aws-sdk-managedgrafana 1.10.0 → 1.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 98a3805f6f6c020f69a8681129b0ff5ebce892f8a0b4d2536cfa7abeca8f4cc5
-  data.tar.gz: 6c5f9dda87b536a675bf8e25613e79ca974371cdc30eb911eb58898624a6ffa4
+  metadata.gz: dbed3c483cb41a8ed9c42655e36beb415da0a7c1a45e21ad77554152ebd627fd
+  data.tar.gz: cfa5fb3b3859d7c141652054436061144dea64c925d9f629b4db914cc0c5e89c
 SHA512:
-  metadata.gz: c878b1d4197f1c82ba977f416ba7891e6877f5bc9c92630b78f8e7cda676b1e4dfbec83adf97a252c83b3aeec715d392be3162b0e946724bb7c3b03b2a756232
-  data.tar.gz: 6c33ed2eb57ea1317c67c769e28c4a5d919a2cfbd564bd8f1813bf1d5edc80c65266bdd8497c707bef5b64c735b2604b745402955081fcab4bfd81991c3e28f0
+  metadata.gz: 026314fed6e3710f307837edf8daf8b965133b2b3289f7b95befe1503bf0c4b6e79df1f6ada184ef77c59a0b7ee27faa58212f6bb73247be025fe88d7e199472
+  data.tar.gz: bef0e55956c9c8b6d9ad29a882e0b35018f59c68aebc0ad31ce3bacf0e04807f80af4d65ae2ec6e276b5086705d6a6e334a07b20a3e5c40b4293fca37f2d331b

data/CHANGELOG.md

@@ -1,6 +1,18 @@
 Unreleased Changes
 ------------------
 
+1.12.0 (2023-02-16)
+------------------
+
+* Feature - With this release Amazon Managed Grafana now supports inbound Network Access Control that helps you to restrict user access to your Grafana workspaces
+
+1.11.0 (2023-01-18)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+* Issue - Replace runtime endpoint resolution approach with generated ruby code.
+
 1.10.0 (2022-11-23)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.10.0
+1.12.0

data/lib/aws-sdk-managedgrafana/client.rb

@@ -412,6 +412,10 @@ module Aws::ManagedGrafana
     #   resp.workspace.license_type #=> String, one of "ENTERPRISE", "ENTERPRISE_FREE_TRIAL"
     #   resp.workspace.modified #=> Time
     #   resp.workspace.name #=> String
+    #   resp.workspace.network_access_control.prefix_list_ids #=> Array
+    #   resp.workspace.network_access_control.prefix_list_ids[0] #=> String
+    #   resp.workspace.network_access_control.vpce_ids #=> Array
+    #   resp.workspace.network_access_control.vpce_ids[0] #=> String
     #   resp.workspace.notification_destinations #=> Array
     #   resp.workspace.notification_destinations[0] #=> String, one of "SNS"
     #   resp.workspace.organization_role_name #=> String
@@ -487,6 +491,17 @@ module Aws::ManagedGrafana
     #
     #   [1]: https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html
     #
+    # @option params [Types::NetworkAccessConfiguration] :network_access_control
+    #   Configuration for network access to your workspace.
+    #
+    #   When this is configured, only listed IP addresses and VPC endpoints
+    #   will be able to access your workspace. Standard Grafana authentication
+    #   and authorization will still be required.
+    #
+    #   If this is not configured, or is removed, then all IP addresses and
+    #   VPC endpoints will be allowed. Standard Grafana authentication and
+    #   authorization will still be required.
+    #
     # @option params [String] :organization_role_name
     #   The name of an IAM role that already exists to use with Organizations
     #   to access Amazon Web Services data sources and notification channels
@@ -577,6 +592,10 @@ module Aws::ManagedGrafana
     #     authentication_providers: ["AWS_SSO"], # required, accepts AWS_SSO, SAML
     #     client_token: "ClientToken",
     #     configuration: "OverridableConfigurationJson",
+    #     network_access_control: {
+    #       prefix_list_ids: ["PrefixListId"], # required
+    #       vpce_ids: ["VpceId"], # required
+    #     },
     #     organization_role_name: "OrganizationRoleName",
     #     permission_type: "CUSTOMER_MANAGED", # required, accepts CUSTOMER_MANAGED, SERVICE_MANAGED
     #     stack_set_name: "StackSetName",
@@ -614,6 +633,10 @@ module Aws::ManagedGrafana
     #   resp.workspace.license_type #=> String, one of "ENTERPRISE", "ENTERPRISE_FREE_TRIAL"
     #   resp.workspace.modified #=> Time
     #   resp.workspace.name #=> String
+    #   resp.workspace.network_access_control.prefix_list_ids #=> Array
+    #   resp.workspace.network_access_control.prefix_list_ids[0] #=> String
+    #   resp.workspace.network_access_control.vpce_ids #=> Array
+    #   resp.workspace.network_access_control.vpce_ids[0] #=> String
     #   resp.workspace.notification_destinations #=> Array
     #   resp.workspace.notification_destinations[0] #=> String, one of "SNS"
     #   resp.workspace.organization_role_name #=> String
@@ -728,6 +751,10 @@ module Aws::ManagedGrafana
     #   resp.workspace.license_type #=> String, one of "ENTERPRISE", "ENTERPRISE_FREE_TRIAL"
     #   resp.workspace.modified #=> Time
     #   resp.workspace.name #=> String
+    #   resp.workspace.network_access_control.prefix_list_ids #=> Array
+    #   resp.workspace.network_access_control.prefix_list_ids[0] #=> String
+    #   resp.workspace.network_access_control.vpce_ids #=> Array
+    #   resp.workspace.network_access_control.vpce_ids[0] #=> String
     #   resp.workspace.notification_destinations #=> Array
     #   resp.workspace.notification_destinations[0] #=> String, one of "SNS"
     #   resp.workspace.organization_role_name #=> String
@@ -821,6 +848,10 @@ module Aws::ManagedGrafana
     #   resp.workspace.license_type #=> String, one of "ENTERPRISE", "ENTERPRISE_FREE_TRIAL"
     #   resp.workspace.modified #=> Time
     #   resp.workspace.name #=> String
+    #   resp.workspace.network_access_control.prefix_list_ids #=> Array
+    #   resp.workspace.network_access_control.prefix_list_ids[0] #=> String
+    #   resp.workspace.network_access_control.vpce_ids #=> Array
+    #   resp.workspace.network_access_control.vpce_ids[0] #=> String
     #   resp.workspace.notification_destinations #=> Array
     #   resp.workspace.notification_destinations[0] #=> String, one of "SNS"
     #   resp.workspace.organization_role_name #=> String
@@ -959,6 +990,10 @@ module Aws::ManagedGrafana
     #   resp.workspace.license_type #=> String, one of "ENTERPRISE", "ENTERPRISE_FREE_TRIAL"
     #   resp.workspace.modified #=> Time
     #   resp.workspace.name #=> String
+    #   resp.workspace.network_access_control.prefix_list_ids #=> Array
+    #   resp.workspace.network_access_control.prefix_list_ids[0] #=> String
+    #   resp.workspace.network_access_control.vpce_ids #=> Array
+    #   resp.workspace.network_access_control.vpce_ids[0] #=> String
     #   resp.workspace.notification_destinations #=> Array
     #   resp.workspace.notification_destinations[0] #=> String, one of "SNS"
     #   resp.workspace.organization_role_name #=> String
@@ -1277,12 +1312,23 @@ module Aws::ManagedGrafana
     #   which organizational units the workspace can access in the
     #   `workspaceOrganizationalUnits` parameter.
     #
+    # @option params [Types::NetworkAccessConfiguration] :network_access_control
+    #   The configuration settings for network access to your workspace.
+    #
+    #   When this is configured, only listed IP addresses and VPC endpoints
+    #   will be able to access your workspace. Standard Grafana authentication
+    #   and authorization will still be required.
+    #
+    #   If this is not configured, or is removed, then all IP addresses and
+    #   VPC endpoints will be allowed. Standard Grafana authentication and
+    #   authorization will still be required.
+    #
     # @option params [String] :organization_role_name
     #   The name of an IAM role that already exists to use to access resources
     #   through Organizations.
     #
     # @option params [String] :permission_type
-    #   If you specify `Service Managed`, Amazon Managed Grafana automatically
+    #   If you specify `SERVICE_MANAGED`, Amazon Managed Grafana automatically
     #   creates the IAM roles and provisions the permissions that the
     #   workspace needs to use Amazon Web Services data sources and
     #   notification channels.
@@ -1302,6 +1348,16 @@ module Aws::ManagedGrafana
     #
     #   [1]: https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html
     #
+    # @option params [Boolean] :remove_network_access_configuration
+    #   Whether to remove the network access configuration from the workspace.
+    #
+    #   Setting this to `true` and providing a `networkAccessControl` to set
+    #   will return an error.
+    #
+    #   If you remove this configuration by setting this to `true`, then all
+    #   IP addresses and VPC endpoints will be allowed. Standard Grafana
+    #   authentication and authorization will still be required.
+    #
     # @option params [Boolean] :remove_vpc_configuration
     #   Whether to remove the VPC configuration from the workspace.
     #
@@ -1364,8 +1420,13 @@ module Aws::ManagedGrafana
     #
     #   resp = client.update_workspace({
     #     account_access_type: "CURRENT_ACCOUNT", # accepts CURRENT_ACCOUNT, ORGANIZATION
+    #     network_access_control: {
+    #       prefix_list_ids: ["PrefixListId"], # required
+    #       vpce_ids: ["VpceId"], # required
+    #     },
     #     organization_role_name: "OrganizationRoleName",
     #     permission_type: "CUSTOMER_MANAGED", # accepts CUSTOMER_MANAGED, SERVICE_MANAGED
+    #     remove_network_access_configuration: false,
     #     remove_vpc_configuration: false,
     #     stack_set_name: "StackSetName",
     #     vpc_configuration: {
@@ -1400,6 +1461,10 @@ module Aws::ManagedGrafana
     #   resp.workspace.license_type #=> String, one of "ENTERPRISE", "ENTERPRISE_FREE_TRIAL"
     #   resp.workspace.modified #=> Time
     #   resp.workspace.name #=> String
+    #   resp.workspace.network_access_control.prefix_list_ids #=> Array
+    #   resp.workspace.network_access_control.prefix_list_ids[0] #=> String
+    #   resp.workspace.network_access_control.vpce_ids #=> Array
+    #   resp.workspace.network_access_control.vpce_ids[0] #=> String
     #   resp.workspace.notification_destinations #=> Array
     #   resp.workspace.notification_destinations[0] #=> String, one of "SNS"
     #   resp.workspace.organization_role_name #=> String
@@ -1561,7 +1626,7 @@ module Aws::ManagedGrafana
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-managedgrafana'
-      context[:gem_version] = '1.10.0'
+      context[:gem_version] = '1.12.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-managedgrafana/client_api.rb

