Resource: awsGrafanaWorkspace
Provides an Amazon Managed Grafana workspace resource.
Example Usage
Basic configuration
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamRoleAssume = new aws.iamRole.IamRole(this, "assume", {
assumeRolePolicy:
'${jsonencode({\n Version = "2012-10-17"\n Statement = [\n {\n Action = "sts:AssumeRole"\n Effect = "Allow"\n Sid = ""\n Principal = {\n Service = "grafana.amazonaws.com"\n }\n },\n ]\n })}',
name: "grafana-assume",
});
new aws.grafanaWorkspace.GrafanaWorkspace(this, "example", {
accountAccessType: "CURRENT_ACCOUNT",
authenticationProviders: ["SAML"],
permissionType: "SERVICE_MANAGED",
roleArn: awsIamRoleAssume.arn,
});
Argument Reference
The following arguments are required:
accountAccessType
- (Required) The type of account access for the workspace. Valid values areCURRENT_ACCOUNT
andorganization
. Iforganization
is specified, thenorganizationalUnits
must also be present.authenticationProviders
- (Required) The authentication providers for the workspace. Valid values areAWS_SSO
,saml
, or both.permissionType
- (Required) The permission type of the workspace. IfSERVICE_MANAGED
is specified, the IAM roles and IAM policy attachments are generated automatically. IfCUSTOMER_MANAGED
is specified, the IAM roles and IAM policy attachments will not be created.
The following arguments are optional:
configuration
- (Optional) The configuration string for the workspace that you create. For more information about the format and configuration options available, see Working in your Grafana workspace.dataSources
- (Optional) The data sources for the workspace. Valid values areAMAZON_OPENSEARCH_SERVICE
,athena
,cloudwatch
,prometheus
,redshift
,sitewise
,timestream
,xray
description
- (Optional) The workspace description.name
- (Optional) The Grafana workspace name.networkAccessControl
- (Optional) Configuration for network access to your workspace.See Network Access Control below.notificationDestinations
- (Optional) The notification destinations. If a data source is specified here, Amazon Managed Grafana will create IAM roles and permissions needed to use these destinations. Must be set tosns
.organizationRoleName
- (Optional) The role name that the workspace uses to access resources through Amazon Organizations.organizationalUnits
- (Optional) The Amazon Organizations organizational units that the workspace is authorized to use data sources from.roleArn
- (Optional) The IAM role ARN that the workspace assumes.stackSetName
- (Optional) The AWS CloudFormation stack set name that provisions IAM roles to be used by the workspace.tags
- (Optional) Key-value mapping of resource tags. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.vpcConfiguration
- (Optional) The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to. See VPC Configuration below.
Network Access Control
prefixListIds
- (Required) - An array of prefix list IDs.vpceIds
- (Required) - An array of Amazon VPC endpoint IDs for the workspace. The only VPC endpoints that can be specified here are interface VPC endpoints for Grafana workspaces (using the com.amazonaws.[region].grafana-workspace service endpoint). Other VPC endpoints will be ignored.
VPC Configuration
securityGroupIds
- (Required) - The list of Amazon EC2 security group IDs attached to the Amazon VPC for your Grafana workspace to connect.subnetIds
- (Required) - The list of Amazon EC2 subnet IDs created in the Amazon VPC for your Grafana workspace to connect.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn
- The Amazon Resource Name (ARN) of the Grafana workspace.endpoint
- The endpoint of the Grafana workspace.grafanaVersion
- The version of Grafana running on the workspace.tagsAll
- Map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.
Import
Grafana Workspace can be imported using the workspace's id
, e.g.,