Blog post

Deploy Grafana to an AWS ECS Fargate Cluster

2022-02-21

11 minute read

Introduction

This tutorial explains how to deploy Grafana to an AWS ECS Fargate cluster with Terraform.

Skill level:

  • Beginner

Prerequisites:

  • An AWS account
  • Credentials configured in ~/.aws/ or environment variables

Overview

We're going to focus on a simple playground environment to get Grafana up and running quickly.

All of our resources will be created with basic Terraform code. No modules or third-party dependencies. Just sweet plain HCL.

What's that you say? You don't have an easy way to collaborate and apply Terraform changes? Oh, the humanity!

Shameless plug: Terrateam Sign Up

Moving on...

Grafana + ECS (Like Lamb and Tuna Fish)

Terrateam engineering (all two of us!) are proud Grafana and ECS users. We love Grafana for its flexibility and native support for all of the data sources we use.

We also prefer ECS over Kubernetes! :shrug:

But that's another post for another day. And yes, it's going to be controversial.

Setup

Grafana Dashboard

We started using Grafana way back in the day when the only data source available was Graphite. We're showing our age. Oh, those were the days...

Anyway, ever since we started using Grafana, we were hooked. Of course, anything was a step up from the old Graphite UI.

Nostalgia screenshot because why not: Graphite UI

Okay, okay. Back to the thing.

Official Docker Image

The fine folks over at Grafana have created an official public docker image.

Also, you can configure Grafana via environment variables.

Phew. This makes life soooo much easier. Thank you Grafana.

Terraform Configuration

1) AWS Provider

1provider "aws" {
2  region = "eu-north-1" # Terrateam likes eu-north-1. You do you boo.
3}
4

2) VPC Configuration

1module "vpc" {
2  source = "terraform-aws-modules/vpc/aws"
3
4  name = "dev"
5  cidr = "10.0.0.0/16"
6
7  azs            = ["eu-north-1a", "eu-north-1b", "eu-north-1c"]
8  public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
9
10  tags = {
11    Terraform   = "true"
12    Environment = "dev"
13  }
14}
15

3) ECS Cluster

1resource "aws_ecs_cluster" "grafana" {
2  name = "grafana"
3}
4

4) Security Group

The security group below opens up the Grafana endpoint to the world. You should restrict access as you see fit.

1resource "aws_security_group" "grafana" {
2  name        = "grafana"
3  description = "Grafana"
4  vpc_id      = module.vpc.vpc_id
5
6  ingress {
7    description = "Grafana"
8    from_port   = 3000
9    to_port     = 3000
10    protocol    = "tcp"
11    cidr_blocks = ["0.0.0.0/0"] # you should change this. really.
12  }
13
14  egress {
15    from_port        = 0
16    to_port          = 0
17    protocol         = "-1"
18    cidr_blocks      = ["0.0.0.0/0"]
19    ipv6_cidr_blocks = ["::/0"]
20  }
21
22  tags = {
23    Name = "grafana"
24  }
25}
26

5) ECS Task Definition

1resource "aws_ecs_task_definition" "grafana" {
2  family                   = "grafana"
3  requires_compatibilities = ["FARGATE"]
4  network_mode             = "awsvpc"
5  cpu                      = "256"
6  memory                   = "512"
7
8  container_definitions = <<DEFINITION
9[
10  {
11    "name": "grafana",
12    "image": "grafana/grafana:latest",
13    "essential": true,
14    "portMappings": [
15      {
16        "containerPort": 3000,
17        "hostPort": 3000
18      }
19    ]
20  }
21]
22DEFINITION
23}
24

6) ECS Service

1resource "aws_ecs_service" "grafana" {
2  name            = "grafana"
3  cluster         = aws_ecs_cluster.grafana.id
4  task_definition = aws_ecs_task_definition.grafana.arn
5  desired_count   = 1
6  network_configuration {
7    subnets          = module.vpc.public_subnets
8    security_groups  = [aws_security_group.grafana.id]
9    assign_public_ip = true
10  }
11  launch_type = "FARGATE"
12}
13

Plan & Apply

1$ terraform plan
2$ terraform apply
3

Grafana Public Endpoint

You can easily grab your new Grafana endpoint navigating to the AWS ECS console.

ECS Services

Navigate to the Tasks tab to see the Grafana task. Drill into the task to see the public IP.

ECS Task

Now you can open up your browser and navigate to the public IP on port 3000.

In the screenshot above, AWS assigned me the public IP of 13.53.131.211.

This means, I can use the following URL: http://13.53.131.211:3000

The link above won't work for you because I restricted the security group like you were supposed to. Sorry (not sorry).

The default Grafana login and password is admin/admin. Please change this immediately upon login!

Closing

There you have it. A fast and easy way to get Grafana up and running on AWS ECS Fargate.

Remember, this is not a productionalized setup. What we've just set up is mainly for a development or sandbox environment to get more familiar with Grafana.

I'd recommend checking out the official Grafana getting started guide.

Thanks for getting this far and I hope you learned something!

Share this article

GitHub App Install to Terraform Apply 🚀