A streamlined approach to managing Grafana alerts using Infrastructure as Code (IaC) with Terraform. This repository provides automated alert configurations that are deployed via GitHub Actions.
terraform/
├── airflow.tf # Airflow-specific alert configurations
├── backend.tf # Terraform state management configuration
├── folder.tf # Alert folder organization setup
└── main.tf # Primary Terraform configuration
- Go to AWS Console → Services → S3
- Click "Create bucket"
- Configure:
- Bucket name:
your-terraform-state-bucket - Region:
us-west-2 - Enable Versioning: ✅
- Enable server-side encryption: ✅
- Block all public access: ✅
- Click "Create bucket"
- Bucket name:
- Go to AWS Console → Services → IAM → Policies
- Click "Create policy"
- Use JSON editor and paste:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::your-terraform-state-bucket"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::your-terraform-state-bucket/folder-name/terraform.tfstate"
}
]
}- Name:
TerraformStatePolicyDevopsNow
- Go to AWS Console → Services → IAM → Users
- Create user:
- Name:
terraform-state-bot - Access type: Programmatic access
- Name:
- Attach the
TerraformStatePolicypolicy - Go to view user and generate the Access key , save it
Configure the following secrets in your repository settings:
AWS_ACCESS_KEY_ID: AWS access key with necessary permissionsAWS_SECRET_ACCESS_KEY: AWS secret access keyAWS_REGION: AWS region (e.g.,us-west-2)GRAFANA_USERNAME: Grafana admin/service account usernameGRAFANA_PASSWORD: Grafana admin/service account password
- Create an S3 bucket for storing Terraform state
- Update
backend.tf:
terraform {
backend "s3" {
bucket = "your-terraform-state-bucket"
key = "folder-name/terraform.tfstate"
region = "us-west-2"
encrypt = true
}
}Clone the repository to your local environment:
git clone <repository_url>
cd grafana-alert-codeTwo approaches for alert rule group configuration:
-
Export Existing Rules:
- Navigate to Grafana instance
- Export existing rule groups in Terraform HCL format
- Place exported
.tffiles in theterraform/directory
-
Build from Scratch:
- Refer to Terraform Grafana Provider documentation: https://registry.terraform.io/providers/grafana/grafana/latest/docs/resources/rule_group
Update main.tf provider configuration:
provider "grafana" {
url = "https://your-custom-grafana-instance.com"
auth = "${var.grafana_username}:${var.grafana_password}"
}-
Create a new feature branch:
git checkout -b feature/your-feature-name
-
Navigate to the Terraform directory:
cd terraform -
Make your desired changes to the alert configurations For example, to change the evaluation interval of airflow.tf to 120 seconds:
- Modify existing
.tffiles - Add new alert configurations
- Update evaluation intervals or thresholds
- Modify existing
-
Validate your changes:
terraform init terraform plan
-
Commit your changes:
git add . git commit -m "Descriptive commit message" git push origin feature/your-feature-name
-
Create a Pull Request:
- Navigate to the repository on GitHub
- Click "New Pull Request"
- Select your feature branch
- Provide a detailed description of your changes
- Request reviews from team members
Once your PR is approved and merged:
- GitHub Actions will automatically trigger the deployment workflow
- The workflow will:
- Initialize Terraform
- Plan the changes
- Apply the configurations to the Grafana server
- Monitor the deployment progress in the GitHub Actions tab
- Check for any workflow failures or errors
Verify your changes on the Grafana server:
- Access the Grafana interface: https://your-custom-grafana-instance.com/alerting/list
- Confirm alert configurations are updated
Testing
- Always test changes locally before pushing
- Use
terraform planto preview changes - Consider impact on existing alerts