AMG requires AWS SSO enabled in your account. AWS SSO is used as the authentication provider to sign into the AMG workspace.
Enable AWS SSO.
If you have not yet set up AWS Organizations, you will be prompted to create an organization. Choose
Create AWS organization to complete this process.
Now go ahead and create a new AWS SSO user that we will use to provide access to the AMG workspace later.
Users on the left side of AWS SSO console and click
Provide the following required information on next screen
Add user in lower right
Go to the AMG console and provide a workspace name as shown below
Service managed in the
Configure Settings page and click
Next. Choosing this option will allow the wizard to automatically provision the permissions for you based on the AWS services we will choose later on.
Service managed permission settings screen, you can choose to configure Grafana to monitor resources in the same account where you are creating the workspace or allow Grafana to reach into multiple AWS accounts by choosing the
Organization option and providing the necessary OU IDs.
We will simply leave the option to
Current account and select all the Data sources and the Notification channels. Click
In the Review screen, take a look at the options and click on
Once the AMG workspace turns to
ACTIVE, click on
Assign user and select the SSO user created in previously. Click
By default, all newly assigned users are added as
Viewers that only provides read-only permissions on Grafana. To make the user as Administrator, select the user under
Users and select
Make admin. Now you should see that the user is an Administrator.