CreateWorkspace
Creates a workspace. In a workspace, you can create Grafana dashboards and visualizations to analyze your metrics, logs, and traces. You don't have to build, package, or deploy any hardware to run the Grafana server.
Don't use CreateWorkspace
to modify an existing workspace. Instead,
use UpdateWorkspace.
Request Syntax
POST /workspaces HTTP/1.1
Content-type: application/json
{
"accountAccessType": "string
",
"authenticationProviders": [ "string
" ],
"clientToken": "string
",
"configuration": "string
",
"organizationRoleName": "string
",
"permissionType": "string
",
"stackSetName": "string
",
"tags": {
"string
" : "string
"
},
"vpcConfiguration": {
"securityGroupIds": [ "string
" ],
"subnetIds": [ "string
" ]
},
"workspaceDataSources": [ "string
" ],
"workspaceDescription": "string
",
"workspaceName": "string
",
"workspaceNotificationDestinations": [ "string
" ],
"workspaceOrganizationalUnits": [ "string
" ],
"workspaceRoleArn": "string
"
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- accountAccessType
-
Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization. If you specify
ORGANIZATION
, you must specify which organizational units the workspace can access in theworkspaceOrganizationalUnits
parameter.Type: String
Valid Values:
CURRENT_ACCOUNT | ORGANIZATION
Required: Yes
- authenticationProviders
-
Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center (successor to AWS Single Sign-On), or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana.
Type: Array of strings
Valid Values:
AWS_SSO | SAML
Required: Yes
- clientToken
-
A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.
Type: String
Pattern:
^[!-~]{1,64}$
Required: No
- configuration
-
The configuration string for the workspace that you create. For more information about the format and configuration options available, see Working in your Grafana workspace.
Type: String
Length Constraints: Minimum length of 2. Maximum length of 65536.
Required: No
- organizationRoleName
-
The name of an IAM role that already exists to use with Organizations to access AWS data sources and notification channels in other accounts in an organization.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: No
- permissionType
-
If you specify
SERVICE_MANAGED
on AWS Grafana console, Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use AWS data sources and notification channels. In the CLI mode, the permissionTypeSERVICE_MANAGED
will not create the IAM role for you. The ability for the Amazon Managed Grafana to create the IAM role on behalf of the user is supported only in the Amazon Managed Grafana AWS console. Use only theCUSTOMER_MANAGED
permission type when creating a workspace in the CLI.If you specify
CUSTOMER_MANAGED
, you will manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization that is not a delegated administrator account, and you want the workspace to access data sources in other AWS accounts in the organization, you must chooseCUSTOMER_MANAGED
.For more information, see Amazon Managed Grafana permissions and policies for AWS data sources and notification channels.
Type: String
Valid Values:
CUSTOMER_MANAGED | SERVICE_MANAGED
Required: Yes
- stackSetName
-
The name of the AWS CloudFormation stack set to use to generate IAM roles to be used for this workspace.
Type: String
Required: No
- tags
-
The list of tags associated with the workspace.
Type: String to string map
Map Entries: Minimum number of 0 items. Maximum number of 50 items.
Key Length Constraints: Minimum length of 1. Maximum length of 128.
Value Length Constraints: Minimum length of 0. Maximum length of 256.
Required: No
- vpcConfiguration
-
The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to.
Type: VpcConfiguration object
Required: No
- workspaceDataSources
-
Specify the AWS data sources that you want to be queried in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to read data from these sources. You must still add them as data sources in the Grafana console in the workspace.
If you don't specify a data source here, you can still add it as a data source in the workspace console later. However, you will then have to manually configure permissions for it.
Type: Array of strings
Valid Values:
AMAZON_OPENSEARCH_SERVICE | CLOUDWATCH | PROMETHEUS | XRAY | TIMESTREAM | SITEWISE | ATHENA | REDSHIFT | TWINMAKER
Required: No
- workspaceDescription
-
A description for the workspace. This is used only to help you identify this workspace.
Pattern:
^[\\p{L}\\p{Z}\\p{N}\\p{P}]{0,2048}$
Type: String
Length Constraints: Minimum length of 0. Maximum length of 2048.
Required: No
- workspaceName
-
The name for the workspace. It does not have to be unique.
Type: String
Pattern:
^[a-zA-Z0-9-._~]{1,255}$
Required: No
- workspaceNotificationDestinations
-
Specify the AWS notification channels that you plan to use in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to use these channels.
Type: Array of strings
Valid Values:
SNS
Required: No
- workspaceOrganizationalUnits
-
Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.
Type: Array of strings
Required: No
- workspaceRoleArn
-
The workspace needs an IAM role that grants permissions to the AWS resources that the workspace will view data from. If you already have a role that you want to use, specify it here. The permission type should be set to
CUSTOMER_MANAGED
.Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: No
Response Syntax
HTTP/1.1 202
Content-type: application/json
{
"workspace": {
"accountAccessType": "string",
"authentication": {
"providers": [ "string" ],
"samlConfigurationStatus": "string"
},
"created": number,
"dataSources": [ "string" ],
"description": "string",
"endpoint": "string",
"freeTrialConsumed": boolean,
"freeTrialExpiration": number,
"grafanaVersion": "string",
"id": "string",
"licenseExpiration": number,
"licenseType": "string",
"modified": number,
"name": "string",
"notificationDestinations": [ "string" ],
"organizationalUnits": [ "string" ],
"organizationRoleName": "string",
"permissionType": "string",
"stackSetName": "string",
"status": "string",
"tags": {
"string" : "string"
},
"vpcConfiguration": {
"securityGroupIds": [ "string" ],
"subnetIds": [ "string" ]
},
"workspaceRoleArn": "string"
}
}
Response Elements
If the action is successful, the service sends back an HTTP 202 response.
The following data is returned in JSON format by the service.
- workspace
-
A structure containing data about the workspace that was created.
Type: WorkspaceDescription object
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You do not have sufficient permissions to perform this action.
HTTP Status Code: 403
- ConflictException
-
A resource was in an inconsistent state during an update or a deletion.
HTTP Status Code: 409
- InternalServerException
-
Unexpected error while processing the request. Retry the request.
HTTP Status Code: 500
- ServiceQuotaExceededException
-
The request would cause a service quota to be exceeded.
HTTP Status Code: 402
- ThrottlingException
-
The request was denied because of request throttling. Retry the request.
HTTP Status Code: 429
- ValidationException
-
The value of a parameter in the request caused an error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: