Resource: awsGrafanaRoleAssociation
Provides an Amazon Managed Grafana workspace role association resource.
Example Usage
Basic configuration
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamRoleAssume = new aws.iamRole.IamRole(this, "assume", {
assumeRolePolicy:
'${jsonencode({\n Version = "2012-10-17"\n Statement = [\n {\n Action = "sts:AssumeRole"\n Effect = "Allow"\n Sid = ""\n Principal = {\n Service = "grafana.amazonaws.com"\n }\n },\n ]\n })}',
name: "grafana-assume",
});
const awsGrafanaWorkspaceExample = new aws.grafanaWorkspace.GrafanaWorkspace(
this,
"example",
{
accountAccessType: "CURRENT_ACCOUNT",
authenticationProviders: ["SAML"],
permissionType: "SERVICE_MANAGED",
roleArn: awsIamRoleAssume.arn,
}
);
const awsGrafanaRoleAssociationExample =
new aws.grafanaRoleAssociation.GrafanaRoleAssociation(this, "example_2", {
role: "ADMIN",
userIds: ["USER_ID_1", "USER_ID_2"],
workspaceId: awsGrafanaWorkspaceExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsGrafanaRoleAssociationExample.overrideLogicalId("example");
Argument Reference
The following arguments are required:
role
- (Required) The grafana role. Valid values can be found here.workspaceId
- (Required) The workspace id.
The following arguments are optional:
groupIds
- (Optional) The AWS SSO group ids to be assigned the role given inrole
.userIds
- (Optional) The AWS SSO user ids to be assigned the role given inrole
.
Attributes Reference
No additional attributes are exported.