Skip to content

Resource: awsGrafanaWorkspaceSamlConfiguration

Provides an Amazon Managed Grafana workspace SAML configuration resource.

Example Usage

Basic configuration

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamRoleAssume = new aws.iamRole.IamRole(this, "assume", {
  assumeRolePolicy:
    '${jsonencode({\n    Version = "2012-10-17"\n    Statement = [\n      {\n        Action = "sts:AssumeRole"\n        Effect = "Allow"\n        Sid    = ""\n        Principal = {\n          Service = "grafana.amazonaws.com"\n        }\n      },\n    ]\n  })}',
  name: "grafana-assume",
});
const awsGrafanaWorkspaceExample = new aws.grafanaWorkspace.GrafanaWorkspace(
  this,
  "example",
  {
    accountAccessType: "CURRENT_ACCOUNT",
    authenticationProviders: ["SAML"],
    permissionType: "SERVICE_MANAGED",
    roleArn: awsIamRoleAssume.arn,
  }
);
const awsGrafanaWorkspaceSamlConfigurationExample =
  new aws.grafanaWorkspaceSamlConfiguration.GrafanaWorkspaceSamlConfiguration(
    this,
    "example_2",
    {
      editorRoleValues: ["editor"],
      idpMetadataUrl: "https://my_idp_metadata.url",
      workspaceId: awsGrafanaWorkspaceExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsGrafanaWorkspaceSamlConfigurationExample.overrideLogicalId("example");

Argument Reference

The following arguments are required:

  • editorRoleValues - (Required) The editor role values.
  • workspaceId - (Required) The workspace id.

The following arguments are optional:

  • adminRoleValues - (Optional) The admin role values.
  • allowedOrganizations - (Optional) The allowed organizations.
  • emailAssertion - (Optional) The email assertion.
  • groupsAssertion - (Optional) The groups assertion.
  • idpMetadataUrl - (Optional) The IDP Metadata URL. Note that either idpMetadataUrl or idpMetadataXml (but not both) must be specified.
  • idpMetadataXml - (Optional) The IDP Metadata XML. Note that either idpMetadataUrl or idpMetadataXml (but not both) must be specified.
  • loginAssertion - (Optional) The login assertion.
  • loginValidityDuration - (Optional) The login validity duration.
  • nameAssertion - (Optional) The name assertion.
  • orgAssertion - (Optional) The org assertion.
  • roleAssertion - (Optional) The role assertion.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • status - The status of the SAML configuration.

Import

Grafana Workspace SAML configuration can be imported using the workspace's id, e.g.,

$ terraform import aws_grafana_workspace_saml_configuration.example g-2054c75a02