Esta documentação é somente para a versão 1 da AWS CLI.
Anunciamos o próximo fim do suporte para a AWS CLI versão 1. É recomendável migrar para a AWS CLI versão 2. Para saber as datas e receber detalhes e informações adicionais sobre como migrar, consulte o anúncio
Exemplos do Amazon Managed Grafana de uso da AWS CLI com script Bash
Os exemplos de código a seguir mostram como realizar ações e implementar cenários comuns usando a AWS Command Line Interface com script Bash por meio do Amazon Managed Grafana.
Cenários são exemplos de código que mostram como realizar tarefas específicas chamando várias funções dentro de um serviço ou combinadas com outros Serviços da AWS.
Cada exemplo inclui um link para o código-fonte completo, em que você pode encontrar instruções sobre como configurar e executar o código.
Tópicos
Cenários
O exemplo de código a seguir mostra como:
Criar um perfil do IAM para seu espaço de trabalho.
Criar um espaço de trabalho do Grafana.
Configurar autenticação.
Definir configurações opcionais.
Limpar recursos.
- AWS CLI com script Bash
-
nota
Há mais no GitHub. Encontre o exemplo completo e saiba como configurar e executar no repositório Sample developer tutorials
. #!/bin/bash # Amazon Managed Grafana Workspace Creation Script # This script creates an Amazon Managed Grafana workspace and configures it # Set up logging LOG_FILE="grafana-workspace-creation.log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting Amazon Managed Grafana workspace creation script at $(date)" echo "All commands and outputs will be logged to $LOG_FILE" # Function to check for errors in command output check_error() { local output=$1 local cmd=$2 if echo "$output" | grep -i "error\|exception\|fail" > /dev/null; then echo "ERROR: Command '$cmd' failed with output:" echo "$output" cleanup_on_error exit 1 fi } # Function to clean up resources on error cleanup_on_error() { echo "Error encountered. Attempting to clean up resources..." if [ -n "$WORKSPACE_ID" ]; then echo "Deleting workspace $WORKSPACE_ID..." aws grafana delete-workspace --workspace-id "$WORKSPACE_ID" fi if [ -n "$ROLE_NAME" ]; then echo "Detaching policies from role $ROLE_NAME..." if [ -n "$POLICY_ARN" ]; then aws iam detach-role-policy --role-name "$ROLE_NAME" --policy-arn "$POLICY_ARN" fi echo "Deleting role $ROLE_NAME..." aws iam delete-role --role-name "$ROLE_NAME" fi if [ -n "$POLICY_ARN" ]; then echo "Deleting policy..." aws iam delete-policy --policy-arn "$POLICY_ARN" fi # Clean up JSON files rm -f trust-policy.json cloudwatch-policy.json echo "Cleanup completed. See $LOG_FILE for details." } # Generate a random identifier for resource names RANDOM_ID=$(openssl rand -hex 4) WORKSPACE_NAME="GrafanaWorkspace-${RANDOM_ID}" ROLE_NAME="GrafanaWorkspaceRole-${RANDOM_ID}" echo "Using workspace name: $WORKSPACE_NAME" echo "Using role name: $ROLE_NAME" # Step 1: Get AWS account ID echo "Getting AWS account ID..." ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) check_error "$ACCOUNT_ID" "get-caller-identity" echo "AWS Account ID: $ACCOUNT_ID" # Step 2: Create IAM role for Grafana workspace echo "Creating IAM role for Grafana workspace..." # Create trust policy document cat > trust-policy.json << EOF { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "grafana.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF # Create IAM role ROLE_OUTPUT=$(aws iam create-role \ --role-name "$ROLE_NAME" \ --assume-role-policy-document file://trust-policy.json \ --description "Role for Amazon Managed Grafana workspace") check_error "$ROLE_OUTPUT" "create-role" aws iam tag-role --role-name "$ROLE_NAME" \ --tags Key=project,Value=doc-smith Key=tutorial,Value=amazon-managed-grafana-gs echo "IAM role created successfully" # Extract role ARN ROLE_ARN=$(echo "$ROLE_OUTPUT" | grep -o '"Arn": "[^"]*' | cut -d'"' -f4) echo "Role ARN: $ROLE_ARN" # Attach policies to the role echo "Attaching policies to the role..." # CloudWatch policy cat > cloudwatch-policy.json << EOF { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics", "cloudwatch:GetMetricData" ], "Resource": "*" } ] } EOF POLICY_OUTPUT=$(aws iam create-policy \ --policy-name "GrafanaCloudWatchPolicy-${RANDOM_ID}" \ --policy-document file://cloudwatch-policy.json) check_error "$POLICY_OUTPUT" "create-policy" POLICY_ARN=$(echo "$POLICY_OUTPUT" | grep -o '"Arn": "[^"]*' | cut -d'"' -f4) echo "CloudWatch policy ARN: $POLICY_ARN" ATTACH_OUTPUT=$(aws iam attach-role-policy \ --role-name "$ROLE_NAME" \ --policy-arn "$POLICY_ARN") check_error "$ATTACH_OUTPUT" "attach-role-policy" echo "CloudWatch policy attached to role" # Step 3: Create the Grafana workspace echo "Creating Amazon Managed Grafana workspace..." WORKSPACE_OUTPUT=$(aws grafana create-workspace \ --workspace-name "$WORKSPACE_NAME" \ --authentication-providers "SAML" \ --permission-type "CUSTOMER_MANAGED" \ --account-access-type "CURRENT_ACCOUNT" \ --workspace-role-arn "$ROLE_ARN" \ --workspace-data-sources "CLOUDWATCH" "PROMETHEUS" "XRAY" \ --grafana-version "10.4" \ --tags Environment=Development,project=doc-smith,tutorial=amazon-managed-grafana-gs) check_error "$WORKSPACE_OUTPUT" "create-workspace" echo "Workspace creation initiated:" echo "$WORKSPACE_OUTPUT" # Extract workspace ID WORKSPACE_ID=$(echo "$WORKSPACE_OUTPUT" | grep -o '"id": "[^"]*' | cut -d'"' -f4) if [ -z "$WORKSPACE_ID" ]; then echo "ERROR: Failed to extract workspace ID from output" exit 1 fi echo "Workspace ID: $WORKSPACE_ID" # Step 4: Wait for workspace to become active echo "Waiting for workspace to become active. This may take several minutes..." ACTIVE=false MAX_ATTEMPTS=30 ATTEMPT=0 while [ $ACTIVE = false ] && [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do ATTEMPT=$((ATTEMPT+1)) echo "Checking workspace status (attempt $ATTEMPT of $MAX_ATTEMPTS)..." DESCRIBE_OUTPUT=$(aws grafana describe-workspace --workspace-id "$WORKSPACE_ID") check_error "$DESCRIBE_OUTPUT" "describe-workspace" STATUS=$(echo "$DESCRIBE_OUTPUT" | grep -o '"status": "[^"]*' | cut -d'"' -f4) echo "Current status: $STATUS" if [ "$STATUS" = "ACTIVE" ]; then ACTIVE=true echo "Workspace is now ACTIVE" elif [ "$STATUS" = "FAILED" ]; then echo "ERROR: Workspace creation failed" cleanup_on_error exit 1 else echo "Workspace is still being created. Waiting 30 seconds..." sleep 30 fi done if [ $ACTIVE = false ]; then echo "ERROR: Workspace did not become active within the expected time" cleanup_on_error exit 1 fi # Extract workspace endpoint URL WORKSPACE_URL=$(echo "$DESCRIBE_OUTPUT" | grep -o '"endpoint": "[^"]*' | cut -d'"' -f4) echo "Workspace URL: https://$WORKSPACE_URL" # Step 5: Display workspace information echo "" echo "===========================================" echo "WORKSPACE INFORMATION" echo "===========================================" echo "Workspace ID: $WORKSPACE_ID" echo "Workspace URL: https://$WORKSPACE_URL" echo "Workspace Name: $WORKSPACE_NAME" echo "IAM Role: $ROLE_NAME" echo "" echo "Note: Since SAML authentication is used, you need to configure SAML settings" echo "using the AWS Management Console or the update-workspace-authentication command." echo "===========================================" # Step 6: Prompt for cleanup echo "" echo "===========================================" echo "CLEANUP CONFIRMATION" echo "===========================================" echo "Resources created:" echo "- Amazon Managed Grafana workspace: $WORKSPACE_ID" echo "- IAM Role: $ROLE_NAME" echo "- IAM Policy: GrafanaCloudWatchPolicy-${RANDOM_ID}" echo "" echo "Do you want to clean up all created resources? (y/n): " read -r CLEANUP_CHOICE if [[ "$CLEANUP_CHOICE" =~ ^[Yy] ]]; then echo "Cleaning up resources..." echo "Deleting workspace $WORKSPACE_ID..." DELETE_OUTPUT=$(aws grafana delete-workspace --workspace-id "$WORKSPACE_ID") check_error "$DELETE_OUTPUT" "delete-workspace" echo "Waiting for workspace to be deleted..." DELETED=false ATTEMPT=0 while [ $DELETED = false ] && [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do ATTEMPT=$((ATTEMPT+1)) echo "Checking deletion status (attempt $ATTEMPT of $MAX_ATTEMPTS)..." if aws grafana describe-workspace --workspace-id "$WORKSPACE_ID" 2>&1 | grep -i "not found\|does not exist" > /dev/null; then DELETED=true echo "Workspace has been deleted" else echo "Workspace is still being deleted. Waiting 30 seconds..." sleep 30 fi done if [ $DELETED = false ]; then echo "WARNING: Workspace deletion is taking longer than expected. It may still be in progress." fi # Detach policy from role echo "Detaching policy from role..." aws iam detach-role-policy \ --role-name "$ROLE_NAME" \ --policy-arn "$POLICY_ARN" # Delete policy echo "Deleting IAM policy..." aws iam delete-policy \ --policy-arn "$POLICY_ARN" # Delete role echo "Deleting IAM role..." aws iam delete-role \ --role-name "$ROLE_NAME" # Clean up JSON files rm -f trust-policy.json cloudwatch-policy.json echo "Cleanup completed" else echo "Skipping cleanup. Resources will remain in your AWS account." fi echo "Script completed at $(date)"-
Consulte detalhes da API nos tópicos a seguir na Referência de comandos da AWS CLI.
-
