GithubHelp home page GithubHelp logo

oauthbringer / grafana-fargate Goto Github PK

View Code? Open in Web Editor NEW

This project forked from ulikabbq/grafana-fargate

0.0 1.0 0.0 30 KB

Grafana buildout on AWS Fargate and Aurora

Dockerfile 5.95% HCL 93.83% Shell 0.22%

grafana-fargate's Introduction

Grafana Fargate Terraform Module

This is a terraform module for Grafana running on AWS fargate with an Aurora RDS MySQL backend.

Here is the blog post that covers this setup:
https://medium.com/247sports-engineering/highly-available-grafana-running-on-aws-fargate-and-rds-aurora-2bbea9d41b50

Information / Prerequisites

Even though this terraform module will setup all the infrastructure you need, there are a couple of manual steps. To setup the database it requires running a bastion host and executing 3 mysql commands and there are 2 ssm parameters that are expected to be in the account.

The 2 secrets that should be stored in ssm BEFORE running the module are /grafana/GF_DATABASE_PASSWORD and /grafana/GF_SECURITY_ADMIN_PASSWORD

Run an aws cli command to create the database password

aws ssm put-parameter --name "/grafana/GF_DATABASE_PASSWORD" --type "SecureString" --value "foo"

Run an aws cli command to create the grafana password

aws ssm put-parameter --name "/grafana/GF_SECURITY_ADMIN_PASSWORD" --type "SecureString" --value "bar"

Setup

Because this setup enforces HTTPS, it is required to provide a DNS name space, a Route53 zone id, and certificate arn. There are also 2 secret values that should be manually created. Run the commands below to set the database password and the admin password for grafana.

Example

module "grafana" {
  source = "[email protected]:ulikabbq/grafana-fargate?ref=v0.3//tf"

  account_id    = "883447927050"
  dns_zone      = "E37HSFATM75UF"
  dns_name      = "grafana.exampledomain.com"
  cert_arn      = "arn:aws:acm:us-east-1:883447927050:certificate/c037931f-c278-4cc4-a228-a2a7ea751dc5"
  vpc_id        = "vpc-04e9a561"
  subnets       = ["subnet-61swn044xb5p"]
  lb_subnets    = ["subnet-7p20dzd4d68o", "subnet-2drmc0b737ij"]
  db_subnet_ids = ["subnet-9i3qthun5kr8", "subnet-76sm7yb9ofja"]

  //bastion setup
  bastion_count         = "1"
  key                   = "bastion"
  bastion_whitelist_ips = ["0.0.0.0/0"]
  bastion_subnet        = "subnet-7p20dzd4d68o"

  aws_account_ids = {
    default = "883447927050"
  }
}

output "grafana_rds" {
  value = "${module.grafana.grafana_rds}"
}

output "grafana_bastion_ip" {
  value = "${module.grafana.grafana_bastion_ip}"
}

output "grafana_role" {
  value = "${module.grafana.grafana_role}"
}

Available Variables

aws_region: the default region is us-east-1

account_id: (Required) the account to run the grafana service

aws_account_ids the other account ids you wish to monitor

whitelist_ips: the default is 0.0.0.0/0 so anyone would be able to reach the grafana instance. this is a list variable of ip addresses that can access grafana

bastion_whitelist_ips the default is 0.0.0.0/0 so anyone would be able to ssh to the bastion instance. this is a list variable of ip addresses that can access the bastion host

dns_zone: (Required) the Route53 zone id. this id is used to create the dns name

dns_name: (Required) the dns name for the grafana service. example: grafana.example.com

cert_arn (Required)

vpc_id (Required)

subnets (Required)

lb_subnets (Required)

db_subnet_ids (Required)

db_instance_type the default is db.t2.small

image_url the default is ulikabbq/grafana:v0.1

nginx_image_url the default is ulikabbq/nginx_grafana:v0.1

bastion_count the number of bastion host. the deafult is 1, but set to 0 when the Aurora setup is complete

key the key used to ssh into the bastion

bastion_whitelist_ips the list of allowed ips to ssh to the bastion

bastion_subnet the subnet for the bastion host

Aurora Setup

Log into the bastion to access the Aurora database and run these commands:

mysql> GRANT USAGE ON `grafana`.* to 'grafana'@'<grafana-instance-001-EXAMPLE.us-east-1.rds.amazonaws.com>' identified by '<the password stored in ssm>';

mysql> GRANT ALL PRIVILEGES ON `grafana`.* to 'grafana'@'<grafana-instance-001-EXAMPLE.us-east-1.rds.amazonaws.com>' with grant option;

mysql> flush privileges;

Grafana Configuration

To Do: Add the grafana configuration to set the datasource in the base account.

grafana-fargate's People

Contributors

robmarlow avatar ulikabbq avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.