CfnWorkspaceProps

class aws_cdk.aws_grafana.CfnWorkspaceProps(*, account_access_type, authentication_providers, permission_type, client_token=None, data_sources=None, description=None, grafana_version=None, name=None, network_access_control=None, notification_destinations=None, organizational_units=None, organization_role_name=None, plugin_admin_enabled=None, role_arn=None, saml_configuration=None, stack_set_name=None, vpc_configuration=None)

Bases: object

Properties for defining a CfnWorkspace.

Parameters:
  • account_access_type (str) – Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization. If this is ORGANIZATION , the OrganizationalUnits parameter specifies which organizational units the workspace can access.

  • authentication_providers (Sequence[str]) – Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center , or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana . Allowed Values : AWS_SSO | SAML

  • permission_type (str) – If this is SERVICE_MANAGED , and the workplace was created through the Amazon Managed Grafana console, then Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use AWS data sources and notification channels. If this is CUSTOMER_MANAGED , you must manage those roles and permissions yourself. If you are working with a workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other AWS accounts in the organization, this parameter must be set to CUSTOMER_MANAGED . For more information about converting between customer and service managed, see Managing permissions for data sources and notification channels . For more information about the roles and permissions that must be managed for customer managed workspaces, see Amazon Managed Grafana permissions and policies for AWS data sources and notification channels

  • client_token (Optional[str]) – A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.

  • data_sources (Optional[Sequence[str]]) – Specifies the AWS data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources. This list is only used when the workspace was created through the AWS console, and the permissionType is SERVICE_MANAGED .

  • description (Optional[str]) – The user-defined description of the workspace.

  • grafana_version (Optional[str]) – Specifies the version of Grafana to support in the workspace. Defaults to the latest version on create (for example, 9.4), or the current version of the workspace on update. Can only be used to upgrade (for example, from 8.4 to 9.4), not downgrade (for example, from 9.4 to 8.4). To know what versions are available to upgrade to for a specific workspace, see the ListVersions operation.

  • name (Optional[str]) – The name of the workspace.

  • network_access_control (Union[IResolvable, NetworkAccessControlProperty, Dict[str, Any], None]) – The configuration settings for network access to your workspace.

  • notification_destinations (Optional[Sequence[str]]) – The AWS notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, to allow Amazon Managed Grafana to use these channels. AllowedValues : SNS

  • organizational_units (Optional[Sequence[str]]) – Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

  • organization_role_name (Optional[str]) – The name of the IAM role that is used to access resources through Organizations.

  • plugin_admin_enabled (Union[bool, IResolvable, None]) – Whether plugin administration is enabled in the workspace. Setting to true allows workspace admins to install, uninstall, and update plugins from within the Grafana workspace. .. epigraph:: This option is only valid for workspaces that support Grafana version 9 or newer.

  • role_arn (Optional[str]) – The IAM role that grants permissions to the AWS resources that the workspace will view data from. This role must already exist.

  • saml_configuration (Union[IResolvable, SamlConfigurationProperty, Dict[str, Any], None]) – If the workspace uses SAML, use this structure to map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the Admin and Editor roles in the workspace.

  • stack_set_name (Optional[str]) – The name of the AWS CloudFormation stack set that is used to generate IAM roles to be used for this workspace.

  • vpc_configuration (Union[IResolvable, VpcConfigurationProperty, Dict[str, Any], None]) – The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to. .. epigraph:: Connecting to a private VPC is not yet available in the Asia Pacific (Seoul) Region (ap-northeast-2).

