UpdateWorkspace
Modifies an existing Amazon Managed Grafana workspace. If you use this operation and omit any optional parameters, the existing values of those parameters are not changed.
To modify the user authentication methods that the workspace uses, such as SAML or IAM Identity Center, use UpdateWorkspaceAuthentication.
To modify which users in the workspace have the Admin and
Editor Grafana roles, use UpdatePermissions.
Request Syntax
PUT /workspaces/workspaceId HTTP/1.1
Content-type: application/json
{
"accountAccessType": "string",
"networkAccessControl": {
"prefixListIds": [ "string" ],
"vpceIds": [ "string" ]
},
"organizationRoleName": "string",
"permissionType": "string",
"removeNetworkAccessConfiguration": boolean,
"removeVpcConfiguration": boolean,
"stackSetName": "string",
"vpcConfiguration": {
"securityGroupIds": [ "string" ],
"subnetIds": [ "string" ]
},
"workspaceDataSources": [ "string" ],
"workspaceDescription": "string",
"workspaceName": "string",
"workspaceNotificationDestinations": [ "string" ],
"workspaceOrganizationalUnits": [ "string" ],
"workspaceRoleArn": "string"
}URI Request Parameters
The request uses the following URI parameters.
- workspaceId
-
The ID of the workspace to update.
Pattern:
^g-[0-9a-f]{10}$Required: Yes
Request Body
The request accepts the following data in JSON format.
- accountAccessType
-
Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization. If you specify
ORGANIZATION, you must specify which organizational units the workspace can access in theworkspaceOrganizationalUnitsparameter.Type: String
Valid Values:
CURRENT_ACCOUNT | ORGANIZATIONRequired: No
- networkAccessControl
-
The configuration settings for network access to your workspace.
When this is configured, only listed IP addresses and VPC endpoints will be able to access your workspace. Standard Grafana authentication and authorization will still be required.
If this is not configured, or is removed, then all IP addresses and VPC endpoints will be allowed. Standard Grafana authentication and authorization will still be required.
Type: NetworkAccessConfiguration object
Required: No
- organizationRoleName
-
The name of an IAM role that already exists to use to access resources through Organizations. This can only be used with a workspace that has the
permissionTypeset toCUSTOMER_MANAGED.Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: No
- permissionType
-
Use this parameter if you want to change a workspace from
SERVICE_MANAGEDtoCUSTOMER_MANAGED. This allows you to manage the permissions that the workspace uses to access datasources and notification channels. If the workspace is in a member AWS account of an organization, and that account is not a delegated administrator account, and you want the workspace to access data sources in other AWS accounts in the organization, you must chooseCUSTOMER_MANAGED.If you specify this as
CUSTOMER_MANAGED, you must also specify aworkspaceRoleArnthat the workspace will use for accessing AWS resources.For more information on the role and permissions needed, see Amazon Managed Grafana permissions and policies for AWS data sources and notification channels
Note
Do not use this to convert a
CUSTOMER_MANAGEDworkspace toSERVICE_MANAGED. Do not include this parameter if you want to leave the workspace asSERVICE_MANAGED.You can convert a
CUSTOMER_MANAGEDworkspace toSERVICE_MANAGEDusing the Amazon Managed Grafana console. For more information, see Managing permissions for data sources and notification channels.Type: String
Valid Values:
CUSTOMER_MANAGED | SERVICE_MANAGEDRequired: No
- removeNetworkAccessConfiguration
-
Whether to remove the network access configuration from the workspace.
Setting this to
trueand providing anetworkAccessControlto set will return an error.If you remove this configuration by setting this to
true, then all IP addresses and VPC endpoints will be allowed. Standard Grafana authentication and authorization will still be required.Type: Boolean
Required: No
- removeVpcConfiguration
-
Whether to remove the VPC configuration from the workspace.
Setting this to
trueand providing avpcConfigurationto set will return an error.Type: Boolean
Required: No
- stackSetName
-
The name of the AWS CloudFormation stack set to use to generate IAM roles to be used for this workspace.
Type: String
Required: No
- vpcConfiguration
-
The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to.
Type: VpcConfiguration object
Required: No
- workspaceDataSources
-
This parameter is for internal use only, and should not be used.
Type: Array of strings
Valid Values:
AMAZON_OPENSEARCH_SERVICE | CLOUDWATCH | PROMETHEUS | XRAY | TIMESTREAM | SITEWISE | ATHENA | REDSHIFT | TWINMAKERRequired: No
- workspaceDescription
-
A description for the workspace. This is used only to help you identify this workspace.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 2048.
Required: No
- workspaceName
-
A new name for the workspace to update.
Type: String
Pattern:
^[a-zA-Z0-9-._~]{1,255}$Required: No
- workspaceNotificationDestinations
-
Specify the AWS notification channels that you plan to use in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to use these channels.
Type: Array of strings
Valid Values:
SNSRequired: No
- workspaceOrganizationalUnits
-
Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.
Type: Array of strings
Required: No
- workspaceRoleArn
-
Specifies an IAM role that grants permissions to AWS resources that the workspace accesses, such as data sources and notification channels. If this workspace has
permissionTypeCUSTOMER_MANAGED, then this role is required.Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: No
Response Syntax
HTTP/1.1 202
Content-type: application/json
{
"workspace": {
"accountAccessType": "string",
"authentication": {
"providers": [ "string" ],
"samlConfigurationStatus": "string"
},
"created": number,
"dataSources": [ "string" ],
"description": "string",
"endpoint": "string",
"freeTrialConsumed": boolean,
"freeTrialExpiration": number,
"grafanaVersion": "string",
"id": "string",
"licenseExpiration": number,
"licenseType": "string",
"modified": number,
"name": "string",
"networkAccessControl": {
"prefixListIds": [ "string" ],
"vpceIds": [ "string" ]
},
"notificationDestinations": [ "string" ],
"organizationalUnits": [ "string" ],
"organizationRoleName": "string",
"permissionType": "string",
"stackSetName": "string",
"status": "string",
"tags": {
"string" : "string"
},
"vpcConfiguration": {
"securityGroupIds": [ "string" ],
"subnetIds": [ "string" ]
},
"workspaceRoleArn": "string"
}
}Response Elements
If the action is successful, the service sends back an HTTP 202 response.
The following data is returned in JSON format by the service.
- workspace
-
A structure containing data about the workspace that was created.
Type: WorkspaceDescription object
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You do not have sufficient permissions to perform this action.
HTTP Status Code: 403
- ConflictException
-
A resource was in an inconsistent state during an update or a deletion.
HTTP Status Code: 409
- InternalServerException
-
Unexpected error while processing the request. Retry the request.
HTTP Status Code: 500
- ResourceNotFoundException
-
The request references a resource that does not exist.
HTTP Status Code: 404
- ThrottlingException
-
The request was denied because of request throttling. Retry the request.
HTTP Status Code: 429
- ValidationException
-
The value of a parameter in the request caused an error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