@@ -68,6 +68,7 @@ module Aws::ManagedGrafana
     ListWorkspacesRequestMaxResultsInteger = Shapes::IntegerShape.new(name: 'ListWorkspacesRequestMaxResultsInteger')
     ListWorkspacesResponse = Shapes::StructureShape.new(name: 'ListWorkspacesResponse')
     LoginValidityDuration = Shapes::IntegerShape.new(name: 'LoginValidityDuration')
+    NetworkAccessConfiguration = Shapes::StructureShape.new(name: 'NetworkAccessConfiguration')
     NotificationDestinationType = Shapes::StringShape.new(name: 'NotificationDestinationType')
     NotificationDestinationsList = Shapes::ListShape.new(name: 'NotificationDestinationsList')
     OrganizationRoleName = Shapes::StringShape.new(name: 'OrganizationRoleName')
@@ -78,6 +79,8 @@ module Aws::ManagedGrafana
     PermissionEntry = Shapes::StructureShape.new(name: 'PermissionEntry')
     PermissionEntryList = Shapes::ListShape.new(name: 'PermissionEntryList')
     PermissionType = Shapes::StringShape.new(name: 'PermissionType')
+    PrefixListId = Shapes::StringShape.new(name: 'PrefixListId')
+    PrefixListIds = Shapes::ListShape.new(name: 'PrefixListIds')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
     Role = Shapes::StringShape.new(name: 'Role')
     RoleValue = Shapes::StringShape.new(name: 'RoleValue')
@@ -127,6 +130,8 @@ module Aws::ManagedGrafana
     ValidationExceptionFieldList = Shapes::ListShape.new(name: 'ValidationExceptionFieldList')
     ValidationExceptionReason = Shapes::StringShape.new(name: 'ValidationExceptionReason')
     VpcConfiguration = Shapes::StructureShape.new(name: 'VpcConfiguration')
+    VpceId = Shapes::StringShape.new(name: 'VpceId')
+    VpceIds = Shapes::ListShape.new(name: 'VpceIds')
     WorkspaceDescription = Shapes::StructureShape.new(name: 'WorkspaceDescription')
     WorkspaceId = Shapes::StringShape.new(name: 'WorkspaceId')
     WorkspaceList = Shapes::ListShape.new(name: 'WorkspaceList')
@@ -188,6 +193,7 @@ module Aws::ManagedGrafana
     CreateWorkspaceRequest.add_member(:authentication_providers, Shapes::ShapeRef.new(shape: AuthenticationProviders, required: true, location_name: "authenticationProviders"))
     CreateWorkspaceRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: ClientToken, location_name: "clientToken", metadata: {"idempotencyToken"=>true}))
     CreateWorkspaceRequest.add_member(:configuration, Shapes::ShapeRef.new(shape: OverridableConfigurationJson, location_name: "configuration", metadata: {"jsonvalue"=>true}))
+    CreateWorkspaceRequest.add_member(:network_access_control, Shapes::ShapeRef.new(shape: NetworkAccessConfiguration, location_name: "networkAccessControl"))
     CreateWorkspaceRequest.add_member(:organization_role_name, Shapes::ShapeRef.new(shape: OrganizationRoleName, location_name: "organizationRoleName"))
     CreateWorkspaceRequest.add_member(:permission_type, Shapes::ShapeRef.new(shape: PermissionType, required: true, location_name: "permissionType"))
     CreateWorkspaceRequest.add_member(:stack_set_name, Shapes::ShapeRef.new(shape: StackSetName, location_name: "stackSetName"))
@@ -283,6 +289,10 @@ module Aws::ManagedGrafana
     ListWorkspacesResponse.add_member(:workspaces, Shapes::ShapeRef.new(shape: WorkspaceList, required: true, location_name: "workspaces"))
     ListWorkspacesResponse.struct_class = Types::ListWorkspacesResponse
 
+    NetworkAccessConfiguration.add_member(:prefix_list_ids, Shapes::ShapeRef.new(shape: PrefixListIds, required: true, location_name: "prefixListIds"))
+    NetworkAccessConfiguration.add_member(:vpce_ids, Shapes::ShapeRef.new(shape: VpceIds, required: true, location_name: "vpceIds"))
+    NetworkAccessConfiguration.struct_class = Types::NetworkAccessConfiguration
+
     NotificationDestinationsList.member = Shapes::ShapeRef.new(shape: NotificationDestinationType)
 
     OrganizationalUnitList.member = Shapes::ShapeRef.new(shape: OrganizationalUnit)
@@ -293,6 +303,8 @@ module Aws::ManagedGrafana
 
     PermissionEntryList.member = Shapes::ShapeRef.new(shape: PermissionEntry)
 
+    PrefixListIds.member = Shapes::ShapeRef.new(shape: PrefixListId)
+
     ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     ResourceNotFoundException.add_member(:resource_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceId"))
     ResourceNotFoundException.add_member(:resource_type, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceType"))
@@ -385,8 +397,10 @@ module Aws::ManagedGrafana
     UpdateWorkspaceConfigurationResponse.struct_class = Types::UpdateWorkspaceConfigurationResponse
 
     UpdateWorkspaceRequest.add_member(:account_access_type, Shapes::ShapeRef.new(shape: AccountAccessType, location_name: "accountAccessType"))
+    UpdateWorkspaceRequest.add_member(:network_access_control, Shapes::ShapeRef.new(shape: NetworkAccessConfiguration, location_name: "networkAccessControl"))
     UpdateWorkspaceRequest.add_member(:organization_role_name, Shapes::ShapeRef.new(shape: OrganizationRoleName, location_name: "organizationRoleName"))
     UpdateWorkspaceRequest.add_member(:permission_type, Shapes::ShapeRef.new(shape: PermissionType, location_name: "permissionType"))
+    UpdateWorkspaceRequest.add_member(:remove_network_access_configuration, Shapes::ShapeRef.new(shape: Boolean, location_name: "removeNetworkAccessConfiguration"))
     UpdateWorkspaceRequest.add_member(:remove_vpc_configuration, Shapes::ShapeRef.new(shape: Boolean, location_name: "removeVpcConfiguration"))
     UpdateWorkspaceRequest.add_member(:stack_set_name, Shapes::ShapeRef.new(shape: StackSetName, location_name: "stackSetName"))
     UpdateWorkspaceRequest.add_member(:vpc_configuration, Shapes::ShapeRef.new(shape: VpcConfiguration, location_name: "vpcConfiguration"))
@@ -423,6 +437,8 @@ module Aws::ManagedGrafana
     VpcConfiguration.add_member(:subnet_ids, Shapes::ShapeRef.new(shape: SubnetIds, required: true, location_name: "subnetIds"))
     VpcConfiguration.struct_class = Types::VpcConfiguration
 
+    VpceIds.member = Shapes::ShapeRef.new(shape: VpceId)
+
     WorkspaceDescription.add_member(:account_access_type, Shapes::ShapeRef.new(shape: AccountAccessType, location_name: "accountAccessType"))
     WorkspaceDescription.add_member(:authentication, Shapes::ShapeRef.new(shape: AuthenticationSummary, required: true, location_name: "authentication"))
     WorkspaceDescription.add_member(:created, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "created"))
@@ -437,6 +453,7 @@ module Aws::ManagedGrafana
     WorkspaceDescription.add_member(:license_type, Shapes::ShapeRef.new(shape: LicenseType, location_name: "licenseType"))
     WorkspaceDescription.add_member(:modified, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "modified"))
     WorkspaceDescription.add_member(:name, Shapes::ShapeRef.new(shape: WorkspaceName, location_name: "name"))
+    WorkspaceDescription.add_member(:network_access_control, Shapes::ShapeRef.new(shape: NetworkAccessConfiguration, location_name: "networkAccessControl"))
     WorkspaceDescription.add_member(:notification_destinations, Shapes::ShapeRef.new(shape: NotificationDestinationsList, location_name: "notificationDestinations"))
     WorkspaceDescription.add_member(:organization_role_name, Shapes::ShapeRef.new(shape: OrganizationRoleName, location_name: "organizationRoleName"))
     WorkspaceDescription.add_member(:organizational_units, Shapes::ShapeRef.new(shape: OrganizationalUnitList, location_name: "organizationalUnits"))

data/lib/aws-sdk-managedgrafana/endpoint_provider.rb

@@ -9,103 +9,76 @@
 
 module Aws::ManagedGrafana
   class EndpointProvider
-    def initialize(rule_set = nil)
-      @@rule_set ||= begin
-        endpoint_rules = Aws::Json.load(Base64.decode64(RULES))
-        Aws::Endpoints::RuleSet.new(
-          version: endpoint_rules['version'],
-          service_id: endpoint_rules['serviceId'],
-          parameters: endpoint_rules['parameters'],
-          rules: endpoint_rules['rules']
-        )
+    def resolve_endpoint(parameters)
+      region = parameters.region
+      use_dual_stack = parameters.use_dual_stack
+      use_fips = parameters.use_fips
+      endpoint = parameters.endpoint
+      if Aws::Endpoints::Matchers.set?(endpoint)
+        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+          raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
+        end
+        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
+        end
+        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
       end
-      @provider = Aws::Endpoints::RulesProvider.new(rule_set || @@rule_set)
-    end
+      if Aws::Endpoints::Matchers.set?(region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://grafana-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+              return Aws::Endpoints::Endpoint.new(url: "https://grafana-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://grafana.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "ap-northeast-1")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.ap-northeast-1.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "ap-northeast-2")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.ap-northeast-2.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-1")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.ap-southeast-1.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-2")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.ap-southeast-2.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "eu-central-1")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.eu-central-1.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-1")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.eu-west-1.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-2")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.eu-west-2.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "us-east-1")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.us-east-1.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "us-east-2")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.us-east-2.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "us-west-2")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.us-west-2.amazonaws.com", headers: {}, properties: {})
+          end
+          return Aws::Endpoints::Endpoint.new(url: "https://grafana.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+        end
+      end
+      raise ArgumentError, "Invalid Configuration: Missing Region"
+      raise ArgumentError, 'No endpoint could be resolved'
 
-    def resolve_endpoint(parameters)
-      @provider.resolve_endpoint(parameters)
     end
-
-    # @api private
-    RULES = <<-JSON
-eyJ2ZXJzaW9uIjoiMS4wIiwicGFyYW1ldGVycyI6eyJSZWdpb24iOnsiYnVp
-bHRJbiI6IkFXUzo6UmVnaW9uIiwicmVxdWlyZWQiOmZhbHNlLCJkb2N1bWVu
-dGF0aW9uIjoiVGhlIEFXUyByZWdpb24gdXNlZCB0byBkaXNwYXRjaCB0aGUg
-cmVxdWVzdC4iLCJ0eXBlIjoiU3RyaW5nIn0sIlVzZUR1YWxTdGFjayI6eyJi
-dWlsdEluIjoiQVdTOjpVc2VEdWFsU3RhY2siLCJyZXF1aXJlZCI6dHJ1ZSwi
-ZGVmYXVsdCI6ZmFsc2UsImRvY3VtZW50YXRpb24iOiJXaGVuIHRydWUsIHVz
-ZSB0aGUgZHVhbC1zdGFjayBlbmRwb2ludC4gSWYgdGhlIGNvbmZpZ3VyZWQg
-ZW5kcG9pbnQgZG9lcyBub3Qgc3VwcG9ydCBkdWFsLXN0YWNrLCBkaXNwYXRj
-aGluZyB0aGUgcmVxdWVzdCBNQVkgcmV0dXJuIGFuIGVycm9yLiIsInR5cGUi
-OiJCb29sZWFuIn0sIlVzZUZJUFMiOnsiYnVpbHRJbiI6IkFXUzo6VXNlRklQ
-UyIsInJlcXVpcmVkIjp0cnVlLCJkZWZhdWx0IjpmYWxzZSwiZG9jdW1lbnRh
-dGlvbiI6IldoZW4gdHJ1ZSwgc2VuZCB0aGlzIHJlcXVlc3QgdG8gdGhlIEZJ
-UFMtY29tcGxpYW50IHJlZ2lvbmFsIGVuZHBvaW50LiBJZiB0aGUgY29uZmln
-dXJlZCBlbmRwb2ludCBkb2VzIG5vdCBoYXZlIGEgRklQUyBjb21wbGlhbnQg
-ZW5kcG9pbnQsIGRpc3BhdGNoaW5nIHRoZSByZXF1ZXN0IHdpbGwgcmV0dXJu
-IGFuIGVycm9yLiIsInR5cGUiOiJCb29sZWFuIn0sIkVuZHBvaW50Ijp7ImJ1
-aWx0SW4iOiJTREs6OkVuZHBvaW50IiwicmVxdWlyZWQiOmZhbHNlLCJkb2N1
-bWVudGF0aW9uIjoiT3ZlcnJpZGUgdGhlIGVuZHBvaW50IHVzZWQgdG8gc2Vu
-ZCB0aGlzIHJlcXVlc3QiLCJ0eXBlIjoiU3RyaW5nIn19LCJydWxlcyI6W3si
-Y29uZGl0aW9ucyI6W3siZm4iOiJhd3MucGFydGl0aW9uIiwiYXJndiI6W3si
-cmVmIjoiUmVnaW9uIn1dLCJhc3NpZ24iOiJQYXJ0aXRpb25SZXN1bHQifV0s
-InR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOlt7ImZuIjoi
-aXNTZXQiLCJhcmd2IjpbeyJyZWYiOiJFbmRwb2ludCJ9XX0seyJmbiI6InBh
-cnNlVVJMIiwiYXJndiI6W3sicmVmIjoiRW5kcG9pbnQifV0sImFzc2lnbiI6
-InVybCJ9XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0aW9ucyI6
-W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRklQ
-UyJ9LHRydWVdfV0sImVycm9yIjoiSW52YWxpZCBDb25maWd1cmF0aW9uOiBG
-SVBTIGFuZCBjdXN0b20gZW5kcG9pbnQgYXJlIG5vdCBzdXBwb3J0ZWQiLCJ0
-eXBlIjoiZXJyb3IifSx7ImNvbmRpdGlvbnMiOltdLCJ0eXBlIjoidHJlZSIs
-InJ1bGVzIjpbeyJjb25kaXRpb25zIjpbeyJmbiI6ImJvb2xlYW5FcXVhbHMi
-LCJhcmd2IjpbeyJyZWYiOiJVc2VEdWFsU3RhY2sifSx0cnVlXX1dLCJlcnJv
-ciI6IkludmFsaWQgQ29uZmlndXJhdGlvbjogRHVhbHN0YWNrIGFuZCBjdXN0
-b20gZW5kcG9pbnQgYXJlIG5vdCBzdXBwb3J0ZWQiLCJ0eXBlIjoiZXJyb3Ii
-fSx7ImNvbmRpdGlvbnMiOltdLCJlbmRwb2ludCI6eyJ1cmwiOnsicmVmIjoi
-RW5kcG9pbnQifSwicHJvcGVydGllcyI6e30sImhlYWRlcnMiOnt9fSwidHlw
-ZSI6ImVuZHBvaW50In1dfV19LHsiY29uZGl0aW9ucyI6W3siZm4iOiJib29s
-ZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRklQUyJ9LHRydWVdfSx7
-ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt7InJlZiI6IlVzZUR1YWxT
-dGFjayJ9LHRydWVdfV0sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRp
-dGlvbnMiOlt7ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt0cnVlLHsi
-Zm4iOiJnZXRBdHRyIiwiYXJndiI6W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0
-In0sInN1cHBvcnRzRklQUyJdfV19LHsiZm4iOiJib29sZWFuRXF1YWxzIiwi
-YXJndiI6W3RydWUseyJmbiI6ImdldEF0dHIiLCJhcmd2IjpbeyJyZWYiOiJQ
-YXJ0aXRpb25SZXN1bHQifSwic3VwcG9ydHNEdWFsU3RhY2siXX1dfV0sInR5
-cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOltdLCJlbmRwb2lu
-dCI6eyJ1cmwiOiJodHRwczovL2dyYWZhbmEtZmlwcy57UmVnaW9ufS57UGFy
-dGl0aW9uUmVzdWx0I2R1YWxTdGFja0Ruc1N1ZmZpeH0iLCJwcm9wZXJ0aWVz
-Ijp7fSwiaGVhZGVycyI6e319LCJ0eXBlIjoiZW5kcG9pbnQifV19LHsiY29u
-ZGl0aW9ucyI6W10sImVycm9yIjoiRklQUyBhbmQgRHVhbFN0YWNrIGFyZSBl
-bmFibGVkLCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBub3Qgc3VwcG9ydCBv
-bmUgb3IgYm90aCIsInR5cGUiOiJlcnJvciJ9XX0seyJjb25kaXRpb25zIjpb
-eyJmbiI6ImJvb2xlYW5FcXVhbHMiLCJhcmd2IjpbeyJyZWYiOiJVc2VGSVBT
-In0sdHJ1ZV19XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0aW9u
-cyI6W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3RydWUseyJmbiI6
-ImdldEF0dHIiLCJhcmd2IjpbeyJyZWYiOiJQYXJ0aXRpb25SZXN1bHQifSwi
-c3VwcG9ydHNGSVBTIl19XX1dLCJ0eXBlIjoidHJlZSIsInJ1bGVzIjpbeyJj
-b25kaXRpb25zIjpbXSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0
-aW9ucyI6W10sImVuZHBvaW50Ijp7InVybCI6Imh0dHBzOi8vZ3JhZmFuYS1m
-aXBzLntSZWdpb259LntQYXJ0aXRpb25SZXN1bHQjZG5zU3VmZml4fSIsInBy
-b3BlcnRpZXMiOnt9LCJoZWFkZXJzIjp7fX0sInR5cGUiOiJlbmRwb2ludCJ9
-XX1dfSx7ImNvbmRpdGlvbnMiOltdLCJlcnJvciI6IkZJUFMgaXMgZW5hYmxl
-ZCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBub3Qgc3VwcG9ydCBGSVBTIiwi
-dHlwZSI6ImVycm9yIn1dfSx7ImNvbmRpdGlvbnMiOlt7ImZuIjoiYm9vbGVh
-bkVxdWFscyIsImFyZ3YiOlt7InJlZiI6IlVzZUR1YWxTdGFjayJ9LHRydWVd
-fV0sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOlt7ImZu
-IjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt0cnVlLHsiZm4iOiJnZXRBdHRy
-IiwiYXJndiI6W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0In0sInN1cHBvcnRz
-RHVhbFN0YWNrIl19XX1dLCJ0eXBlIjoidHJlZSIsInJ1bGVzIjpbeyJjb25k
-aXRpb25zIjpbXSwiZW5kcG9pbnQiOnsidXJsIjoiaHR0cHM6Ly9ncmFmYW5h
-LntSZWdpb259LntQYXJ0aXRpb25SZXN1bHQjZHVhbFN0YWNrRG5zU3VmZml4
-fSIsInByb3BlcnRpZXMiOnt9LCJoZWFkZXJzIjp7fX0sInR5cGUiOiJlbmRw
-b2ludCJ9XX0seyJjb25kaXRpb25zIjpbXSwiZXJyb3IiOiJEdWFsU3RhY2sg
-aXMgZW5hYmxlZCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBub3Qgc3VwcG9y
-dCBEdWFsU3RhY2siLCJ0eXBlIjoiZXJyb3IifV19LHsiY29uZGl0aW9ucyI6
-W10sImVuZHBvaW50Ijp7InVybCI6Imh0dHBzOi8vZ3JhZmFuYS57UmVnaW9u
-fS57UGFydGl0aW9uUmVzdWx0I2Ruc1N1ZmZpeH0iLCJwcm9wZXJ0aWVzIjp7
-fSwiaGVhZGVycyI6e319LCJ0eXBlIjoiZW5kcG9pbnQifV19XX0=
-
-    JSON
   end
 end

data/lib/aws-sdk-managedgrafana/types.rb

@@ -27,18 +27,6 @@ module Aws::ManagedGrafana
     # be used to define information about the users authenticated by the IdP
     # to use the workspace.
     #
-    # @note When making an API call, you may pass AssertionAttributes
-    #   data as a hash:
-    #
-    #       {
-    #         email: "AssertionAttribute",
-    #         groups: "AssertionAttribute",
-    #         login: "AssertionAttribute",
-    #         name: "AssertionAttribute",
-    #         org: "AssertionAttribute",
-    #         role: "AssertionAttribute",
-    #       }
-    #
     # @!attribute [rw] email
     #   The name of the attribute within the SAML assertion to use as the
     #   email names for SAML users.
@@ -82,14 +70,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass AssociateLicenseRequest
-    #   data as a hash:
-    #
-    #       {
-    #         license_type: "ENTERPRISE", # required, accepts ENTERPRISE, ENTERPRISE_FREE_TRIAL
-    #         workspace_id: "WorkspaceId", # required
-    #       }
-    #
     # @!attribute [rw] license_type
     #   The type of license to associate with the workspace.
     #   @return [String]
@@ -213,16 +193,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass CreateWorkspaceApiKeyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_name: "ApiKeyName", # required
-    #         key_role: "String", # required
-    #         seconds_to_live: 1, # required
-    #         workspace_id: "WorkspaceId", # required
-    #       }
-    #
     # @!attribute [rw] key_name
     #   Specifies the name of the key. Keynames must be unique to the
     #   workspace.
@@ -277,32 +247,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass CreateWorkspaceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         account_access_type: "CURRENT_ACCOUNT", # required, accepts CURRENT_ACCOUNT, ORGANIZATION
-    #         authentication_providers: ["AWS_SSO"], # required, accepts AWS_SSO, SAML
-    #         client_token: "ClientToken",
-    #         configuration: "OverridableConfigurationJson",
-    #         organization_role_name: "OrganizationRoleName",
-    #         permission_type: "CUSTOMER_MANAGED", # required, accepts CUSTOMER_MANAGED, SERVICE_MANAGED
-    #         stack_set_name: "StackSetName",
-    #         tags: {
-    #           "TagKey" => "TagValue",
-    #         },
-    #         vpc_configuration: {
-    #           security_group_ids: ["SecurityGroupId"], # required
-    #           subnet_ids: ["SubnetId"], # required
-    #         },
-    #         workspace_data_sources: ["AMAZON_OPENSEARCH_SERVICE"], # accepts AMAZON_OPENSEARCH_SERVICE, CLOUDWATCH, PROMETHEUS, XRAY, TIMESTREAM, SITEWISE, ATHENA, REDSHIFT, TWINMAKER
-    #         workspace_description: "Description",
-    #         workspace_name: "WorkspaceName",
-    #         workspace_notification_destinations: ["SNS"], # accepts SNS
-    #         workspace_organizational_units: ["OrganizationalUnit"],
-    #         workspace_role_arn: "IamRoleArn",
-    #       }
-    #
     # @!attribute [rw] account_access_type
     #   Specifies whether the workspace can access Amazon Web Services
     #   resources in this Amazon Web Services account only, or whether it
@@ -341,6 +285,18 @@ module Aws::ManagedGrafana
     #   [1]: https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html
     #   @return [String]
     #
+    # @!attribute [rw] network_access_control
+    #   Configuration for network access to your workspace.
+    #
+    #   When this is configured, only listed IP addresses and VPC endpoints
+    #   will be able to access your workspace. Standard Grafana
+    #   authentication and authorization will still be required.
+    #
+    #   If this is not configured, or is removed, then all IP addresses and
+    #   VPC endpoints will be allowed. Standard Grafana authentication and
+    #   authorization will still be required.
+    #   @return [Types::NetworkAccessConfiguration]
+    #
     # @!attribute [rw] organization_role_name
     #   The name of an IAM role that already exists to use with
     #   Organizations to access Amazon Web Services data sources and
@@ -439,6 +395,7 @@ module Aws::ManagedGrafana
       :authentication_providers,
       :client_token,
       :configuration,
+      :network_access_control,
       :organization_role_name,
       :permission_type,
       :stack_set_name,
@@ -466,14 +423,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DeleteWorkspaceApiKeyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_name: "ApiKeyName", # required
-    #         workspace_id: "WorkspaceId", # required
-    #       }
-    #
     # @!attribute [rw] key_name
     #   The name of the API key to delete.
     #   @return [String]
@@ -508,13 +457,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DeleteWorkspaceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         workspace_id: "WorkspaceId", # required
-    #       }
-    #
     # @!attribute [rw] workspace_id
     #   The ID of the workspace to delete.
     #   @return [String]
@@ -540,13 +482,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DescribeWorkspaceAuthenticationRequest
-    #   data as a hash:
-    #
-    #       {
-    #         workspace_id: "WorkspaceId", # required
-    #       }
-    #
     # @!attribute [rw] workspace_id
     #   The ID of the workspace to return authentication information about.
     #   @return [String]
@@ -572,13 +507,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DescribeWorkspaceConfigurationRequest
-    #   data as a hash:
-    #
-    #       {
-    #         workspace_id: "WorkspaceId", # required
-    #       }
-    #
     # @!attribute [rw] workspace_id
     #   The ID of the workspace to get configuration information for.
     #   @return [String]
@@ -609,13 +537,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DescribeWorkspaceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         workspace_id: "WorkspaceId", # required
-    #       }
-    #
     # @!attribute [rw] workspace_id
     #   The ID of the workspace to display information about.
     #   @return [String]
@@ -640,14 +561,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DisassociateLicenseRequest
-    #   data as a hash:
-    #
-    #       {
-    #         license_type: "ENTERPRISE", # required, accepts ENTERPRISE, ENTERPRISE_FREE_TRIAL
-    #         workspace_id: "WorkspaceId", # required
-    #       }
-    #
     # @!attribute [rw] license_type
     #   The type of license to remove from the workspace.
     #   @return [String]
@@ -730,18 +643,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListPermissionsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         group_id: "SsoId",
-    #         max_results: 1,
-    #         next_token: "PaginationToken",
-    #         user_id: "SsoId",
-    #         user_type: "SSO_USER", # accepts SSO_USER, SSO_GROUP
-    #         workspace_id: "WorkspaceId", # required
-    #       }
-    #
     # @!attribute [rw] group_id
     #   (Optional) Limits the results to only the group that matches this
     #   ID.
@@ -802,13 +703,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListTagsForResourceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         resource_arn: "String", # required
-    #       }
-    #
     # @!attribute [rw] resource_arn
     #   The ARN of the resource the list of tags are associated with.
     #   @return [String]
@@ -833,14 +727,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListWorkspacesRequest
-    #   data as a hash:
-    #
-    #       {
-    #         max_results: 1,
-    #         next_token: "PaginationToken",
-    #       }
-    #
     # @!attribute [rw] max_results
     #   The maximum number of workspaces to include in the results.
     #   @return [Integer]
@@ -877,6 +763,69 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
+    # The configuration settings for in-bound network access to your
+    # workspace.
+    #
+    # When this is configured, only listed IP addresses and VPC endpoints
+    # will be able to access your workspace. Standard Grafana authentication
+    # and authorization will still be required.
+    #
+    # If this is not configured, or is removed, then all IP addresses and
+    # VPC endpoints will be allowed. Standard Grafana authentication and
+    # authorization will still be required.
+    #
+    # @!attribute [rw] prefix_list_ids
+    #   An array of prefix list IDs. A prefix list is a list of CIDR ranges
+    #   of IP addresses. The IP addresses specified are allowed to access
+    #   your workspace. If the list is not included in the configuration
+    #   then no IP addresses will be allowed to access the workspace. You
+    #   create a prefix list using the Amazon VPC console.
+    #
+    #   Prefix list IDs have the format `pl-1a2b3c4d `.
+    #
+    #   For more information about prefix lists, see [Group CIDR blocks
+    #   using managed prefix lists][1]in the *Amazon Virtual Private Cloud
+    #   User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] vpce_ids
+    #   An array of Amazon VPC endpoint IDs for the workspace. You can
+    #   create VPC endpoints to your Amazon Managed Grafana workspace for
+    #   access from within a VPC. If a `NetworkAccessConfiguration` is
+    #   specified then only VPC endpoints specified here will be allowed to
+    #   access the workspace.
+    #
+    #   VPC endpoint IDs have the format `vpce-1a2b3c4d `.
+    #
+    #   For more information about creating an interface VPC endpoint, see
+    #   [Interface VPC endpoints][1] in the *Amazon Managed Grafana User
+    #   Guide*.
+    #
+    #   <note markdown="1"> The only VPC endpoints that can be specified here are interface VPC
+    #   endpoints for Grafana workspaces (using the
+    #   `com.amazonaws.[region].grafana-workspace` service endpoint). Other
+    #   VPC endpoints will be ignored.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/grafana/latest/userguide/VPC-endpoints
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/grafana-2020-08-18/NetworkAccessConfiguration AWS API Documentation
+    #
+    class NetworkAccessConfiguration < Struct.new(
+      :prefix_list_ids,
+      :vpce_ids)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A structure containing the identity of one user or group and the
     # `Admin`, `Editor`, or `Viewer` role that they have.
     #
@@ -927,14 +876,6 @@ module Aws::ManagedGrafana
     # in the workspace. SAML authenticated users not part of `Admin` or
     # `Editor` role groups have `Viewer` permission over the workspace.
     #
-    # @note When making an API call, you may pass RoleValues
-    #   data as a hash:
-    #
-    #       {
-    #         admin: ["RoleValue"],
-    #         editor: ["RoleValue"],
-    #       }
-    #
     # @!attribute [rw] admin
     #   A list of groups from the SAML assertion attribute to grant the
     #   Grafana `Admin` role to.
@@ -978,30 +919,6 @@ module Aws::ManagedGrafana
     # A structure containing information about how this workspace works with
     # SAML.
     #
-    # @note When making an API call, you may pass SamlConfiguration
-    #   data as a hash:
-    #
-    #       {
-    #         allowed_organizations: ["AllowedOrganization"],
-    #         assertion_attributes: {
-    #           email: "AssertionAttribute",
-    #           groups: "AssertionAttribute",
-    #           login: "AssertionAttribute",
-    #           name: "AssertionAttribute",
-    #           org: "AssertionAttribute",
-    #           role: "AssertionAttribute",
-    #         },
-    #         idp_metadata: { # required
-    #           url: "IdpMetadataUrl",
-    #           xml: "String",
-    #         },
-    #         login_validity_duration: 1,
-    #         role_values: {
-    #           admin: ["RoleValue"],
-    #           editor: ["RoleValue"],
-    #         },
-    #       }
-    #
     # @!attribute [rw] allowed_organizations
     #   Lists which organizations defined in the SAML assertion are allowed
     #   to use the Amazon Managed Grafana workspace. If this is empty, all
@@ -1076,16 +993,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass TagResourceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         resource_arn: "String", # required
-    #         tags: { # required
-    #           "TagKey" => "TagValue",
-    #         },
-    #       }
-    #
     # @!attribute [rw] resource_arn
     #   The ARN of the resource the tag is associated with.
     #   @return [String]
@@ -1139,14 +1046,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass UntagResourceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         resource_arn: "String", # required
-    #         tag_keys: ["TagKey"], # required
-    #       }
-    #
     # @!attribute [rw] resource_arn
     #   The ARN of the resource the tag association is removed from.
     #   @return [String]
@@ -1204,20 +1103,6 @@ module Aws::ManagedGrafana
     #
     # [1]: https://docs.aws.amazon.com/grafana/latest/APIReference/API_UpdatePermissions.html
     #
-    # @note When making an API call, you may pass UpdateInstruction
-    #   data as a hash:
-    #
-    #       {
-    #         action: "ADD", # required, accepts ADD, REVOKE
-    #         role: "ADMIN", # required, accepts ADMIN, EDITOR, VIEWER
-    #         users: [ # required
-    #           {
-    #             id: "SsoId", # required
-    #             type: "SSO_USER", # required, accepts SSO_USER, SSO_GROUP
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] action
     #   Specifies whether this update is to add or revoke role permissions.
     #   @return [String]
@@ -1242,25 +1127,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass UpdatePermissionsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         update_instruction_batch: [ # required
-    #           {
-    #             action: "ADD", # required, accepts ADD, REVOKE
-    #             role: "ADMIN", # required, accepts ADMIN, EDITOR, VIEWER
-    #             users: [ # required
-    #               {
-    #                 id: "SsoId", # required
-    #                 type: "SSO_USER", # required, accepts SSO_USER, SSO_GROUP
-    #               },
-    #             ],
-    #           },
-    #         ],
-    #         workspace_id: "WorkspaceId", # required
-    #       }
-    #
     # @!attribute [rw] update_instruction_batch
     #   An array of structures that contain the permission updates to make.
     #   @return [Array<Types::UpdateInstruction>]
@@ -1291,34 +1157,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass UpdateWorkspaceAuthenticationRequest
-    #   data as a hash:
-    #
-    #       {
-    #         authentication_providers: ["AWS_SSO"], # required, accepts AWS_SSO, SAML
-    #         saml_configuration: {
-    #           allowed_organizations: ["AllowedOrganization"],
-    #           assertion_attributes: {
-    #             email: "AssertionAttribute",
-    #             groups: "AssertionAttribute",
-    #             login: "AssertionAttribute",
-    #             name: "AssertionAttribute",
-    #             org: "AssertionAttribute",
-    #             role: "AssertionAttribute",
-    #           },
-    #           idp_metadata: { # required
-    #             url: "IdpMetadataUrl",
-    #             xml: "String",
-    #           },
-    #           login_validity_duration: 1,
-    #           role_values: {
-    #             admin: ["RoleValue"],
-    #             editor: ["RoleValue"],
-    #           },
-    #         },
-    #         workspace_id: "WorkspaceId", # required
-    #       }
-    #
     # @!attribute [rw] authentication_providers
     #   Specifies whether this workspace uses SAML 2.0, IAM Identity Center
     #   (successor to Single Sign-On), or both to authenticate users for
@@ -1364,14 +1202,6 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass UpdateWorkspaceConfigurationRequest
-    #   data as a hash:
-    #
-    #       {
-    #         configuration: "OverridableConfigurationJson", # required
-    #         workspace_id: "WorkspaceId", # required
-    #       }
-    #
     # @!attribute [rw] configuration
     #   The new configuration string for the workspace. For more information
     #   about the format and configuration options available, see [Working
@@ -1399,28 +1229,6 @@ module Aws::ManagedGrafana
     #
     class UpdateWorkspaceConfigurationResponse < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass UpdateWorkspaceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         account_access_type: "CURRENT_ACCOUNT", # accepts CURRENT_ACCOUNT, ORGANIZATION
-    #         organization_role_name: "OrganizationRoleName",
-    #         permission_type: "CUSTOMER_MANAGED", # accepts CUSTOMER_MANAGED, SERVICE_MANAGED
-    #         remove_vpc_configuration: false,
-    #         stack_set_name: "StackSetName",
-    #         vpc_configuration: {
-    #           security_group_ids: ["SecurityGroupId"], # required
-    #           subnet_ids: ["SubnetId"], # required
-    #         },
-    #         workspace_data_sources: ["AMAZON_OPENSEARCH_SERVICE"], # accepts AMAZON_OPENSEARCH_SERVICE, CLOUDWATCH, PROMETHEUS, XRAY, TIMESTREAM, SITEWISE, ATHENA, REDSHIFT, TWINMAKER
-    #         workspace_description: "Description",
-    #         workspace_id: "WorkspaceId", # required
-    #         workspace_name: "WorkspaceName",
-    #         workspace_notification_destinations: ["SNS"], # accepts SNS
-    #         workspace_organizational_units: ["OrganizationalUnit"],
-    #         workspace_role_arn: "IamRoleArn",
-    #       }
-    #
     # @!attribute [rw] account_access_type
     #   Specifies whether the workspace can access Amazon Web Services
     #   resources in this Amazon Web Services account only, or whether it
@@ -1430,13 +1238,25 @@ module Aws::ManagedGrafana
     #   `workspaceOrganizationalUnits` parameter.
     #   @return [String]
     #
+    # @!attribute [rw] network_access_control
+    #   The configuration settings for network access to your workspace.
+    #
+    #   When this is configured, only listed IP addresses and VPC endpoints
+    #   will be able to access your workspace. Standard Grafana
+    #   authentication and authorization will still be required.
+    #
+    #   If this is not configured, or is removed, then all IP addresses and
+    #   VPC endpoints will be allowed. Standard Grafana authentication and
+    #   authorization will still be required.
+    #   @return [Types::NetworkAccessConfiguration]
+    #
     # @!attribute [rw] organization_role_name
     #   The name of an IAM role that already exists to use to access
     #   resources through Organizations.
     #   @return [String]
     #
     # @!attribute [rw] permission_type
-    #   If you specify `Service Managed`, Amazon Managed Grafana
+    #   If you specify `SERVICE_MANAGED`, Amazon Managed Grafana
     #   automatically creates the IAM roles and provisions the permissions
     #   that the workspace needs to use Amazon Web Services data sources and
     #   notification channels.
@@ -1457,6 +1277,18 @@ module Aws::ManagedGrafana
     #   [1]: https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html
     #   @return [String]
     #
+    # @!attribute [rw] remove_network_access_configuration
+    #   Whether to remove the network access configuration from the
+    #   workspace.
+    #
+    #   Setting this to `true` and providing a `networkAccessControl` to set
+    #   will return an error.
+    #
+    #   If you remove this configuration by setting this to `true`, then all
+    #   IP addresses and VPC endpoints will be allowed. Standard Grafana
+    #   authentication and authorization will still be required.
+    #   @return [Boolean]
+    #
     # @!attribute [rw] remove_vpc_configuration
     #   Whether to remove the VPC configuration from the workspace.
     #
@@ -1527,8 +1359,10 @@ module Aws::ManagedGrafana
     #
     class UpdateWorkspaceRequest < Struct.new(
       :account_access_type,
+      :network_access_control,
       :organization_role_name,
       :permission_type,
+      :remove_network_access_configuration,
       :remove_vpc_configuration,
       :stack_set_name,
       :vpc_configuration,
@@ -1557,14 +1391,6 @@ module Aws::ManagedGrafana
 
     # A structure that specifies one user or group in the workspace.
     #
-    # @note When making an API call, you may pass User
-    #   data as a hash:
-    #
-    #       {
-    #         id: "SsoId", # required
-    #         type: "SSO_USER", # required, accepts SSO_USER, SSO_GROUP
-    #       }
-    #
     # @!attribute [rw] id
     #   The ID of the user or group.
     #
@@ -1632,22 +1458,19 @@ module Aws::ManagedGrafana
     # The configuration settings for an Amazon VPC that contains data
     # sources for your Grafana workspace to connect to.
     #
-    # @note When making an API call, you may pass VpcConfiguration
-    #   data as a hash:
+    # <note markdown="1"> Provided `securityGroupIds` and `subnetIds` must be part of the same
+    # VPC.
     #
-    #       {
-    #         security_group_ids: ["SecurityGroupId"], # required
-    #         subnet_ids: ["SubnetId"], # required
-    #       }
+    #  </note>
     #
     # @!attribute [rw] security_group_ids
     #   The list of Amazon EC2 security group IDs attached to the Amazon VPC
-    #   for your Grafana workspace to connect.
+    #   for your Grafana workspace to connect. Duplicates not allowed.
     #   @return [Array<String>]
     #
     # @!attribute [rw] subnet_ids
     #   The list of Amazon EC2 subnet IDs created in the Amazon VPC for your
-    #   Grafana workspace to connect.
+    #   Grafana workspace to connect. Duplicates not allowed.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/grafana-2020-08-18/VpcConfiguration AWS API Documentation
@@ -1731,6 +1554,10 @@ module Aws::ManagedGrafana
     #   The name of the workspace.
     #   @return [String]
     #
+    # @!attribute [rw] network_access_control
+    #   The configuration settings for network access to your workspace.
+    #   @return [Types::NetworkAccessConfiguration]
+    #
     # @!attribute [rw] notification_destinations
     #   The Amazon Web Services notification channels that Amazon Managed
     #   Grafana can automatically create IAM roles and permissions for, to
@@ -1749,7 +1576,7 @@ module Aws::ManagedGrafana
     #   @return [Array<String>]
     #
     # @!attribute [rw] permission_type
-    #   If this is `Service Managed`, Amazon Managed Grafana automatically
+    #   If this is `SERVICE_MANAGED`, Amazon Managed Grafana automatically
     #   creates the IAM roles and provisions the permissions that the
     #   workspace needs to use Amazon Web Services data sources and
     #   notification channels.
@@ -1811,6 +1638,7 @@ module Aws::ManagedGrafana
       :license_type,
       :modified,
       :name,
+      :network_access_control,
       :notification_destinations,
       :organization_role_name,
       :organizational_units,

data/lib/aws-sdk-managedgrafana.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-managedgrafana/customizations'
 # @!group service
 module Aws::ManagedGrafana
 
-  GEM_VERSION = '1.10.0'
+  GEM_VERSION = '1.12.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-managedgrafana
 version: !ruby/object:Gem::Version
-  version: 1.10.0
+  version: 1.12.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-11-23 00:00:00.000000000 Z
+date: 2023-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core