AWS RDS as Datasource in AWS Managed Grafana

Asked 1/11, 2021 at 4:30 Answered 30/3, 2022 at 19:55

I thought this was going to be easy but unfortunately, I was wrong. I just made an AWS-hosted Grafana workspace. I'd like to query an AWS RDS instance for some data. I am struggling to find out how I would add the Hosted Grafana instance into a security group so it would be allowed to access the RDS.

I did check the Docs!

Has anyone done this before that could help me out?

Thanks!

Lover answered 1/11, 2021 at 4:30 Comment(2)

You haven't provide any relevant information. What exactly is happening? Any errors? What is your RDS setup? What are current security groups? Can you access your RDS without graphana? – Proportionate 1/11, 2021 at 4:51

It gets a time-out error because my RDS is part of a security group that the hosted Grafana obviously can't access. I am using My-SQL. I can access the RDS with other services with no issues. I guess the question distills down to "what IP do I need to add to my RDS SG to allow access from a hosted Grafana instance" I'm 100% self-taught on AWS. So I apologize in advance if I've left anything out. – Lover 1/11, 2021 at 11:47

Ran into a similar problem, AWS Team told me that if your database is sitting in a non-default VPC and is publically accessible, then you have to whitelist IP address in your security group based on your region of managed grafana.

Here is the list of ip addresses based on the region.

•       us-east-1: 35.170.12.166 54.88.16.229 3.234.162.252 54.160.119.132 
        54.196.72.13 3.213.190.135 54.83.225.191 3.234.173.51 107.22.41.194
•       eu-central-1: 18.185.12.232, 3.69.106.181, 52.29.127.210
•       us-west-2: 44.230.70.68, 34.208.176.166, 35.82.14.62
•       us-east-2: 18.116.131.87, 18.117.203.54
•       eu-west-1: 52.30.158.152, 54.247.159.227, 54.170.69.237, 52.210.87.10, 
        54.73.6.128, b54.78.34.200, 54.216.218.40, 176.34.91.249, 34.246.52.247
•       us-east-2: 35.170.12.166, 54.88.16.229, 3.234.162.252, 54.160.119.132, 
        54.196.72.13, 3.213.190.135, 54.83.225.191, 3.234.173.51, 107.22.41.194

You can refer the documentation provided by aws on how to connect to the database at: AMG Postgresql Connection

Patroon answered 30/3, 2022 at 19:55 Comment(2)

Thank you! I am using ap-southeast-2. I could only find this - link (grafana.ap-southeast-2.amazonaws.com) How did you track down the exact IP addresses? – Lover 3/4, 2022 at 2:59

The ip address are mentioned in AWS managed grafana documentation. They were given to me by the AWS Team. – Patroon 5/4, 2022 at 17:1

I had to do the same thing, and in the end the only way I could find out the IP address was to look through the VPC flow logs to see what was hitting the IP address of the RDS instance.

AWS has many IP addresses it can use for this and unfortunately there is no way to assign a specific IP address or security group to grafana.

So you need to set up a few things to get it to work, and there is no guarantee that the IP address for your AWS hosted Grafana won't change on you.

If you don't have it already, set up a VPC for your AWS infrastructure. Steps 1-3 in this article will set up what you need to do.
Set up Flow Logs for your VPC. These will capture the traffic in and out of the network interfaces and you can filter on the IP address of your RDS instance and the Postgres port. This article explains how to set it up.
Once you capture the IP address you can add it to the security group for the RDS instance.

One thing I have found is that I get regular time outs when querying RDS Postgres from AWS hosted grafana. It works fine, then it doesn't, then it works again. I've not found a to increase the timeout or solve the issue yet.

Xenolith answered 23/11, 2021 at 20:4 Comment(0)

Recommended topics

Hot tags