Class: AWSCDK::Grafana::CfnWorkspaceProps

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
grafana/cfn_workspace_props.rb

Overview

Properties for defining a CfnWorkspace.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(account_access_type:, authentication_providers:, permission_type:, client_token: nil, data_sources: nil, description: nil, grafana_version: nil, name: nil, network_access_control: nil, notification_destinations: nil, organizational_units: nil, organization_role_name: nil, plugin_admin_enabled: nil, role_arn: nil, saml_configuration: nil, stack_set_name: nil, vpc_configuration: nil) ⇒ CfnWorkspaceProps

Returns a new instance of CfnWorkspaceProps.

Parameters:

  • account_access_type (String)

    Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization.

  • authentication_providers (Array<String>)

    Specifies whether this workspace uses SAML 2.0, SSOlong , or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana .

  • permission_type (String)

    If this is SERVICE_MANAGED , and the workplace was created through the Amazon Managed Grafana console, then Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use AWS data sources and notification channels.

  • client_token (String, nil) (defaults to: nil)

    A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.

  • data_sources (Array<String>, nil) (defaults to: nil)

    Specifies the AWS data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources.

  • description (String, nil) (defaults to: nil)

    The user-defined description of the workspace.

  • grafana_version (String, nil) (defaults to: nil)

    Specifies the version of Grafana to support in the workspace.

  • name (String, nil) (defaults to: nil)

    The name of the workspace.

  • network_access_control (AWSCDK::IResolvable, AWSCDK::Grafana::CfnWorkspace::NetworkAccessControlProperty, nil) (defaults to: nil)

    The configuration settings for network access to your workspace.

  • notification_destinations (Array<String>, nil) (defaults to: nil)

    The AWS notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, to allow Amazon Managed Grafana to use these channels.

  • organizational_units (Array<String>, nil) (defaults to: nil)

    Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

  • organization_role_name (String, nil) (defaults to: nil)

    The name of the IAM role that is used to access resources through Organizations.

  • plugin_admin_enabled (Boolean, AWSCDK::IResolvable, nil) (defaults to: nil)

    Whether plugin administration is enabled in the workspace.

  • role_arn (String, AWSCDK::Interfaces::AWSIAM::IRoleRef, nil) (defaults to: nil)

    The IAM role that grants permissions to the AWS resources that the workspace will view data from.

  • saml_configuration (AWSCDK::IResolvable, AWSCDK::Grafana::CfnWorkspace::SamlConfigurationProperty, nil) (defaults to: nil)

    If the workspace uses SAML, use this structure to map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the Admin and Editor roles in the workspace.

  • stack_set_name (String, nil) (defaults to: nil)

    The name of the AWS CloudFormation stack set that is used to generate IAM roles to be used for this workspace.

  • vpc_configuration (AWSCDK::IResolvable, AWSCDK::Grafana::CfnWorkspace::VPCConfigurationProperty, nil) (defaults to: nil)

    The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to.



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# File 'grafana/cfn_workspace_props.rb', line 26

