Accessing CloudWatch Logs in different account

This is a quick question. We have 2 AWS “dev” accounts. I have a dashboard that uses cloudwatch metrics and I’d like to be able to access the CloudWatch metrics in another AWS account. I am self-hosting the Grafana instances in one of the Dev accounts.

Is this possible?

Yes, create additional Cloudwatch datasources for other AWS accounts.

But how do you specify CW logs that are in different accounts in the data source?

By selecting datasource. Query has datasource property. See GitHub - monitoringartist/grafana-aws-cloudwatch-dashboards: 30+ Grafana dashboards for AWS CloudWatch metrics: EC2, Lambda, S3, ELB, EMR, EBS, SNS, SES, SQS, RDS, EFS, ElastiCache, Billing, API Gateway, VPN, Step Functions, Route 53, CodeBuild, ... - all of them have dashboard variable, which selects which datasource will be queried.

Thanks for sharing this info but unfortunately it doesn’t help. I don’t have a problem with using data sources in Grafana, CloudWatch or otherwise.

This is a question about HOW to tell Grafana to use CloudWatch logs in a completely different account from the account the Grafana instance is running in.

The best info I have found so far is by setting up distinct CloudWatch data source and configure them so that the ASSUME A ROLE in another account. This means setting up IAM roles and policies in each account and setting up trust arrangements.

I haven’t gotten it to work yet. Frankly I’m surprised that I had to go to Amazon’s Managed Grafana documents to find out how it needs to be done.

Anyway, I’ll have to keep at it and see if I can get it to work.

As I said:
1.) create datasource(s), e.g. cloudwatch-1, cloudwatch-2 - it is up to you how do you want to create them: api id/key, cross account role with assume role
2.) create the query, query has datasource property

So in this case query A is querying data from cloudwatch-1 datasource and query B from cloudwatch-2 datasource