AWS iam instance profiles


im trying to build an fargate grafana environment but having some problems getting grafana to talk to cloudwatch.

the documentation doesnt seem particularly clear, so figured i’d ask - can grafana authenticate using an IAM instance profile, so i dont need to mess about with access keys etc ?

i believe i have configured the instance profile correctly, however am getting the following message

lvl=eror msg="Metric request error" logger=context userId=1 orgId=1 uname=admin error="NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"

Resolved - grafana does support use of an IAM role in fargate.

Example cloudformation here:

Gotcha’s that i found were ensuring that an instance profile gets created with your role, and (if you use a proxy) excluding the tasks metadata service from the proxy settings.