Amazon Managed Grafana

2024/05/15 - Amazon Managed Grafana - 6 new api methods

Changes  This release adds new ServiceAccount and ServiceAccountToken APIs.

CreateWorkspaceServiceAccount (new) Link ¶

Creates a service account for the workspace. A service account can be used to call Grafana HTTP APIs, and run automated workloads. After creating the service account with the correct GrafanaRole for your use case, use CreateWorkspaceServiceAccountToken to create a token that can be used to authenticate and authorize Grafana HTTP API calls.

You can only create service accounts for workspaces that are compatible with Grafana version 9 and above.

Note

For more information about service accounts, see Service accounts in the Amazon Managed Grafana User Guide .

For more information about the Grafana HTTP APIs, see Using Grafana HTTP APIs in the Amazon Managed Grafana User Guide .

See also: AWS API Documentation

Request Syntax

client.create_workspace_service_account(
    grafanaRole='ADMIN'|'EDITOR'|'VIEWER',
    name='string',
    workspaceId='string'
)
type grafanaRole

string

param grafanaRole

[REQUIRED]

The permission level to use for this service account.

Note

For more information about the roles and the permissions each has, see User roles in the Amazon Managed Grafana User Guide .

type name

string

param name

[REQUIRED]

A name for the service account. The name must be unique within the workspace, as it determines the ID associated with the service account.

type workspaceId

string

param workspaceId

[REQUIRED]

The ID of the workspace within which to create the service account.

rtype

dict

returns

Response Syntax

{
    'grafanaRole': 'ADMIN'|'EDITOR'|'VIEWER',
    'id': 'string',
    'name': 'string',
    'workspaceId': 'string'
}

Response Structure

  • (dict) --

    • grafanaRole (string) --

      The permission level given to the service account.

    • id (string) --

      The ID of the service account.

    • name (string) --

      The name of the service account.

    • workspaceId (string) --

      The workspace with which the service account is associated.

DeleteWorkspaceServiceAccountToken (new) Link ¶

Deletes a token for the workspace service account.

This will disable the key associated with the token. If any automation is currently using the key, it will no longer be authenticated or authorized to perform actions with the Grafana HTTP APIs.

Service accounts are only available for workspaces that are compatible with Grafana version 9 and above.

See also: AWS API Documentation

Request Syntax

client.delete_workspace_service_account_token(
    serviceAccountId='string',
    tokenId='string',
    workspaceId='string'
)
type serviceAccountId

string

param serviceAccountId

[REQUIRED]

The ID of the service account from which to delete the token.

type tokenId

string

param tokenId

[REQUIRED]

The ID of the token to delete.

type workspaceId

string

param workspaceId

[REQUIRED]

The ID of the workspace from which to delete the token.

rtype

dict

returns

Response Syntax

{
    'serviceAccountId': 'string',
    'tokenId': 'string',
    'workspaceId': 'string'
}

Response Structure

  • (dict) --

    • serviceAccountId (string) --

      The ID of the service account where the token was deleted.

    • tokenId (string) --

      The ID of the token that was deleted.

    • workspaceId (string) --

      The ID of the workspace where the token was deleted.

DeleteWorkspaceServiceAccount (new) Link ¶

Deletes a workspace service account from the workspace.

This will delete any tokens created for the service account, as well. If the tokens are currently in use, the will fail to authenticate / authorize after they are deleted.

Service accounts are only available for workspaces that are compatible with Grafana version 9 and above.

See also: AWS API Documentation

Request Syntax

client.delete_workspace_service_account(
    serviceAccountId='string',
    workspaceId='string'
)
type serviceAccountId

string

param serviceAccountId

[REQUIRED]

The ID of the service account to delete.

type workspaceId

string

param workspaceId

[REQUIRED]

The ID of the workspace where the service account resides.

rtype

dict

returns

Response Syntax

{
    'serviceAccountId': 'string',
    'workspaceId': 'string'
}

Response Structure

  • (dict) --

    • serviceAccountId (string) --

      The ID of the service account deleted.

    • workspaceId (string) --

      The ID of the workspace where the service account was deleted.

CreateWorkspaceServiceAccountToken (new) Link ¶

Creates a token that can be used to authenticate and authorize Grafana HTTP API operations for the given workspace service account. The service account acts as a user for the API operations, and defines the permissions that are used by the API.

Warning

When you create the service account token, you will receive a key that is used when calling Grafana APIs. Do not lose this key, as it will not be retrievable again.

If you do lose the key, you can delete the token and recreate it to receive a new key. This will disable the initial key.

Service accounts are only available for workspaces that are compatible with Grafana version 9 and above.

