{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--aws-grafana-workspace.json", "title": "AWSGrafanaWorkspaceProperties", "description": "Definition of AWS::Grafana::Workspace Resource Type. Source:- No source definition found, add manually please", "x-lintel": { "source": "https://raw.githubusercontent.com/lalcebo/json-schema/master/serverless/resources/cloudformation-modified/aws-grafana-workspace.json", "sourceSha256": "045ce08ee44c02f0343e809fc7a45b219df882562292aa1b29e37560b8897fbd" }, "type": "object", "properties": { "AuthenticationProviders": { "type": "array", "insertionOrder": false, "minItems": 1, "uniqueItems": true, "items": { "$ref": "#/$defs/AuthenticationProviderTypes" }, "description": "List of authentication providers to enable." }, "SamlConfiguration": { "$ref": "#/$defs/SamlConfiguration" }, "NetworkAccessControl": { "$ref": "#/$defs/NetworkAccessControl" }, "VpcConfiguration": { "$ref": "#/$defs/VpcConfiguration" }, "ClientToken": { "oneOf": [ { "type": "string", "pattern": "^[!-~]{1,64}$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request." }, "GrafanaVersion": { "oneOf": [ { "type": "string", "maxLength": 255, "minLength": 1 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "The version of Grafana to support in your workspace. For region ap-northeast-2, only version 8.4 is supported." }, "AccountAccessType": { "$ref": "#/$defs/AccountAccessType" }, "OrganizationRoleName": { "oneOf": [ { "type": "string", "maxLength": 2048, "minLength": 1 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "The name of an IAM role that already exists to use with AWS Organizations to access AWS data sources and notification channels in other accounts in an organization." }, "PermissionType": { "$ref": "#/$defs/PermissionType" }, "StackSetName": { "oneOf": [ { "type": "string" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "The name of the AWS CloudFormation stack set to use to generate IAM roles to be used for this workspace." }, "DataSources": { "type": "array", "insertionOrder": false, "items": { "$ref": "#/$defs/DataSourceType" }, "description": "List of data sources on the service managed IAM role." }, "Description": { "oneOf": [ { "type": "string", "maxLength": 2048, "minLength": 0 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "Description of a workspace." }, "Name": { "oneOf": [ { "type": "string", "pattern": "^[a-zA-Z0-9-._~]{1,255}$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "The user friendly name of a workspace." }, "NotificationDestinations": { "type": "array", "insertionOrder": false, "items": { "$ref": "#/$defs/NotificationDestinationType" }, "description": "List of notification destinations on the customers service managed IAM role that the Grafana workspace can query." }, "OrganizationalUnits": { "type": "array", "insertionOrder": false, "items": { "type": "string", "description": "Id of an organizational unit." }, "description": "List of Organizational Units containing AWS accounts the Grafana workspace can pull data from." }, "RoleArn": { "oneOf": [ { "type": "string", "maxLength": 2048, "minLength": 1 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "IAM Role that will be used to grant the Grafana workspace access to a customers AWS resources." } }, "typeName": "AWS::Grafana::Workspace", "$defs": { "AssertionAttributes": { "type": "object", "description": "Maps Grafana friendly names to the IdPs SAML attributes.", "properties": { "Name": { "oneOf": [ { "type": "string", "maxLength": 256, "minLength": 1 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "Name of the attribute within the SAML assert to use as the users name in Grafana." }, "Login": { "oneOf": [ { "type": "string", "maxLength": 256, "minLength": 1 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "Name of the attribute within the SAML assert to use as the users login handle in Grafana." }, "Email": { "oneOf": [ { "type": "string", "maxLength": 256, "minLength": 1 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "Name of the attribute within the SAML assert to use as the users email in Grafana." }, "Groups": { "oneOf": [ { "type": "string", "maxLength": 256, "minLength": 1 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "Name