Create AMG workspace

Prerequisite

AMG requires AWS SSO enabled in your account. AWS SSO is used as the authentication provider to sign into the AMG workspace.

Follow the steps below to enable AWS SSO in your account
  • Sign in to the AWS Management Console with your AWS Organizations management account credentials.
  • Open the AWS SSO console.
  • Choose Enable AWS SSO.

If you have not yet set up AWS Organizations, you will be prompted to create an organization. Choose Create AWS organization to complete this process.

Now go ahead and create a new AWS SSO user that we will use to provide access to the AMG workspace later.

Create AMG workspace

Go to the AMG console and provide a workspace name as shown below Create AMG workspace

Choose Service managed in the Configure Settings page and click Next. Choosing this option will allow the wizard to automatically provision the permissions for you based on the AWS services we will choose later on.

In the Service managed permission settings screen, you can choose to configure Grafana to monitor resources in the same account where you are creating the workspace or allow Grafana to reach into multiple AWS accounts by choosing the Organization option and providing the necessary OU IDs.

Configure accounts

We will simply leave the option to Current account and select all the Data sources and the Notification channels. Click Next

Review amg screen

In the Review screen, take a look at the options and click on Create workspace

Add Users

Once the AMG workspace turns to ACTIVE, click on Assign user and select the SSO user created in previously. Click Assign user

Assign user

By default, all newly assigned users are added as Viewers that only provides read-only permissions on Grafana. To make the user as Administrator, select the user under Users and select Make admin. Now you should see that the user is an Administrator.

Assign user