String email
The name of the attribute within the SAML assertion to use as the email names for SAML users.
String groups
The name of the attribute within the SAML assertion to use as the user full "friendly" names for user groups.
String login
The name of the attribute within the SAML assertion to use as the login names for SAML users.
String name
The name of the attribute within the SAML assertion to use as the user full "friendly" names for SAML users.
String org
The name of the attribute within the SAML assertion to use as the user full "friendly" names for the users' organizations.
String role
The name of the attribute within the SAML assertion to use as the user roles.
WorkspaceDescription workspace
A structure containing data about the workspace.
AwsSsoAuthentication awsSso
A structure containing information about how this workspace works with IAM Identity Center.
List<E> providers
Specifies whether this workspace uses IAM Identity Center, SAML, or both methods to authenticate users to use the Grafana console in the Amazon Managed Grafana workspace.
SamlAuthentication saml
A structure containing information about how this workspace works with SAML, including what attributes within the assertion are to be mapped to user information in the workspace.
String ssoClientId
The ID of the IAM Identity Center-managed application that is created by Amazon Managed Grafana.
String keyName
Specifies the name of the key. Keynames must be unique to the workspace.
String keyRole
Specifies the permission level of the key.
Valid values: VIEWER|EDITOR|ADMIN
Integer secondsToLive
Specifies the time in seconds until the key expires. Keys can be valid for up to 30 days.
String workspaceId
The ID of the workspace to create an API key.
String accountAccessType
Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account
only, or whether it can also access Amazon Web Services resources in other accounts in the same organization. If
you specify ORGANIZATION, you must specify which organizational units the workspace can access in
the workspaceOrganizationalUnits parameter.
List<E> authenticationProviders
Specifies whether this workspace uses SAML 2.0, IAM Identity Center (successor to Single Sign-On), or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana.
String clientToken
A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.
String configuration
The configuration string for the workspace that you create. For more information about the format and configuration options available, see Working in your Grafana workspace.
String grafanaVersion
Specifies the version of Grafana to support in the new workspace.
To get a list of supported version, use the ListVersions operation.
NetworkAccessConfiguration networkAccessControl
Configuration for network access to your workspace.
When this is configured, only listed IP addresses and VPC endpoints will be able to access your workspace. Standard Grafana authentication and authorization will still be required.
If this is not configured, or is removed, then all IP addresses and VPC endpoints will be allowed. Standard Grafana authentication and authorization will still be required.
String organizationRoleName
The name of an IAM role that already exists to use with Organizations to access Amazon Web Services data sources and notification channels in other accounts in an organization.
String permissionType
When creating a workspace through the Amazon Web Services API, CLI or Amazon Web Services CloudFormation, you must manage IAM roles and provision the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.
You must also specify a workspaceRoleArn for a role that you will manage for the workspace to use
when accessing those datasources and notification channels.
The ability for Amazon Managed Grafana to create and update IAM roles on behalf of the user is supported only in
the Amazon Managed Grafana console, where this value may be set to SERVICE_MANAGED.
Use only the CUSTOMER_MANAGED permission type when creating a workspace with the API, CLI or Amazon
Web Services CloudFormation.
For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels.
String stackSetName
The name of the CloudFormation stack set to use to generate IAM roles to be used for this workspace.
Map<K,V> tags
The list of tags associated with the workspace.
VpcConfiguration vpcConfiguration
The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to.
Connecting to a private VPC is not yet available in the Asia Pacific (Seoul) Region (ap-northeast-2).
List<E> workspaceDataSources
This parameter is for internal use only, and should not be used.
String workspaceDescription
A description for the workspace. This is used only to help you identify this workspace.
Pattern: ^[\\p{L}\\p{Z}\\p{N}\\p{P}]{0,2048}$
String workspaceName
The name for the workspace. It does not have to be unique.
List<E> workspaceNotificationDestinations
Specify the Amazon Web Services notification channels that you plan to use in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to use these channels.
List<E> workspaceOrganizationalUnits
Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.
