AWS::WorkSpacesWeb::Portal
This resource specifies a web portal, which users use to start browsing sessions. A Standard
web portal can't start browsing sessions unless you have at defined and associated an IdentityProvider
and NetworkSettings
resource. An IAM Identity Center
web portal does not require an IdentityProvider
resource.
For more information about web portals, see What is Amazon WorkSpaces Secure Browser?.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::WorkSpacesWeb::Portal", "Properties" : { "AdditionalEncryptionContext" :
{
, "AuthenticationType" :Key
:Value
, ...}String
, "BrowserSettingsArn" :String
, "CustomerManagedKey" :String
, "DataProtectionSettingsArn" :String
, "DisplayName" :String
, "InstanceType" :String
, "IpAccessSettingsArn" :String
, "MaxConcurrentSessions" :Number
, "NetworkSettingsArn" :String
, "Tags" :[ Tag, ... ]
, "TrustStoreArn" :String
, "UserAccessLoggingSettingsArn" :String
, "UserSettingsArn" :String
} }
YAML
Type: AWS::WorkSpacesWeb::Portal Properties: AdditionalEncryptionContext:
AuthenticationType:
Key
:Value
String
BrowserSettingsArn:String
CustomerManagedKey:String
DataProtectionSettingsArn:String
DisplayName:String
InstanceType:String
IpAccessSettingsArn:String
MaxConcurrentSessions:Number
NetworkSettingsArn:String
Tags:- Tag
TrustStoreArn:String
UserAccessLoggingSettingsArn:String
UserSettingsArn:String
Properties
AdditionalEncryptionContext
-
The additional encryption context of the portal.
Required: No
Type: Object of String
Pattern:
^[\s\S]*$
Minimum:
0
Maximum:
131072
Update requires: Replacement
AuthenticationType
-
The type of authentication integration points used when signing into the web portal. Defaults to
Standard
.Standard
web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser’s SP metadata with your IdP’s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps:1. Create and deploy a CloudFormation template with a
Standard
portal with noIdentityProvider
resource.2. Retrieve the SP metadata using
Fn:GetAtt
, the WorkSpaces Secure Browser console, or by the calling theGetPortalServiceProviderMetadata
API.3. Submit the data to your IdP.
4. Add an
IdentityProvider
resource to your CloudFormation template.IAM Identity Center
web portals are authenticated through AWS IAM Identity Center. They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center. User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.Required: No
Type: String
Allowed values:
Standard | IAM_Identity_Center
Update requires: No interruption
BrowserSettingsArn
-
The ARN of the browser settings that is associated with this web portal.
Required: No
Type: String
Pattern:
^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$
Minimum:
20
Maximum:
2048
Update requires: No interruption
CustomerManagedKey
-
The customer managed key of the web portal.
Pattern:
^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:key\/[a-zA-Z0-9-]+$
Required: No
Type: String
Pattern:
^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:key\/[a-zA-Z0-9-]+$
Minimum:
20
Maximum:
2048
Update requires: Replacement
DataProtectionSettingsArn
-
The ARN of the data protection settings.
Required: No
Type: String
Pattern:
^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$
Minimum:
20
Maximum:
2048
Update requires: No interruption
DisplayName
-
The name of the web portal.
Required: No
Type: String
Pattern:
^.+$
Minimum:
1
Maximum:
64
Update requires: No interruption
InstanceType
-
The type and resources of the underlying instance.
Required: No
Type: String
Allowed values:
standard.regular | standard.large | standard.xlarge
Update requires: No interruption
IpAccessSettingsArn
-
The ARN of the IP access settings that is associated with the web portal.
Required: No
Type: String
Pattern:
^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$
Minimum:
20
Maximum:
2048
Update requires: No interruption
MaxConcurrentSessions
-
The maximum number of concurrent sessions for the portal.
Required: No
Type: Number
Minimum:
1
Maximum:
5000
Update requires: No interruption
NetworkSettingsArn
-
The ARN of the network settings that is associated with the web portal.
Required: No
Type: String
Pattern:
^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$
Minimum:
20
Maximum:
2048
Update requires: No interruption
-
The tags to add to the web portal. A tag is a key-value pair.
Required: No
Type: Array of Tag
Minimum:
0
Maximum:
200
Update requires: No interruption
TrustStoreArn
-
The ARN of the trust store that is associated with the web portal.
Required: No
Type: String
Pattern:
^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$
Minimum:
20
Maximum:
2048
Update requires: No interruption
UserAccessLoggingSettingsArn
-
The ARN of the user access logging settings that is associated with the web portal.
Required: No
Type: String
Pattern:
^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$
Minimum:
20
Maximum:
2048
Update requires: No interruption
UserSettingsArn
-
The ARN of the user settings that is associated with the web portal.
Required: No
Type: String
Pattern:
^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$
Minimum:
20
Maximum:
2048
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function,
Ref
returns the resource's Amazon Resource Name (ARN).
For more information about using the Ref
function, see Ref.
Fn::GetAtt
BrowserType
-
The browser that users see when using a streaming session.
CreationDate
-
The creation date of the web portal.
PortalArn
-
The ARN of the web portal.
PortalEndpoint
-
The endpoint URL of the web portal that users access in order to start streaming sessions.
PortalStatus
-
The status of the web portal.
RendererType
-
The renderer that is used in streaming sessions.
ServiceProviderSamlMetadata
-
The SAML metadata of the service provider.
StatusReason
-
A message that explains why the web portal is in its current status.