HAQM Managed Grafana features

Why HAQM Managed Grafana?

HAQM Managed Grafana is a highly scalable, highly available, and fully managed service for open source Grafana, providing interactive data visualization for your monitoring and operational data. Using HAQM Managed Grafana, you can visualize, analyze, and alarm on your metrics, logs, and traces collected from multiple data sources in your observability system, including AWS, third-party ISVs, and other resources across your IT portfolio. HAQM Managed Grafana offloads the operational management of Grafana by automatically scaling compute and database infrastructure as usage demands increase, with automated version updates and security patching. HAQM Managed Grafana natively integrates with AWS services and supports plugins for other cloud service providers. You can securely add, query, visualize, and analyze your AWS data across multiple accounts and Regions with a few clicks in the AWS Management Console. HAQM Managed Grafana integrates with AWS IAM Identity Center (successor to AWS SSO) and supports Security Assertion Markup Language (SAML) 2.0, so you can easily set up user access to specific dashboards and data sources for only certain users in your corporate directory.

Unified observability

Open all

HAQM Managed Grafana connects to multiple data sources, enabling you to visualize, analyze, and correlate your metrics, logs, and traces in a unified dashboard. HAQM Managed Grafana securely and natively integrates with AWS services such as HAQM Managed Service for Prometheus, making it simple to query your AWS data across multiple accounts and multiple Regions in a single console. For example, you can create a dashboard that correlates container metrics from HAQM Managed Service for Prometheus, AWS services metrics from HAQM CloudWatch, and logs from HAQM OpenSearch Service to monitor the health and performance of your applications running in containers. In the same console, you can layer and visualize data from self-managed data sources like Graphite, and third-party ISVs like Datadog and Splunk in the same dashboard.

You can define correlations to establish links from any data source query to any other, carrying forward data like namespace, host, or label values. Correlations bring context from multiple data sources into the Explore experience and enable you to perform root cause analysis with a diverse set of data sources. For example, an application name returned in a logs data source can be used to query metrics related to that application in a metrics data source.

HAQM Managed Grafana makes it easy to construct the right queries and customize the display properties so that you can create the dashboard you need. With multiple pre-built dashboards for various data sources, you can instantly start visualizing and analyzing your application data without having to build dashboards from scratch.

A dashboard is a set of one or more panels organized and arranged into one or more rows. Panels are the basic visualization building blocks in HAQM Managed Grafana, and are visual representations of your queries. Your queries display data over time, such as temperature fluctuations and current status, or lists of logs or alerts. Using a panel, you can choose from a wide variety of styling and formatting options, and apply visualizations to your data, such as graphs, bar gauges, heatmaps. Each panel can interact with data from any configured data source.

HAQM Managed Grafana also provides guided query building to help you get familiar with different query languages, so you can focus on spot-checking specific metrics, or deep dive into a log error without having to save or edit a team dashboard. In Explore mode, you can also view historical queries to jumpstart on-demand troubleshooting and help reduce mean time to resolution.

By quickly identifying unintended changes in your system, you can minimize disruptions to your services. With HAQM Managed Grafana, you can configure alerts to identify problems in your system moments after they occur. You define the alert rule, how often it should be evaluated, the conditions that must be met for the alert to trigger, and how the alert notification should be delivered. You can also view and manage alerts from HAQM Managed Service for Prometheus and other Prometheus Alertmanager data sources in your HAQM Managed Grafana workspace.

With HAQM Managed Grafana, you can install Grafana community plugins to connect to additional third-party data sources such as Apache Cassandra, Sentry or to leverage new visualization panels such as Flowcharting, Polystat, etc. You can discover, install and manage version updates for your plugins, directly from the Plugin Catalog in your HAQM Managed Grafana workspace.

To visualize data from third-party ISVs such as Splunk, DataDog, Dynatrace, Atlassian Jira, Datadog, New Relic, Snowflake, and more, you can enable HAQM Managed Grafana Enterprise plugins in your workspace from the HAQM Managed Grafana console or via AWS SDK and CLI. This allows for visualizing data from your Enterprise data sources or third-party ISVs, right next to data from other sources such as HAQM CloudWatch, HAQM OpenSearch Service, and Jaeger, enabling a unified observability view. See the full list of Enterprise plugins here.

