Menu
Documentationbreadcrumb arrow Grafana Cloudbreadcrumb arrow Monitor infrastructurebreadcrumb arrow Cloud Provider Observabilitybreadcrumb arrow Azurebreadcrumb arrow Agentless Azure Metricsbreadcrumb arrow Collect Azure Metrics without a collector
Grafana Cloud

Collect Azure metrics without a collector

The following instructions show you how to configure Azure Metrics with Terraform. If you’d like to configure Azure Metrics using Grafana Alloy, refer to Configure Azure metrics with Alloy.

Configure Azure

To collect metrics from Azure Monitor, you need to create a service principal with the proper authorization, which allows Grafana Cloud to pull Azure metrics on your behalf. Complete the following steps to configure the service principal:

  1. Log in to your Azure account.

    shell 
    az login

  2. List your available subscriptions.

    shell 
    az account list --output table

  3. Create a service principal for each subscription you want to monitor, and give it the appropriate role. If a service principal already exists with this name, it will be updated with the role and scopes you provide.

    shell 
    az ad sp create-for-rbac --name grafana-cloud-azure-metrics --role "Monitoring Reader" --scopes "/subscriptions/{subscriptionId}"

    Make sure to replace <subscription-id> with the appropriate value.

  4. When the service principal is created, capture the output of the command, as it includes the credential information which you need for the Terraform configuration steps.

    shell 
    {
  "appId": "54321a67-8fd9-123d-45d6-7891234567fd",
  "displayName": "grafana-cloud-azure-metrics",
  "password": "asdf1234~4321fdsa",
  "tenant": "12345a67-8fd9-123d-45d6-7891234567fd"
}

Configure Grafana Cloud Authentication

It’s important to configure Grafana Cloud authentication before you configure the Terraform provider, because you need it to manage Grafana Cloud observability resources, such as Azure credentials. Complete the following steps to create an Access Policy token, and update the Cloud Provider API URL.

Create an Access Policy token

After you create an Access Policy, you can generate a token to authenticate the Terraform provider with the Cloud Provider API.

Complete the following steps to create an Access Policy token:

  1. Log in to Grafana Cloud.
  2. In the Cloud Portal, navigate to Security in the menu to the left and select Access Policies.
  3. Select Create Access Policy.
  4. Assign the required scopes. If you don’t see the following scopes listed, use the Add scope text box to search for and add them:
    • integration-management: Read
    • integration-management: Write
    • stacks: Read
  5. Click Create and follow the prompts to generate an access token. For more information on creating an Access Policy token, refer to the following: Create one or more access policy tokens.

If you require more information on creating an Access Policy, refer to Create an access policy for an organization.

Update the Cloud Provider API URL

In order for the Cloud Provider to communicate with Grafana Cloud, you need to update the Cloud Provider API URL.

  1. Retrieve the URL by running the following script:

    shell 
    curl -sH "Authorization: Bearer <Access Token from previous step>" 
"https://grafana.com/api/instances" | \
  jq '[.items[]|{stackName: .slug, clusterName:.clusterSlug, cloudProviderAPIURL: 
"https://cloud-provider-api-\(.clusterSlug).grafana.net"}]'

  2. Select the hostname for the stack you want to manage. The script above returns a list of all the Grafana stacks you manage, as well as their respective Cloud Provider hostnames.

    For example, in the response below, the correct hostname for the kerokublogpost stack is https://cloud-provider-api-prod-us-central-0.grafana.net.

    shell 
    [
  {
    "stackName": "herokublogpost",
    "clusterName": "prod-us-central-0",
    "cloudProviderAPIURL": "https://cloud-provider-api-prod-us-central-0.grafana.net"
  }
]

Configure the Terraform provider

To configure the Terraform provider, you need to create a provider block in your Terraform configuration file. The provider block specifies the Grafana Cloud provider and the required authentication details.

  1. Include the Grafana Terraform provider as a dependency in your Terraform configuration file. The version of the provider must be 3.18.0 or later.

    hcl 
    terraform {
    required_providers {
        grafana = {
        source = "grafana/grafana"
        version = ">= 3.18.0"
        }
    }
}

  2. Use the following snippet to configure Azure support for the Grafana Terraform provider. This snippet uses the access token and Cloud Provider API URL obtained in the previous steps:

    hcl 
    provider "grafana" {
  cloud_access_policy_token = "<cloud_access_policy_token_from_previous_step>"
  cloud_provider_access_token = "<cloud_provider_access_token_from_previous_step>"
  cloud_provider_url = "<cloud_provider_url_from_previous_step>"
}

  3. Alternatively, you can use an empty Grafana provider block, and set the Cloud Provider URL , Cloud Provider Access Token, and Cloud Access Policy Token via environment variables (GRAFANA_CLOUD_PROVIDER_ACCESS_TOKEN, GRAFANA_CLOUD_PROVIDER_URL,and GRAFANA_CLOUD_ACCESS_POLICY_TOKEN) when running Terraform commands:

    hcl 
    provider "grafana" {}

The Grafana Terraform provider model

The Grafana Terraform provider enables interaction with Grafana Azure Monitor Metrics through the following resources and data sources. Terraform code snippets are provided as examples for their usage.

NameDescription
grafana_cloud_provider_azure_credentialA resource representing an Azure Service Principal credential that is used by Grafana Cloud to pull Azure Monitor metrics from one or more subscriptions. There should be one of these resources for each configured Azure Subscription. For more information, refer to the terraform resource documentation.
resource_discovery_tag_filterA block list of tag filters to apply to credential resources. For more information, refer to the Terraform resource documentation.

The following is a sample Terraform snippet for pulling Azure metrics. Resource discovery tags are optional.

hcl 
terraform {
  required_providers {
    grafana = {
      source  = "grafana/grafana"
      version = ">= 3.16.0"
    }
  }
}

provider "grafana" {
  cloud_access_policy_token = "<cloud_access_policy_token>"
  cloud_provider_access_token = "<cloud_provider_access_token>"
  cloud_provider_url = "<cloud_provider_url>"
}

data "grafana_cloud_stack" "your_stack" {
  slug = "name of your stack"
}

resource "grafana_cloud_provider_azure_credential" "myazurecred" {
  stack_id = data.grafana_cloud_stack.your_stack.id
  name = "my-credential"

  client_id = "<client_id>"
  client_secret = "<client_secret>"
  tenant_id = "<tenant_id>"

  resource_discovery_tag_filter {
    key = "key-1"
    value = "value-1"
  }

  resource_discovery_tag_filter {
    key = "key-2"
    value = "value-2"
  }
}