String workspaceRoleArn
Specified the IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from, including both data sources and notification channels. You are responsible for managing the permissions for this role as new data sources or notification channels are added.
WorkspaceDescription workspace
A structure containing data about the workspace that was created.
String workspaceId
The ID of the workspace to delete.
WorkspaceDescription workspace
A structure containing information about the workspace that was deleted.
String workspaceId
The ID of the workspace to return authentication information about.
AuthenticationDescription authentication
A structure containing information about the authentication methods used in the workspace.
String workspaceId
The ID of the workspace to get configuration information for.
String configuration
The configuration string for the workspace that you requested. For more information about the format and configuration options available, see Working in your Grafana workspace.
String grafanaVersion
The supported Grafana version for the workspace.
String workspaceId
The ID of the workspace to display information about.
WorkspaceDescription workspace
A structure containing information about the workspace.
WorkspaceDescription workspace
A structure containing information about the workspace.
Integer retryAfterSeconds
How long to wait before you retry this operation.
String groupId
(Optional) Limits the results to only the group that matches this ID.
Integer maxResults
The maximum number of results to include in the response.
String nextToken
The token to use when requesting the next set of results. You received this token from a previous
ListPermissions operation.
String userId
(Optional) Limits the results to only the user that matches this ID.
String userType
(Optional) If you specify SSO_USER, then only the permissions of IAM Identity Center users are
returned. If you specify SSO_GROUP, only the permissions of IAM Identity Center groups are returned.
String workspaceId
The ID of the workspace to list permissions for. This parameter is required.
String resourceArn
The ARN of the resource the list of tags are associated with.
Integer maxResults
The maximum number of results to include in the response.
String nextToken
The token to use when requesting the next set of results. You receive this token from a previous
ListVersions operation.
String workspaceId
The ID of the workspace to list the available upgrade versions. If not included, lists all versions of Grafana
that are supported for CreateWorkspace.
List<E> grafanaVersions
The Grafana versions available to create. If a workspace ID is included in the request, the Grafana versions to which this workspace can be upgraded.
String nextToken
The token to use in a subsequent ListVersions operation to return the next set of results.
List<E> prefixListIds
An array of prefix list IDs. A prefix list is a list of CIDR ranges of IP addresses. The IP addresses specified are allowed to access your workspace. If the list is not included in the configuration (passed an empty array) then no IP addresses are allowed to access the workspace. You create a prefix list using the Amazon VPC console.
Prefix list IDs have the format pl-1a2b3c4d .
For more information about prefix lists, see Group CIDR blocks using managed prefix listsin the Amazon Virtual Private Cloud User Guide.
List<E> vpceIds
An array of Amazon VPC endpoint IDs for the workspace. You can create VPC endpoints to your Amazon Managed
Grafana workspace for access from within a VPC. If a NetworkAccessConfiguration is specified then
only VPC endpoints specified here are allowed to access the workspace. If you pass in an empty array of strings,
then no VPCs are allowed to access the workspace.
VPC endpoint IDs have the format vpce-1a2b3c4d .
For more information about creating an interface VPC endpoint, see Interface VPC endpoints in the Amazon Managed Grafana User Guide.
The only VPC endpoints that can be specified here are interface VPC endpoints for Grafana workspaces (using the
com.amazonaws.[region].grafana-workspace service endpoint). Other VPC endpoints are ignored.
SamlConfiguration configuration
A structure containing details about how this workspace works with SAML.
String status
Specifies whether the workspace's SAML configuration is complete.
List<E> allowedOrganizations
Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace. If this is empty, all organizations in the assertion attribute have access.
AssertionAttributes assertionAttributes
A structure that defines which attributes in the SAML assertion are to be used to define information about the users authenticated by that IdP to use the workspace.
IdpMetadata idpMetadata
A structure containing the identity provider (IdP) metadata used to integrate the identity provider with this workspace.
Integer loginValidityDuration
How long a sign-on session by a SAML user is valid, before the user has to sign on again.
RoleValues roleValues
A structure containing arrays that map group names in the SAML assertion to the Grafana Admin and
Editor roles in the workspace.
String quotaCode
The ID of the service quota that was exceeded.
String resourceId
The ID of the resource that is associated with the error.
String resourceType
The type of the resource that is associated with the error.
String serviceCode
The value of a parameter in the request caused an error.
UpdateInstruction causedBy
Specifies which permission update caused the error.
Integer code
The error code.
String message
The message for this error.
List<E> authenticationProviders
Specifies whether this workspace uses SAML 2.0, IAM Identity Center (successor to Single Sign-On), or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana.
SamlConfiguration samlConfiguration
If the workspace uses SAML, use this structure to map SAML assertion attributes to workspace user information and
define which groups in the assertion attribute are to have the Admin and Editor roles
in the workspace.
String workspaceId
The ID of the workspace to update the authentication for.
AuthenticationDescription authentication
A structure that describes the user authentication for this workspace after the update is made.
String configuration
The new configuration string for the workspace. For more information about the format and configuration options available, see Working in your Grafana workspace.
String grafanaVersion
Specifies the version of Grafana to support in the new workspace.
Can only be used to upgrade (for example, from 8.4 to 9.4), not downgrade (for example, from 9.4 to 8.4).
To know what versions are available to upgrade to for a specific workspace, see the ListVersions
operation.
String workspaceId
The ID of the workspace to update.
String accountAccessType
Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account
only, or whether it can also access Amazon Web Services resources in other accounts in the same organization. If
you specify ORGANIZATION, you must specify which organizational units the workspace can access in
the workspaceOrganizationalUnits parameter.
NetworkAccessConfiguration networkAccessControl
The configuration settings for network access to your workspace.
When this is configured, only listed IP addresses and VPC endpoints will be able to access your workspace. Standard Grafana authentication and authorization will still be required.
If this is not configured, or is removed, then all IP addresses and VPC endpoints will be allowed. Standard Grafana authentication and authorization will still be required.
String organizationRoleName
The name of an IAM role that already exists to use to access resources through Organizations. This can only be
used with a workspace that has the permissionType set to CUSTOMER_MANAGED.
String permissionType
Use this parameter if you want to change a workspace from SERVICE_MANAGED to
CUSTOMER_MANAGED. This allows you to manage the permissions that the workspace uses to access
datasources and notification channels. If the workspace is in a member Amazon Web Services account of an
organization, and that account is not a delegated administrator account, and you want the workspace to access
data sources in other Amazon Web Services accounts in the organization, you must choose
CUSTOMER_MANAGED.
If you specify this as CUSTOMER_MANAGED, you must also specify a workspaceRoleArn that
the workspace will use for accessing Amazon Web Services resources.
For more information on the role and permissions needed, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels
Do not use this to convert a CUSTOMER_MANAGED workspace to SERVICE_MANAGED. Do not
include this parameter if you want to leave the workspace as SERVICE_MANAGED.
You can convert a CUSTOMER_MANAGED workspace to SERVICE_MANAGED using the Amazon
Managed Grafana console. For more information, see Managing
permissions for data sources and notification channels.
Boolean removeNetworkAccessConfiguration
Whether to remove the network access configuration from the workspace.
Setting this to true and providing a networkAccessControl to set will return an error.
If you remove this configuration by setting this to true, then all IP addresses and VPC endpoints
will be allowed. Standard Grafana authentication and authorization will still be required.
Boolean removeVpcConfiguration
Whether to remove the VPC configuration from the workspace.
Setting this to true and providing a vpcConfiguration to set will return an error.
String stackSetName
The name of the CloudFormation stack set to use to generate IAM roles to be used for this workspace.
VpcConfiguration vpcConfiguration
The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to.
List<E> workspaceDataSources
This parameter is for internal use only, and should not be used.
String workspaceDescription
A description for the workspace. This is used only to help you identify this workspace.
String workspaceId
The ID of the workspace to update.
String workspaceName
A new name for the workspace to update.
