UNPKG

@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi.com

pulumi/pulumi-aws-native

225 lines (224 loc) • 11.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; import * as enums from "../types/enums"; /** * Definition of AWS::Grafana::Workspace Resource Type */ export declare class Workspace extends pulumi.CustomResource { /** * Get an existing Workspace resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): Workspace; /** * Returns true if the given object is an instance of Workspace. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Workspace; /** * Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization. If this is `ORGANIZATION` , the `OrganizationalUnits` parameter specifies which organizational units the workspace can access. */ readonly accountAccessType: pulumi.Output<enums.grafana.WorkspaceAccountAccessType>; /** * List of authentication providers to enable. */ readonly authenticationProviders: pulumi.Output<enums.grafana.WorkspaceAuthenticationProviderTypes[]>; /** * The id that uniquely identifies a Grafana workspace. */ readonly awsId: pulumi.Output<string>; /** * A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request. */ readonly clientToken: pulumi.Output<string | undefined>; /** * Timestamp when the workspace was created. */ readonly creationTimestamp: pulumi.Output<string>; /** * List of data sources on the service managed IAM role. */ readonly dataSources: pulumi.Output<enums.grafana.WorkspaceDataSourceType[] | undefined>; /** * Description of a workspace. */ readonly description: pulumi.Output<string | undefined>; /** * Endpoint for the Grafana workspace. */ readonly endpoint: pulumi.Output<string>; /** * The version of Grafana to support in your workspace. */ readonly grafanaVersion: pulumi.Output<string | undefined>; /** * Timestamp when the workspace was last modified */ readonly modificationTimestamp: pulumi.Output<string>; /** * The user friendly name of a workspace. */ readonly name: pulumi.Output<string | undefined>; /** * The configuration settings for network access to your workspace. */ readonly networkAccessControl: pulumi.Output<outputs.grafana.WorkspaceNetworkAccessControl | undefined>; /** * List of notification destinations on the customers service managed IAM role that the Grafana workspace can query. */ readonly notificationDestinations: pulumi.Output<enums.grafana.WorkspaceNotificationDestinationType[] | undefined>; /** * The name of an IAM role that already exists to use with AWS Organizations to access AWS data sources and notification channels in other accounts in an organization. */ readonly organizationRoleName: pulumi.Output<string | undefined>; /** * List of Organizational Units containing AWS accounts the Grafana workspace can pull data from. */ readonly organizationalUnits: pulumi.Output<string[] | undefined>; /** * If this is `SERVICE_MANAGED` , and the workplace was created through the Amazon Managed Grafana console, then Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use AWS data sources and notification channels. * * If this is `CUSTOMER_MANAGED` , you must manage those roles and permissions yourself. * * If you are working with a workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other AWS accounts in the organization, this parameter must be set to `CUSTOMER_MANAGED` . * * For more information about converting between customer and service managed, see [Managing permissions for data sources and notification channels](https://docs.aws.amazon.com/grafana/latest/userguide/AMG-datasource-and-notification.html) . For more information about the roles and permissions that must be managed for customer managed workspaces, see [Amazon Managed Grafana permissions and policies for AWS data sources and notification channels](https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html) */ readonly permissionType: pulumi.Output<enums.grafana.WorkspacePermissionType>; /** * Allow workspace admins to install plugins */ readonly pluginAdminEnabled: pulumi.Output<boolean | undefined>; /** * IAM Role that will be used to grant the Grafana workspace access to a customers AWS resources. */ readonly roleArn: pulumi.Output<string | undefined>; /** * If the workspace uses SAML, use this structure to map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the `Admin` and `Editor` roles in the workspace. */ readonly samlConfiguration: pulumi.Output<outputs.grafana.WorkspaceSamlConfiguration | undefined>; /** * Specifies whether the workspace's SAML configuration is complete. * * Valid values: `CONFIGURED | NOT_CONFIGURED` * * Type: String */ readonly samlConfigurationStatus: pulumi.Output<enums.grafana.WorkspaceSamlConfigurationStatus>; /** * The client