See also: AWS API Documentation

Request Syntax

client.create_workspace_service_account_token(
    name='string',
    secondsToLive=123,
    serviceAccountId='string',
    workspaceId='string'
)
type name

string

param name

[REQUIRED]

A name for the token to create.

type secondsToLive

integer

param secondsToLive

[REQUIRED]

Sets how long the token will be valid, in seconds. You can set the time up to 30 days in the future.

type serviceAccountId

string

param serviceAccountId

[REQUIRED]

The ID of the service account for which to create a token.

type workspaceId

string

param workspaceId

[REQUIRED]

The ID of the workspace the service account resides within.

rtype

dict

returns

Response Syntax

{
    'serviceAccountId': 'string',
    'serviceAccountToken': {
        'id': 'string',
        'key': 'string',
        'name': 'string'
    },
    'workspaceId': 'string'
}

Response Structure

  • (dict) --

    • serviceAccountId (string) --

      The ID of the service account where the token was created.

    • serviceAccountToken (dict) --

      Information about the created token, including the key. Be sure to store the key securely.

      • id (string) --

        The unique ID of the service account token.

      • key (string) --

        The key for the service account token. Used when making calls to the Grafana HTTP APIs to authenticate and authorize the requests.

      • name (string) --

        The name of the service account token.

    • workspaceId (string) --

      The ID of the workspace where the token was created.

ListWorkspaceServiceAccountTokens (new) Link ¶

Returns a list of tokens for a workspace service account.

Note

This does not return the key for each token. You cannot access keys after they are created. To create a new key, delete the token and recreate it.

Service accounts are only available for workspaces that are compatible with Grafana version 9 and above.

See also: AWS API Documentation

Request Syntax

client.list_workspace_service_account_tokens(
    maxResults=123,
    nextToken='string',
    serviceAccountId='string',
    workspaceId='string'
)
type maxResults

integer

param maxResults

The maximum number of tokens to include in the results.

type nextToken

string

param nextToken

The token for the next set of service accounts to return. (You receive this token from a previous ListWorkspaceServiceAccountTokens operation.)

type serviceAccountId

string

param serviceAccountId

[REQUIRED]

The ID of the service account for which to return tokens.

type workspaceId

string

param workspaceId

[REQUIRED]

The ID of the workspace for which to return tokens.

rtype

dict

returns

Response Syntax

{
    'nextToken': 'string',
    'serviceAccountId': 'string',
    'serviceAccountTokens': [
        {
            'createdAt': datetime(2015, 1, 1),
            'expiresAt': datetime(2015, 1, 1),
            'id': 'string',
            'lastUsedAt': datetime(2015, 1, 1),
            'name': 'string'
        },
    ],
    'workspaceId': 'string'
}

Response Structure

  • (dict) --

    • nextToken (string) --

      The token to use when requesting the next set of service accounts.

    • serviceAccountId (string) --

      The ID of the service account where the tokens reside.

    • serviceAccountTokens (list) --

      An array of structures containing information about the tokens.

      • (dict) --

        A structure that contains the information about a service account token.

        • createdAt (datetime) --

          When the service account token was created.

        • expiresAt (datetime) --

          When the service account token will expire.

        • id (string) --

          The unique ID of the service account token.

        • lastUsedAt (datetime) --

          The last time the token was used to authorize a Grafana HTTP API.

        • name (string) --

          The name of the service account token.

    • workspaceId (string) --

      The ID of the workspace where the tokens reside.

ListWorkspaceServiceAccounts (new) Link ¶

Returns a list of service accounts for a workspace.

Service accounts are only available for workspaces that are compatible with Grafana version 9 and above.

See also: AWS API Documentation

Request Syntax

client.list_workspace_service_accounts(
    maxResults=123,
    nextToken='string',
    workspaceId='string'
)
type maxResults

integer

param maxResults

The maximum number of service accounts to include in the results.

type nextToken

string

param nextToken

The token for the next set of service accounts to return. (You receive this token from a previous ListWorkspaceServiceAccounts operation.)

type workspaceId

string

param workspaceId

[REQUIRED]

The workspace for which to list service accounts.

rtype

dict

returns

Response Syntax

{
    'nextToken': 'string',
    'serviceAccounts': [
        {
            'grafanaRole': 'ADMIN'|'EDITOR'|'VIEWER',
            'id': 'string',
            'isDisabled': 'string',
            'name': 'string'
        },
    ],
    'workspaceId': 'string'
}

Response Structure

  • (dict) --

    • nextToken (string) --

      The token to use when requesting the next set of service accounts.

    • serviceAccounts (list) --

      An array of structures containing information about the service accounts.

      • (dict) --

        A structure that contains the information about one service account.

        • grafanaRole (string) --

          The role of the service account, which sets the permission level used when calling Grafana APIs.

        • id (string) --

          The unique ID of the service account.

        • isDisabled (string) --

          Returns true if the service account is disabled. Service accounts can be disabled and enabled in the Amazon Managed Grafana console.

        • name (string) --

          The name of the service account.

    • workspaceId (string) --

      The workspace to which the service accounts are associated.