Skip to content

infraspecdev/terraform-aws-grafana

BranchesTags

Repository files navigation

terraform-aws-grafana

Terraform module to deploy Grafana on ECS.

Architecture Diagram

Grafana Architecture Diagram

Requirements

Name Version
terraform >= 1.8.4
aws ~> 5.0

Providers

Name Version
aws ~> 5.0

Modules

Name Source Version
ecs_service_security_group terraform-aws-modules/security-group/aws ~> 5.1.2
grafana_alb_security_group terraform-aws-modules/security-group/aws ~> 5.1.2
grafana_backend_rds ./modules/rds n/a
grafana_backend_rds_security_group terraform-aws-modules/security-group/aws ~> 5.1.2
grafana_dns_record ./modules/route-53-record n/a
grafana_ecs_deployment infraspecdev/ecs-deployment/aws 4.3.4
grafana_execution_iam_role ./modules/iam-role n/a
grafana_task_iam_role ./modules/iam-role n/a

Resources

Name Type
aws_vpc.this data source

Inputs

Name Description Type Default Required
acm_certificate_tags (Optional, Default:{}) Map of Resources Tags to attach to the resource. map(string) {} no
acm_grafana_domain_name (Required) Grafana domain name for which the certificate should be issued. string n/a yes
acm_record_zone_id (Required) Canonical hosted zone ID of the Load Balancer. string n/a yes
alb_listener_tags (Optional, Default:{}) Map of Resources Tags to attach to the resource. map(string) {} no
alb_name (Optional, Default:"grafana-alb") Name of the LB. string "grafana-alb" no
alb_subnet_ids (Required) List of public VPC subnet IDs where the Application Load Balancer will be configured. list(string) n/a yes
alb_tags (Optional, Default:{}) Map of Resources Tags to attach to the resource. map(string) {} no
alb_target_group_name (Optional, Default:"grafana-services", Forces new resource) Name of the target group. string "grafana-services" no
alb_target_group_tags (Optional, Default:{}) Map of Resources Tags to attach to the resource. map(string) {} no
cluster_name (Required) Name of the cluster. string n/a yes
grafana_execution_role_description (Optional, Default:"Managed By Terraform") Description of the IAM role for Grafana task execution. string "Managed By Terraform" no
grafana_execution_role_name (Optional, Default:"grafana-task-execution-iam-role", Forces new resource) Friendly name of the IAM role for Grafana task execution. string "grafana-task-execution-iam-role" no
grafana_execution_role_policies (Optional, Default:secrets-manager) Map of IAM policies to create and attach to the Grafana Execution IAM Role. 
map(
    object({
      name        = string
      description = optional(string, null)
      policy = object({
        Version = optional(string, "2012-10-17")
        Statement = list(
          object({
            Sid      = optional(string)
            Effect   = string
            Resource = string
            Action   = optional(list(string), [])
          })
        )
      })
      tags = optional(map(string), {})
    })
  )
 
{
  "secrets-manager": {
    "description": "Allow access to Secrets Manager",
    "name": "grafana-execution-role-secrets-manager",
    "policy": {
      "Statement": [
        {
          "Action": [
            "secretsmanager:"
          ],
          "Effect": "Allow",
          "Resource": "",
          "Sid": "AllowSecretsManagerFullAccess"
        }
      ]
    }
  }
}
 no
grafana_execution_role_tags (Optional, Default:{}) Map of Resources Tags to attach to the resource. map(string) {} no
grafana_task_role_description (Optional, Default:"Managed By Terraform") Description of the IAM role for Grafana tasks. string "Managed By Terraform" no
grafana_task_role_name (Optional, Default:"grafana-task-iam-role", Forces new resource) Friendly name of the IAM role for Grafana tasks. string "grafana-task-iam-role" no
grafana_task_role_policies (Optional, Default:rds,athena) Map of IAM policies to create and attach to the Grafana IAM Role. 
map(
    object({
      name        = string
      description = optional(string, null)
      policy = object({
        Version = optional(string, "2012-10-17")
        Statement = list(
          object({
            Sid      = optional(string)
            Effect   = string
            Resource = string
            Action   = optional(list(string), [])
          })
        )
      })
      tags = optional(map(string), {})
    })
  )
 
