• Blog
  • Deploy Grafana to ECS with Terraform

Deploy Grafana to an AWS ECS Fargate Cluster

Josh Pollara
Josh Pollara


This tutorial explains how to deploy Grafana to an AWS ECS Fargate cluster with Terraform.

Skill level:

  • Beginner


  • An AWS account
  • Credentials configured in ~/.aws/ or environment variables


We're going to focus on a simple playground environment to get Grafana up and running quickly.

All of our resources will be created with basic Terraform code. No modules or third-party dependencies. Just sweet plain HCL.

What's that you say? You don't have an easy way to collaborate and apply Terraform changes? Oh, the humanity!

Shameless plug: Terrateam Sign Up

Moving on...

Grafana + ECS (Like Lamb and Tuna Fish)

Terrateam engineering (all two of us!) are proud Grafana and ECS users. We love Grafana for its flexibility and native support for all of the data sources we use.

We also prefer ECS over Kubernetes! :shrug:

But that's another post for another day. And yes, it's going to be controversial.


Grafana Dashboard

We started using Grafana way back in the day when the only data source available was Graphite. We're showing our age. Oh, those were the days...

Anyway, ever since we started using Grafana, we were hooked. Of course, anything was a step up from the old Graphite UI.

Nostalgia screenshot because why not: Graphite UI

Okay, okay. Back to the thing.

Official Docker Image

The fine folks over at Grafana have created an official public docker image.

Also, you can configure Grafana via environment variables.

Phew. This makes life soooo much easier. Thank you Grafana.

Terraform Configuration

  1. AWS Provider
provider "aws" {
  region = "eu-north-1" # Terrateam likes eu-north-1. You do you boo.
  1. VPC Configuration
module "vpc" {
  source = "terraform-aws-modules/vpc/aws"
  name = "dev"
  cidr = ""
  azs            = ["eu-north-1a", "eu-north-1b", "eu-north-1c"]
  public_subnets = ["", "", ""]
  tags = {
    Terraform   = "true"
    Environment = "dev"
  1. ECS Cluster
resource "aws_ecs_cluster" "grafana" {
  name = "grafana"
  1. Security Group

The security group below opens up the Grafana endpoint to the world. You should restrict access as you see fit.

resource "aws_security_group" "grafana" {
  name        = "grafana"
  description = "Grafana"
  vpc_id      = module.vpc.vpc_id
  ingress {
    description = "Grafana"
    from_port   = 3000
    to_port     = 3000
    protocol    = "tcp"
    cidr_blocks = [""] # you should change this. really.
  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = [""]
    ipv6_cidr_blocks = ["::/0"]
  tags = {
    Name = "grafana"
  1. ECS Task Definition
resource "aws_ecs_task_definition" "grafana" {
  family                   = "grafana"
  requires_compatibilities = ["FARGATE"]
  network_mode             = "awsvpc"
  cpu                      = "256"
  memory                   = "512"
  container_definitions = <<DEFINITION
    "name": "grafana",
    "image": "grafana/grafana:latest",
    "essential": true,
    "portMappings": [
        "containerPort": 3000,
        "hostPort": 3000
  1. ECS Service
resource "aws_ecs_service" "grafana" {
  name            = "grafana"
  cluster         = aws_ecs_cluster.grafana.id
  task_definition = aws_ecs_task_definition.grafana.arn
  desired_count   = 1
  network_configuration {
    subnets          = module.vpc.public_subnets
    security_groups  = [aws_security_group.grafana.id]
    assign_public_ip = true
  launch_type = "FARGATE"

Plan & Apply

$ terraform plan
$ terraform apply

Grafana Public Endpoint

You can easily grab your new Grafana endpoint navigating to the AWS ECS console.

ECS Services

Navigate to the Tasks tab to see the Grafana task. Drill into the task to see the public IP.

ECS Task

Now you can open up your browser and navigate to the public IP on port 3000.

In the screenshot above, AWS assigned me the public IP of

This means, I can use the following URL:

The link above won't work for you because I restricted the security group like you were supposed to. Sorry (not sorry).

The default Grafana login and password is admin/admin. Please change this immediately upon login!


There you have it. A fast and easy way to get Grafana up and running on AWS ECS Fargate.

Remember, this is not a productionalized setup. What we've just set up is mainly for a development or sandbox environment to get more familiar with Grafana.

I'd recommend checking out the official Grafana getting started guide.

Thanks for getting this far and I hope you learned something!