CreateWorkspace - Amazon Managed Grafana
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

CreateWorkspace

Creates a workspace. In a workspace, you can create Grafana dashboards and visualizations to analyze your metrics, logs, and traces. You don't have to build, package, or deploy any hardware to run the Grafana server.

Don't use CreateWorkspace to modify an existing workspace. Instead, use UpdateWorkspace.

Request Syntax

POST /workspaces HTTP/1.1
Content-type: application/json

{
   "accountAccessType": "string",
   "authenticationProviders": [ "string" ],
   "clientToken": "string",
   "configuration": "string",
   "grafanaVersion": "string",
   "networkAccessControl": { 
      "prefixListIds": [ "string" ],
      "vpceIds": [ "string" ]
   },
   "organizationRoleName": "string",
   "permissionType": "string",
   "stackSetName": "string",
   "tags": { 
      "string" : "string" 
   },
   "vpcConfiguration": { 
      "securityGroupIds": [ "string" ],
      "subnetIds": [ "string" ]
   },
   "workspaceDataSources": [ "string" ],
   "workspaceDescription": "string",
   "workspaceName": "string",
   "workspaceNotificationDestinations": [ "string" ],
   "workspaceOrganizationalUnits": [ "string" ],
   "workspaceRoleArn": "string"
}

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

accountAccessType

Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization. If you specify ORGANIZATION, you must specify which organizational units the workspace can access in the workspaceOrganizationalUnits parameter.

Type: String

Valid Values: CURRENT_ACCOUNT | ORGANIZATION

Required: Yes

authenticationProviders

Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center, or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana.

Type: Array of strings

Valid Values: AWS_SSO | SAML

Required: Yes

clientToken

A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.

Type: String

Pattern: ^[!-~]{1,64}$

Required: No

configuration

The configuration string for the workspace that you create. For more information about the format and configuration options available, see Working in your Grafana workspace.

Type: String

Length Constraints: Minimum length of 2. Maximum length of 65536.

Required: No

grafanaVersion

Specifies the version of Grafana to support in the new workspace. If not specified, defaults to the latest version (for example, 10.4).

To get a list of supported versions, use the ListVersions operation.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 255.

Required: No

networkAccessControl

Configuration for network access to your workspace.

When this is configured, only listed IP addresses and VPC endpoints will be able to access your workspace. Standard Grafana authentication and authorization will still be required.

If this is not configured, or is removed, then all IP addresses and VPC endpoints will be allowed. Standard Grafana authentication and authorization will still be required.

Type: NetworkAccessConfiguration object

Required: No

organizationRoleName

The name of an IAM role that already exists to use with Organizations to access AWS data sources and notification channels in other accounts in an organization.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

permissionType

When creating a workspace through the AWS API, CLI or AWS CloudFormation, you must manage IAM roles and provision the permissions that the workspace needs to use AWS data sources and notification channels.

You must also specify a workspaceRoleArn for a role that you will manage for the workspace to use when accessing those datasources and notification channels.

The ability for Amazon Managed Grafana to create and update IAM roles on behalf of the user is supported only in the Amazon Managed Grafana console, where this value may be set to SERVICE_MANAGED.

Note

Use only the CUSTOMER_MANAGED permission type when creating a workspace with the API, CLI or AWS CloudFormation.

For more information, see Amazon Managed Grafana permissions and policies for AWS data sources and notification channels.

Type: String

Valid Values: CUSTOMER_MANAGED | SERVICE_MANAGED

Required: Yes

stackSetName

The name of the AWS CloudFormation stack set to use to generate IAM roles to be used for this workspace.

Type: String

Required: No

tags

The list of tags associated with the workspace.

Type: String to string map

Map Entries: Minimum number of 0 items. Maximum number of 50 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Value Length Constraints: Minimum length of 0. Maximum length of 256.

Required: No

vpcConfiguration

The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to.

Note

Connecting to a private VPC is not yet available in the Asia Pacific (Seoul) Region (ap-northeast-2).

Type: VpcConfiguration object

Required: No

workspaceDataSources

This parameter is for internal use only, and should not be used.

Type: Array of strings

Valid Values: AMAZON_OPENSEARCH_SERVICE | CLOUDWATCH | PROMETHEUS | XRAY | TIMESTREAM | SITEWISE | ATHENA | REDSHIFT | TWINMAKER

Required: No

workspaceDescription

A description for the workspace. This is used only to help you identify this workspace.

Pattern: ^[\\p{L}\\p{Z}\\p{N}\\p{P}]{0,2048}$

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Required: No

workspaceName

The name for the workspace. It does not have to be unique.

Type: String

Pattern: ^[a-zA-Z0-9-._~]{1,255}$

Required: No

workspaceNotificationDestinations

Specify the AWS notification channels that you plan to use in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to use these channels.

Type: Array of strings

Valid Values: SNS

Required: No

workspaceOrganizationalUnits

Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.

Type: Array of strings

Required: No

workspaceRoleArn

Specified the IAM role that grants permissions to the AWS resources that the workspace will view data from, including both data sources and notification channels. You are responsible for managing the permissions for this role as new data sources or notification channels are added.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

Response Syntax

HTTP/1.1 202
Content-type: application/json

{
   "workspace": { 
      "accountAccessType": "string",
      "authentication": { 
         "providers": [ "string" ],
         "samlConfigurationStatus": "string"
      },
      "created": number,
      "dataSources": [ "string" ],
      "description": "string",
      "endpoint": "string",
      "freeTrialConsumed": boolean,
      "freeTrialExpiration": number,
      "grafanaToken": "string",
      "grafanaVersion": "string",
      "id": "string",
      "licenseExpiration": number,
      "licenseType": "string",
      "modified": number,
      "name": "string",
      "networkAccessControl": { 
         "prefixListIds": [ "string" ],
         "vpceIds": [ "string" ]
      },
      "notificationDestinations": [ "string" ],
      "organizationalUnits": [ "string" ],
      "organizationRoleName": "string",
      "permissionType": "string",
      "stackSetName": "string",
      "status": "string",
      "tags": { 
         "string" : "string" 
      },
      "vpcConfiguration": { 
         "securityGroupIds": [ "string" ],
         "subnetIds": [ "string" ]
      },
      "workspaceRoleArn": "string"
   }
}

Response Elements

If the action is successful, the service sends back an HTTP 202 response.

The following data is returned in JSON format by the service.

workspace

A structure containing data about the workspace that was created.

Type: WorkspaceDescription object

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient permissions to perform this action.

HTTP Status Code: 403

ConflictException

A resource was in an inconsistent state during an update or a deletion.

HTTP Status Code: 409

InternalServerException

Unexpected error while processing the request. Retry the request.

HTTP Status Code: 500

ServiceQuotaExceededException

The request would cause a service quota to be exceeded.

HTTP Status Code: 402

ThrottlingException

The request was denied because of request throttling. Retry the request.

HTTP Status Code: 429

ValidationException

The value of a parameter in the request caused an error.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: