aws-sdk-managedgrafana 1.11.0 → 1.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5c042706cd987c8288ba8bda68a372567005bf1c4d28a6346890d7089467b7eb
-  data.tar.gz: 73f9ebce553690ff0595933d91d41f84de83447434cf7166424a83efa0fe0dd1
+  metadata.gz: dbed3c483cb41a8ed9c42655e36beb415da0a7c1a45e21ad77554152ebd627fd
+  data.tar.gz: cfa5fb3b3859d7c141652054436061144dea64c925d9f629b4db914cc0c5e89c
 SHA512:
-  metadata.gz: d8971fdb9c58e1da39b7eb71ec90b3f68d801023611610dfa5f9e66690911216e0ef9df2a399e815cd9fa8af17936bf433ac38346e0a38f6ad0c06e38d3f8e75
-  data.tar.gz: 977707474817b9bafb4c89c57362a80df22c70babdd9c4e7ae0d2f225f5e75c86000832ddca5b8f5ed2d18541f285dbb042ced433f7b83d5795995a37e4857d3
+  metadata.gz: 026314fed6e3710f307837edf8daf8b965133b2b3289f7b95befe1503bf0c4b6e79df1f6ada184ef77c59a0b7ee27faa58212f6bb73247be025fe88d7e199472
+  data.tar.gz: bef0e55956c9c8b6d9ad29a882e0b35018f59c68aebc0ad31ce3bacf0e04807f80af4d65ae2ec6e276b5086705d6a6e334a07b20a3e5c40b4293fca37f2d331b

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.12.0 (2023-02-16)
+------------------
+
+* Feature - With this release Amazon Managed Grafana now supports inbound Network Access Control that helps you to restrict user access to your Grafana workspaces
+
 1.11.0 (2023-01-18)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.11.0
+1.12.0