of the attribute within the SAML assert to use as the users groups in Grafana." }, "Role": { "oneOf": [ { "type": "string", "maxLength": 256, "minLength": 1 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "Name of the attribute within the SAML assert to use as the users roles in Grafana." }, "Org": { "oneOf": [ { "type": "string", "maxLength": 256, "minLength": 1 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "Name of the attribute within the SAML assert to use as the users organizations in Grafana." } }, "title": "AWSGrafanaWorkspaceAssertionAttributesDefinition", "additionalProperties": false }, "IdpMetadata": { "type": "object", "description": "IdP Metadata used to configure SAML authentication in Grafana.", "properties": { "Url": { "oneOf": [ { "type": "string", "maxLength": 2048, "minLength": 1 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "URL that vends the IdPs metadata." }, "Xml": { "oneOf": [ { "type": "string" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "XML blob of the IdPs metadata." } }, "title": "AWSGrafanaWorkspaceIdpMetadataDefinition", "additionalProperties": false }, "RoleValues": { "type": "object", "description": "Maps SAML roles to the Grafana Editor and Admin roles.", "properties": { "Editor": { "type": "array", "insertionOrder": false, "items": { "type": "string", "maxLength": 256, "minLength": 1, "description": "A single SAML role." }, "description": "List of SAML roles which will be mapped into the Grafana Editor role." }, "Admin": { "type": "array", "insertionOrder": false, "items": { "type": "string", "maxLength": 256, "minLength": 1, "description": "A single SAML role." }, "description": "List of SAML roles which will be mapped into the Grafana Admin role." } }, "title": "AWSGrafanaWorkspaceRoleValuesDefinition", "additionalProperties": false }, "SamlConfiguration": { "type": "object", "description": "SAML configuration data associated with an AMG workspace.", "properties": { "IdpMetadata": { "$ref": "#/$defs/IdpMetadata" }, "AssertionAttributes": { "$ref": "#/$defs/AssertionAttributes" }, "RoleValues": { "$ref": "#/$defs/RoleValues" }, "AllowedOrganizations": { "type": "array", "insertionOrder": false, "items": { "type": "string", "maxLength": 256, "minLength": 1, "description": "A single SAML organization." }, "description": "List of SAML organizations allowed to access Grafana." }, "LoginValidityDuration": { "type": "number", "description": "The maximum lifetime an authenticated user can be logged in (in minutes) before being required to re-authenticate." } }, "required": [ "IdpMetadata" ], "title": "AWSGrafanaWorkspaceSamlConfigurationDefinition", "additionalProperties": false }, "NetworkAccessControl": { "type": "object", "description": "The configuration settings for Network Access Control.", "properties": { "PrefixListIds": { "type": "array", "insertionOrder": false, "uniqueItems": true, "minItems": 0, "maxItems": 5, "items": { "type": "string", "minLength": 1, "description": "Prefix List Ids" }, "description": "The list of prefix list IDs. A prefix list is a list of CIDR ranges of IP addresses. The IP addresses specified are allowed to access your workspace. If the list is not included in the configuration then no IP addresses will be allowed to access the workspace." }, "VpceIds": { "type": "array", "insertionOrder": false, "uniqueItems": true, "minItems": 0, "maxItems": 5, "items": { "type": "string", "minLength": 1, "description": "VPCE Ids" }, "description": "The list of Amazon VPC endpoint IDs for the workspace. If a NetworkAccessConfiguration is specified then only VPC endpoints specified here will be allowed to access the workspace." } }, "title": "AWSGrafanaWorkspaceNetworkAccessControlDefinition", "additionalProperties": false }, "VpcConfiguration": { "type": "object", "description": "The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to.", "properties": { "SecurityGroupIds": { "type": "array", "insertionOrder": false, "uniqueItems": true, "minItems": 1, "maxItems": 5, "items": { "type": "string", "minLength": 1, "maxLength": 255, "description": "VPC Security Group Id" }, "description": "The list of Amazon EC2 security group IDs attached to