Definition of AWS::Grafana::Workspace Resource Type
account_access_type
(String) These enums represent valid account access types. Specifically these enums determine whether the workspace can access AWS resources in the AWS account only, or whether it can also access resources in other accounts in the same organization. If the value CURRENT_ACCOUNT is used, a workspace role ARN must be provided. If the value is ORGANIZATION, a list of organizational units must be provided.authentication_providers
(Set of String) List of authentication providers to enable.permission_type
(String) These enums represent valid permission types to use when creating or configuring a Grafana workspace. The SERVICE_MANAGED permission type means the Managed Grafana service will create a workspace IAM role on your behalf. The CUSTOMER_MANAGED permission type means that the customer is expected to provide an IAM role that the Grafana workspace can use to query data sources.client_token
(String) A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.data_sources
(List of String) List of data sources on the service managed IAM role.description
(String) Description of a workspace.grafana_version
(String) The version of Grafana to support in your workspace.name
(String) The user friendly name of a workspace.network_access_control
(Attributes) The configuration settings for Network Access Control. (see below for nested schema)notification_destinations
(List of String) List of notification destinations on the customers service managed IAM role that the Grafana workspace can query.organization_role_name
(String) The name of an IAM role that already exists to use with AWS Organizations to access AWS data sources and notification channels in other accounts in an organization.organizational_units
(List of String) List of Organizational Units containing AWS accounts the Grafana workspace can pull data from.plugin_admin_enabled
(Boolean) Allow workspace admins to install pluginsrole_arn
(String) IAM Role that will be used to grant the Grafana workspace access to a customers AWS resources.saml_configuration
(Attributes) SAML configuration data associated with an AMG workspace. (see below for nested schema)stack_set_name
(String) The name of the AWS CloudFormation stack set to use to generate IAM roles to be used for this workspace.vpc_configuration
(Attributes) The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to. (see below for nested schema)creation_timestamp
(String) Timestamp when the workspace was created.endpoint
(String) Endpoint for the Grafana workspace.id
(String) Uniquely identifies the resource.modification_timestamp
(String) Timestamp when the workspace was last modifiedsaml_configuration_status
(String) Valid SAML configuration statuses.sso_client_id
(String) The client ID of the AWS SSO Managed Application.status
(String) These enums represent the status of a workspace.workspace_id
(String) The id that uniquely identifies a Grafana workspace.network_access_control
Optional:
prefix_list_ids
(Set of String) The list of prefix list IDs. A prefix list is a list of CIDR ranges of IP addresses. The IP addresses specified are allowed to access your workspace. If the list is not included in the configuration then no IP addresses will be allowed to access the workspace.vpce_ids
(Set of String) The list of Amazon VPC endpoint IDs for the workspace. If a NetworkAccessConfiguration is specified then only VPC endpoints specified here will be allowed to access the workspace.saml_configuration
Required:
idp_metadata
(Attributes) IdP Metadata used to configure SAML authentication in Grafana. (see below for nested schema)Optional:
allowed_organizations
(List of String) List of SAML organizations allowed to access Grafana.assertion_attributes
(Attributes) Maps Grafana friendly names to the IdPs SAML attributes. (see below for nested schema)login_validity_duration
(Number) The maximum lifetime an authenticated user can be logged in (in minutes) before being required to re-authenticate.role_values
(Attributes) Maps SAML roles to the Grafana Editor and Admin roles. (see below for nested schema)saml_configuration.idp_metadata
Optional:
url
(String) URL that vends the IdPs metadata.xml
(String) XML blob of the IdPs metadata.saml_configuration.assertion_attributes
Optional:
email
(String) Name of the attribute within the SAML assert to use as the users email in Grafana.groups
(String) Name of the attribute within the SAML assert to use as the users groups in Grafana.login
(String) Name of the attribute within the SAML assert to use as the users login handle in Grafana.name
(String) Name of the attribute within the SAML assert to use as the users name in Grafana.org
(String) Name of the attribute within the SAML assert to use as the users organizations in Grafana.role
(String) Name of the attribute within the SAML assert to use as the users roles in Grafana.saml_configuration.role_values
Optional:
admin
(List of String) List of SAML roles which will be mapped into the Grafana Admin role.editor
(List of String) List of SAML roles which will be mapped into the Grafana Editor role.vpc_configuration
Required:
security_group_ids
(Set of String) The list of Amazon EC2 security group IDs attached to the Amazon VPC for your Grafana workspace to connect.subnet_ids
(Set of String) The list of Amazon EC2 subnet IDs created in the Amazon VPC for your Grafana workspace to connect.Import is supported using the following syntax:
$ terraform import awscc_grafana_workspace.example <resource ID>