Resource: awsWorkspacesDirectory

Provides a WorkSpaces directory in AWS WorkSpaces Service.

\~> NOTE: AWS WorkSpaces service requires workspacesDefaultRole IAM role to operate normally.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsVpcExample = new aws.vpc.Vpc(this, "example", {
  cidrBlock: "10.0.0.0/16",
});
const dataAwsIamPolicyDocumentWorkspaces =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
    this,
    "workspaces",
    {
      statement: [
        {
          actions: ["sts:AssumeRole"],
          principals: [
            {
              identifiers: ["workspaces.amazonaws.com"],
              type: "Service",
            },
          ],
        },
      ],
    }
  );
const awsIamRoleWorkspacesDefault = new aws.iamRole.IamRole(
  this,
  "workspaces_default",
  {
    assumeRolePolicy: dataAwsIamPolicyDocumentWorkspaces.json,
    name: "workspaces_DefaultRole",
  }
);
const awsIamRolePolicyAttachmentWorkspacesDefaultSelfServiceAccess =
  new aws.iamRolePolicyAttachment.IamRolePolicyAttachment(
    this,
    "workspaces_default_self_service_access",
    {
      policyArn: "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess",
      role: awsIamRoleWorkspacesDefault.name,
    }
  );
const awsIamRolePolicyAttachmentWorkspacesDefaultServiceAccess =
  new aws.iamRolePolicyAttachment.IamRolePolicyAttachment(
    this,
    "workspaces_default_service_access",
    {
      policyArn: "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess",
      role: awsIamRoleWorkspacesDefault.name,
    }
  );
const awsSubnetExampleA = new aws.subnet.Subnet(this, "example_a", {
  availabilityZone: "us-east-1a",
  cidrBlock: "10.0.0.0/24",
  vpcId: awsVpcExample.id,
});
const awsSubnetExampleB = new aws.subnet.Subnet(this, "example_b", {
  availabilityZone: "us-east-1b",
  cidrBlock: "10.0.1.0/24",
  vpcId: awsVpcExample.id,
});
const awsSubnetExampleC = new aws.subnet.Subnet(this, "example_c", {
  availabilityZone: "us-east-1c",
  cidrBlock: "10.0.2.0/24",
  vpcId: awsVpcExample.id,
});
const awsSubnetExampleD = new aws.subnet.Subnet(this, "example_d", {
  availabilityZone: "us-east-1d",
  cidrBlock: "10.0.3.0/24",
  vpcId: awsVpcExample.id,
});
const awsDirectoryServiceDirectoryExample =
  new aws.directoryServiceDirectory.DirectoryServiceDirectory(
    this,
    "example_9",
    {
      name: "corp.example.com",
      password: "#S1ncerely",
      size: "Small",
      vpcSettings: {
        subnetIds: [awsSubnetExampleA.id, awsSubnetExampleB.id],
        vpcId: awsVpcExample.id,
      },
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsDirectoryServiceDirectoryExample.overrideLogicalId("example");
const awsWorkspacesDirectoryExample =
  new aws.workspacesDirectory.WorkspacesDirectory(this, "example_10", {
    depends_on: [
      `\${${awsIamRolePolicyAttachmentWorkspacesDefaultServiceAccess.fqn}}`,
      `\${${awsIamRolePolicyAttachmentWorkspacesDefaultSelfServiceAccess.fqn}}`,
    ],
    directoryId: awsDirectoryServiceDirectoryExample.id,
    selfServicePermissions: {
      changeComputeType: true,
      increaseVolumeSize: true,
      rebuildWorkspace: true,
      restartWorkspace: true,
      switchRunningMode: true,
    },
    subnetIds: [awsSubnetExampleC.id, awsSubnetExampleD.id],
    tags: {
      Example: true,
    },
    workspaceAccessProperties: {
      deviceTypeAndroid: "ALLOW",
      deviceTypeChromeos: "ALLOW",
      deviceTypeIos: "ALLOW",
      deviceTypeLinux: "DENY",
      deviceTypeOsx: "ALLOW",
      deviceTypeWeb: "DENY",
      deviceTypeWindows: "DENY",
      deviceTypeZeroclient: "DENY",
    },
    workspaceCreationProperties: {
      customSecurityGroupId: "${aws_security_group.example.id}",
      defaultOu: "OU=AWS,DC=Workgroup,DC=Example,DC=com",
      enableInternetAccess: true,
      enableMaintenanceMode: true,
      userEnabledAsLocalAdministrator: true,
    },
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsWorkspacesDirectoryExample.overrideLogicalId("example");

