Hosted Grafana with AWS Elasticsearch - Access policy?


I’m new to Grafana and I’m looking to setup a new solution for my company. I have some issues I’m hoping the community can answer for me please. My google searching has drawn a blank.

My original intention was to deploy an EC2 instance and install Grafana, along with an AWS Elasticsearch domain. But then I saw the hosted Grafana solution so I’m currently trying the single person hosted option. I still want to use AWS Elasticsearch though but when I’m setting up my domain, I’m not sure how I can protect it with an Access Policy. I don’t think I can use the AWS based IAM or account resources, so that only leaves me with restricting it to one or more IP addresses. But how can I found out what IP’s my hosted Grafana is using? Plus I assume they will be subject to change?

Has anyone tried doing the above already? Or should I go back to hosting my own Grafana server?

Thanks for any help or advice you can give me.



The section Proxy-based access to Amazon ES from Kibana in this blog post describes how to set it up.

Essentially you just run an nginx proxy. Grafana connects to nginx (which can be configured with Basic Auth), nginx then connects to ES.

I talked to the team working with Hosted Grafana and they said they are looking into solving this with a Grafana data source plugin in the future.

1 Like

Any update here? @daniellee

  1. How am I going to point Grafana (which hosted in EC2 instance) to the NGINX proxy server?
  2. Where will the NGINX be? Is it installed together in the same instance with the Grafana?

Nevermind. I have solved it. You only need to put your proxy’s URL (and port) on the url in the HTTP settings.

1 Like