AI-powered Observability for Lambda
Dec 3, 2021. 10 min
Grafana is a popular open-source software that allows you to visualize your data. AWS Cognito (see video) is designed to deal with user management, authentication/authorization.
You are setting up Grafana in AWS for your organization. You want to avoid the hassle of adding and managing users in Grafana.
You want to use Cognito to login to Grafana. By default there are 3 roles available in Grafana - Admin, Editor and Viewer. You want to map the Cognito user groups with the corresponding roles in Grafana.
In this blog, I am assuming you know how to do the following:
In order to configure Grafana, first we have to edit grafana.ini and enable generic_auth there. To map Grafana roles, edit line number 10. Grafana uses JMeshPath to maps roles from the response it gets from Cognito after a successful login.
1. [auth.generic_oauth]
2. enabled = true
3. name = OAuth
4. allow_sign_up = true
5. client_id =
6. scopes =
7. auth_url =
8. token_url =
9. api_url =
10. role_attribute_path = "cognito:roles" | contains([*], 'arn:aws:iam:::role/') && 'Admin' || 'Editor'
For Cognito, you have to configure the App client as shown below.
CloudAEye is building an observability platform that brings together logs, metrics, traces for your operations team. It enables setup of enterprise grade observability in minutes. If you want to let someone else maintain the observability platform for you, please join our Early Access.
Vishal works as a Principal Engineer at CloudAEye. He graduated from IIT Bombay and held engineering leadership roles at PeopleGrove. Vishal has a keen interest in applied sciences and mathematics. Vishal likes traveling and seeing the culture / cuisines / history of places. He has traveled over 15 countries so far.