CreateWorkspace - AWS Managed Grafana

CreateWorkspace

Creates a workspace. In a workspace, you can create Grafana dashboards and visualizations to analyze your metrics, logs, and traces. You don't have to build, package, or deploy any hardware to run the Grafana server.

Don't use CreateWorkspace to modify an existing workspace. Instead, use UpdateWorkspace.

Request Syntax

POST /workspaces HTTP/1.1 Content-type: application/json { "accountAccessType": "string", "authenticationProviders": [ "string" ], "clientToken": "string", "organizationRoleName": "string", "permissionType": "string", "stackSetName": "string", "workspaceDataSources": [ "string" ], "workspaceDescription": "string", "workspaceName": "string", "workspaceNotificationDestinations": [ "string" ], "workspaceOrganizationalUnits": [ "string" ], "workspaceRoleArn": "string" }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

accountAccessType

Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization. If you specify ORGANIZATION, you must specify which organizational units the workspace can access in the workspaceOrganizationalUnits parameter.

Type: String

Valid Values: CURRENT_ACCOUNT | ORGANIZATION

Required: Yes

authenticationProviders

Specifies whether this workspace uses SAML 2.0, AWS Single Sign-On, or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana.

Type: Array of strings

Valid Values: AWS_SSO | SAML

Required: Yes

clientToken

A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.

Type: String

Pattern: ^[!-~]{1,64}$

Required: No

organizationRoleName

The name of an IAM role that already exists to use with Organizations to access AWS data sources and notification channels in other accounts in an organization.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

permissionType

If you specify SERVICE_MANAGED on AWS Grafana console, Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use AWS data sources and notification channels. In CLI mode, the permissionType SERVICE_MANAGED will not create the IAM role for you.

If you specify CUSTOMER_MANAGED, you will manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization that is not a delegated administrator account, and you want the workspace to access data sources in other AWS accounts in the organization, you must choose CUSTOMER_MANAGED.

For more information, see Amazon Managed Grafana permissions and policies for AWS data sources and notification channels.

Type: String

Valid Values: CUSTOMER_MANAGED | SERVICE_MANAGED

Required: Yes

stackSetName

The name of the AWS CloudFormation stack set to use to generate IAM roles to be used for this workspace.

Type: String

Required: No

workspaceDataSources

Specify the AWS data sources that you want to be queried in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to read data from these sources. You must still add them as data sources in the Grafana console in the workspace.

If you don't specify a data source here, you can still add it as a data source in the workspace console later. However, you will then have to manually configure permissions for it.

Type: Array of strings

Valid Values: AMAZON_OPENSEARCH_SERVICE | CLOUDWATCH | PROMETHEUS | XRAY | TIMESTREAM | SITEWISE

Required: No

workspaceDescription

A description for the workspace. This is used only to help you identify this workspace.

Pattern: ^[\\p{L}\\p{Z}\\p{N}\\p{P}]{0,2048}$

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Required: No

workspaceName

The name for the workspace. It does not have to be unique.

Type: String

Pattern: ^[a-zA-Z0-9-._~]{1,255}$

Required: No

workspaceNotificationDestinations

Specify the AWS notification channels that you plan to use in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to use these channels.

Type: Array of strings

Valid Values: SNS

Required: No

workspaceOrganizationalUnits

Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

Type: Array of strings

Required: No

workspaceRoleArn

The workspace needs an IAM role that grants permissions to the AWS resources that the workspace will view data from. If you already have a role that you want to use, specify it here. The permission type should be set to CUSTOMER_MANAGED.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

Response Syntax

HTTP/1.1 202 Content-type: application/json { "workspace": { "accountAccessType": "string", "authentication": { "providers": [ "string" ], "samlConfigurationStatus": "string" }, "created": number, "dataSources": [ "string" ], "description": "string", "endpoint": "string", "freeTrialConsumed": boolean, "freeTrialExpiration": number, "grafanaVersion": "string", "id": "string", "licenseExpiration": number, "licenseType": "string", "modified": number, "name": "string", "notificationDestinations": [ "string" ], "organizationalUnits": [ "string" ], "organizationRoleName": "string", "permissionType": "string", "stackSetName": "string", "status": "string", "workspaceRoleArn": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 202 response.

The following data is returned in JSON format by the service.

workspace

A structure containing data about the workspace that was created.

Type: WorkspaceDescription object

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient permissions to perform this action.

HTTP Status Code: 403

ConflictException

A resource was in an inconsistent state during an update or a deletion.

HTTP Status Code: 409

InternalServerException

Unexpected error while processing the request. Retry the request.

HTTP Status Code: 500

ServiceQuotaExceededException

The request would cause a service quota to be exceeded.

HTTP Status Code: 402

ThrottlingException

The request was denied because of request throttling. Retry the request.

HTTP Status Code: 429

ValidationException

The value of a parameter in the request caused an error.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: