Most of the deployment is done automatically by the meter-data-analytics stack, however you still need to configure the following things before the deployment.
The stack-parameter.json file require an additional parameter to define the authentication provider for Amazon Managed Grafana:
- Allowed values are
AWS_SSO(preferred) orSAML. If you chooseAWS_SSOyour account has to be part of an organization, because it is a requirement in order to use the IAM Identity Center, which is used for SSO. If your account is not part of an organization the deployment will fail. Otherwise if you chooseSAML, you will need to configure the SAML provider after the deployment (see below).
{
"ParameterKey":"GrafanaDashboardAuthenticationProvider",
"ParameterValue":"AWS_SSO"
}
If you choose the SSO option, you need to enable the AWS IAM Identity Center in the account you are deploying the MDA first.
- Navigate to the AWS IAM Identity Center console
- If not already done, press the 'Enable' button.
- Afterwards a user needs to be created:
- Wait for an email to activate the user:
In order to view the dashboards after the workspace is created head over to Amazon Managed Grafana.
- Select the workspace
AmazonGrafanaWorkspacecreated by the AWS CloudFormation stack.
Now you have to configure user access based on the authentication provider you have selected.
-
Assign a new user or group using the
AWS IAM Identity Center. For more information, refer to Managing user and group access to Amazon Managed Grafana. -
Click on the Grafana workspace URL, sign in, and you are able to view the dashboards, which are stored in the
Generalfolder.
-
A detailed guide of setting up Okta as an IDP for Grafana is provided here.
-
Click on the Grafana workspace URL, sign in, and you are able to view the dashboards, which are stored in the
Generalfolder.