Deploy Grafana using Docker, AWS ECS and Terraform

Grafana's ability to run in Docker containers and easily connect to AWS Cloudwatch to grab metrics and logs makes it an ideal candidate for your AWS infrastructure monitoring needs.

At 56K.cloud, we usually deploy it as a replacement for the Cloudwatch interface as we are fans of Grafana's powerful features and look. The easiness with which it can be run "serverless" and its deployment automated with Terraform transformed it into a standard piece of our recommended infrastructure.

Before we get started, I would like to mention that we have open-sourced this module and, it is available at 56k.cloud's Github account: https://github.com/56kcloud/terraform-grafana


SSM Parameters

Before we deploy Grafana in ECS, we need to preconfigure it. This is done by adding and adjusting parameters in AWS' Systems Manager - Parameter Store.

When ECS starts the Grafana service and task, it pulls these parameters and sets them as env variables for Grafana. Without them, the Grafana ECS task won't start.

You can see all the required SSM parameters here. They match the config env variables found in the documentation. Add and tweak these parameters before moving on.

SSL certificate

This module assumes that you want - and enforces - HTTPS on the load balancer that serves Grafana to your users. This means that you will need to have an SSL certificate created/imported in AWS's Certificate Manager (ACM). How to do that is outside the scope of this article.

Network setup

Another assumption this module makes is that you have at least one private subnet (inaccessible from the Internet) and one public subnet (accessible from the Internet) in your VPC. This is a standard, recommended setup.

In the background, the module deploys Grafana in the private subnet(s) and the Load balancer that serves it in the public subnet(s).

Terraform setup

Last but not least, you should have a working Terraform setup. The assumption here is that if you plan to import a module like this one, you already have a working Terraform codebase to manage your infrastructure.

Deployment with Terraform

  • Git clone the module from Github: git clone git@github.com:56kcloud/terraform-grafana.git
  • Move the module to wherever you store your Terraform modules. As an example, let's assume you have a infrastructure/terraform directory for your Terraform codebase: mkdir -p infrastructure/terraform/modules && mv terraform-grafana.git infrastructure/terraform/modules/grafana
  • Call the module in your main .tf file and configure it. Continuing with our assumptions, let's say you have a main.tf file where you instantiate your modules. Add to that file the following code:
  • module "grafana" {
    source = "<path_to_the_grafana_module_relative_to_this_file>"
    aws_region = "<region_where_to_deploy>"
    service_name = "grafana"
    platform_version = "1.4.0" #required
    ecs_cluster = "<the_id_of_ecs_cluster_to_deploy>"
    image = "grafana/grafana"
    image_version = "7.0.0-beta3"
    container_port = 3000
    cloudwatch_log_group_name = "/ecs/grafana"
    cpu = 1024
    memory = 2048
    desired_number_of_tasks = 1
    allow_inbound_from_cidr_blocks = ""
    vpc_id = <the_id_of_vpc>
    private_subnet_ids = [<list_of_private_subnet_ids>]
    public_subnet_ids = [<list_of_public_subnet_ids>]
    create_route53_entry = true
    ssl_cert_arn = <the_arn_of_the_acm_ssl_cert>
  • Run Terraform! It should deploy all the required resourced. In the end you should have a load balancer available serving Grafana. You can point a DNS entry to that load balancer.
  • Access that Grafana instance and you should be able to manage it like any other Grafana deployment.
  • Connecting to AWS Cloudwatch

    Grafana's admin interface offers a AWS Cloudwatch connecter. Install and configure it to be able to pull data from Cloudwatch and build nice dashboards based on it.

    Find out more about 56K.Cloud

    We love Cloud, IoT, Containers, DevOps, and Infrastructure as Code. If you are interested in chatting connect with us on Twitter or drop us an email: info@56K.Cloud. We hope you found this article helpful. If there is anything you would like to contribute or you have questions, please let us know!


    Dan Achim

    Site Reliability Engineer

    You may also like