data/lib/aws-sdk-managedgrafana/client.rb

@@ -412,6 +412,10 @@ module Aws::ManagedGrafana
     #   resp.workspace.license_type #=> String, one of "ENTERPRISE", "ENTERPRISE_FREE_TRIAL"
     #   resp.workspace.modified #=> Time
     #   resp.workspace.name #=> String
+    #   resp.workspace.network_access_control.prefix_list_ids #=> Array
+    #   resp.workspace.network_access_control.prefix_list_ids[0] #=> String
+    #   resp.workspace.network_access_control.vpce_ids #=> Array
+    #   resp.workspace.network_access_control.vpce_ids[0] #=> String
     #   resp.workspace.notification_destinations #=> Array
     #   resp.workspace.notification_destinations[0] #=> String, one of "SNS"
     #   resp.workspace.organization_role_name #=> String
@@ -487,6 +491,17 @@ module Aws::ManagedGrafana
     #
     #   [1]: https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html
     #
+    # @option params [Types::NetworkAccessConfiguration] :network_access_control
+    #   Configuration for network access to your workspace.
+    #
+    #   When this is configured, only listed IP addresses and VPC endpoints
+    #   will be able to access your workspace. Standard Grafana authentication
+    #   and authorization will still be required.
+    #
+    #   If this is not configured, or is removed, then all IP addresses and
+    #   VPC endpoints will be allowed. Standard Grafana authentication and
+    #   authorization will still be required.
+    #
     # @option params [String] :organization_role_name
     #   The name of an IAM role that already exists to use with Organizations
     #   to access Amazon Web Services data sources and notification channels
@@ -577,6 +592,10 @@ module Aws::ManagedGrafana
     #     authentication_providers: ["AWS_SSO"], # required, accepts AWS_SSO, SAML
     #     client_token: "ClientToken",
     #     configuration: "OverridableConfigurationJson",
+    #     network_access_control: {
+    #       prefix_list_ids: ["PrefixListId"], # required
+    #       vpce_ids: ["VpceId"], # required
+    #     },
     #     organization_role_name: "OrganizationRoleName",
     #     permission_type: "CUSTOMER_MANAGED", # required, accepts CUSTOMER_MANAGED, SERVICE_MANAGED
     #     stack_set_name: "StackSetName",
@@ -614,6 +633,10 @@ module Aws::ManagedGrafana
     #   resp.workspace.license_type #=> String, one of "ENTERPRISE", "ENTERPRISE_FREE_TRIAL"
     #   resp.workspace.modified #=> Time
     #   resp.workspace.name #=> String
+    #   resp.workspace.network_access_control.prefix_list_ids #=> Array
+    #   resp.workspace.network_access_control.prefix_list_ids[0] #=> String
+    #   resp.workspace.network_access_control.vpce_ids #=> Array
+    #   resp.workspace.network_access_control.vpce_ids[0] #=> String
     #   resp.workspace.notification_destinations #=> Array
     #   resp.workspace.notification_destinations[0] #=> String, one of "SNS"
     #   resp.workspace.organization_role_name #=> String
@@ -728,6 +751,10 @@ module Aws::ManagedGrafana
     #   resp.workspace.license_type #=> String, one of "ENTERPRISE", "ENTERPRISE_FREE_TRIAL"
     #   resp.workspace.modified #=> Time
     #   resp.workspace.name #=> String
+    #   resp.workspace.network_access_control.prefix_list_ids #=> Array
+    #   resp.workspace.network_access_control.prefix_list_ids[0] #=> String
+    #   resp.workspace.network_access_control.vpce_ids #=> Array
+    #   resp.workspace.network_access_control.vpce_ids[0] #=> String
     #   resp.workspace.notification_destinations #=> Array
     #   resp.workspace.notification_destinations[0] #=> String, one of "SNS"
     #   resp.workspace.organization_role_name #=> String
@@ -821,6 +848,10 @@ module Aws::ManagedGrafana
     #   resp.workspace.license_type #=> String, one of "ENTERPRISE", "ENTERPRISE_FREE_TRIAL"
     #   resp.workspace.modified #=> Time
     #   resp.workspace.name #=> String
+    #   resp.workspace.network_access_control.prefix_list_ids #=> Array
+    #   resp.workspace.network_access_control.prefix_list_ids[0] #=> String
+    #   resp.workspace.network_access_control.vpce_ids #=> Array
+    #   resp.workspace.network_access_control.vpce_ids[0] #=> String
     #   resp.workspace.notification_destinations #=> Array
     #   resp.workspace.notification_destinations[0] #=> String, one of "SNS"
     #   resp.workspace.organization_role_name #=> String
@@ -959,6 +990,10 @@ module Aws::ManagedGrafana
     #   resp.workspace.license_type #=> String, one of "ENTERPRISE", "ENTERPRISE_FREE_TRIAL"
     #   resp.workspace.modified #=> Time
     #   resp.workspace.name #=> String
+    #   resp.workspace.network_access_control.prefix_list_ids #=> Array
+    #   resp.workspace.network_access_control.prefix_list_ids[0] #=> String
+    #   resp.workspace.network_access_control.vpce_ids #=> Array
+    #   resp.workspace.network_access_control.vpce_ids[0] #=> String
     #   resp.workspace.notification_destinations #=> Array
     #   resp.workspace.notification_destinations[0] #=> String, one of "SNS"
     #   resp.workspace.organization_role_name #=> String
@@ -1277,12 +1312,23 @@ module Aws::ManagedGrafana
     #   which organizational units the workspace can access in the
     #   `workspaceOrganizationalUnits` parameter.
     #
+    # @option params [Types::NetworkAccessConfiguration] :network_access_control
+    #   The configuration settings for network access to your workspace.
+    #
+    #   When this is configured, only listed IP addresses and VPC endpoints
+    #   will be able to access your workspace. Standard Grafana authentication
+    #   and authorization will still be required.
+    #
+    #   If this is not configured, or is removed, then all IP addresses and
+    #   VPC endpoints will be allowed. Standard Grafana authentication and
+    #   authorization will still be required.
+    #
     # @option params [String] :organization_role_name
     #   The name of an IAM role that already exists to use to access resources
     #   through Organizations.
     #
     # @option params [String] :permission_type
-    #   If you specify `Service Managed`, Amazon Managed Grafana automatically
+    #   If you specify `SERVICE_MANAGED`, Amazon Managed Grafana automatically
     #   creates the IAM roles and provisions the permissions that the
     #   workspace needs to use Amazon Web Services data sources and
     #   notification channels.
@@ -1302,6 +1348,16 @@ module Aws::ManagedGrafana
     #
     #   [1]: https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html
     #
+    # @option params [Boolean] :remove_network_access_configuration
+    #   Whether to remove the network access configuration from the workspace.
+    #
+    #   Setting this to `true` and providing a `networkAccessControl` to set
+    #   will return an error.
+    #
+    #   If you remove this configuration by setting this to `true`, then all
+    #   IP addresses and VPC endpoints will be allowed. Standard Grafana
+    #   authentication and authorization will still be required.
+    #
     # @option params [Boolean] :remove_vpc_configuration
     #   Whether to remove the VPC configuration from the workspace.
     #
@@ -1364,8 +1420,13 @@ module Aws::ManagedGrafana
     #
     #   resp = client.update_workspace({
     #     account_access_type: "CURRENT_ACCOUNT", # accepts CURRENT_ACCOUNT, ORGANIZATION
+    #     network_access_control: {
+    #       prefix_list_ids: ["PrefixListId"], # required
+    #       vpce_ids: ["VpceId"], # required
+    #     },
     #     organization_role_name: "OrganizationRoleName",
     #     permission_type: "CUSTOMER_MANAGED", # accepts CUSTOMER_MANAGED, SERVICE_MANAGED
+    #     remove_network_access_configuration: false,
     #     remove_vpc_configuration: false,
     #     stack_set_name: "StackSetName",
     #     vpc_configuration: {
@@ -1400,6 +1461,10 @@ module Aws::ManagedGrafana
     #   resp.workspace.license_type #=> String, one of "ENTERPRISE", "ENTERPRISE_FREE_TRIAL"
     #   resp.workspace.modified #=> Time
     #   resp.workspace.name #=> String
+    #   resp.workspace.network_access_control.prefix_list_ids #=> Array
+    #   resp.workspace.network_access_control.prefix_list_ids[0] #=> String
+    #   resp.workspace.network_access_control.vpce_ids #=> Array
+    #   resp.workspace.network_access_control.vpce_ids[0] #=> String
     #   resp.workspace.notification_destinations #=> Array
     #   resp.workspace.notification_destinations[0] #=> String, one of "SNS"
     #   resp.workspace.organization_role_name #=> String
@@ -1561,7 +1626,7 @@ module Aws::ManagedGrafana
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-managedgrafana'
-      context[:gem_version] = '1.11.0'
+      context[:gem_version] = '1.12.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-managedgrafana/client_api.rb