{
  "athena": {
    "description": "Allow access to Athena",
    "name": "grafana-task-iam-role-athena",
    "policy": {
      "Statement": [
        {
          "Action": [
            "athena:"
          ],
          "Effect": "Allow",
          "Resource": "",
          "Sid": "AllowAthenaFullAccess"
        },
        {
          "Action": [
            "glue:CreateDatabase",
            "glue:DeleteDatabase",
            "glue:GetDatabase",
            "glue:GetDatabases",
            "glue:UpdateDatabase",
            "glue:CreateTable",
            "glue:DeleteTable",
            "glue:BatchDeleteTable",
            "glue:UpdateTable",
            "glue:GetTable",
            "glue:GetTables",
            "glue:BatchCreatePartition",
            "glue:CreatePartition",
            "glue:DeletePartition",
            "glue:BatchDeletePartition",
            "glue:UpdatePartition",
            "glue:GetPartition",
            "glue:GetPartitions",
            "glue:BatchGetPartition",
            "glue:StartColumnStatisticsTaskRun",
            "glue:GetColumnStatisticsTaskRun",
            "glue:GetColumnStatisticsTaskRuns",
            "glue:GetCatalogImportStatus"
          ],
          "Effect": "Allow",
          "Resource": "",
          "Sid": "AllowGlueFullAccess"
        }
      ]
    }
  },
  "rds": {
    "description": "Allow access to RDS",
    "name": "grafana-task-iam-role-rds",
    "policy": {
      "Statement": [
        {
          "Action": [
            "rds:"
          ],
          "Effect": "Allow",
          "Resource": "*",
          "Sid": "AllowRDSFullAccess"
        }
      ]
    }
  }
}
 no
grafana_task_role_tags (Optional, Default:{}) Map of Resources Tags to attach to the resource. map(string) {} no
rds_allocated_storage (Optional, Default:10) The allocated storage in gibibytes. number 10 no
rds_db_parameter_group_description (Optional, Default:"Managed By Terraform", Forces new resource) The description of the DB parameter group. string "Managed By Terraform" no
rds_db_parameter_group_family (Optional, Default:"postgres16", Forces new resource) The description of the DB parameter group. string "postgres16" no
rds_db_parameter_group_name (Optional, Default:"grafana-rds-parameter-group", Forces new resource) The name of the DB parameter group. string "grafana-rds-parameter-group" no
rds_db_parameter_group_parameters (Optional) The DB parameters to apply. 
list(
    object({
      name         = string
      value        = string
      apply_method = optional(string)
    })
  )
 
[
  {
    "apply_method": "immediate",
    "name": "rds.force_ssl",
    "value": "0"
  }
]
 no
rds_db_parameter_group_tags (Optional, Default:{}) Map of Resources Tags to attach to the resource. map(string) {} no
rds_db_subnet_group_description (Optional, Default:"Managed By Terraform", Forces new resource) The description of the DB subnet group. string "Managed By Terraform" no
rds_db_subnet_group_name (Optional, Default:"grafana-rds-subnet-group", Forces new resource) The name of the DB subnet group. string "grafana-rds-subnet-group" no
rds_db_subnet_group_subnet_ids (Required) A list of VPC subnet IDs. list(string) n/a yes
rds_db_subnet_group_tags (Optional, Default:{}) Map of Resources Tags to attach to the resource. map(string) {} no
rds_identifier (Optional, Default:"grafana-backend") The name of the Postgres RDS instance. string "grafana-backend" no
rds_instance_class (Optional, Default:"db.t3.micro") The instance type of the Postgres RDS instance. string "db.t3.micro" no
rds_postgres_engine_version (Optional, Default:"16.3") The Postgres engine version to use. string "16.3" no
rds_tags (Optional, Default:{}) Map of Resources Tags to attach to the resource. map(string) {} no
rds_username (Optional, Default:"grafana_admin") Username for the master DB user. string "grafana_admin" no
s3_bucket_name (Optional, Default:"grafana-services-alb-logs", Forces new resource) Name of the bucket where the Grafana ALB logs will be stored. string "grafana-services-alb-logs" no
s3_bucket_tags (Optional, Default:{}) Map of Resources Tags to attach to the resource. map(string) {} no
service_desired_count (Optional, Default:3) Desired number of tasks to run in the ECS Service. number 3 no
service_name (Optional, Default:grafana) Name of the ECS Service. string "grafana" no
service_subnet_ids (Required) List of VPC subnet IDs where the infrastructure will be configured. list(string) n/a yes
service_tags (Optional, Default:{}) Map of Resources Tags to attach to the resource. map(string) {} no
task_definition_family (Optional, Default:"grafana") A unique name for your task definition. string "grafana" no
task_definition_grafana_image_version (Optional, Default:11.1.2) Version tag to use with the Grafana docker image. string "11.1.2" no
task_definition_tags (Optional, Default:{}) Map of Resources Tags to attach to the resource. map(string) {} no
vpc_id (Required) The ID of the VPC. string n/a yes