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_grafana as grafana

cfn_workspace_props = grafana.CfnWorkspaceProps(
    account_access_type="accountAccessType",
    authentication_providers=["authenticationProviders"],
    permission_type="permissionType",

    # the properties below are optional
    client_token="clientToken",
    data_sources=["dataSources"],
    description="description",
    grafana_version="grafanaVersion",
    name="name",
    network_access_control=grafana.CfnWorkspace.NetworkAccessControlProperty(
        prefix_list_ids=["prefixListIds"],
        vpce_ids=["vpceIds"]
    ),
    notification_destinations=["notificationDestinations"],
    organizational_units=["organizationalUnits"],
    organization_role_name="organizationRoleName",
    plugin_admin_enabled=False,
    role_arn="roleArn",
    saml_configuration=grafana.CfnWorkspace.SamlConfigurationProperty(
        idp_metadata=grafana.CfnWorkspace.IdpMetadataProperty(
            url="url",
            xml="xml"
        ),

        # the properties below are optional
        allowed_organizations=["allowedOrganizations"],
        assertion_attributes=grafana.CfnWorkspace.AssertionAttributesProperty(
            email="email",
            groups="groups",
            login="login",
            name="name",
            org="org",
            role="role"
        ),
        login_validity_duration=123,
        role_values=grafana.CfnWorkspace.RoleValuesProperty(
            admin=["admin"],
            editor=["editor"]
        )
    ),
    stack_set_name="stackSetName",
    vpc_configuration=grafana.CfnWorkspace.VpcConfigurationProperty(
        security_group_ids=["securityGroupIds"],
        subnet_ids=["subnetIds"]
    )
)

Attributes

account_access_type

Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization.

If this is ORGANIZATION , the OrganizationalUnits parameter specifies which organizational units the workspace can access.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-accountaccesstype

authentication_providers

//docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html>`_ .

Allowed Values : AWS_SSO | SAML

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-authenticationproviders

Type:

Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center , or both to authenticate users for using the Grafana console within a workspace. For more information, see `User authentication in Amazon Managed Grafana <https

client_token

A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-clienttoken

data_sources

Specifies the AWS data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources.

This list is only used when the workspace was created through the AWS console, and the permissionType is SERVICE_MANAGED .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-datasources

description

The user-defined description of the workspace.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-description

grafana_version

Specifies the version of Grafana to support in the workspace.

Defaults to the latest version on create (for example, 9.4), or the current version of the workspace on update.

Can only be used to upgrade (for example, from 8.4 to 9.4), not downgrade (for example, from 9.4 to 8.4).

To know what versions are available to upgrade to for a specific workspace, see the ListVersions operation.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-grafanaversion

name

The name of the workspace.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-name

network_access_control

The configuration settings for network access to your workspace.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-networkaccesscontrol

notification_destinations

The AWS notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, to allow Amazon Managed Grafana to use these channels.

AllowedValues : SNS

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-notificationdestinations

organization_role_name

The name of the IAM role that is used to access resources through Organizations.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-organizationrolename

organizational_units

Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-organizationalunits

permission_type

If this is SERVICE_MANAGED , and the workplace was created through the Amazon Managed Grafana console, then Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use AWS data sources and notification channels.

If this is CUSTOMER_MANAGED , you must manage those roles and permissions yourself.

If you are working with a workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other AWS accounts in the organization, this parameter must be set to CUSTOMER_MANAGED .

For more information about converting between customer and service managed, see Managing permissions for data sources and notification channels . For more information about the roles and permissions that must be managed for customer managed workspaces, see Amazon Managed Grafana permissions and policies for AWS data sources and notification channels

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-permissiontype

plugin_admin_enabled

Whether plugin administration is enabled in the workspace.

Setting to true allows workspace admins to install, uninstall, and update plugins from within the Grafana workspace. .. epigraph:

This option is only valid for workspaces that support Grafana version 9 or newer.
See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-pluginadminenabled

role_arn

The IAM role that grants permissions to the AWS resources that the workspace will view data from.

This role must already exist.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-rolearn

saml_configuration

If the workspace uses SAML, use this structure to map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the Admin and Editor roles in the workspace.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-samlconfiguration

stack_set_name

The name of the AWS CloudFormation stack set that is used to generate IAM roles to be used for this workspace.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-stacksetname

vpc_configuration

The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to.

Connecting to a private VPC is not yet available in the Asia Pacific (Seoul) Region (ap-northeast-2).

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-grafana-workspace.html#cfn-grafana-workspace-vpcconfiguration