the Amazon VPC for your Grafana workspace to connect." }, "SubnetIds": { "type": "array", "insertionOrder": false, "uniqueItems": true, "minItems": 2, "maxItems": 6, "items": { "type": "string", "minLength": 1, "maxLength": 255, "description": "VPC Subnet Id" }, "description": "The list of Amazon EC2 subnet IDs created in the Amazon VPC for your Grafana workspace to connect." } }, "required": [ "SecurityGroupIds", "SubnetIds" ], "title": "AWSGrafanaWorkspaceVpcConfigurationDefinition", "additionalProperties": false }, "AccountAccessType": { "oneOf": [ { "type": "string", "enum": [ "CURRENT_ACCOUNT", "ORGANIZATION" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "These enums represent valid account access types. Specifically these enums determine whether the workspace can access AWS resources in the AWS account only, or whether it can also access resources in other accounts in the same organization. If the value CURRENT_ACCOUNT is used, a workspace role ARN must be provided. If the value is ORGANIZATION, a list of organizational units must be provided.", "title": "AWSGrafanaWorkspaceAccountAccessTypeDefinition" }, "AuthenticationProviderTypes": { "oneOf": [ { "type": "string", "enum": [ "AWS_SSO", "SAML" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "Valid workspace authentication providers.", "title": "AWSGrafanaWorkspaceAuthenticationProviderTypesDefinition" }, "DataSourceType": { "oneOf": [ { "type": "string", "enum": [ "AMAZON_OPENSEARCH_SERVICE", "CLOUDWATCH", "PROMETHEUS", "XRAY", "TIMESTREAM", "SITEWISE", "ATHENA", "REDSHIFT" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "These enums represent valid AWS data sources that can be queried via the Grafana workspace. These data sources are primarily used to help customers visualize which data sources have been added to a service managed workspace IAM role.", "title": "AWSGrafanaWorkspaceDataSourceTypeDefinition" }, "NotificationDestinationType": { "oneOf": [ { "type": "string", "enum": [ "SNS" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "These enums represent valid AWS notification destinations that the Grafana workspace has permission to use. These notification destinations are primarily used to help customers visualize which destinations have been added to a service managed IAM role.", "title": "AWSGrafanaWorkspaceNotificationDestinationTypeDefinition" }, "PermissionType": { "oneOf": [ { "type": "string", "enum": [ "CUSTOMER_MANAGED", "SERVICE_MANAGED" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "These enums represent valid permission types to use when creating or configuring a Grafana workspace. The SERVICE_MANAGED permission type means the Managed Grafana service will create a workspace IAM role on your behalf. The CUSTOMER_MANAGED permission type means that the customer is expected to provide an IAM role that the Grafana workspace can use to query data sources.", "title": "AWSGrafanaWorkspacePermissionTypeDefinition" }, "WorkspaceStatus": { "oneOf": [ { "type": "string", "enum": [ "ACTIVE", "CREATING", "DELETING", "FAILED", "UPDATING", "UPGRADING", "DELETION_FAILED", "CREATION_FAILED", "UPDATE_FAILED", "UPGRADE_FAILED", "LICENSE_REMOVAL_FAILED" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "These enums represent the status of a workspace.", "title": "AWSGrafanaWorkspaceWorkspaceStatusDefinition" }, "SamlConfigurationStatus": { "oneOf": [ { "type": "string", "enum": [ "CONFIGURED", "NOT_CONFIGURED" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "Valid SAML configuration statuses.", "title": "AWSGrafanaWorkspaceSamlConfigurationStatusDefinition" } }, "additionalProperties": false, "tagging": { "taggable": false, "tagOnCreate": false, "tagUpdatable": false, "cloudFormationSystemTags": false }, "required": [ "AuthenticationProviders", "PermissionType", "AccountAccessType" ], "readOnlyProperties": [ "/properties/Id", "/properties/SsoClientId", "/properties/SamlConfigurationStatus", "/properties/Endpoint", "/properties/Status", "/properties/CreationTimestamp", "/properties/ModificationTimestamp" ], "writeOnlyProperties": [ "/properties/ClientToken" ], "createOnlyProperties": [ "/properties/ClientToken" ], "primaryIdentifier": [ "/properties/Id" ] }