def initialize(account_access_type:, authentication_providers:, permission_type:, client_token: nil, data_sources: nil, description: nil, grafana_version: nil, name: nil, network_access_control: nil, notification_destinations: nil, organizational_units: nil, organization_role_name: nil, plugin_admin_enabled: nil, role_arn: nil, saml_configuration: nil, stack_set_name: nil, vpc_configuration: nil)
  @account_access_type = 
  Jsii::Type.check_type(@account_access_type, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "accountAccessType")
  @authentication_providers = authentication_providers
  Jsii::Type.check_type(@authentication_providers, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "authenticationProviders")
  @permission_type = permission_type
  Jsii::Type.check_type(@permission_type, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "permissionType")
  @client_token = client_token
  Jsii::Type.check_type(@client_token, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientToken") unless @client_token.nil?
  @data_sources = data_sources
  Jsii::Type.check_type(@data_sources, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "dataSources") unless @data_sources.nil?
  @description = description
  Jsii::Type.check_type(@description, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "description") unless @description.nil?
  @grafana_version = grafana_version
  Jsii::Type.check_type(@grafana_version, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "grafanaVersion") unless @grafana_version.nil?
  @name = name
  Jsii::Type.check_type(@name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "name") unless @name.nil?
  @network_access_control = network_access_control.is_a?(Hash) ? ::AWSCDK::Grafana::CfnWorkspace::NetworkAccessControlProperty.new(**network_access_control.transform_keys(&:to_sym)) : network_access_control
  Jsii::Type.check_type(@network_access_control, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19ncmFmYW5hLkNmbldvcmtzcGFjZS5OZXR3b3JrQWNjZXNzQ29udHJvbFByb3BlcnR5In1dfX0=")), "networkAccessControl") unless @network_access_control.nil?
  @notification_destinations = notification_destinations
  Jsii::Type.check_type(@notification_destinations, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "notificationDestinations") unless @notification_destinations.nil?
  @organizational_units = organizational_units
  Jsii::Type.check_type(@organizational_units, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "organizationalUnits") unless @organizational_units.nil?
  @organization_role_name = organization_role_name
  Jsii::Type.check_type(@organization_role_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "organizationRoleName") unless @organization_role_name.nil?
  @plugin_admin_enabled = plugin_admin_enabled
  Jsii::Type.check_type(@plugin_admin_enabled, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "pluginAdminEnabled") unless @plugin_admin_enabled.nil?
  @role_arn = role_arn
  Jsii::Type.check_type(@role_arn, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoic3RyaW5nIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19pYW0uSVJvbGVSZWYifV19fQ==")), "roleArn") unless @role_arn.nil?
  @saml_configuration = saml_configuration.is_a?(Hash) ? ::AWSCDK::Grafana::CfnWorkspace::SamlConfigurationProperty.new(**saml_configuration.transform_keys(&:to_sym)) : saml_configuration
  Jsii::Type.check_type(@saml_configuration, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19ncmFmYW5hLkNmbldvcmtzcGFjZS5TYW1sQ29uZmlndXJhdGlvblByb3BlcnR5In1dfX0=")), "samlConfiguration") unless @saml_configuration.nil?
  @stack_set_name = stack_set_name
  Jsii::Type.check_type(@stack_set_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "stackSetName") unless @stack_set_name.nil?
  @vpc_configuration = vpc_configuration.is_a?(Hash) ? ::AWSCDK::Grafana::CfnWorkspace::VPCConfigurationProperty.new(**vpc_configuration.transform_keys(&:to_sym)) : vpc_configuration
  Jsii::Type.check_type(@vpc_configuration, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19ncmFmYW5hLkNmbldvcmtzcGFjZS5WcGNDb25maWd1cmF0aW9uUHJvcGVydHkifV19fQ==")), "vpcConfiguration") unless @vpc_configuration.nil?
end

Instance Attribute Details

#account_access_typeString (readonly)

Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization.

If this is ORGANIZATION , the OrganizationalUnits parameter specifies which organizational units the workspace can access.



69
70
71
# File 'grafana/cfn_workspace_props.rb', line 69

def 
  @account_access_type
end

#authentication_providersArray<String> (readonly)

Specifies whether this workspace uses SAML 2.0, SSOlong , or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana .

Allowed Values : AWS_SSO | SAML



76
77
78
# File 'grafana/cfn_workspace_props.rb', line 76

def authentication_providers
  @authentication_providers
end

#client_tokenString? (readonly)

A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.



92
93
94
# File 'grafana/cfn_workspace_props.rb', line 92

def client_token
  @client_token
end

#data_sourcesArray<String>? (readonly)

Specifies the AWS data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources.

This list is only used when the workspace was created through the AWS console, and the permission_type is SERVICE_MANAGED .



99
100
101
# File 'grafana/cfn_workspace_props.rb', line 99

def data_sources
  @data_sources
end

#descriptionString? (readonly)

The user-defined description of the workspace.



104
105
106
# File 'grafana/cfn_workspace_props.rb', line 104

def description
  @description
end

#grafana_versionString? (readonly)

Specifies the version of Grafana to support in the workspace.

Defaults to the latest version on create (for example, 9.4), or the current version of the workspace on update.

Can only be used to upgrade (for example, from 8.4 to 9.4), not downgrade (for example, from 9.4 to 8.4).

To know what versions are available to upgrade to for a specific workspace, see the ListVersions operation.



115
116
117
# File 'grafana/cfn_workspace_props.rb', line 115

def grafana_version
  @grafana_version
end

#nameString? (readonly)

The name of the workspace.



120
121
122
# File 'grafana/cfn_workspace_props.rb', line 120

def name
  @name
end

#network_access_controlAWSCDK::IResolvable, ... (readonly)

The configuration settings for network access to your workspace.



125
126
127
# File 'grafana/cfn_workspace_props.rb', line 125

def network_access_control
  @network_access_control
end

#notification_destinationsArray<String>? (readonly)

The AWS notification channels that Amazon Managed Grafana can automatically create IAM roles and permissions for, to allow Amazon Managed Grafana to use these channels.

