon Managed Grafana helps you to construct the right queries and customize the display properties so that you can create the dashboard you need. With multiple pre-built dashboards for various data sources, you can start visualizing and analyzing your application data without having to build dashboards from scratch.

By identifying unintended changes in your system, you can minimize disruptions to your services. With Amazon Managed Grafana, you can configure alerts to help you identify problems in your system moments. You define the alert rule, how often it should be evaluated, the conditions that must be met for the alert to trigger, and how the alert notification should be delivered.

With Amazon Managed Grafana, you can share interactive dashboards with specific users or across teams within your organization. With AWS IAM Identity Center (successor to AWS SSO) and SAML 2.0 integration with Identity Providers, you can leverage your existing corporate directory services to grant user access and authentication to your Grafana workspaces. You can assign user Read/Write or Read-Only roles by giving them certain privileges. You can also create Teams designed to restrict dashboard and data source access to the right users. Amazon Managed Grafana integrates with popular corporate directory services. With the Grafana Team Sync feature, Amazon Managed Grafana is designed to keep track of synchronized users in teams giving you flexibility to combine group memberships from your directory services with Grafana teams.

The service is designed so you can create multiple Grafana Teams to grant data source access permissions and share dashboards to groups of users. The service is also designed so new team members added later will also inherit access permissions to shared resources without having to manually grant permissions one dashboard at a time. Users can view and edit dashboards, track dashboard version changes, and share dashboards with other users in the same Team so that everyone is viewing the same data while troubleshooting operational issues. Users can also share dashboards with other teams or external entities by creating dashboard snapshots.

Amazon Managed Grafana integrates with multiple AWS services to help you to meet your corporate security and compliance requirements. Access to Amazon Managed Grafana is designed to be authenticated through AWS IAM Identity Center (successor to AWS SSO) or your existing Identity Provider via SAML 2.0, enabling re-use of existing trust relationships between AWS and your corporate user directories. You can track changes made to Grafana workspaces to help you with compliance and audit tracking using audit logs provided by AWS CloudTrail. Amazon Managed Grafana also natively integrates with multiple AWS data sources including Amazon OpenSearch Service, Amazon CloudWatch, AWS X-Ray, AWS IoT SiteWise, Amazon Timestream, and Amazon Managed Service for Prometheus, designed so that you do not need to manually manage IAM credentials and permissions for each data source. Amazon Managed Grafana can also discover the resources in your account across multiple Regions and across your Organizational Units, and is designed to help you provision the right IAM policies to access your data. 

Within the Amazon Managed Grafana console, the service is designed so you can create one or many workspaces to visualize and analyze your metrics, logs, and traces without having to build, package, or deploy hardware or infrastructure. Amazon Managed Grafana is designed to provision, configure, and manage the operations of your Grafana workspaces, with version upgrades to help you to keep your Grafana workspaces are up-to-date with the latest features. The service is designed to auto scale to meet your dynamic usage demands.

Amazon Managed Grafana workspaces are designed to be available with multi-AZ replication. Amazon Managed Grafana is also designed to monitor the health of your Grafana workspaces and replace unhealthy nodes, without impacting your access to Grafana workspaces. Amazon Managed Grafana is designed to help you manage the availability of your compute and database nodes so that you don’t have to start, stop, or reboot any infrastructure resources. 

Amazon Managed Grafana is designed to encrypt your data at rest without special configuration or third-party tools. Amazon Managed Grafana is also designed to encrypt data in-transit via TLS.

You can optionally upgrade to Grafana Enterprise via an AWS Marketplace purchase from the Amazon Managed Grafana console. This gives you access to additional enterprise plugins for a wide variety of third-party ISVs, as well as to hands-on custom training courses.

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.