UpdateWorkspace

Modifies an existing Amazon Managed Grafana workspace. If you use this operation and omit any optional parameters, the existing values of those parameters are not changed.

To modify the user authentication methods that the workspace uses, such as SAML or IAM Identity Center, use UpdateWorkspaceAuthentication.

To modify which users in the workspace have the Admin and Editor Grafana roles, use UpdatePermissions.

Request Syntax

PUT /workspaces/workspaceId HTTP/1.1
Content-type: application/json

{
   "accountAccessType": "string",
   "organizationRoleName": "string",
   "permissionType": "string",
   "removeVpcConfiguration": boolean,
   "stackSetName": "string",
   "vpcConfiguration": { 
      "securityGroupIds": [ "string" ],
      "subnetIds": [ "string" ]
   },
   "workspaceDataSources": [ "string" ],
   "workspaceDescription": "string",
   "workspaceName": "string",
   "workspaceNotificationDestinations": [ "string" ],
   "workspaceOrganizationalUnits": [ "string" ],
   "workspaceRoleArn": "string"
}

URI Request Parameters

The request uses the following URI parameters.

workspaceId

The ID of the workspace to update.

Pattern: ^g-[0-9a-f]{10}$

Required: Yes

Request Body

The request accepts the following data in JSON format.

accountAccessType

Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization. If you specify ORGANIZATION, you must specify which organizational units the workspace can access in the workspaceOrganizationalUnits parameter.

Type: String

Valid Values: CURRENT_ACCOUNT | ORGANIZATION

Required: No

organizationRoleName

The name of an IAM role that already exists to use to access resources through Organizations.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

permissionType

If you specify Service Managed, Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use AWS data sources and notification channels.

If you specify CUSTOMER_MANAGED, you will manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other AWS accounts in the organization, you must choose CUSTOMER_MANAGED.

For more information, see Amazon Managed Grafana permissions and policies for AWS data sources and notification channels

Type: String

Valid Values: CUSTOMER_MANAGED | SERVICE_MANAGED

Required: No

removeVpcConfiguration

Whether to remove the VPC configuration from the workspace.

Setting this to true and providing a vpcConfiguration to set will return an error.

Type: Boolean

Required: No

stackSetName

The name of the AWS CloudFormation stack set to use to generate IAM roles to be used for this workspace.

Type: String

Required: No

vpcConfiguration

The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to.

Type: VpcConfiguration object

Required: No

workspaceDataSources

Specify the AWS data sources that you want to be queried in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to read data from these sources. You must still add them as data sources in the Grafana console in the workspace.

If you don't specify a data source here, you can still add it as a data source later in the workspace console. However, you will then have to manually configure permissions for it.

Type: Array of strings

Valid Values: AMAZON_OPENSEARCH_SERVICE | CLOUDWATCH | PROMETHEUS | XRAY | TIMESTREAM | SITEWISE | ATHENA | REDSHIFT | TWINMAKER

Required: No

workspaceDescription

A description for the workspace. This is used only to help you identify this workspace.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Required: No

workspaceName

A new name for the workspace to update.

Type: String

Pattern: ^[a-zA-Z0-9-._~]{1,255}$

Required: No

workspaceNotificationDestinations

Specify the AWS notification channels that you plan to use in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to use these channels.

Type: Array of strings

Valid Values: SNS

Required: No

workspaceOrganizationalUnits

Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

Type: Array of strings

Required: No

workspaceRoleArn

The workspace needs an IAM role that grants permissions to the AWS resources that the workspace will view data from. If you already have a role that you want to use, specify it here. If you omit this field and you specify some AWS resources in workspaceDataSources or workspaceNotificationDestinations, a new IAM role with the necessary permissions is automatically created.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

Response Syntax

HTTP/1.1 202
Content-type: application/json

{
   "workspace": { 
      "accountAccessType": "string",
      "authentication": { 
         "providers": [ "string" ],
         "samlConfigurationStatus": "string"
      },
      "created": number,
      "dataSources": [ "string" ],
      "description": "string",
      "endpoint": "string",
      "freeTrialConsumed": boolean,
      "freeTrialExpiration": number,
      "grafanaVersion": "string",
      "id": "string",
      "licenseExpiration": number,
      "licenseType": "string",
      "modified": number,
      "name": "string",
      "notificationDestinations": [ "string" ],
      "organizationalUnits": [ "string" ],
      "organizationRoleName": "string",
      "permissionType": "string",
      "stackSetName": "string",
      "status": "string",
      "tags": { 
         "string" : "string" 
      },
      "vpcConfiguration": { 
         "securityGroupIds": [ "string" ],
         "subnetIds": [ "string" ]
      },
      "workspaceRoleArn": "string"
   }
}

Response Elements

If the action is successful, the service sends back an HTTP 202 response.

The following data is returned in JSON format by the service.

workspace

A structure containing data about the workspace that was created.

Type: WorkspaceDescription object

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient permissions to perform this action.

HTTP Status Code: 403

ConflictException

A resource was in an inconsistent state during an update or a deletion.

HTTP Status Code: 409

InternalServerException

Unexpected error while processing the request. Retry the request.

HTTP Status Code: 500

ResourceNotFoundException

The request references a resource that does not exist.

HTTP Status Code: 404

ThrottlingException

The request was denied because of request throttling. Retry the request.

HTTP Status Code: 429

ValidationException

The value of a parameter in the request caused an error.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3