AWS::WorkSpacesWeb::Portal - AWS CloudFormation

AWS::WorkSpacesWeb::Portal

This resource specifies a web portal, which users use to start browsing sessions. A Standard web portal can't start browsing sessions unless you have at defined and associated an IdentityProvider and NetworkSettings resource. An IAM Identity Center web portal does not require an IdentityProvider resource.

For more information about web portals, see What is Amazon WorkSpaces Secure Browser?.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::WorkSpacesWeb::Portal", "Properties" : { "AdditionalEncryptionContext" : {Key: Value, ...}, "AuthenticationType" : String, "BrowserSettingsArn" : String, "CustomerManagedKey" : String, "DataProtectionSettingsArn" : String, "DisplayName" : String, "InstanceType" : String, "IpAccessSettingsArn" : String, "MaxConcurrentSessions" : Number, "NetworkSettingsArn" : String, "Tags" : [ Tag, ... ], "TrustStoreArn" : String, "UserAccessLoggingSettingsArn" : String, "UserSettingsArn" : String } }

YAML

Type: AWS::WorkSpacesWeb::Portal Properties: AdditionalEncryptionContext: Key: Value AuthenticationType: String BrowserSettingsArn: String CustomerManagedKey: String DataProtectionSettingsArn: String DisplayName: String InstanceType: String IpAccessSettingsArn: String MaxConcurrentSessions: Number NetworkSettingsArn: String Tags: - Tag TrustStoreArn: String UserAccessLoggingSettingsArn: String UserSettingsArn: String

Properties

AdditionalEncryptionContext

The additional encryption context of the portal.

Required: No

Type: Object of String

Pattern: ^[\s\S]*$

Minimum: 0

Maximum: 131072

Update requires: Replacement

AuthenticationType

The type of authentication integration points used when signing into the web portal. Defaults to Standard.

Standard web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser’s SP metadata with your IdP’s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps:

1. Create and deploy a CloudFormation template with a Standard portal with no IdentityProvider resource.

2. Retrieve the SP metadata using Fn:GetAtt, the WorkSpaces Secure Browser console, or by the calling the GetPortalServiceProviderMetadata API.

3. Submit the data to your IdP.

4. Add an IdentityProvider resource to your CloudFormation template.

IAM Identity Center web portals are authenticated through AWS IAM Identity Center. They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center. User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.

Required: No

Type: String

Allowed values: Standard | IAM_Identity_Center

Update requires: No interruption

BrowserSettingsArn

The ARN of the browser settings that is associated with this web portal.

Required: No

Type: String

Pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$

Minimum: 20

Maximum: 2048

Update requires: No interruption

CustomerManagedKey

The customer managed key of the web portal.

Pattern: ^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:key\/[a-zA-Z0-9-]+$

Required: No

Type: String

Pattern: ^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:key\/[a-zA-Z0-9-]+$

Minimum: 20

Maximum: 2048

Update requires: Replacement

DataProtectionSettingsArn

The ARN of the data protection settings.

Required: No

Type: String

Pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$

Minimum: 20

Maximum: 2048

Update requires: No interruption

DisplayName

The name of the web portal.

Required: No

Type: String

Pattern: ^.+$

Minimum: 1

Maximum: 64

Update requires: No interruption

InstanceType

The type and resources of the underlying instance.

Required: No

Type: String

Allowed values: standard.regular | standard.large | standard.xlarge

Update requires: No interruption

IpAccessSettingsArn

The ARN of the IP access settings that is associated with the web portal.

Required: No

Type: String

Pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$

Minimum: 20

Maximum: 2048

Update requires: No interruption

MaxConcurrentSessions

The maximum number of concurrent sessions for the portal.

Required: No

Type: Number

Minimum: 1

Maximum: 5000

Update requires: No interruption

NetworkSettingsArn

The ARN of the network settings that is associated with the web portal.

Required: No

Type: String

Pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$

Minimum: 20

Maximum: 2048

Update requires: No interruption

Tags

The tags to add to the web portal. A tag is a key-value pair.

Required: No

Type: Array of Tag

Minimum: 0

Maximum: 200

Update requires: No interruption

TrustStoreArn

The ARN of the trust store that is associated with the web portal.

Required: No

Type: String

Pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$

Minimum: 20

Maximum: 2048

Update requires: No interruption

UserAccessLoggingSettingsArn

The ARN of the user access logging settings that is associated with the web portal.

Required: No

Type: String

Pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$

Minimum: 20

Maximum: 2048

Update requires: No interruption

UserSettingsArn

The ARN of the user settings that is associated with the web portal.

Required: No

Type: String

Pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$

Minimum: 20

Maximum: 2048

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource's Amazon Resource Name (ARN).

For more information about using the Ref function, see Ref.

Fn::GetAtt

BrowserType

The browser that users see when using a streaming session.

CreationDate

The creation date of the web portal.

PortalArn

The ARN of the web portal.

PortalEndpoint

The endpoint URL of the web portal that users access in order to start streaming sessions.

PortalStatus

The status of the web portal.

RendererType

The renderer that is used in streaming sessions.

ServiceProviderSamlMetadata

The SAML metadata of the service provider.

StatusReason

A message that explains why the web portal is in its current status.