cloud-integrations
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseGrafana Cloud Integrations
Grafana Cloud集成
Grafana Cloud Integrations connect cloud provider monitoring APIs to your Grafana stack without
running your own exporters. Hosted exporters scrape cloud APIs on your behalf and push metrics
to your Grafana Cloud stack.
Supported hosted exporters:
- AWS CloudWatch - all CloudWatch namespaces via YACE (Yet Another CloudWatch Exporter)
- Azure Monitor - Azure resource metrics via the Azure Monitor API
- Confluent Cloud - Kafka cluster metrics via the Confluent Metrics API
- Generic HTTP endpoint - any Prometheus-format endpoint behind auth
/metrics
AWS Firehose receiver - ingests CloudWatch Logs and Metrics Streams pushed via Kinesis
Firehose (near real-time, lower latency than API scraping).
Grafana Cloud集成可将云服务商的监控API连接到你的Grafana栈,无需自行运行导出器。托管导出器会代表你抓取云API,并将指标推送到你的Grafana Cloud栈。
支持的托管导出器:
- AWS CloudWatch - 通过YACE(Yet Another CloudWatch Exporter)支持所有CloudWatch命名空间
- Azure Monitor - 通过Azure Monitor API获取Azure资源指标
- Confluent Cloud - 通过Confluent Metrics API获取Kafka集群指标
- 通用HTTP端点 - 支持任何带认证的Prometheus格式端点
/metrics
AWS Firehose接收器 - 接收通过Kinesis Firehose推送的CloudWatch日志和指标流(近乎实时,延迟低于API抓取)。
Step 1: Navigate to Connections
步骤1:导航到连接页面
In Grafana Cloud: Connections > Add new connection (or ).
Connections > Cloud ProviderAvailable paths:
- AWS CloudWatch - hosted exporter + optional Firehose receiver
- Azure Monitor - hosted exporter
- Confluent Cloud - hosted exporter
- All integrations - full catalog including Linux, MySQL, Kubernetes, etc.
在Grafana Cloud中:Connections > Add new connection(或)。
Connections > Cloud Provider可用路径:
- AWS CloudWatch - 托管导出器 + 可选Firehose接收器
- Azure Monitor - 托管导出器
- Confluent Cloud - 托管导出器
- 所有集成 - 完整目录,包含Linux、MySQL、Kubernetes等
Step 2: AWS CloudWatch integration
步骤2:AWS CloudWatch集成
Option A: Hosted exporter (polling)
选项A:托管导出器(轮询方式)
The hosted exporter scrapes CloudWatch API every 60s. Latency: ~1-5 minutes.
Required IAM permissions (minimum):
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"tag:GetResources",
"ec2:DescribeInstances",
"ec2:DescribeRegions"
],
"Resource": "*"
}
]
}Setup steps:
- Create an IAM user or role with the policy above
- Generate an access key pair (for IAM user) or configure cross-account role assumption
- In Grafana Cloud: Connections > AWS > Configure hosted exporter
- Enter: AWS Access Key ID, Secret Access Key, region(s), CloudWatch namespaces to scrape
- Grafana provisions the exporter and begins scraping within 2-3 minutes
Supported namespaces: EC2, RDS, ELB/ALB, S3, Lambda, ECS, SQS, SNS, ElastiCache,
Kinesis, DynamoDB, and 50+ others.
托管导出器每60秒抓取一次CloudWatch API。延迟:约1-5分钟。
所需最小IAM权限:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"tag:GetResources",
"ec2:DescribeInstances",
"ec2:DescribeRegions"
],
"Resource": "*"
}
]
}设置步骤:
- 创建带有上述策略的IAM用户或角色
- 生成访问密钥对(适用于IAM用户)或配置跨账户角色假设
- 在Grafana Cloud中:Connections > AWS > Configure hosted exporter
- 输入:AWS Access Key ID、Secret Access Key、区域、要抓取的CloudWatch命名空间
- Grafana会配置导出器,并在2-3分钟内开始抓取
支持的命名空间: EC2、RDS、ELB/ALB、S3、Lambda、ECS、SQS、SNS、ElastiCache、Kinesis、DynamoDB及其他50+种。
Option B: AWS Firehose receiver (streaming)
选项B:AWS Firehose接收器(流式方式)
Near-real-time metrics and logs via CloudWatch Metric Streams and CloudWatch Logs subscriptions.
Architecture:
CloudWatch Metric Streams → Kinesis Firehose → Grafana Cloud Firehose Receiver
CloudWatch Logs (subscription filter) → Kinesis Firehose → Grafana Cloud Firehose ReceiverSetup:
- In Grafana Cloud: Connections > AWS > Firehose receiver
- Grafana provides an HTTPS endpoint URL and access token
- In AWS, create a Kinesis Firehose delivery stream:
- Destination: HTTP endpoint
- Endpoint URL: (from step 2)
- Access key: (from step 2)
- Content encoding: GZIP
- Create a CloudWatch Metric Stream pointing at the Firehose stream:
- Output format:
OpenTelemetry 1.0 - Namespaces: select or include all
- Output format:
- For logs: add a CloudWatch Logs subscription filter pointing at the Firehose stream
Terraform for Firehose setup:
hcl
resource "aws_cloudwatch_metric_stream" "grafana_cloud" {
name = "grafana-cloud-metrics"
role_arn = aws_iam_role.firehose_role.arn
firehose_arn = aws_kinesis_firehose_delivery_stream.grafana.arn
output_format = "opentelemetry1.0"
# Optionally scope to specific namespaces
# include_filter { namespace = "AWS/EC2" }
# include_filter { namespace = "AWS/RDS" }
}
resource "aws_kinesis_firehose_delivery_stream" "grafana" {
name = "grafana-cloud-stream"
destination = "http_endpoint"
http_endpoint_configuration {
url = var.grafana_firehose_endpoint
access_key = var.grafana_firehose_access_key
name = "Grafana Cloud"
content_encoding = "GZIP"
s3_configuration {
role_arn = aws_iam_role.firehose_role.arn
bucket_arn = aws_s3_bucket.firehose_backup.arn
}
}
}通过CloudWatch Metric Streams和CloudWatch日志订阅实现近乎实时的指标和日志传输。
架构:
CloudWatch Metric Streams → Kinesis Firehose → Grafana Cloud Firehose Receiver
CloudWatch Logs(订阅过滤器)→ Kinesis Firehose → Grafana Cloud Firehose Receiver设置步骤:
- 在Grafana Cloud中:Connections > AWS > Firehose receiver
- Grafana会提供HTTPS端点URL和访问令牌
- 在AWS中,创建Kinesis Firehose传输流:
- 目标:HTTP端点
- 端点URL:(来自步骤2)
- 访问密钥:(来自步骤2)
- 内容编码:GZIP
- 创建指向Firehose流的CloudWatch Metric Stream:
- 输出格式:
OpenTelemetry 1.0 - 命名空间:选择特定命名空间或全部包含
- 输出格式:
- 对于日志:添加指向Firehose流的CloudWatch日志订阅过滤器
Firehose设置的Terraform代码:
hcl
resource "aws_cloudwatch_metric_stream" "grafana_cloud" {
name = "grafana-cloud-metrics"
role_arn = aws_iam_role.firehose_role.arn
firehose_arn = aws_kinesis_firehose_delivery_stream.grafana.arn
output_format = "opentelemetry1.0"
# 可选:限定特定命名空间
# include_filter { namespace = "AWS/EC2" }
# include_filter { namespace = "AWS/RDS" }
}
resource "aws_kinesis_firehose_delivery_stream" "grafana" {
name = "grafana-cloud-stream"
destination = "http_endpoint"
http_endpoint_configuration {
url = var.grafana_firehose_endpoint
access_key = var.grafana_firehose_access_key
name = "Grafana Cloud"
content_encoding = "GZIP"
s3_configuration {
role_arn = aws_iam_role.firehose_role.arn
bucket_arn = aws_s3_bucket.firehose_backup.arn
}
}
}Step 3: Azure Monitor integration
步骤3:Azure Monitor集成
Required Azure permissions:
Create a service principal with the Monitoring Reader role on the subscription(s) to monitor.
bash
undefined所需Azure权限:
创建一个服务主体,为其分配要监控的订阅的Monitoring Reader角色。
bash
undefinedCreate service principal
创建服务主体
az ad sp create-for-rbac --name grafana-cloud-monitoring
--role "Monitoring Reader"
--scopes /subscriptions/<SUBSCRIPTION_ID>
--role "Monitoring Reader"
--scopes /subscriptions/<SUBSCRIPTION_ID>
az ad sp create-for-rbac --name grafana-cloud-monitoring
--role "Monitoring Reader"
--scopes /subscriptions/<SUBSCRIPTION_ID>
--role "Monitoring Reader"
--scopes /subscriptions/<SUBSCRIPTION_ID>
Output: appId (client ID), password (client secret), tenant
输出:appId(客户端ID)、password(客户端密钥)、tenant
**Setup in Grafana Cloud:**
1. Connections > Azure > Configure hosted exporter
2. Enter: Tenant ID, Client ID, Client Secret, Subscription IDs
3. Select resource types to monitor (VMs, App Services, AKS, SQL, etc.)
4. The exporter begins scraping within 2-3 minutes
**Supported resource types:** Virtual Machines, App Service Plans, AKS, Azure SQL, CosmosDB,
Storage Accounts, Event Hubs, Service Bus, Application Gateway, and others.
