Amazon Managed Grafana Documentation

Amazon Managed Grafana is a fully managed service for open source Grafana, providing interactive data visualization for your monitoring and operational data. Using Amazon Managed Grafana, you can visualize, analyze, and alarm on your metrics, logs, and traces collected from multiple data sources in your observability system, including AWS, third-party ISVs, and other resources across your IT portfolio. Amazon Managed Grafana is designed to offload the operational management of Grafana by scaling compute and database infrastructure as usage demands increase, with version updates and security patching. Amazon Managed Grafana natively integrates with AWS services so you can add, query, visualize, and analyze your AWS data across multiple accounts and regions. Amazon Managed Grafana integrates with AWS Single Sign-On (AWS SSO) and supports Security Assertion Markup Language (SAML) 2.0, so you can set up user access to specific dashboards and data sources for only certain users in your corporate directory.

Unified observability

Visualize and correlate data across multiple data sources
Amazon Managed Grafana is designed to connect to multiple data sources, enabling you to visualize, analyze, and correlate your metrics, logs, and traces in a unified dashboard. Amazon Managed Grafana natively integrates with AWS services such as Amazon Managed Service for Prometheus, so you can query your AWS data across multiple accounts and multiple Regions in a single console. For example, you can create a dashboard that correlates container metrics from Amazon Managed Service for Prometheus, AWS services metrics from Amazon CloudWatch, and logs from Amazon Elasticsearch Service to help you monitor the health and performance of your applications running in containers. In the same console, you can layer and visualize data from self-managed data sources and third-party ISVs in the same dashboard.
Get started easily with pre-built panels and dashboards
Amazon Managed Grafana helps you to construct the right queries and customize the display properties so that you can create the dashboard you need. With multiple pre-built dashboards for various data sources, you can start visualizing and analyzing your application data without having to build dashboards from scratch.
 
A dashboard is a set of one or more panels organized and arranged into one or more rows. Panels are the basic visualization building blocks in Amazon Managed Grafana, and are visual representations of your queries. Your queries display data over time, such as temperature fluctuations and current status, or lists of logs or alerts. Using a panel, you can choose from a variety of styling and formatting options, and apply visualizations to your data, such as graphs, bar gauges, heatmaps. Each panel can interact with data from any configured data source.
 
Amazon Managed Grafana also provides guided query building to help you get familiar with different query languages, so you can focus on spot-checking specific metrics, or deep dive into a log error without having to save or edit a team dashboard. In Explore mode, you can also view historical queries to jumpstart on-demand troubleshooting and help reduce mean time to resolution.
Set up alerts to identify issues quickly
By quickly identifying unintended changes in your system, you can minimize disruptions to your services. With Amazon Managed Grafana, you can configure alerts to help you identify problems in your system moments. You define the alert rule, how often it should be evaluated, the conditions that must be met for the alert to trigger, and how the alert notification should be delivered.

Team collaboration

Share dashboards easily with user authentication and authorization
With Amazon Managed Grafana, you can easily share interactive dashboards with specific users or across teams within your organization. With AWS SSO and SAML 2.0 integration with Identity Providers, you can leverage your existing corporate directory services to grant user access and authentication to your Grafana workspaces. You can assign user Read/Write or Read-Only roles by giving them certain privileges. You can also create Teams to restrict dashboard and data source access to the right users. Amazon Managed Grafana integrates with popular corporate directory services. With the Grafana Team Sync feature, Amazon Managed Grafana is designed to keep track of synchronized users in teams giving you flexibility to combine group memberships from your directory services with Grafana teams.
Troubleshoot and collaborate with your team
The service is designed so you can create multiple Grafana Teams to grant data source access permissions and share dashboards to groups of users. The service is also designed so new team members added later will also inherit access permissions to shared resources without having to manually grant permissions one dashboard at a time. Users can view and edit dashboards, track dashboard version changes, and share dashboards with other users in the same Team so that everyone is viewing the same data while troubleshooting operational issues. Users can also share dashboards with other teams or external entities by creating dashboard snapshots.
Security and authentication
Amazon Managed Grafana integrates with multiple AWS services to help you to meet your corporate security and compliance requirements. Access to Amazon Managed Grafana is designed to be authenticated through AWS SSO or your existing Identity Provider via SAML 2.0, enabling re-use of existing trust relationships between AWS and your corporate user directories. You can track changes made to Grafana workspaces to help you with compliance and audit tracking using audit logs provided by AWS CloudTrail. Amazon Managed Grafana also natively integrates with multiple AWS data sources including Amazon Elasticsearch Service, Amazon CloudWatch, AWS X-Ray, AWS IoT SiteWise, Amazon Timestream, and Amazon Managed Service for Prometheus, designed so that you do not need to manually manage IAM credentials and permissions for each data source. Amazon Managed Grafana can also discover the resources in your account across multiple Regions and across your Organizational Units, and provisions the right IAM policies to access your data.
Server Management
Within the Amazon Managed Grafana console, the service is designed so you can create one or many workspaces to visualize and analyze your metrics, logs, and traces without having to build, package, or deploy hardware or infrastructure. Amazon Managed Grafana is designed to provision, configure, and manage the operations of your Grafana workspaces, with version upgrades to help you to keep your Grafana workspaces are up-to-date with the latest features. The service is designed to auto scale to meet your dynamic usage demands.

Availability and Security

Recovery and patching
Amazon Managed Grafana workspaces are designed to be available with multi-AZ replication. Amazon Managed Grafana is also designed to continuously monitor the health of your Grafana workspaces and replace unhealthy nodes, without impacting your access to Grafana workspaces. Amazon Managed Grafana is designed to help you manage the availability of your compute and database nodes so that you don’t have to start, stop, or reboot any infrastructure resources.
Encryption and security
Amazon Managed Grafana is designed to encrypt your data at rest without special configuration, or third-party tools. Amazon Managed Grafana is also designed to encrypt data in-transit via TLS.
Upgrade to Grafana Enterprise directly from the AWS Console
You can optionally upgrade to Grafana Enterprise via an AWS Marketplace purchase from the Amazon Managed Grafana console. This gives you access to additional enterprise plugins for a wide variety of third-party ISVs, as well as to hands-on custom training courses.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.