List<E> workspaceNotificationDestinations
Specify the Amazon Web Services notification channels that you plan to use in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to use these channels.
List<E> workspaceOrganizationalUnits
Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.
String workspaceRoleArn
Specifies an IAM role that grants permissions to Amazon Web Services resources that the workspace accesses, such
as data sources and notification channels. If this workspace has permissionType
CUSTOMER_MANAGED, then this role is required.
WorkspaceDescription workspace
A structure containing data about the workspace that was created.
List<E> securityGroupIds
The list of Amazon EC2 security group IDs attached to the Amazon VPC for your Grafana workspace to connect. Duplicates not allowed.
List<E> subnetIds
The list of Amazon EC2 subnet IDs created in the Amazon VPC for your Grafana workspace to connect. Duplicates not allowed.
String accountAccessType
Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account
only, or whether it can also access Amazon Web Services resources in other accounts in the same organization. If
this is ORGANIZATION, the workspaceOrganizationalUnits parameter specifies which
organizational units the workspace can access.
AuthenticationSummary authentication
A structure that describes whether the workspace uses SAML, IAM Identity Center, or both methods for user authentication.
Date created
The date that the workspace was created.
List<E> dataSources
Specifies the Amazon Web Services data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources.
This list is only used when the workspace was created through the Amazon Web Services console, and the
permissionType is SERVICE_MANAGED.
String description
The user-defined description of the workspace.
String endpoint
The URL that users can use to access the Grafana console in the workspace.
Boolean freeTrialConsumed
Specifies whether this workspace has already fully used its free trial for Grafana Enterprise.
Date freeTrialExpiration
If this workspace is currently in the free trial period for Grafana Enterprise, this value specifies when that free trial ends.
String grafanaVersion
The version of Grafana supported in this workspace.
String id
The unique ID of this workspace.
Date licenseExpiration
If this workspace has a full Grafana Enterprise license, this specifies when the license ends and will need to be renewed.
String licenseType
Specifies whether this workspace has a full Grafana Enterprise license or a free trial license.
Date modified
The most recent date that the workspace was modified.
String name
The name of the workspace.
NetworkAccessConfiguration networkAccessControl
The configuration settings for network access to your workspace.
List<E> notificationDestinations
The Amazon Web Services notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, to allow Amazon Managed Grafana to use these channels.
String organizationRoleName
The name of the IAM role that is used to access resources through Organizations.
List<E> organizationalUnits
Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.
String permissionType
If this is SERVICE_MANAGED, and the workplace was created through the Amazon Managed Grafana
console, then Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the
workspace needs to use Amazon Web Services data sources and notification channels.
If this is CUSTOMER_MANAGED, you must manage those roles and permissions yourself.
If you are working with a workspace in a member account of an organization and that account is not a delegated
administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in
the organization, this parameter must be set to CUSTOMER_MANAGED.
For more information about converting between customer and service managed, see Managing permissions for data sources and notification channels. For more information about the roles and permissions that must be managed for customer managed workspaces, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels
String stackSetName
The name of the CloudFormation stack set that is used to generate IAM roles to be used for this workspace.
String status
The current status of the workspace.
Map<K,V> tags
The list of tags associated with the workspace.
VpcConfiguration vpcConfiguration
The configuration for connecting to data sources in a private VPC (Amazon Virtual Private Cloud).
String workspaceRoleArn
The IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from. This role must already exist.
AuthenticationSummary authentication
A structure containing information about the authentication methods used in the workspace.
Date created
The date that the workspace was created.
String description
The customer-entered description of the workspace.
String endpoint
The URL endpoint to use to access the Grafana console in the workspace.
String grafanaVersion
The Grafana version that the workspace is running.
String id
The unique ID of the workspace.
Date modified
The most recent date that the workspace was modified.
String name
The name of the workspace.
List<E> notificationDestinations
The Amazon Web Services notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, which allows Amazon Managed Grafana to use these channels.
String status
The current status of the workspace.
Map<K,V> tags
The list of tags associated with the workspace.
Copyright © 2023. All rights reserved.