e2b-dev · r33drichards · Feb 11, 2025 · Feb 11, 2025 · Feb 11, 2025 · Feb 11, 2025
diff --git a/grafana/.terraform.lock.hcl b/grafana/.terraform.lock.hcl
diff --git a/grafana/main.tf b/grafana/main.tf
@@ -0,0 +1,59 @@
+terraform {
+  required_providers {
+    grafana = {
+      source = "grafana/grafana"
+    }
+  }
+}
+
+variable "grafana_cloud_access_policy_token_secret_name" {
+  type = string
+  description = <<EOT
+The name of the secret in GCP Secret Manager that contains the Grafana cloud access policy token.
+
+should have permissions:
+- stacks read write delete
+- stack-service-accounts write
+EOT
+
+  default = "e2b-grafana-cloud-access-policy-token"
+}
+
+data "google_secret_manager_secret_version" "grafana_cloud_access_policy_token" {
+  secret = var.grafana_cloud_access_policy_token_secret_name
+}
+
+// Step 1: Create a stack
+provider "grafana" {
+  alias                     = "cloud"
+  cloud_access_policy_token = data.google_secret_manager_secret_version.grafana_cloud_access_policy_token.secret_data
+}
+
+resource "grafana_cloud_stack" "my_stack" {
+  provider = grafana.cloud
+
+  name        = "e2b-stack"
+  slug        = "e2b-stack"
+  region_slug = "us"
+}
+
+// Step 2: Create a service account and key for the stack
+resource "grafana_cloud_stack_service_account" "cloud_sa" {
+  provider   = grafana.cloud
+  stack_slug = grafana_cloud_stack.my_stack.slug
+
+  name        = "e2b-stack-service-account"
+  role        = "Admin"
+  is_disabled = false
+}
+
+resource "grafana_cloud_stack_service_account_token" "cloud_sa" {
+  provider   = grafana.cloud
+  stack_slug = grafana_cloud_stack.my_stack.slug
+
+  name               = "e2b-stack-service-account-token"
+  service_account_id = grafana_cloud_stack_service_account.cloud_sa.id
+}
+
+# grafana_cloud_stack_service_account_token.cloud_sa.key //  <-- how to get the key 
+
@@ -65,7 +65,7 @@ Check if you can use config for terraform state management
 12. Secrets are created and stored in GCP Secrets Manager. Once created, that is the source of truth--you will need to update values there to make changes. Create a secret value for the following secrets:
 - e2b-cloudflare-api-token
 - e2b-postgres-connection-string
-- Grafana secrets (optional)
+- e2b-grafana-cloud-access-policy-token (optional)
 - Posthog API keys for monitoring (optional)
 13. Run `make plan-without-jobs` and then `make apply`
 14. Run `make plan` and then `make apply`. Note: This will work after the TLS certificates was issued. It1 can take some time; you can check the status in the Google Cloud Console