Outputs

Name Description
acm_certificate_arn ARN of the ACM certificate for Grafana endpoint.
acm_certificate_id Identifier of the ACM certificate for Grafana endpoint.
acm_certificate_validation_id Identifier of the Grafana endpoint ACM certificate validation resource.
acm_route53_record_id Identifier of the Route53 Record for validation of the Grafana endpoint ACM certificate.
alb_arn ARN of the Grafana load balancer.
alb_dns_name DNS name of the Grafana load balancer.
alb_listener_arn ARN of the Listener for Grafana services.
alb_listener_id Identifier of the Listener for Grafana services.
alb_target_group_arn ARN of the Target Group of Grafana services.
alb_target_group_id Identifier of the Target Group of Grafana services.
alb_zone_id Canonical hosted zone ID of the Grafana Load Balancer.
ecs_service_security_group_arn ARN of the Grafana ECS Service Security Group.
ecs_service_security_group_id Identifier of the Grafana ECS Service Security Group.
grafana_alb_security_group_arn ARN of the Grafana ALB Security Group.
grafana_alb_security_group_id Identifier of the Grafana ALB Security Group.
grafana_backend_rds_security_group_arn ARN of the Grafana Backend RDS Security Group.
grafana_backend_rds_security_group_id Identifier of the Grafana Backend RDS Security Group.
grafana_ecs_service_arn ARN that identifies the Grafana ECS service.
grafana_ecs_task_definition_arn Full ARN of the Grafana ECS Task Definition.
grafana_execution_iam_role_arn Amazon Resource Name (ARN) specifying the Grafana Execution IAM role.
grafana_execution_iam_role_id Name of the Grafana Execution IAM role.
grafana_execution_iam_role_policies_arns Map of IAM Policies ARNs created and attached with the Grafana Execution IAM role.
grafana_execution_iam_role_policies_ids Map of IAM Policies Identifiers created and attached with the Grafana Execution IAM role.
grafana_task_iam_role_arn Amazon Resource Name (ARN) specifying the Grafana Task IAM role.
grafana_task_iam_role_id Name of the Grafana Task IAM role.
grafana_task_iam_role_policies_arns Map of IAM Policies ARNs created and attached with the Grafana Task IAM role.
grafana_task_iam_role_policies_ids Map of IAM Policies Identifiers created and attached with the Grafana Task IAM role.
rds_arn The ARN of the Grafana RDS instance.
rds_db_parameter_group_arn The ARN of the db parameter group attached with Grafana RDS.
rds_db_parameter_group_id The db parameter group name to use with the Grafana RDS.
rds_db_subnet_group_arn The ARN of the db subnet group attached with Grafana RDS.
rds_db_subnet_group_id The db subnet group name to use with the Grafana RDS.
rds_endpoint The Grafana RDS connection endpoint in address:port format.
rds_id Grafana RDS DBI resource ID.
rds_master_user_secret Details of the secret containing the database master password for Grafana RDS.
s3_bucket_arn ARN of the bucket where the Grafana ALB logs will be stored.
s3_bucket_id Name of the bucket where the Grafana ALB logs will be stored.

About

Terraform module to deploy Grafana on ECS.

registry.terraform.io/modules/infraspecdev/grafana/aws/latest

Topics

grafana aws-ecs terraform-aws terraform-aws-module rds-postgres aws-grafana

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 6

v1.2.2 Latest
Aug 29, 2024
+ 5 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages