diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 395404e..3418005 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.88.0
+ rev: v1.92.1
hooks:
- id: terraform_fmt
- id: terraform_docs
@@ -24,7 +24,7 @@ repos:
- '--args=--only=terraform_unused_required_providers'
- id: terraform_validate
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.5.0
+ rev: v4.6.0
hooks:
- id: check-merge-conflict
- id: end-of-file-fixer
diff --git a/README.md b/README.md
index ccd712b..72858ba 100644
--- a/README.md
+++ b/README.md
@@ -80,13 +80,13 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.0 |
+| [aws](#requirement\_aws) | >= 5.59 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.0 |
+| [aws](#provider\_aws) | >= 5.59 |
## Modules
@@ -101,6 +101,8 @@ No modules.
| [aws_grafana_workspace.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/grafana_workspace) | resource |
| [aws_grafana_workspace_api_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/grafana_workspace_api_key) | resource |
| [aws_grafana_workspace_saml_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/grafana_workspace_saml_configuration) | resource |
+| [aws_grafana_workspace_service_account.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/grafana_workspace_service_account) | resource |
+| [aws_grafana_workspace_service_account_token.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/grafana_workspace_service_account_token) | resource |
| [aws_iam_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
@@ -170,6 +172,8 @@ No modules.
| [vpc\_configuration](#input\_vpc\_configuration) | The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to | `any` | `{}` | no |
| [workspace\_api\_keys](#input\_workspace\_api\_keys) | Map of workspace API key definitions to create | `any` | `{}` | no |
| [workspace\_id](#input\_workspace\_id) | The ID of an existing workspace to use when `create_workspace` is `false` | `string` | `""` | no |
+| [workspace\_service\_account\_tokens](#input\_workspace\_service\_account\_tokens) | Map of workspace service account tokens to create | `any` | `{}` | no |
+| [workspace\_service\_accounts](#input\_workspace\_service\_accounts) | Map of workspace service account definitions to create | `any` | `{}` | no |
## Outputs
@@ -191,6 +195,8 @@ No modules.
| [workspace\_iam\_role\_policy\_name](#output\_workspace\_iam\_role\_policy\_name) | IAM Policy name of the Grafana workspace IAM role |
| [workspace\_iam\_role\_unique\_id](#output\_workspace\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
| [workspace\_id](#output\_workspace\_id) | The ID of the Grafana workspace |
+| [workspace\_service\_account\_tokens](#output\_workspace\_service\_account\_tokens) | The workspace service account tokens created including their attributes |
+| [workspace\_service\_accounts](#output\_workspace\_service\_accounts) | The workspace service accounts created including their attributes |
## License
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 93ae1a7..dae691a 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -24,13 +24,13 @@ Note that this example may create resources which will incur monetary charges on
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.0 |
+| [aws](#requirement\_aws) | >= 5.59 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.0 |
+| [aws](#provider\_aws) | >= 5.59 |
## Modules
@@ -69,6 +69,8 @@ No inputs.
| [workspace\_iam\_role\_policy\_name](#output\_workspace\_iam\_role\_policy\_name) | IAM Policy name of the Grafana workspace IAM role |
| [workspace\_iam\_role\_unique\_id](#output\_workspace\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
| [workspace\_id](#output\_workspace\_id) | The ID of the Grafana workspace |
+| [workspace\_service\_account\_tokens](#output\_workspace\_service\_account\_tokens) | The workspace service account tokens created including their attributes |
+| [workspace\_service\_accounts](#output\_workspace\_service\_accounts) | The workspace service accounts created including their attributes |
Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-managed-service-grafana/blob/main/LICENSE).
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 7497680..f9a26df 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -36,7 +36,7 @@ module "managed_grafana" {
data_sources = ["CLOUDWATCH", "PROMETHEUS", "XRAY"]
notification_destinations = ["SNS"]
stack_set_name = local.name
- grafana_version = "9.4"
+ grafana_version = "10.4"
configuration = jsonencode({
unifiedAlerting = {
@@ -80,6 +80,36 @@ module "managed_grafana" {
}
}
+ # Workspace service accounts
+ workspace_service_accounts = {
+ viewer = {
+ grafana_role = "VIEWER"
+ }
+ editor = {
+ name = "editor-example"
+ grafana_role = "EDITOR"
+ }
+ admin = {
+ grafana_role = "ADMIN"
+ }
+ }
+
+ workspace_service_account_tokens = {
+ viewer = {
+ service_account_key = "viewer"
+ seconds_to_live = 3600
+ }
+ editor = {
+ name = "editor-example"
+ service_account_key = "editor"
+ seconds_to_live = 3600
+ }
+ admin = {
+ service_account_key = "admin"
+ seconds_to_live = 3600
+ }
+ }
+
# Workspace IAM role
create_iam_role = true
iam_role_name = local.name
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
index c377de7..650f211 100644
--- a/examples/complete/outputs.tf
+++ b/examples/complete/outputs.tf
@@ -29,6 +29,23 @@ output "workspace_grafana_version" {
output "workspace_api_keys" {
description = "The workspace API keys created including their attributes"
value = module.managed_grafana.workspace_api_keys
+ sensitive = true
+}
+
+################################################################################
+# Workspace Service Account
+################################################################################
+
+output "workspace_service_accounts" {
+ description = "The workspace service accounts created including their attributes"
+ value = module.managed_grafana.workspace_service_accounts
+ sensitive = true
+}
+
+output "workspace_service_account_tokens" {
+ description = "The workspace service account tokens created including their attributes"
+ value = module.managed_grafana.workspace_service_account_tokens
+ sensitive = true
}
################################################################################
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index ddfcb0e..7ea0158 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.0"
+ version = ">= 5.59"
}
}
}
diff --git a/main.tf b/main.tf
index 3d0bf44..2bf7062 100644
--- a/main.tf
+++ b/main.tf
@@ -110,6 +110,27 @@ resource "aws_grafana_workspace_api_key" "this" {
workspace_id = local.workspace_id
}
+################################################################################
+# Workspace Service Account
+################################################################################
+
+resource "aws_grafana_workspace_service_account" "this" {
+ for_each = { for k, v in var.workspace_service_accounts : k => v if var.create }
+
+ name = try(each.value.name, each.key)
+ grafana_role = each.value.grafana_role
+ workspace_id = local.workspace_id
+}
+
+resource "aws_grafana_workspace_service_account_token" "this" {
+ for_each = { for k, v in var.workspace_service_account_tokens : k => v if var.create }
+
+ name = try(each.value.name, each.key)
+ service_account_id = try(aws_grafana_workspace_service_account.this[each.value.service_account_key].service_account_id, each.value.service_account_id)
+ seconds_to_live = each.value.seconds_to_live
+ workspace_id = local.workspace_id
+}
+
################################################################################
# Workspace IAM Role
################################################################################
diff --git a/outputs.tf b/outputs.tf
index 1a33bb0..fb67b2a 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -31,6 +31,20 @@ output "workspace_api_keys" {
value = aws_grafana_workspace_api_key.this
}
+################################################################################
+# Workspace Service Account
+################################################################################
+
+output "workspace_service_accounts" {
+ description = "The workspace service accounts created including their attributes"
+ value = aws_grafana_workspace_service_account_token.this
+}
+
+output "workspace_service_account_tokens" {
+ description = "The workspace service account tokens created including their attributes"
+ value = aws_grafana_workspace_service_account_token.this
+}
+
################################################################################
# Workspace IAM Role
################################################################################
diff --git a/variables.tf b/variables.tf
index 0d18ce7..f8edfb7 100644
--- a/variables.tf
+++ b/variables.tf
@@ -196,6 +196,22 @@ variable "workspace_api_keys" {
default = {}
}
+################################################################################
+# Workspace Service Account
+################################################################################
+
+variable "workspace_service_accounts" {
+ description = "Map of workspace service account definitions to create"
+ type = any
+ default = {}
+}
+
+variable "workspace_service_account_tokens" {
+ description = "Map of workspace service account tokens to create"
+ type = any
+ default = {}
+}
+
################################################################################
# Workspace SAML Configuration
################################################################################
diff --git a/versions.tf b/versions.tf
index ddfcb0e..7ea0158 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.0"
+ version = ">= 5.59"
}
}
}