@@ -68,6 +68,7 @@ module Aws::ManagedGrafana
     ListWorkspacesRequestMaxResultsInteger = Shapes::IntegerShape.new(name: 'ListWorkspacesRequestMaxResultsInteger')
     ListWorkspacesResponse = Shapes::StructureShape.new(name: 'ListWorkspacesResponse')
     LoginValidityDuration = Shapes::IntegerShape.new(name: 'LoginValidityDuration')
+    NetworkAccessConfiguration = Shapes::StructureShape.new(name: 'NetworkAccessConfiguration')
     NotificationDestinationType = Shapes::StringShape.new(name: 'NotificationDestinationType')
     NotificationDestinationsList = Shapes::ListShape.new(name: 'NotificationDestinationsList')
     OrganizationRoleName = Shapes::StringShape.new(name: 'OrganizationRoleName')
@@ -78,6 +79,8 @@ module Aws::ManagedGrafana
     PermissionEntry = Shapes::StructureShape.new(name: 'PermissionEntry')
     PermissionEntryList = Shapes::ListShape.new(name: 'PermissionEntryList')
     PermissionType = Shapes::StringShape.new(name: 'PermissionType')
+    PrefixListId = Shapes::StringShape.new(name: 'PrefixListId')
+    PrefixListIds = Shapes::ListShape.new(name: 'PrefixListIds')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
     Role = Shapes::StringShape.new(name: 'Role')
     RoleValue = Shapes::StringShape.new(name: 'RoleValue')
@@ -127,6 +130,8 @@ module Aws::ManagedGrafana
     ValidationExceptionFieldList = Shapes::ListShape.new(name: 'ValidationExceptionFieldList')
     ValidationExceptionReason = Shapes::StringShape.new(name: 'ValidationExceptionReason')
     VpcConfiguration = Shapes::StructureShape.new(name: 'VpcConfiguration')
+    VpceId = Shapes::StringShape.new(name: 'VpceId')
+    VpceIds = Shapes::ListShape.new(name: 'VpceIds')
     WorkspaceDescription = Shapes::StructureShape.new(name: 'WorkspaceDescription')
     WorkspaceId = Shapes::StringShape.new(name: 'WorkspaceId')
     WorkspaceList = Shapes::ListShape.new(name: 'WorkspaceList')
@@ -188,6 +193,7 @@ module Aws::ManagedGrafana
     CreateWorkspaceRequest.add_member(:authentication_providers, Shapes::ShapeRef.new(shape: AuthenticationProviders, required: true, location_name: "authenticationProviders"))
     CreateWorkspaceRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: ClientToken, location_name: "clientToken", metadata: {"idempotencyToken"=>true}))
     CreateWorkspaceRequest.add_member(:configuration, Shapes::ShapeRef.new(shape: OverridableConfigurationJson, location_name: "configuration", metadata: {"jsonvalue"=>true}))
+    CreateWorkspaceRequest.add_member(:network_access_control, Shapes::ShapeRef.new(shape: NetworkAccessConfiguration, location_name: "networkAccessControl"))
     CreateWorkspaceRequest.add_member(:organization_role_name, Shapes::ShapeRef.new(shape: OrganizationRoleName, location_name: "organizationRoleName"))
     CreateWorkspaceRequest.add_member(:permission_type, Shapes::ShapeRef.new(shape: PermissionType, required: true, location_name: "permissionType"))
     CreateWorkspaceRequest.add_member(:stack_set_name, Shapes::ShapeRef.new(shape: StackSetName, location_name: "stackSetName"))
@@ -283,6 +289,10 @@ module Aws::ManagedGrafana
     ListWorkspacesResponse.add_member(:workspaces, Shapes::ShapeRef.new(shape: WorkspaceList, required: true, location_name: "workspaces"))
     ListWorkspacesResponse.struct_class = Types::ListWorkspacesResponse
 