ID of the AWS SSO Managed Application. */ readonly ssoClientId: pulumi.Output<string>; /** * The name of the AWS CloudFormation stack set to use to generate IAM roles to be used for this workspace. */ readonly stackSetName: pulumi.Output<string | undefined>; /** * The current status of the workspace. * * Valid values: `ACTIVE | CREATING | DELETING | FAILED | UPDATING | UPGRADING | DELETION_FAILED | CREATION_FAILED | UPDATE_FAILED | UPGRADE_FAILED | LICENSE_REMOVAL_FAILED` * * Type: String */ readonly status: pulumi.Output<enums.grafana.WorkspaceStatus>; /** * The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to. * * > Connecting to a private VPC is not yet available in the Asia Pacific (Seoul) Region (ap-northeast-2). */ readonly vpcConfiguration: pulumi.Output<outputs.grafana.WorkspaceVpcConfiguration | undefined>; /** * Create a Workspace resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: WorkspaceArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a Workspace resource. */ export interface WorkspaceArgs { /** * Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization. If this is `ORGANIZATION` , the `OrganizationalUnits` parameter specifies which organizational units the workspace can access. */ accountAccessType: pulumi.Input<enums.grafana.WorkspaceAccountAccessType>; /** * List of authentication providers to enable. */ authenticationProviders: pulumi.Input<pulumi.Input<enums.grafana.WorkspaceAuthenticationProviderTypes>[]>; /** * A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request. */ clientToken?: pulumi.Input<string>; /** * List of data sources on the service managed IAM role. */ dataSources?: pulumi.Input<pulumi.Input<enums.grafana.WorkspaceDataSourceType>[]>; /** * Description of a workspace. */ description?: pulumi.Input<string>; /** * The version of Grafana to support in your workspace. */ grafanaVersion?: pulumi.Input<string>; /** * The user friendly name of a workspace. */ name?: pulumi.Input<string>; /** * The configuration settings for network access to your workspace. */ networkAccessControl?: pulumi.Input<inputs.grafana.WorkspaceNetworkAccessControlArgs>; /** * List of notification destinations on the customers service managed IAM role that the Grafana workspace can query. */ notificationDestinations?: pulumi.Input<pulumi.Input<enums.grafana.WorkspaceNotificationDestinationType>[]>; /** * The name of an IAM role that already exists to use with AWS Organizations to access AWS data sources and notification channels in other accounts in an organization. */ organizationRoleName?: pulumi.Input<string>; /** * List of Organizational Units containing AWS accounts the Grafana workspace can pull data from. */ organizationalUnits?: pulumi.Input<pulumi.Input<string>[]>; /** * If this is `SERVICE_MANAGED` , and the workplace was created through the Amazon Managed Grafana console, then Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use AWS data sources and notification channels. * * If this is `CUSTOMER_MANAGED` , you must manage those roles and permissions yourself. * * If you are working with a workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other AWS accounts in the organization, this parameter must be set to `CUSTOMER_MANAGED` . * * For more information about converting between customer and service managed, see [Managing permissions for data sources and notification channels](https://docs.aws.amazon.com/grafana/latest/userguide/AMG-datasource-and-notification.html) . For more information about the roles and permissions that must be managed for customer managed workspaces, see [Amazon Managed Grafana permissions and policies for AWS data sources and notification channels](https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html) */ permissionType: pulumi.Input<enums.grafana.WorkspacePermissionType>; /** * Allow workspace admins to install plugins */ pluginAdminEnabled?: pulumi.Input<boolean>; /** * IAM Role that will be used to grant the Grafana workspace access to a customers AWS resources. */ roleArn?: pulumi.Input<string>; /** * If the workspace uses SAML, use this structure to map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the `Admin` and `Editor` roles in the workspace. */ samlConfiguration?: pulumi.Input<inputs.grafana.WorkspaceSamlConfigurationArgs>; /** * The name of the AWS CloudFormation stack set to use to generate IAM roles to be used for this workspace. */ stackSetName?: pulumi.Input<string>; /** * The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to. * * > Connecting to a private VPC is not yet available in the Asia Pacific (Seoul) Region (ap-northeast-2). */ vpcConfiguration?: pulumi.Input<inputs.grafana.WorkspaceVpcConfigurationArgs>; }