# Connect to an AWS IoT TwinMaker data source
<a name="AMG-iot-twinmaker"></a>

**Note**  
In workspaces that support version 9 or newer, this data source might require you to install the appropriate plugin. For more information, see [Extend your workspace with plugins](grafana-plugins.md).

 With Amazon Managed Grafana, you can add AWS IoT TwinMaker, a powerful industrial data analytics service, as an app and data source in your Grafana workspace. With AWS IoT TwinMaker, you can create end-user 3D digital twin applications to monitor industrial operations. The AWS IoT TwinMaker is a service that makes it faster for developers to create digital replicas of real-world systems, helping more customers realize the potential of digital twins to optimize operations. The AWS IoT TwinMaker for Grafana provides custom panels, dashboard templates, and a data source to connect to your digital twin data. 

# Manually adding the AWS IoT TwinMaker data source
<a name="twinmaker-add-the-data-source"></a>

## Prerequisites
<a name="twinmaker-prerequisites"></a>

Before you begin, ensure that you have access to **AWS IoT TwinMaker** from your AWS account.

 To learn how to add permission to your workspace IAM role to access AWS IoT TwinMaker, see [Adding the permission for AWS IoT TwinMaker to your workspace user role](AMG-iot-twinmaker.md#twinmaker-add-permission).

**To add the AWS IoT TwinMaker data source:**

1. Ensure that your user role is admin or editor.

1.  In the Grafana console side menu, hover over the **Configuration** (gear) icon and then choose **Data Sources**.

1. Choose **Add data source**.

1. Choose the **AWS IoT TwinMaker** data source. If necessary, you can start typing **TwinMaker** in the search box to help you find it.

1. This opens the **Connection Details** page. Follow the steps in configuring the [AWS IoT TwinMaker connection details settings](AMG-iot-twinmaker.md#twinmaker-connection-details). 

## Adding the permission for AWS IoT TwinMaker to your workspace user role
<a name="twinmaker-add-permission"></a>

**To add permissions for AWS IoT TwinMaker to your workspace user role, assume role permission between Amazon Managed Grafana workspace and TwinMaker dashboard roles.**

1. Go to [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). 

1. Manually create a dashboard role. For more information about creating a dashboard role, see [To manually create a Grafana AWS IoT TwinMaker dashboard role](#iot-twinmaker-dashboard-role).

## AWS IoT TwinMaker connection details settings
<a name="twinmaker-connection-details"></a>

**Configure connection details settings**

1.  In the **Connection Details** menu, select the authentication provider (recommended: **Workspace IAM Role**). 

1.  Choose the **Default Region** you want to query. 

1.  In the **TwinMaker settings**, enter the AWS IoT TwinMaker workspace name.

# Using the AWS IoT TwinMaker data source
<a name="IoT-twinmaker-using"></a>

For information about how to use the AWS IoT TwinMaker data source, see [AWS IoT TwinMaker Datasource](https://github.com/grafana/grafana-iot-twinmaker-app) on GitHub.

## To manually create a Grafana AWS IoT TwinMaker dashboard role
<a name="iot-twinmaker-dashboard-role"></a>

**To manually create a Grafana AWS IoT TwinMaker dashboard role**

1. Sign in to the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).

1. Locate your Amazon Managed Grafana workspace role in the summary. It appears as follows:

   ```
    AmazonGrafanaServiceRole-random_ID
   ```

1. Add the following inline policy to the role:

------
#### [ JSON ]

****  

   ```
   {
       "Version":"2012-10-17",		 	 	 
       "Statement": {
           "Effect": "Allow",
           "Action": "sts:AssumeRole",
           "Resource": "arn:aws:iam::111122223333:role/TwinMakerDashboardRole"
       }
   }
   ```

------

1. Add a new inline policy for each dashboard role. Alternatively, add a list of role Amazon Resource Names (ARNs) on the **Resource** line.

1. Find your dashboard role in the IAM console. It should have a `SceneViewer` policy and, optionally, a `VideoPlayer` policy.

1. Choose the **Trust relationship** tab.

1. Choose **Edit trust relationship**.

1. Enter the following policy, replacing *AMGWorkspaceRoleArn* with the Arn from your account:

------
#### [ JSON ]

****  

   ```
      {
     "Version":"2012-10-17",		 	 	 
     "Statement": [
       {
         "Effect": "Allow",
         "Principal": {
           "AWS": "AMGWorkspaceRoleARN"
         },
         "Action": "sts:AssumeRole"
       }
     ]
   }
   ```

------

## Example of an AWS IoT TwinMaker policy
<a name="AMG-TM-policy"></a>

The following is a minimal AWS IoT TwinMaker policy that you can attach to a dashboard role. You must replace the values for the AWS IoT TwinMaker workspace ARN and ID, as well as the Amazon S3 bucket ARN, based on your own resources.