Connect grafana to aws cognito

Grafana Authentication
1

Hi all,

I’m having troubles to connect grafana to aws cognito, there is already a similar question : https://localhost:3000/t/how-to-integrate-grafana-with-cognito/7026 it didn’t help me.

I have configured my grafana as shown in /etc/grafana/grafana.ini:

#################################### Generic OAuth ##########################
enabled = true
name = OAuth
allow_sign_up = true
client_id = XXXXXXXXXX
client_secret = XXXXXXXXXXXXXXXXXXXXXX
scopes = openid profile email
auth_url = https://URL_COGNITO.auth.REGION.amazoncognito.com/oauth2/authorize
token_url = https://URL_COGNITO.auth.REGION.amazoncognito.com/oauth2/token
api_url = https://URL_COGNITO.auth.REGION.amazoncognito.com/oauth2/userInfo
allowed_domains = “”

#################################### Server ####################################
protocol = https
http_port = 3000
domain = ec2-MACHINE_ID.REGION.compute.amazonaws.com:3000 # grafana runs on AWS
root_url = http://ec2-MACHINE_ID.REGION.compute.amazonaws.com:3000/DASH_BOARD_ID/MAIN_DASHBOARD
cert_file = /etc/grafana/cert.crt
cert_key = /etc/grafana/cert.key

On the AWS side, the cognito application was created as shown in the image:

Capture d’écran de 2021-01-07 15-52-05
Capture d’écran de 2021-01-07 15-52-051188×522 57.3 KB

I would appreciate any help.

Thank’s.

2

Hi,

Can you share the error you are getting ? Or do you have no data showing for the datasource ?

Good Luck

3

Hi I tried it today.

The issue is lying with that the Cognito service requires the HTTPS call back URL from the Grafana instance. So you need to enable the HTTPS from the grafana.ini file. (keep in mind you need to provide a cert file and cert key to activate the HTTPS for the grafana. Otherwise the instance will not start)
Then change the scopes of the generic auth to " phone email profile aws.cognito.signin.user.admin openid "
Then from the AWS cognito side change the allowed scopes to

image

Happy monitoring !