Amazon Managed Grafana features

Why Amazon Managed Grafana?

Amazon Managed Grafana is a highly scalable, highly available, and fully managed service for open source Grafana, providing interactive data visualization for your monitoring and operational data. Using Amazon Managed Grafana, you can visualize, analyze, and alarm on your metrics, logs, and traces collected from multiple data sources in your observability system, including AWS, third-party ISVs, and other resources across your IT portfolio. Amazon Managed Grafana offloads the operational management of Grafana by automatically scaling compute and database infrastructure as usage demands increase, with automated version updates and security patching. Amazon Managed Grafana natively integrates with AWS services and supports plugins for other cloud service providers. You can securely add, query, visualize, and analyze your AWS data across multiple accounts and Regions with a few clicks in the AWS Management Console. Amazon Managed Grafana integrates with AWS IAM Identity Center (successor to AWS SSO) and supports Security Assertion Markup Language (SAML) 2.0, so you can easily set up user access to specific dashboards and data sources for only certain users in your corporate directory.

Page Topics

Unified observability Team collaboration Security and authentication No servers to manage Highly available and secure

Unified observability

Amazon Managed Grafana connects to multiple data sources, enabling you to visualize, analyze, and correlate your metrics, logs, and traces in a unified dashboard. Amazon Managed Grafana securely and natively integrates with AWS services such as Amazon Managed Service for Prometheus, making it simple to query your AWS data across multiple accounts and multiple Regions in a single console. For example, you can create a dashboard that correlates container metrics from Amazon Managed Service for Prometheus, AWS services metrics from Amazon CloudWatch, and logs from Amazon OpenSearch Service to monitor the health and performance of your applications running in containers. In the same console, you can layer and visualize data from self-managed data sources like Graphite, and third-party ISVs like Datadog and Splunk in the same dashboard.

You can define correlations to establish links from any data source query to any other, carrying forward data like namespace, host, or label values. Correlations bring context from multiple data sources into the Explore experience and enable you to perform root cause analysis with a diverse set of data sources. For example, an application name returned in a logs data source can be used to query metrics related to that application in a metrics data source.

Amazon Managed Grafana makes it easy to construct the right queries and customize the display properties so that you can create the dashboard you need. With multiple pre-built dashboards for various data sources, you can instantly start visualizing and analyzing your application data without having to build dashboards from scratch.

A dashboard is a set of one or more panels organized and arranged into one or more rows. Panels are the basic visualization building blocks in Amazon Managed Grafana, and are visual representations of your queries. Your queries display data over time, such as temperature fluctuations and current status, or lists of logs or alerts. Using a panel, you can choose from a wide variety of styling and formatting options, and apply visualizations to your data, such as graphs, bar gauges, heatmaps. Each panel can interact with data from any configured data source.

Amazon Managed Grafana also provides guided query building to help you get familiar with different query languages, so you can focus on spot-checking specific metrics, or deep dive into a log error without having to save or edit a team dashboard. In Explore mode, you can also view historical queries to jumpstart on-demand troubleshooting and help reduce mean time to resolution.

By quickly identifying unintended changes in your system, you can minimize disruptions to your services. With Amazon Managed Grafana, you can configure alerts to identify problems in your system moments after they occur. You define the alert rule, how often it should be evaluated, the conditions that must be met for the alert to trigger, and how the alert notification should be delivered. You can also view and manage alerts from Amazon Managed Service for Prometheus and other Prometheus Alertmanager data sources in your Amazon Managed Grafana workspace.

With Amazon Managed Grafana, you can install Grafana community plugins to connect to additional third-party data sources such as Apache Cassandra, Sentry or to leverage new visualization panels such as Flowcharting, Polystat, etc. You can discover, install and manage version updates for your plugins, directly from the Plugin Catalog in your Amazon Managed Grafana workspace.

To visualize data from third-party ISVs such as Splunk, DataDog, Dynatrace, Atlassian Jira, Datadog, New Relic, Snowflake, and more, you can enable Amazon Managed Grafana Enterprise plugins in your workspace from the Amazon Managed Grafana console or via AWS SDK and CLI. This allows for visualizing data from your Enterprise data sources or third-party ISVs, right next to data from other sources such as Amazon CloudWatch, Amazon OpenSearch Service, and Jaeger, enabling a unified observability view. See the full list of Enterprise plugins here.

