Resource: awsWorkspacesDirectory
Provides a WorkSpaces directory in AWS WorkSpaces Service.
\~> NOTE: AWS WorkSpaces service requires workspacesDefaultRole
IAM role to operate normally.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsVpcExample = new aws.vpc.Vpc(this, "example", {
cidrBlock: "10.0.0.0/16",
});
const dataAwsIamPolicyDocumentWorkspaces =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"workspaces",
{
statement: [
{
actions: ["sts:AssumeRole"],
principals: [
{
identifiers: ["workspaces.amazonaws.com"],
type: "Service",
},
],
},
],
}
);
const awsIamRoleWorkspacesDefault = new aws.iamRole.IamRole(
this,
"workspaces_default",
{
assumeRolePolicy: dataAwsIamPolicyDocumentWorkspaces.json,
name: "workspaces_DefaultRole",
}
);
const awsIamRolePolicyAttachmentWorkspacesDefaultSelfServiceAccess =
new aws.iamRolePolicyAttachment.IamRolePolicyAttachment(
this,
"workspaces_default_self_service_access",
{
policyArn: "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess",
role: awsIamRoleWorkspacesDefault.name,
}
);
const awsIamRolePolicyAttachmentWorkspacesDefaultServiceAccess =
new aws.iamRolePolicyAttachment.IamRolePolicyAttachment(
this,
"workspaces_default_service_access",
{
policyArn: "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess",
role: awsIamRoleWorkspacesDefault.name,
}
);
const awsSubnetExampleA = new aws.subnet.Subnet(this, "example_a", {
availabilityZone: "us-east-1a",
cidrBlock: "10.0.0.0/24",
vpcId: awsVpcExample.id,
});
const awsSubnetExampleB = new aws.subnet.Subnet(this, "example_b", {
availabilityZone: "us-east-1b",
cidrBlock: "10.0.1.0/24",
vpcId: awsVpcExample.id,
});
const awsSubnetExampleC = new aws.subnet.Subnet(this, "example_c", {
availabilityZone: "us-east-1c",
cidrBlock: "10.0.2.0/24",
vpcId: awsVpcExample.id,
});
const awsSubnetExampleD = new aws.subnet.Subnet(this, "example_d", {
availabilityZone: "us-east-1d",
cidrBlock: "10.0.3.0/24",
vpcId: awsVpcExample.id,
});
const awsDirectoryServiceDirectoryExample =
new aws.directoryServiceDirectory.DirectoryServiceDirectory(
this,
"example_9",
{
name: "corp.example.com",
password: "#S1ncerely",
size: "Small",
vpcSettings: {
subnetIds: [awsSubnetExampleA.id, awsSubnetExampleB.id],
vpcId: awsVpcExample.id,
},
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsDirectoryServiceDirectoryExample.overrideLogicalId("example");
const awsWorkspacesDirectoryExample =
new aws.workspacesDirectory.WorkspacesDirectory(this, "example_10", {
depends_on: [
`\${${awsIamRolePolicyAttachmentWorkspacesDefaultServiceAccess.fqn}}`,
`\${${awsIamRolePolicyAttachmentWorkspacesDefaultSelfServiceAccess.fqn}}`,
],
directoryId: awsDirectoryServiceDirectoryExample.id,
selfServicePermissions: {
changeComputeType: true,
increaseVolumeSize: true,
rebuildWorkspace: true,
restartWorkspace: true,
switchRunningMode: true,
},
subnetIds: [awsSubnetExampleC.id, awsSubnetExampleD.id],
tags: {
Example: true,
},
workspaceAccessProperties: {
deviceTypeAndroid: "ALLOW",
deviceTypeChromeos: "ALLOW",
deviceTypeIos: "ALLOW",
deviceTypeLinux: "DENY",
deviceTypeOsx: "ALLOW",
deviceTypeWeb: "DENY",
deviceTypeWindows: "DENY",
deviceTypeZeroclient: "DENY",
},
workspaceCreationProperties: {
customSecurityGroupId: "${aws_security_group.example.id}",
defaultOu: "OU=AWS,DC=Workgroup,DC=Example,DC=com",
enableInternetAccess: true,
enableMaintenanceMode: true,
userEnabledAsLocalAdministrator: true,
},
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsWorkspacesDirectoryExample.overrideLogicalId("example");
IP Groups
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsWorkspacesIpGroupExample = new aws.workspacesIpGroup.WorkspacesIpGroup(
this,
"example",
{
name: "example",
}
);
const awsWorkspacesDirectoryExample =
new aws.workspacesDirectory.WorkspacesDirectory(this, "example_1", {
directoryId: "${aws_directory_service_directory.example.id}",
ipGroupIds: [awsWorkspacesIpGroupExample.id],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsWorkspacesDirectoryExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
directoryId
- (Required) The directory identifier for registration in WorkSpaces service.subnetIds
- (Optional) The identifiers of the subnets where the directory resides.ipGroupIds
- The identifiers of the IP access control groups associated with the directory.tags
– (Optional) A map of tags assigned to the WorkSpaces directory. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.selfServicePermissions
– (Optional) Permissions to enable or disable self-service capabilities. Defined below.workspaceAccessProperties
– (Optional) Specifies which devices and operating systems users can use to access their WorkSpaces. Defined below.workspaceCreationProperties
– (Optional) Default properties that are used for creating WorkSpaces. Defined below.
selfServicePermissions
changeComputeType
– (Optional) Whether WorkSpaces directory users can change the compute type (bundle) for their workspace. Defaultfalse
.increaseVolumeSize
– (Optional) Whether WorkSpaces directory users can increase the volume size of the drives on their workspace. Defaultfalse
.rebuildWorkspace
– (Optional) Whether WorkSpaces directory users can rebuild the operating system of a workspace to its original state. Defaultfalse
.restartWorkspace
– (Optional) Whether WorkSpaces directory users can restart their workspace. Defaulttrue
.switchRunningMode
– (Optional) Whether WorkSpaces directory users can switch the running mode of their workspace. Defaultfalse
.
workspaceAccessProperties
deviceTypeAndroid
– (Optional) Indicates whether users can use Android devices to access their WorkSpaces.deviceTypeChromeos
– (Optional) Indicates whether users can use Chromebooks to access their WorkSpaces.deviceTypeIos
– (Optional) Indicates whether users can use iOS devices to access their WorkSpaces.deviceTypeLinux
– (Optional) Indicates whether users can use Linux clients to access their WorkSpaces.deviceTypeOsx
– (Optional) Indicates whether users can use macOS clients to access their WorkSpaces.deviceTypeWeb
– (Optional) Indicates whether users can access their WorkSpaces through a web browser.deviceTypeWindows
– (Optional) Indicates whether users can use Windows clients to access their WorkSpaces.deviceTypeZeroclient
– (Optional) Indicates whether users can use zero client devices to access their WorkSpaces.
workspaceCreationProperties
-> Note: Once you specified customSecurityGroupId
or defaultOu
, there is no way to delete these attributes. If you cleanup them from the configuration, they still be present in state.
customSecurityGroupId
– (Optional) The identifier of your custom security group. Should relate to the same VPC, where workspaces reside in.defaultOu
– (Optional) The default organizational unit (OU) for your WorkSpace directories. Should conform"ou=<value>,dc=<value>,...,dc=<value>"
pattern.enableInternetAccess
– (Optional) Indicates whether internet access is enabled for your WorkSpaces.enableMaintenanceMode
– (Optional) Indicates whether maintenance mode is enabled for your WorkSpaces. For more information, see WorkSpace Maintenance..userEnabledAsLocalAdministrator
– (Optional) Indicates whether users are local administrators of their WorkSpaces.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The WorkSpaces directory identifier.alias
- The directory alias.customerUserName
- The user name for the service account.directoryName
- The name of the directory.directoryType
- The directory type.dnsIpAddresses
- The IP addresses of the DNS servers for the directory.iamRoleId
- The identifier of the IAM role. This is the role that allows Amazon WorkSpaces to make calls to other services, such as Amazon EC2, on your behalf.ipGroupIds
- The identifiers of the IP access control groups associated with the directory.registrationCode
- The registration code for the directory. This is the code that users enter in their Amazon WorkSpaces client application to connect to the directory.tagsAll
- A map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.workspaceSecurityGroupId
- The identifier of the security group that is assigned to new WorkSpaces.
Import
Workspaces directory can be imported using the directory ID, e.g.,