AWS Managed Service for Prometheus (AMP) Terraform module

January 8, 2026 · View on GitHub

Terraform module which creates AWS Managed Service for Prometheus (AMP) resources.

Usage

See examples directory for working examples to reference:

module "prometheus" {
  source = "terraform-aws-modules/managed-service-prometheus/aws"

  workspace_alias = "example"

  create_alert_manager     = true
  alert_manager_definition = <<-EOT
  alertmanager_config: |
    route:
      receiver: 'default'
    receivers:
      - name: 'default'
  EOT

  rule_group_namespaces = {
    first = {
      name = "rule-01"
      data = <<-EOT
      groups:
        - name: test
          rules:
          - record: metric:recording_rule
            expr: avg(rate(container_cpu_usage_seconds_total[5m]))
      EOT
    }
    second = {
      name = "rule-02"
      data = <<-EOT
      groups:
        - name: test
          rules:
          - record: metric:recording_rule
            expr: avg(rate(container_cpu_usage_seconds_total[5m]))
      EOT
    }
  }
}

Examples codified under the examples are intended to give users references for how to use the module(s) as well as testing/validating changes to the source code of the module. If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow maintainers to test your changes and to keep the examples up to date for users. Thank you!

Complete

Requirements

Name	Version
terraform	>= 1.5.7
aws	>= 6.28

Providers

Name	Version
aws	>= 6.28

Modules

No modules.

Resources

Name	Type
aws_cloudwatch_log_group.this	resource
aws_prometheus_alert_manager_definition.this	resource
aws_prometheus_resource_policy.this	resource
aws_prometheus_rule_group_namespace.this	resource
aws_prometheus_workspace.this	resource
aws_prometheus_workspace_configuration.this	resource
aws_caller_identity.current	data source
aws_iam_policy_document.resource_policy	data source
aws_partition.current	data source
aws_region.current	data source
aws_service_principal.grafana	data source

Inputs

Name	Description	Type	Default	Required
alert_manager_definition	The alert manager definition that you want to be applied. See more in the AWS Docs	`string`	`"alertmanager_config:	\n route:\n receiver: 'default'\n receivers:\n - name: 'default'\n"`
cloudwatch_log_group_class	Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS`	`string`	`null`	no
cloudwatch_log_group_kms_key_id	If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html)	`string`	`null`	no
cloudwatch_log_group_name	Custom name of CloudWatch log group for a service associated with the container definition	`string`	`null`	no
cloudwatch_log_group_retention_in_days	Number of days to retain log events. Set to `0` to keep logs indefinitely	`number`	`30`	no
cloudwatch_log_group_use_name_prefix	Determines whether the log group name should be used as a prefix	`bool`	`false`	no
create	Determines whether a resources will be created	`bool`	`true`	no
create_alert_manager	Controls whether an Alert Manager definition is created along with the AMP workspace	`bool`	`true`	no
create_resource_policy	Controls whether a resource policy is created along with the AMP workspace	`bool`	`true`	no
create_workspace	Determines whether a workspace will be created or to use an existing workspace	`bool`	`true`	no
kms_key_arn	The ARN of the KMS Key to for encryption at rest	`string`	`null`	no
limits_per_label_set	Configuration block for setting limits on metrics with specific label sets	list(object({ label_set = map(string) limits = object({ max_series = number }) }))	`null`	no
logging_configuration	The logging configuration of the prometheus workspace.	object({ create_log_group = optional(bool, true) log_group_arn = optional(string) })	`null`	no
region	Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration	`string`	`null`	no
resource_policy_statements	A map of IAM policy statements for custom permission usage	map(object({ sid = optional(string) actions = optional(list(string)) not_actions = optional(list(string)) effect = optional(string, "Allow") resources = optional(list(string)) not_resources = optional(list(string)) principals = optional(list(object({ type = string identifiers = list(string) }))) not_principals = optional(list(object({ type = string identifiers = list(string) }))) condition = optional(list(object({ test = string variable = string values = list(string) }))) }))	`null`	no
retention_period_in_days	Number of days to retain metric data in the workspace	`number`	`null`	no
rule_group_namespaces	A map of one or more rule group namespace definitions	map(object({ name = string data = string }))	`null`	no
tags	A map of tags to add to all resources	`map(string)`	`{}`	no
workspace_alias	The alias of the prometheus workspace. See more in the AWS Docs	`string`	`null`	no
workspace_id	The ID of an existing workspace to use when `create_workspace` is `false`	`string`	`""`	no

Outputs

Name	Description
workspace_arn	Amazon Resource Name (ARN) of the workspace
workspace_id	Identifier of the workspace
workspace_prometheus_endpoint	Prometheus endpoint available for this workspace

License

Apache-2.0 Licensed. See LICENSE.