IP Groups

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsWorkspacesIpGroupExample = new aws.workspacesIpGroup.WorkspacesIpGroup(
  this,
  "example",
  {
    name: "example",
  }
);
const awsWorkspacesDirectoryExample =
  new aws.workspacesDirectory.WorkspacesDirectory(this, "example_1", {
    directoryId: "${aws_directory_service_directory.example.id}",
    ipGroupIds: [awsWorkspacesIpGroupExample.id],
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsWorkspacesDirectoryExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

directoryId - (Required) The directory identifier for registration in WorkSpaces service.
subnetIds - (Optional) The identifiers of the subnets where the directory resides.
ipGroupIds - The identifiers of the IP access control groups associated with the directory.
tags – (Optional) A map of tags assigned to the WorkSpaces directory. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
selfServicePermissions – (Optional) Permissions to enable or disable self-service capabilities. Defined below.
workspaceAccessProperties – (Optional) Specifies which devices and operating systems users can use to access their WorkSpaces. Defined below.
workspaceCreationProperties – (Optional) Default properties that are used for creating WorkSpaces. Defined below.

selfServicePermissions

changeComputeType – (Optional) Whether WorkSpaces directory users can change the compute type (bundle) for their workspace. Default false.
increaseVolumeSize – (Optional) Whether WorkSpaces directory users can increase the volume size of the drives on their workspace. Default false.
rebuildWorkspace – (Optional) Whether WorkSpaces directory users can rebuild the operating system of a workspace to its original state. Default false.
restartWorkspace – (Optional) Whether WorkSpaces directory users can restart their workspace. Default true.
switchRunningMode – (Optional) Whether WorkSpaces directory users can switch the running mode of their workspace. Default false.

workspaceAccessProperties

deviceTypeAndroid – (Optional) Indicates whether users can use Android devices to access their WorkSpaces.
deviceTypeChromeos – (Optional) Indicates whether users can use Chromebooks to access their WorkSpaces.
deviceTypeIos – (Optional) Indicates whether users can use iOS devices to access their WorkSpaces.
deviceTypeLinux – (Optional) Indicates whether users can use Linux clients to access their WorkSpaces.
deviceTypeOsx – (Optional) Indicates whether users can use macOS clients to access their WorkSpaces.
deviceTypeWeb – (Optional) Indicates whether users can access their WorkSpaces through a web browser.
deviceTypeWindows – (Optional) Indicates whether users can use Windows clients to access their WorkSpaces.
deviceTypeZeroclient – (Optional) Indicates whether users can use zero client devices to access their WorkSpaces.

workspaceCreationProperties

-> Note: Once you specified customSecurityGroupId or defaultOu, there is no way to delete these attributes. If you cleanup them from the configuration, they still be present in state.

customSecurityGroupId – (Optional) The identifier of your custom security group. Should relate to the same VPC, where workspaces reside in.
defaultOu – (Optional) The default organizational unit (OU) for your WorkSpace directories. Should conform "ou=<value>,dc=<value>,...,dc=<value>" pattern.
enableInternetAccess – (Optional) Indicates whether internet access is enabled for your WorkSpaces.
enableMaintenanceMode – (Optional) Indicates whether maintenance mode is enabled for your WorkSpaces. For more information, see WorkSpace Maintenance..
userEnabledAsLocalAdministrator – (Optional) Indicates whether users are local administrators of their WorkSpaces.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

id - The WorkSpaces directory identifier.
alias - The directory alias.
customerUserName - The user name for the service account.
directoryName - The name of the directory.
directoryType - The directory type.
dnsIpAddresses - The IP addresses of the DNS servers for the directory.
iamRoleId - The identifier of the IAM role. This is the role that allows Amazon WorkSpaces to make calls to other services, such as Amazon EC2, on your behalf.
ipGroupIds - The identifiers of the IP access control groups associated with the directory.
registrationCode - The registration code for the directory. This is the code that users enter in their Amazon WorkSpaces client application to connect to the directory.
tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.
workspaceSecurityGroupId - The identifier of the security group that is assigned to new WorkSpaces.

Import

Workspaces directory can be imported using the directory ID, e.g.,

$ terraform import aws_workspaces_directory.main d-4444444444