---
**在Grafana Cloud中设置:**
1. Connections > Azure > Configure hosted exporter
2. 输入:Tenant ID、Client ID、Client Secret、Subscription IDs
3. 选择要监控的资源类型(虚拟机、应用服务、AKS、SQL等)
4. 导出器会在2-3分钟内开始抓取
**支持的资源类型:** 虚拟机、应用服务计划、AKS、Azure SQL、CosmosDB、存储账户、事件中心、服务总线、应用网关及其他。
---Step 4: Confluent Cloud integration
步骤4:Confluent Cloud集成
Required Confluent API credentials:
- In Confluent Cloud: Environment > API Keys (or Cloud API Keys for organization-level)
- Create a Metrics API key (not a Kafka API key) with role
MetricsViewer - Note the API Key and Secret
Setup in Grafana Cloud:
- Connections > Confluent > Configure hosted exporter
- Enter: Confluent API Key, API Secret, Environment ID(s), Cluster ID(s)
- The exporter scrapes the Confluent Metrics API every 60s
Available metrics: Consumer lag, broker request rates, partition counts, replication lag,
active controller count, and cluster-level health metrics.
所需Confluent API凭证:
- 在Confluent Cloud中:Environment > API Keys(或组织级别的Cloud API Keys)
- 创建一个Metrics API密钥(不是Kafka API密钥),并赋予角色
MetricsViewer - 记录API密钥和密钥密码
在Grafana Cloud中设置:
- Connections > Confluent > Configure hosted exporter
- 输入:Confluent API Key、API Secret、Environment ID(s)、Cluster ID(s)
- 导出器每60秒抓取一次Confluent Metrics API
可用指标: 消费者延迟、代理请求速率、分区数量、复制延迟、活跃控制器数量及集群级健康指标。
Step 5: Verify the integration is working
步骤5:验证集成是否正常工作
bash
undefinedbash
undefinedCheck in Grafana Explore — query for the integration's job label
在Grafana Explore中检查——查询集成的job标签
For AWS:
对于AWS:
{job="integrations/cloudwatch"}
{job="integrations/cloudwatch"}
For Azure:
对于Azure:
{job="integrations/azure-monitor"}
{job="integrations/azure-monitor"}
Check metric arrival (replace with your stack's Prometheus endpoint)
检查指标是否到达(替换为你的栈的Prometheus端点)
curl -s -H "Authorization: Bearer <USER>:<API_KEY>"
"https://prometheus-prod-XX-XX-X.grafana.net/api/prom/api/v1/labels" |
jq '.data | map(select(startswith("aws_") or startswith("azure_")))'
"https://prometheus-prod-XX-XX-X.grafana.net/api/prom/api/v1/labels" |
jq '.data | map(select(startswith("aws_") or startswith("azure_")))'
The integration status is also visible in: **Connections > [Integration name] > Status**
**Integration health indicators:**
- `Last successful scrape` - should be within the last 2 minutes
- `Series count` - should be non-zero and stable
- `Error rate` - should be 0%
---curl -s -H "Authorization: Bearer <USER>:<API_KEY>"
"https://prometheus-prod-XX-XX-X.grafana.net/api/prom/api/v1/labels" |
jq '.data | map(select(startswith("aws_") or startswith("azure_")))'
"https://prometheus-prod-XX-XX-X.grafana.net/api/prom/api/v1/labels" |
jq '.data | map(select(startswith("aws_") or startswith("azure_")))'
集成状态也可在以下位置查看:**Connections > [集成名称] > Status**
**集成健康指标:**
- `Last successful scrape` - 应在最近2分钟内
- `Series count` - 应非零且稳定
- `Error rate` - 应为0%
---Step 6: Pre-built dashboards and alerts
步骤6:预构建仪表盘和告警
Every integration installs a set of pre-configured dashboards and alert rules automatically.
