Workspace
Provides an Amazon Managed Grafana workspace resource.
Example Usage
Basic configuration
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const assume = new aws.iam.Role("assume", {
name: "grafana-assume",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Effect: "Allow",
Sid: "",
Principal: {
Service: "grafana.amazonaws.com",
},
}],
}),
});
const example = new aws.grafana.Workspace("example", {
accountAccessType: "CURRENT_ACCOUNT",
authenticationProviders: ["SAML"],
permissionType: "SERVICE_MANAGED",
roleArn: assume.arn,
});import pulumi
import json
import pulumi_aws as aws
assume = aws.iam.Role("assume",
name="grafana-assume",
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Sid": "",
"Principal": {
"Service": "grafana.amazonaws.com",
},
}],
}))
example = aws.grafana.Workspace("example",
account_access_type="CURRENT_ACCOUNT",
authentication_providers=["SAML"],
permission_type="SERVICE_MANAGED",
role_arn=assume.arn)using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var assume = new Aws.Iam.Role("assume", new()
{
Name = "grafana-assume",
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Action"] = "sts:AssumeRole",
["Effect"] = "Allow",
["Sid"] = "",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = "grafana.amazonaws.com",
},
},
},
}),
});
var example = new Aws.Grafana.Workspace("example", new()
{
AccountAccessType = "CURRENT_ACCOUNT",
AuthenticationProviders = new[]
{
"SAML",
},
PermissionType = "SERVICE_MANAGED",
RoleArn = assume.Arn,
});
});package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/grafana"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Sid": "",
"Principal": map[string]interface{}{
"Service": "grafana.amazonaws.com",
},
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
assume, err := iam.NewRole(ctx, "assume", &iam.RoleArgs{
Name: pulumi.String("grafana-assume"),
AssumeRolePolicy: pulumi.String(json0),
})
if err != nil {
return err
}
_, err = grafana.NewWorkspace(ctx, "example", &grafana.WorkspaceArgs{
AccountAccessType: pulumi.String("CURRENT_ACCOUNT"),
AuthenticationProviders: pulumi.StringArray{
pulumi.String("SAML"),
},
PermissionType: pulumi.String("SERVICE_MANAGED"),
RoleArn: assume.Arn,
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.grafana.Workspace;
import com.pulumi.aws.grafana.WorkspaceArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var assume = new Role("assume", RoleArgs.builder()
.name("grafana-assume")
.assumeRolePolicy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Action", "sts:AssumeRole"),
jsonProperty("Effect", "Allow"),
jsonProperty("Sid", ""),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", "grafana.amazonaws.com")
))
)))
)))
.build());
var example = new Workspace("example", WorkspaceArgs.builder()
.accountAccessType("CURRENT_ACCOUNT")
.authenticationProviders("SAML")
.permissionType("SERVICE_MANAGED")
.roleArn(assume.arn())
.build());
}
}resources:
example:
type: aws:grafana:Workspace
properties:
accountAccessType: CURRENT_ACCOUNT
authenticationProviders:
- SAML
permissionType: SERVICE_MANAGED
roleArn: ${assume.arn}
assume:
type: aws:iam:Role
properties:
name: grafana-assume
assumeRolePolicy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Action: sts:AssumeRole
Effect: Allow
Sid: ""
Principal:
Service: grafana.amazonaws.comWorkspace configuration options
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.grafana.Workspace("example", {
accountAccessType: "CURRENT_ACCOUNT",
authenticationProviders: ["SAML"],
permissionType: "SERVICE_MANAGED",
roleArn: assume.arn,
configuration: JSON.stringify({
plugins: {
pluginAdminEnabled: true,
},
unifiedAlerting: {
enabled: false,
},
}),
});import pulumi
import json
import pulumi_aws as aws
example = aws.grafana.Workspace("example",
account_access_type="CURRENT_ACCOUNT",
authentication_providers=["SAML"],
permission_type="SERVICE_MANAGED",
role_arn=assume["arn"],
configuration=json.dumps({
"plugins": {
"pluginAdminEnabled": True,
},
"unifiedAlerting": {
"enabled": False,
},