AllowedValues : SNS



132
133
134
# File 'grafana/cfn_workspace_props.rb', line 132

def notification_destinations
  @notification_destinations
end

#organization_role_nameString? (readonly)

The name of the IAM role that is used to access resources through Organizations.



142
143
144
# File 'grafana/cfn_workspace_props.rb', line 142

def organization_role_name
  @organization_role_name
end

#organizational_unitsArray<String>? (readonly)

Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.



137
138
139
# File 'grafana/cfn_workspace_props.rb', line 137

def organizational_units
  @organizational_units
end

#permission_typeString (readonly)

If this is SERVICE_MANAGED , and the workplace was created through the Amazon Managed Grafana console, then Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use AWS data sources and notification channels.

If this is CUSTOMER_MANAGED , you must manage those roles and permissions yourself.

If you are working with a workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other AWS accounts in the organization, this parameter must be set to CUSTOMER_MANAGED .

For more information about converting between customer and service managed, see Managing permissions for data sources and notification channels . For more information about the roles and permissions that must be managed for customer managed workspaces, see Amazon Managed Grafana permissions and policies for AWS data sources and notification channels



87
88
89
# File 'grafana/cfn_workspace_props.rb', line 87

def permission_type
  @permission_type
end

#plugin_admin_enabledBoolean, ... (readonly)

Whether plugin administration is enabled in the workspace.

Setting to true allows workspace admins to install, uninstall, and update plugins from within the Grafana workspace.

This option is only valid for workspaces that support Grafana version 9 or newer.



151
152
153
# File 'grafana/cfn_workspace_props.rb', line 151

def plugin_admin_enabled
  @plugin_admin_enabled
end

#role_arnString, ... (readonly)

The IAM role that grants permissions to the AWS resources that the workspace will view data from.

This role must already exist.



158
159
160
# File 'grafana/cfn_workspace_props.rb', line 158

def role_arn
  @role_arn
end

#saml_configurationAWSCDK::IResolvable, ... (readonly)

If the workspace uses SAML, use this structure to map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the Admin and Editor roles in the workspace.



163
164
165
# File 'grafana/cfn_workspace_props.rb', line 163

def saml_configuration
  @saml_configuration
end

#stack_set_nameString? (readonly)

The name of the AWS CloudFormation stack set that is used to generate IAM roles to be used for this workspace.



168
169
170
# File 'grafana/cfn_workspace_props.rb', line 168

def stack_set_name
  @stack_set_name
end

#vpc_configurationAWSCDK::IResolvable, ... (readonly)

The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to.

Connecting to a private VPC is not yet available in the Asia Pacific (Seoul) Region (ap-northeast-2).



175
176
177
# File 'grafana/cfn_workspace_props.rb', line 175

def vpc_configuration
  @vpc_configuration
end

Class Method Details

.jsii_propertiesObject



177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
# File 'grafana/cfn_workspace_props.rb', line 177

def self.jsii_properties
  {
    :account_access_type => "accountAccessType",
    :authentication_providers => "authenticationProviders",
    :permission_type => "permissionType",
    :client_token => "clientToken",
    :data_sources => "dataSources",
    :description => "description",
    :grafana_version => "grafanaVersion",
    :name => "name",
    :network_access_control => "networkAccessControl",
    :notification_destinations => "notificationDestinations",
    :organizational_units => "organizationalUnits",
    :organization_role_name => "organizationRoleName",
    :plugin_admin_enabled => "pluginAdminEnabled",
    :role_arn => "roleArn",
    :saml_configuration => "samlConfiguration",
    :stack_set_name => "stackSetName",
    :vpc_configuration => "vpcConfiguration",
  }
end

Instance Method Details

#to_jsiiObject



199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
# File 'grafana/cfn_workspace_props.rb', line 199

def to_jsii
  result = {}
  result.merge!({
    "accountAccessType" => @account_access_type,
    "authenticationProviders" => @authentication_providers,
    "permissionType" => @permission_type,
    "clientToken" => @client_token,
    "dataSources" => @data_sources,
    "description" => @description,
    "grafanaVersion" => @grafana_version,
    "name" => @name,
    "networkAccessControl" => @network_access_control,
    "notificationDestinations" => @notification_destinations,
    "organizationalUnits" => @organizational_units,
    "organizationRoleName" => @organization_role_name,
    "pluginAdminEnabled" => @plugin_admin_enabled,
    "roleArn" => @role_arn,
    "samlConfiguration" => @saml_configuration,
    "stackSetName" => @stack_set_name,
    "vpcConfiguration" => @vpc_configuration,
  })
  result.compact
end