Team collaboration

Open all

With HAQM Managed Grafana, you can easily share interactive dashboards with specific users or across teams within your organization. With AWS IAM Identity Center (successor to AWS SSO) and SAML 2.0 integration with Identity Providers, you can leverage your existing corporate directory services to grant user access and authentication to your Grafana workspaces. You can assign user Read/Write or Read-Only roles by giving them Administrator, Editor, or Viewer privileges. You can also create Teams to restrict dashboard and data source access to the right users. HAQM Managed Grafana integrates with popular corporate directory services including Microsoft Active Directory, Azure Active Directory, Okta, Ping Identity, OneLogin, and CyberArk. With the Grafana Team Sync feature, HAQM Managed Grafana keeps track of all synchronized users in teams giving you flexibility to combine group memberships from your directory services with Grafana teams.

You can create multiple Grafana Teams to easily grant data source access permissions and share dashboards to groups of users. New team members added later will also inherit access permissions to shared resources without having to manually grant permissions one dashboard at a time. Users can view and edit dashboards in real time, track dashboard version changes, and easily share dashboards with other users in the same Team so that everyone is viewing the same data while troubleshooting operational issues. Users can also easily share dashboards with other teams or external entities by creating dashboard snapshots that can be publicly accessed.

Security and authentication

Open all

HAQM Managed Grafana tightly integrates with multiple AWS services to meet your corporate security and compliance requirements. Access to HAQM Managed Grafana is authenticated through AWS IAM Identity Center (successor to AWS SSO) or your existing Identity Provider via SAML 2.0, enabling re-use of existing trust relationships between AWS and your corporate user directories. You can track changes made to Grafana workspaces for compliance and audit tracking using audit logs provided by AWS CloudTrail. HAQM Managed Grafana also natively integrates with multiple AWS data sources including HAQM OpenSearch Service, HAQM CloudWatch, AWS X-Ray, AWS IoT SiteWise, HAQM Timestream, and HAQM Managed Service for Prometheus, so you don’t have to manually manage IAM credentials and permissions for each data source. HAQM Managed Grafana also discovers the resources in your account across multiple Regions and across your Organizational Units, and automatically provisions the right IAM policies to access your data.

HAQM Managed Grafana can also connect to data sources that are inside your private HAQM Virtual Private Cloud (VPC) without using public IPs or requiring traffic to traverse the Internet. Data sources such as OpenSearch, HAQM RDS databases, self-managed Prometheus, and other data sources often do not have a publicly facing endpoint. By connecting your HAQM Managed Grafana workspaces to your VPC, you will now be able to query, visualize, and alert on the data sources within your VPC. You can also connect Grafana workspaces to multiple VPCs using VPC Peering and Transit Gateways. In this way, you can have both your privately-hosted and public-facing data sources connect to the same HAQM Managed Grafana workspace to visualize your data all in one place.

You have granular security controls over your HAQM Managed Grafana workspaces by defining customer-managed prefix lists and VPC endpoints to help you restrict the inbound network traffic that can reach your Grafana workspaces. To learn more, check out the user guide for managing network access. You can also use AWS PrivateLink to connect between HAQM VPC and HAQM Managed Grafana workspaces. You can control access to the HAQM Managed Grafana service from the virtual private cloud (VPC) endpoints by attaching an IAM resource policy for HAQM VPC endpoints. HAQM Managed Grafana supports two different kinds of VPC endpoints. You can connect to the HAQM Managed Grafana service, providing access to the HAQM Managed Grafana APIs to manage workspaces. Or you can create a VPC endpoint to a specific workspace. For information about creating a VPC endpoint for your Grafana workspaces, see Interface VPC endpoints

No servers to manage

Open all

With a few clicks in the HAQM Managed Grafana console, you can instantly create one or many workspaces to visualize and analyze your metrics, logs, and traces without having to build, package, or deploy any hardware or infrastructure. HAQM Managed Grafana automatically provisions, configures, and manages the operations of your Grafana workspaces, with automatic version upgrades to ensure that your Grafana workspaces are always up-to-date with the latest features. The service auto scales to meet your dynamic usage demands.

Highly available and secure

Open all

HAQM Managed Grafana workspaces are highly available with multi-AZ replication. HAQM Managed Grafana also continuously monitors the health of your Grafana workspaces and replaces unhealthy nodes, without impacting your access to Grafana workspaces. HAQM Managed Grafana manages the availability of your compute and database nodes so that you don’t have to start, stop, or reboot any infrastructure resources.

HAQM Managed Grafana encrypts your data at rest without special configuration, third-party tools, or additional cost. HAQM Managed Grafana also encrypts data in-transit via TLS.