}))using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Grafana.Workspace("example", new()
{
AccountAccessType = "CURRENT_ACCOUNT",
AuthenticationProviders = new[]
{
"SAML",
},
PermissionType = "SERVICE_MANAGED",
RoleArn = assume.Arn,
Configuration = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["plugins"] = new Dictionary<string, object?>
{
["pluginAdminEnabled"] = true,
},
["unifiedAlerting"] = new Dictionary<string, object?>
{
["enabled"] = false,
},
}),
});
});package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/grafana"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"plugins": map[string]interface{}{
"pluginAdminEnabled": true,
},
"unifiedAlerting": map[string]interface{}{
"enabled": false,
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = grafana.NewWorkspace(ctx, "example", &grafana.WorkspaceArgs{
AccountAccessType: pulumi.String("CURRENT_ACCOUNT"),
AuthenticationProviders: pulumi.StringArray{
pulumi.String("SAML"),
},
PermissionType: pulumi.String("SERVICE_MANAGED"),
RoleArn: pulumi.Any(assume.Arn),
Configuration: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.grafana.Workspace;
import com.pulumi.aws.grafana.WorkspaceArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Workspace("example", WorkspaceArgs.builder()
.accountAccessType("CURRENT_ACCOUNT")
.authenticationProviders("SAML")
.permissionType("SERVICE_MANAGED")
.roleArn(assume.arn())
.configuration(serializeJson(
jsonObject(
jsonProperty("plugins", jsonObject(
jsonProperty("pluginAdminEnabled", true)
)),
jsonProperty("unifiedAlerting", jsonObject(
jsonProperty("enabled", false)
))
)))
.build());
}
}resources:
example:
type: aws:grafana:Workspace
properties:
accountAccessType: CURRENT_ACCOUNT
authenticationProviders:
- SAML
permissionType: SERVICE_MANAGED
roleArn: ${assume.arn}
configuration:
fn::toJSON:
plugins:
pluginAdminEnabled: true
unifiedAlerting:
enabled: falseThe optional argument configuration is a JSON string that enables the unified Grafana Alerting (Grafana version 10 or newer) and Plugins Management (Grafana version 9 or newer) on the Grafana Workspaces. For more information about using Grafana alerting, and the effects of turning it on or off, see Alerts in Grafana version 10.
Import
Using pulumi import, import Grafana Workspace using the workspace's id. For example:
$ pulumi import aws:grafana/workspace:Workspace example g-2054c75a02Properties
The type of account access for the workspace. Valid values are CURRENT_ACCOUNT and ORGANIZATION. If ORGANIZATION is specified, then organizational_units must also be present.
The authentication providers for the workspace. Valid values are AWS_SSO, SAML, or both.
The configuration string for the workspace that you create. For more information about the format and configuration options available, see Working in your Grafana workspace.
The data sources for the workspace. Valid values are AMAZON_OPENSEARCH_SERVICE, ATHENA, CLOUDWATCH, PROMETHEUS, REDSHIFT, SITEWISE, TIMESTREAM, XRAY
The workspace description.
Specifies the version of Grafana to support in the new workspace. Supported values are 8.4, 9.4 and 10.4. If not specified, defaults to the latest version.
Configuration for network access to your workspace.See Network Access Control below.
The notification destinations. If a data source is specified here, Amazon Managed Grafana will create IAM roles and permissions needed to use these destinations. Must be set to SNS.
The Amazon Organizations organizational units that the workspace is authorized to use data sources from.
The role name that the workspace uses to access resources through Amazon Organizations.
The permission type of the workspace. If SERVICE_MANAGED is specified, the IAM roles and IAM policy attachments are generated automatically. If CUSTOMER_MANAGED is specified, the IAM roles and IAM policy attachments will not be created. The following arguments are optional:
The AWS CloudFormation stack set name that provisions IAM roles to be used by the workspace.
The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to. See VPC Configuration below.