Getting started with Terraform on Grafana Cloud

Posted on by No Comments ↓

A lot of organizations are making the move to Observability as code to help streamline and standardize their SRE systems. While there are many ways to automate Grafana Cloud, I find that most folks have standardized on Terraform. In this guide I will show you how to setup Terraform to access your Grafana Cloud Stack as well as an example to add a team with rights to query a Datasource. From there you will have a foundation to use many of the other capabilities of the Terraform Provider for Grafana.

Note: This is only meant as an example to show you how to use Terraform with Grafana Cloud. Larger organizations will want to keep Terraform state centrally so that two different terraform users do not over write each other. For more information see here.

Pre-Reqs:

  • A Grafana Cloud Account where you are admin, you can even use the free tier account for this example.
  • Visual Studio Code installed
  • A PC or MAC with Terraform installed, Linux will probably work as well.
  • A quiet place where you will not be interrupted.

Let’s go….

Create a new directory named terraform and change to it 

mkdir terrafom
cd terrafrom

Now lets make sure terraform is installed by typing the following in the command line:

terraform

Ok cool, next we need to create some terraform files to login to Grafana Cloud and perform the changes we want, open VS Code to the terraform directory you just created and create a new file named main.tf and copy the following into it. Be sure to enter your stack url (this is the url in your browser) and your auth token (I will show you where to get the auth token in the following steps.)

terraform {
   required_providers {
      grafana = {
         source  = "grafana/grafana"
         version = ">= 2.9.0"
      }
   }
}

provider "grafana" {
   alias = "cloud"

   url   = "https://yourstack.grafana.net"
   auth  = "your-auth-token"
}

To get your auth token we need to create a service account in your Grafana Cloud Stack. Login to your Grafana Cloud as an admin

PLEASE NOTE: It is not best practice to enter the token as clear text in your code, please consider storing in an environment variable or using Hashicorp Vault

  1. Click Administration
  2. Users and Access
  3. Service Accounts
  4. give it a name like terrafrom
  5. Add the Admin role
  6. Click create

Once created click + Ass Service Account Token

Click Generate Token

Click to copy the token and paste it into your main.tf config auth = “your-auth-token”

Once you have the main.tf updated in VSCode go ahead and save it.

Now terraform can login to Grafana Cloud and make changes. Let’s create some resources to change and update. First let’s create a team in grafana that we will add as a new permission on a datasource.

  1. Navigate to Administration
  2. Users and Access
  3. Teams
  4. Click New Team
  5. Name it myteam

Now let’s create a new datasorce

  1. Click Connections
  2. Add new connection
  3. Type test and click enter
  4. Select TestData

Click to Add it

Save the new data source

Ok, now we have everything we need to create our configuration file for Terraform, go back to VSCode and create the following and save it (Make sure you match the name of your test data source and your team, I highlighted them in red in the code below. We will use the Grafana API to get this data and convert them to the data source UID and Team_Id that Terraform will use to add the rights to the data source. 

data "grafana_data_source" "existing_testdata" {
  provider = grafana.cloud
  name     = "grafana-testdata-datasource" # Match the name of your existing data source
}

output "testdata_uid" {
  value = data.grafana_data_source.existing_testdata.uid
}

data "grafana_team" "existing_team" {
  provider = grafana.cloud
  name     = "myteam" # Match the name of your existing team
}

output "team_id" {
  value = data.grafana_team.existing_team.id
}
resource "grafana_data_source_permission" "example" {
  provider = grafana.cloud
  datasource_uid = data.grafana_data_source.existing_testdata.uid  # Replace with the actual UID of your data source
  permissions {
    team_id = data.grafana_team.existing_team.id
    permission = "Query"
  }
}

Now go back to your command line and initiate terraform 

terrafrom init

Now let’s run the plan command to see what it will change 

terraform plan

Looks good it found the data source and it’s UID and it found the team and it’s team_id but before we add the team to the permissions of the data source lets go look at it in the UI.

  1. Go to Connections
  2. Data Sources
  3. Click the grafana-testdata-dataasource

Now click permissions and notice the team with query rights is not there

Go back to your command line and type terraform apply and press enter, be sure to enter yes to make the changes.

Now go back to Grafana Cloud and refresh the browser, you should see the team added

Yay! You did it!

Now you can start to automate any part of your Grafana Cloud Configuration with Terraform. For more detailed guide head over to the Terraform Provider for Grafana help pages.

Remember sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.