Resource: awsGrafanaRoleAssociation

Provides an Amazon Managed Grafana workspace role association resource.

Example Usage

Basic configuration

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamRoleAssume = new aws.iamRole.IamRole(this, "assume", {
  assumeRolePolicy:
    '${jsonencode({\n    Version = "2012-10-17"\n    Statement = [\n      {\n        Action = "sts:AssumeRole"\n        Effect = "Allow"\n        Sid    = ""\n        Principal = {\n          Service = "grafana.amazonaws.com"\n        }\n      },\n    ]\n  })}',
  name: "grafana-assume",
});
const awsGrafanaWorkspaceExample = new aws.grafanaWorkspace.GrafanaWorkspace(
  this,
  "example",
  {
    accountAccessType: "CURRENT_ACCOUNT",
    authenticationProviders: ["SAML"],
    permissionType: "SERVICE_MANAGED",
    roleArn: awsIamRoleAssume.arn,
  }
);
const awsGrafanaRoleAssociationExample =
  new aws.grafanaRoleAssociation.GrafanaRoleAssociation(this, "example_2", {
    role: "ADMIN",
    userIds: ["USER_ID_1", "USER_ID_2"],
    workspaceId: awsGrafanaWorkspaceExample.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsGrafanaRoleAssociationExample.overrideLogicalId("example");

Argument Reference

The following arguments are required:

role - (Required) The grafana role. Valid values can be found here.
workspaceId - (Required) The workspace id.

The following arguments are optional:

groupIds - (Optional) The AWS SSO group ids to be assigned the role given in role.
userIds - (Optional) The AWS SSO user ids to be assigned the role given in role.

Attributes Reference

No additional attributes are exported.