-
Go to Configuration → Datasources and click “Add data source”
-
Find the AWS IoT TwinMaker Datasource under the “Industrial & IoT” section
-
On the datasource settings page choose your authentication provider
- The credentials resolved from the auth provider are used to make AWS calls for queries in the backend plugin
- The same credentials are used on the browser for our custom panels, so make sure your permissions are scoped down
- EC2 users: you can use “AWS SDK Default” to resolve credentials from your instance IAM role. It is a security risk to expose these credentials on your browser so you MUST set an additional IAM role with scoped down permissions. See here for information on setting up permissions to assume roles.
-
You need to set an "Assume Role ARN" for any environment Grafana is running in. This is an IAM role you create for your TwinMaker workspace.
a. This plugin assumes the role provided with an inline session policy to ensure the desired permission scope is used on the browser. We will only use permissions that intersect with the inline policy.
-
(Optional) Set an External ID if your role is assumed from a separate account
-
(Optional) AWS developers may use a custom endpoint for testing
a. Note: You cannot currently set an "Assume Role ARN" and a custom endpoint together
-
Select your region
-
Click "Save & test" to load your workspaces
a. The error "Missing WorkspaceID configuration" is expected to appear
-
Select your TwinMaker workspace ID. Any query that uses this datasource instance will have access to resources within the workspace.
-
Click “Save & test”