Find installed dashboards:
- Dashboards > Browse > folder named after the integration (e.g. "AWS CloudWatch")
Find installed alert rules:
- Alerting > Alert rules > filter by datasource or folder
Modify without losing updates:
- Do not edit the provisioned dashboards directly (they may be overwritten on updates)
- Duplicate the dashboard (Dashboard settings > Save as copy)
- Edit the copy
每个集成都会自动安装一组预配置的仪表盘和告警规则。
查找已安装的仪表盘:
- Dashboards > Browse > 以集成命名的文件夹(例如“AWS CloudWatch”)
查找已安装的告警规则:
- Alerting > Alert rules > 按数据源或文件夹筛选
修改且不丢失更新:
- 不要直接编辑预配置的仪表盘(更新时可能会被覆盖)
- 复制仪表盘(Dashboard settings > Save as copy)
- 编辑副本
Step 7: Troubleshoot integration failures
步骤7:排查集成故障
Hosted exporter not receiving data:
bash
undefined托管导出器未接收数据:
bash
undefinedCheck the integration status via Grafana Cloud API
通过Grafana Cloud API检查集成状态
curl -s -H "Authorization: Bearer <STACK_ID>:<API_TOKEN>"
"https://integrations-api.grafana.net/api/v1/integrations" |
jq '.integrations[] | {name, status, lastScrapeTime, errorMessage}'
"https://integrations-api.grafana.net/api/v1/integrations" |
jq '.integrations[] | {name, status, lastScrapeTime, errorMessage}'
**Common errors:**
| Error | Cause | Fix |
|---|---|---|
| `AccessDenied` (AWS) | IAM policy missing permissions | Add required actions to the IAM policy |
| `AuthorizationFailed` (Azure) | Service principal missing role | Grant Monitoring Reader on the subscription |
| `401 Unauthorized` (Confluent) | Wrong API credentials | Re-enter credentials; confirm Metrics API key (not Kafka key) |
| `No metrics found` | Wrong namespace/resource type selected | Add the namespace in integration settings |
| `Scrape timeout` | Network restriction | Ensure Grafana Cloud's IPs can reach the cloud provider API |
**AWS-specific: CloudWatch API rate limiting**
CloudWatch GetMetricData has a rate limit. If you have many resources, enable Metric Streams
(Option B) instead of API polling to avoid throttling.
---curl -s -H "Authorization: Bearer <STACK_ID>:<API_TOKEN>"
"https://integrations-api.grafana.net/api/v1/integrations" |
jq '.integrations[] | {name, status, lastScrapeTime, errorMessage}'
"https://integrations-api.grafana.net/api/v1/integrations" |
jq '.integrations[] | {name, status, lastScrapeTime, errorMessage}'
**常见错误:**
| 错误 | 原因 | 修复方案 |
|---|---|---|
| `AccessDenied`(AWS) | IAM策略缺少权限 | 为IAM策略添加所需操作 |
| `AuthorizationFailed`(Azure) | 服务主体缺少角色 | 为订阅授予Monitoring Reader角色 |
| `401 Unauthorized`(Confluent) | API凭证错误 | 重新输入凭证;确认是Metrics API密钥(不是Kafka密钥) |
| `No metrics found` | 选择了错误的命名空间/资源类型 | 在集成设置中添加对应命名空间 |
| `Scrape timeout` | 网络限制 | 确保Grafana Cloud的IP可以访问云服务商API |
**AWS特定问题:CloudWatch API速率限制**
CloudWatch GetMetricData有速率限制。如果你有大量资源,请启用Metric Streams(选项B)替代API轮询,以避免限流。
---Step 8: Reduce costs with metric filtering
步骤8:通过指标过滤降低成本
Hosted exporters scrape all metrics by default. Filter to reduce series count and cost.
AWS - select specific namespaces:
In integration settings, switch from "All namespaces" to specific ones (e.g. EC2, RDS only).
AWS - filter by resource tags:
yaml
undefined托管导出器默认抓取所有指标。通过过滤可减少序列数量并降低成本。
AWS - 选择特定命名空间:
在集成设置中,从“所有命名空间”切换为特定命名空间(例如仅EC2、RDS)。
AWS - 按资源标签过滤:
yaml
undefinedIn exporter configuration, add tag filters
在导出器配置中添加标签过滤器
discovery:
- type: AWS/EC2
filters:
- key: Environment values: ["production"]
**Azure - select specific resource types:**
Only enable the resource types you actually have dashboards for.
**Use Adaptive Metrics to aggregate away unused label dimensions:**
See the `grafana-cloud/adaptive-metrics` skill.
---discovery:
- type: AWS/EC2
filters:
- key: Environment values: ["production"]
**Azure - 选择特定资源类型:**
仅启用你实际有仪表盘的资源类型。
**使用Adaptive Metrics聚合未使用的标签维度:**
参考`grafana-cloud/adaptive-metrics`技能。
---