Getting started with Amazon Managed Service for Grafana - AWS Managed Service for Grafana

Getting started with Amazon Managed Service for Grafana

Amazon Managed Service for Grafana (AMG) is in preview. Features may be added or changed before announcing General Availability.

The preview currently supports the following Regions:

  • US East (N. Virginia)

  • Europe (Ireland)

This tutorial helps you quickly get started with Amazon Managed Service for Grafana. You will create your first workspace and then connect to the Grafana console in that workspace.

Create a workspace

AMG works with AWS Single Sign-On to provide identity federation and single sign-on. AMG works with AWS Organizations to make it easier to centrally manage your AMG users across multiple AWS accounts. AMG also works with AWS CloudFormation StackSets to make it easier to create and manage the required IAM policies to access your AWS data sources across multiple AWS accounts and Regions.

If you are creating your first AMG workspace in an account that is not a member of an organization, and you are logged in as the root user or an IAM user with administrative privileges, you can go ahead and start creating your workspace. If you are not logged on as the root user, you must be logged on to an account that has the AWSGrafanaAccountAdministrator, AWSSSOMemberAccountAdministrator, and AWSSSODirectoryAdministrator policies. For more information, see see Create and manage AMG workspaces and users in a single standalone account.

If you are using an account that is a member of an organization, you must first understand how AMG works with these services before you create the AMG workspace. For more information, see How AMG works with AWS SSO and AWS Organizations.

The steps in this procedure are just meant to help you try out the service quickly. They do not use federation with a third-party identity provider. If you want to use federation with a third-party provider, use the procedure in Creating a workspace.

A workspace is a logical Grafana server. You can have one or more workspaces in each Region in your account.

Amazon Managed Service for Grafana uses AWS Single Sign-On to manage access to Grafana workspaces. When you create a workspace, AMG enables AWS SSO in your account, if it is not already enabled. For more information about AWS SSO, see For more information about AWS SSO, see What is AWS Single Sign-On.

When AMG enables AWS SSO, it also automatically enables AWS Organizations in your account, and creates and organization for you. For more information about Organizations, see What is AWS Organizations


To create a workspace in an account that is already a member of an AWS organization, AWS SSO must be enabled in the management account of the organization. If you enabled AWS SSO in the management account before November 25th, 2019, you must also enable AWS SSO-integrated applications in the management account. For more information, see AWS SSO-integrated applications.

To create a workspace in AMG

  1. Open the AMG console at

  2. Choose Create workspace.

  3. For Workspace name, enter a unique name for the workspace.

    You can also optionally enter a description for the workspace.

  4. Choose Next.

  5. If you have not already enabled AWS Single Sign-On in your account, you are prompted to enable it by creating your first AWS SSO user. AWS SSO handles user management for access to AMG workspaces.

    To enable AWS SSO, follow these steps:

    1. Choose Create user.

    2. Enter an email address, first name, and last name for the user, and choose Create user. For this tutorial, use the name and email address of the account that you want to use to try out AMG. You'll receive an email message prompting you to create a password for this account for AWS SSO.


    The user that you have created does not automatically have access to your AMG workspace. You'll provide the user with access to the workspace in the workspace details page in a later step.

  6. For this first workspace, confirm that Service managed is selected for Permission type. This selection enables AMG to provision automatically the permissions you'll need for the AWS data sources that you choose to use for this workspace.

  7. For this tutorial, choose Current account.

  8. (Optional) Select the data sources that you will want to query in this workspace. For this getting started tutorial, you do not need to select any data sources. However, if you plan to use this workspace with any of the listed data sources, select them here.

    Selecting data sources enables AMG to create AWS Identity and Access Management (IAM) policies for each of the selected data sources so that AMG has permission to read their data. This does not completely set up these services as data sources for the Grafana workspace. You can do that within the Grafana workspace console.

  9. (Optional) If you want Grafana alerts from this workspace to be sent to an Amazon Simple Notification Service (Amazon SNS) notification channel, select Amazon SNS. This enables AMG to create an IAM policy to publish to the Amazon SNS topics in your account with TopicName values that start with grafana. This does not completely set up Amazon SNS as a notification channel for the workspace. You can do that within the Grafana console in the workspace.

  10. Choose Next.

  11. Confirm that the workspace details are what you want, and choose Create workspace.

    The workspace details page appears.

    Initially, the Status is CREATING.


    Wait until the status is ACTIVE before you move on to assigning your AWS SSO users access to the workspace. You might need to refresh your browser to see the current status.

  12. In the Users tab, choose Assign user.

  13. Select the check box next to the user that you want to grant workspace access to, and choose Assign user.

  14. Confirm that the check box next to the user is still selected, and choose Make admin.


    Assign at least one user as Admin for each workspace, in order to log into the Grafana workspace console to manage the workspace.

  15. In the workspace details page, choose the URL displayed under Grafana workspace URL.

  16. Choosing the workspace URL takes you to the landing page for the Grafana workspace console. Choose Sign in with AWS SSO, and enter the email address and password of the user that you created earlier in this procedure. The login will work only if you have responded to the email from AMG that prompted you to create a password for AWS SSO.

    You are now in your Grafana workspace, or logical Grafana server. You can start adding data sources to query, visualize, and analyze data. For more information, see Working in your Grafana workspace.