Interface CfnWorkspace.NetworkAccessControlProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnWorkspace.NetworkAccessControlProperty.Jsii$Proxy
- Enclosing class:
CfnWorkspace
When this is configured, only listed IP addresses and VPC endpoints will be able to access your workspace. Standard Grafana authentication and authorization are still required.
Access is granted to a caller that is in either the IP address list or the VPC endpoint list - they do not need to be in both.
If this is not configured, or is removed, then all IP addresses and VPC endpoints are allowed. Standard Grafana authentication and authorization are still required.
While both
prefixListIdsandvpceIdsare required, you can pass in an empty array of strings for either parameter if you do not want to allow any of that type.If both are passed as empty arrays, no traffic is allowed to the workspace, because only explicitly allowed connections are accepted.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.grafana.*;
NetworkAccessControlProperty networkAccessControlProperty = NetworkAccessControlProperty.builder()
.prefixListIds(List.of("prefixListIds"))
.vpceIds(List.of("vpceIds"))
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCfnWorkspace.NetworkAccessControlPropertystatic final classAn implementation forCfnWorkspace.NetworkAccessControlProperty -
Method Summary
Modifier and TypeMethodDescriptionbuilder()An array of prefix list IDs.An array of Amazon VPC endpoint IDs for the workspace.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getPrefixListIds
An array of prefix list IDs.A prefix list is a list of CIDR ranges of IP addresses. The IP addresses specified are allowed to access your workspace. If the list is not included in the configuration (passed an empty array) then no IP addresses are allowed to access the workspace. You create a prefix list using the Amazon VPC console.
Prefix list IDs have the format
pl- *1a2b3c4d*.For more information about prefix lists, see Group CIDR blocks using managed prefix lists in the Amazon Virtual Private Cloud User Guide .
- See Also:
-
getVpceIds
An array of Amazon VPC endpoint IDs for the workspace.You can create VPC endpoints to your Amazon Managed Grafana workspace for access from within a VPC. If a
NetworkAccessConfigurationis specified then only VPC endpoints specified here are allowed to access the workspace. If you pass in an empty array of strings, then no VPCs are allowed to access the workspace.VPC endpoint IDs have the format
vpce- *1a2b3c4d*.For more information about creating an interface VPC endpoint, see Interface VPC endpoints in the Amazon Managed Grafana User Guide .
The only VPC endpoints that can be specified here are interface VPC endpoints for Grafana workspaces (using the
com.amazonaws.[region].grafana-workspaceservice endpoint). Other VPC endpoints are ignored.- See Also:
-
builder
-