Skip to content

Resource: awsGrafanaWorkspace

Provides an Amazon Managed Grafana workspace resource.

Example Usage

Basic configuration

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamRoleAssume = new aws.iamRole.IamRole(this, "assume", {
  assumeRolePolicy:
    '${jsonencode({\n    Version = "2012-10-17"\n    Statement = [\n      {\n        Action = "sts:AssumeRole"\n        Effect = "Allow"\n        Sid    = ""\n        Principal = {\n          Service = "grafana.amazonaws.com"\n        }\n      },\n    ]\n  })}',
  name: "grafana-assume",
});
new aws.grafanaWorkspace.GrafanaWorkspace(this, "example", {
  accountAccessType: "CURRENT_ACCOUNT",
  authenticationProviders: ["SAML"],
  permissionType: "SERVICE_MANAGED",
  roleArn: awsIamRoleAssume.arn,
});

Argument Reference

The following arguments are required:

  • accountAccessType - (Required) The type of account access for the workspace. Valid values are CURRENT_ACCOUNT and organization. If organization is specified, then organizationalUnits must also be present.
  • authenticationProviders - (Required) The authentication providers for the workspace. Valid values are AWS_SSO, saml, or both.
  • permissionType - (Required) The permission type of the workspace. If SERVICE_MANAGED is specified, the IAM roles and IAM policy attachments are generated automatically. If CUSTOMER_MANAGED is specified, the IAM roles and IAM policy attachments will not be created.

The following arguments are optional:

  • configuration - (Optional) The configuration string for the workspace that you create. For more information about the format and configuration options available, see Working in your Grafana workspace.
  • dataSources - (Optional) The data sources for the workspace. Valid values are AMAZON_OPENSEARCH_SERVICE, athena, cloudwatch, prometheus, redshift, sitewise, timestream, xray
  • description - (Optional) The workspace description.
  • name - (Optional) The Grafana workspace name.
  • networkAccessControl - (Optional) Configuration for network access to your workspace.See Network Access Control below.
  • notificationDestinations - (Optional) The notification destinations. If a data source is specified here, Amazon Managed Grafana will create IAM roles and permissions needed to use these destinations. Must be set to sns.
  • organizationRoleName - (Optional) The role name that the workspace uses to access resources through Amazon Organizations.
  • organizationalUnits - (Optional) The Amazon Organizations organizational units that the workspace is authorized to use data sources from.
  • roleArn - (Optional) The IAM role ARN that the workspace assumes.
  • stackSetName - (Optional) The AWS CloudFormation stack set name that provisions IAM roles to be used by the workspace.
  • tags - (Optional) Key-value mapping of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
  • vpcConfiguration - (Optional) The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to. See VPC Configuration below.

Network Access Control

  • prefixListIds - (Required) - An array of prefix list IDs.
  • vpceIds - (Required) - An array of Amazon VPC endpoint IDs for the workspace. The only VPC endpoints that can be specified here are interface VPC endpoints for Grafana workspaces (using the com.amazonaws.[region].grafana-workspace service endpoint). Other VPC endpoints will be ignored.

VPC Configuration

  • securityGroupIds - (Required) - The list of Amazon EC2 security group IDs attached to the Amazon VPC for your Grafana workspace to connect.
  • subnetIds - (Required) - The list of Amazon EC2 subnet IDs created in the Amazon VPC for your Grafana workspace to connect.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - The Amazon Resource Name (ARN) of the Grafana workspace.
  • endpoint - The endpoint of the Grafana workspace.
  • grafanaVersion - The version of Grafana running on the workspace.
  • tagsAll - Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

Grafana Workspace can be imported using the workspace's id, e.g.,

$ terraform import aws_grafana_workspace.example g-2054c75a02