Team collaboration

With Amazon Managed Grafana, you can easily share interactive dashboards with specific users or across teams within your organization. With AWS IAM Identity Center (successor to AWS SSO) and SAML 2.0 integration with Identity Providers, you can leverage your existing corporate directory services to grant user access and authentication to your Grafana workspaces. You can assign user Read/Write or Read-Only roles by giving them Administrator, Editor, or Viewer privileges. You can also create Teams to restrict dashboard and data source access to the right users. Amazon Managed Grafana integrates with popular corporate directory services including Microsoft Active Directory, Azure Active Directory, Okta, Ping Identity, OneLogin, and CyberArk. With the Grafana Team Sync feature, Amazon Managed Grafana keeps track of all synchronized users in teams giving you flexibility to combine group memberships from your directory services with Grafana teams.

You can create multiple Grafana Teams to easily grant data source access permissions and share dashboards to groups of users. New team members added later will also inherit access permissions to shared resources without having to manually grant permissions one dashboard at a time. Users can view and edit dashboards in real time, track dashboard version changes, and easily share dashboards with other users in the same Team so that everyone is viewing the same data while troubleshooting operational issues. Users can also easily share dashboards with other teams or external entities by creating dashboard snapshots that can be publicly accessed.

Security and authentication

Amazon Managed Grafana tightly integrates with multiple AWS services to meet your corporate security and compliance requirements. Access to Amazon Managed Grafana is authenticated through AWS IAM Identity Center (successor to AWS SSO) or your existing Identity Provider via SAML 2.0, enabling re-use of existing trust relationships between AWS and your corporate user directories. You can track changes made to Grafana workspaces for compliance and audit tracking using audit logs provided by AWS CloudTrail. Amazon Managed Grafana also natively integrates with multiple AWS data sources including Amazon OpenSearch Service, Amazon CloudWatch, AWS X-Ray, AWS IoT SiteWise, Amazon Timestream, and Amazon Managed Service for Prometheus, so you don’t have to manually manage IAM credentials and permissions for each data source. Amazon Managed Grafana also discovers the resources in your account across multiple Regions and across your Organizational Units, and automatically provisions the right IAM policies to access your data.

Amazon Managed Grafana can also connect to data sources that are inside your private Amazon Virtual Private Cloud (VPC) without using public IPs or requiring traffic to traverse the Internet. Data sources such as OpenSearch, Amazon RDS databases, self-managed Prometheus, and other data sources often do not have a publicly facing endpoint. By connecting your Amazon Managed Grafana workspaces to your VPC, you will now be able to query, visualize, and alert on the data sources within your VPC. You can also connect Grafana workspaces to multiple VPCs using VPC Peering and Transit Gateways. In this way, you can have both your privately-hosted and public-facing data sources connect to the same Amazon Managed Grafana workspace to visualize your data all in one place.

You have granular security controls over your Amazon Managed Grafana workspaces by defining customer-managed prefix lists and VPC endpoints to help you restrict the inbound network traffic that can reach your Grafana workspaces. To learn more, check out the user guide for managing network access. You can also use AWS PrivateLink to connect between Amazon VPC and Amazon Managed Grafana workspaces. You can control access to the Amazon Managed Grafana service from the virtual private cloud (VPC) endpoints by attaching an IAM resource policy for Amazon VPC endpoints. Amazon Managed Grafana supports two different kinds of VPC endpoints. You can connect to the Amazon Managed Grafana service, providing access to the Amazon Managed Grafana APIs to manage workspaces. Or you can create a VPC endpoint to a specific workspace. For information about creating a VPC endpoint for your Grafana workspaces, see Interface VPC endpoints

No servers to manage

With a few clicks in the Amazon Managed Grafana console, you can instantly create one or many workspaces to visualize and analyze your metrics, logs, and traces without having to build, package, or deploy any hardware or infrastructure. Amazon Managed Grafana automatically provisions, configures, and manages the operations of your Grafana workspaces, with automatic version upgrades to ensure that your Grafana workspaces are always up-to-date with the latest features. The service auto scales to meet your dynamic usage demands.

Highly available and secure

Amazon Managed Grafana workspaces are highly available with multi-AZ replication. Amazon Managed Grafana also continuously monitors the health of your Grafana workspaces and replaces unhealthy nodes, without impacting your access to Grafana workspaces. Amazon Managed Grafana manages the availability of your compute and database nodes so that you don’t have to start, stop, or reboot any infrastructure resources.

Amazon Managed Grafana encrypts your data at rest without special configuration, third-party tools, or additional cost. Amazon Managed Grafana also encrypts data in-transit via TLS.