Skip to content

williamospina/terraform-aws-managed-service-grafana

BranchesTags
ย 
ย 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

8 Commits
.github/workflows
.github/workflows
ย 
ย 
examples
examples
ย 
ย 
.editorconfig
.editorconfig
ย 
ย 
.gitignore
.gitignore
ย 
ย 
.pre-commit-config.yaml
.pre-commit-config.yaml
ย 
ย 
.releaserc.json
.releaserc.json
ย 
ย 
CHANGELOG.md
CHANGELOG.md
ย 
ย 
LICENSE
LICENSE
ย 
ย 
README.md
README.md
ย 
ย 
main.tf
main.tf
ย 
ย 
outputs.tf
outputs.tf
ย 
ย 
variables.tf
variables.tf
ย 
ย 
versions.tf
versions.tf
ย 
ย 

Repository files navigation

AWS Managed Service for Grafana (AMG) Terraform module

Terraform module which creates AWS Managed Service for Grafana (AMG) resources.

Usage

See examples directory for working examples to reference:

module "managed_grafana" {
  source = "terraform-aws-modules/managed-service-grafana/aws"

  # Workspace
  name                      = "example"
  description               = "AWS Managed Grafana service example workspace"
  account_access_type       = "CURRENT_ACCOUNT"
  authentication_providers  = ["AWS_SSO"]
  permission_type           = "SERVICE_MANAGED"
  data_sources              = ["CLOUDWATCH", "PROMETHEUS", "XRAY"]
  notification_destinations = ["SNS"]

  # Workspace SAML configuration
  saml_admin_role_values  = ["admin"]
  saml_editor_role_values = ["editor"]
  saml_email_assertion    = "mail"
  saml_groups_assertion   = "groups"
  saml_login_assertion    = "mail"
  saml_name_assertion     = "displayName"
  saml_org_assertion      = "org"
  saml_role_assertion     = "role"
  saml_idp_metadata_url   = "https://my_idp_metadata.url"

  # Role associations
  role_associations = {
    "ADMIN" = {
      "group_ids" = ["1111111111-abcdefgh-1234-5678-abcd-999999999999"]
    }
    "EDITOR" = {
      "user_ids" = ["2222222222-abcdefgh-1234-5678-abcd-999999999999"]
    }
  }

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}

Examples

Examples codified under the examples are intended to give users references for how to use the module(s) as well as testing/validating changes to the source code of the module. If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow maintainers to test your changes and to keep the examples up to date for users. Thank you!

Requirements

Name Version
terraform >= 0.13.1
aws >= 4.4

Providers

Name Version
aws >= 4.4

Modules

No modules.

Resources

Name Type
aws_grafana_license_association.this resource
aws_grafana_role_association.this resource
aws_grafana_workspace.this resource
aws_grafana_workspace_saml_configuration.this resource
aws_iam_role.this resource
aws_iam_policy_document.assume data source
aws_partition.current data source

Inputs

Name Description Type Default Required
account_access_type The type of account access for the workspace. Valid values are CURRENT_ACCOUNT and ORGANIZATION string "CURRENT_ACCOUNT" no
associate_license Determines whether a license will be associated with the workspace bool true no
authentication_providers The authentication providers for the workspace. Valid values are AWS_SSO, SAML, or both list(string) 
[
  "AWS_SSO"
]
 no
create Determines whether a resources will be created bool true no
create_iam_role Determines whether a an IAM role is created or to use an existing IAM role bool true no
data_sources The data sources for the workspace. Valid values are AMAZON_OPENSEARCH_SERVICE, CLOUDWATCH, PROMETHEUS, XRAY, TIMESTREAM, SITEWISE list(string) [] no
description The workspace description string null no
iam_role_arn Existing IAM role ARN for the workspace. Required if create_iam_role is set to false string null no
iam_role_description The description of the workspace IAM role string null no
iam_role_force_detach_policies Determines whether the workspace IAM role policies will be forced to detach bool true no
iam_role_max_session_duration Maximum session duration (in seconds) that you want to set for the IAM role number null no
iam_role_name Name to use on workspace IAM role created string null no
iam_role_path Workspace IAM role path string null no
iam_role_permissions_boundary ARN of the policy that is used to set the permissions boundary for the IAM role string null no
iam_role_tags A map of additional tags to add to the IAM role created map(string) {} no
license_type The type of license for the workspace license association. Valid values are ENTERPRISE and ENTERPRISE_FREE_TRIAL string "ENTERPRISE" no
name The Grafana workspace name string null no
notification_destinations The notification destinations. If a data source is specified here, Amazon Managed Grafana will create IAM roles and permissions needed to use these destinations. Must be set to SNS list(string) [] no
organization_role_name The role name that the workspace uses to access resources through Amazon Organizations string null no
organizational_units The Amazon Organizations organizational units that the workspace is authorized to use data sources from list(string) [] no
permission_type The permission type of the workspace. If SERVICE_MANAGED is specified, the IAM roles and IAM policy attachments are generated automatically. If CUSTOMER_MANAGED is specified, the IAM roles and IAM policy attachments will not be created string "SERVICE_MANAGED" no
role_associations Map of maps to assocaite user/group IDs to a role. Map key can be used as the role any {} no
saml_admin_role_values SAML authentication admin role values list(string) [] no
saml_allowed_organizations SAML authentication allowed organizations list(string) [] no
saml_editor_role_values SAML authentication editor role values list(string) [] no
saml_email_assertion SAML authentication email assertion string null no
saml_groups_assertion SAML authentication groups assertion string null no
saml_idp_metadata_url SAML authentication IDP Metadata URL. Note that either saml_idp_metadata_url or saml_idp_metadata_xml string null no
saml_idp_metadata_xml SAML authentication IDP Metadata XML. Note that either saml_idp_metadata_url or saml_idp_metadata_xml string null no
saml_login_assertion SAML authentication email assertion string null no
saml_login_validity_duration SAML authentication login validity duration number null no
saml_name_assertion SAML authentication name assertion string null no
saml_org_assertion SAML authentication org assertion string null no
saml_role_assertion SAML authentication role assertion string null no
stack_set_name The AWS CloudFormation stack set name that provisions IAM roles to be used by the workspace string null no
tags A map of tags to add to all resources map(string) {} no
use_iam_role_name_prefix Determines whether the IAM role name (wokspace_iam_role_name) is used as a prefix bool true no

Outputs

Name Description
license_expiration If license_type is set to ENTERPRISE, this is the expiration date of the enterprise license
license_free_trial_expiration If license_type is set to ENTERPRISE_FREE_TRIAL, this is the expiration date of the free trial
saml_configuration_status Status of the SAML configuration
workspace_arn The Amazon Resource Name (ARN) of the Grafana workspace
workspace_endpoint The endpoint of the Grafana workspace
workspace_grafana_version The version of Grafana running on the workspace
workspace_iam_role_arn IAM role ARN of the Grafana workspace
workspace_iam_role_name IAM role name of the Grafana workspace
workspace_iam_role_unique_id Stable and unique string identifying the IAM role

License

Apache-2.0 Licensed. See LICENSE.

About

Terraform module which creates AWS Managed Service for Grafana (AMG) resources ๐Ÿ‡บ๐Ÿ‡ฆ

registry.terraform.io/modules/terraform-aws-modules/managed-service-grafana/aws

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • HCL 100.0%