| description |
The workspace description |
string |
n/a |
yes |
| name |
The Grafana workspace name |
string |
n/a |
yes |
| tags |
A mapping of tags to assign to the resources |
map(string) |
n/a |
yes |
| account_access_type |
The type of account access for the workspace. Valid values are CURRENT_ACCOUNT and ORGANIZATION. If ORGANIZATION is specified, then organizational_units must also be present |
string |
"CURRENT_ACCOUNT" |
no |
| authentication_providers |
The authentication providers for the workspace. Valid values are AWS_SSO, SAML, or both |
list(string) |
[
"AWS_SSO"
] |
no |
| configuration |
The configuration string for the workspace that you create |
string |
null |
no |
| data_sources |
The data sources for the workspace. Valid values are AMAZON_OPENSEARCH_SERVICE, ATHENA, CLOUDWATCH, PROMETHEUS, REDSHIFT, SITEWISE, TIMESTREAM, XRAY |
list(string) |
[] |
no |
| grafana_version |
Specifies the version of Grafana to support in the new workspace. If not specified, the default version for the aws_grafana_workspace resource will be used. See aws_grafana_workspace documentation for available options. |
string |
"8.4" |
no |
| iam_role_arn |
The arn of the IAM role to use for grafana workspace |
string |
null |
no |
| license_type |
The type of license for the workspace license association. Valid values are ENTERPRISE and ENTERPRISE_FREE_TRIAL |
string |
null |
no |
| network_access_control |
Configuration for network access to your workspace |
object({
prefix_list_ids = list(string)
vpce_ids = list(string)
}) |
null |
no |
| notification_destinations |
The notification destinations. If a data source is specified here, Amazon Managed Grafana will create IAM roles and permissions needed to use these destinations. Must be set to SNS |
list(string) |
[
"SNS"
] |
no |
| organization_role_name |
The role name that the workspace uses to access resources through Amazon Organizations |
string |
null |
no |
| organizational_units |
The Amazon Organizations organizational units that the workspace is authorized to use data sources from |
list(string) |
[] |
no |
| permission_type |
The permission type of the workspace. If SERVICE_MANAGED is specified, the IAM roles and IAM policy attachments are generated automatically. If CUSTOMER_MANAGED is specified, the IAM roles and IAM policy attachments will not be created |
string |
"SERVICE_MANAGED" |
no |
| role_association |
List of user/group IDs to assocaite to a role |
list(object({
group_ids = optional(list(string))
role = string
user_ids = optional(list(string))
})) |
[] |
no |
| saml_configuration |
The SAML configuration for the workspace |
object({
admin_role_values = optional(list(string))
allowed_organizations = optional(list(string))
editor_role_values = list(string)
email_assertion = optional(string)
groups_assertion = optional(string)
idp_metadata_url = optional(string)
idp_metadata_xml = optional(string)
login_assertion = optional(string)
login_validity_duration = optional(number)
name_assertion = optional(string)
org_assertion = optional(string)
role_assertion = optional(string)
}) |
null |
no |
| vpc_configuration |
The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to |
object({
security_group_ids = list(string)
subnet_ids = list(string)
}) |
null |
no |
| workspace_api_key |
List of workspace API Key resources to create |
list(object({
name = string
role = string
seconds_to_live = number
})) |
[] |
no |