+    NetworkAccessConfiguration.add_member(:prefix_list_ids, Shapes::ShapeRef.new(shape: PrefixListIds, required: true, location_name: "prefixListIds"))
+    NetworkAccessConfiguration.add_member(:vpce_ids, Shapes::ShapeRef.new(shape: VpceIds, required: true, location_name: "vpceIds"))
+    NetworkAccessConfiguration.struct_class = Types::NetworkAccessConfiguration
+
     NotificationDestinationsList.member = Shapes::ShapeRef.new(shape: NotificationDestinationType)
 
     OrganizationalUnitList.member = Shapes::ShapeRef.new(shape: OrganizationalUnit)
@@ -293,6 +303,8 @@ module Aws::ManagedGrafana
 
     PermissionEntryList.member = Shapes::ShapeRef.new(shape: PermissionEntry)
 
+    PrefixListIds.member = Shapes::ShapeRef.new(shape: PrefixListId)
+
     ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     ResourceNotFoundException.add_member(:resource_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceId"))
     ResourceNotFoundException.add_member(:resource_type, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceType"))
@@ -385,8 +397,10 @@ module Aws::ManagedGrafana
     UpdateWorkspaceConfigurationResponse.struct_class = Types::UpdateWorkspaceConfigurationResponse
 
     UpdateWorkspaceRequest.add_member(:account_access_type, Shapes::ShapeRef.new(shape: AccountAccessType, location_name: "accountAccessType"))
+    UpdateWorkspaceRequest.add_member(:network_access_control, Shapes::ShapeRef.new(shape: NetworkAccessConfiguration, location_name: "networkAccessControl"))
     UpdateWorkspaceRequest.add_member(:organization_role_name, Shapes::ShapeRef.new(shape: OrganizationRoleName, location_name: "organizationRoleName"))
     UpdateWorkspaceRequest.add_member(:permission_type, Shapes::ShapeRef.new(shape: PermissionType, location_name: "permissionType"))
+    UpdateWorkspaceRequest.add_member(:remove_network_access_configuration, Shapes::ShapeRef.new(shape: Boolean, location_name: "removeNetworkAccessConfiguration"))
     UpdateWorkspaceRequest.add_member(:remove_vpc_configuration, Shapes::ShapeRef.new(shape: Boolean, location_name: "removeVpcConfiguration"))
     UpdateWorkspaceRequest.add_member(:stack_set_name, Shapes::ShapeRef.new(shape: StackSetName, location_name: "stackSetName"))
     UpdateWorkspaceRequest.add_member(:vpc_configuration, Shapes::ShapeRef.new(shape: VpcConfiguration, location_name: "vpcConfiguration"))
@@ -423,6 +437,8 @@ module Aws::ManagedGrafana
     VpcConfiguration.add_member(:subnet_ids, Shapes::ShapeRef.new(shape: SubnetIds, required: true, location_name: "subnetIds"))
     VpcConfiguration.struct_class = Types::VpcConfiguration
 
+    VpceIds.member = Shapes::ShapeRef.new(shape: VpceId)
+
     WorkspaceDescription.add_member(:account_access_type, Shapes::ShapeRef.new(shape: AccountAccessType, location_name: "accountAccessType"))
     WorkspaceDescription.add_member(:authentication, Shapes::ShapeRef.new(shape: AuthenticationSummary, required: true, location_name: "authentication"))
     WorkspaceDescription.add_member(:created, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "created"))
@@ -437,6 +453,7 @@ module Aws::ManagedGrafana
     WorkspaceDescription.add_member(:license_type, Shapes::ShapeRef.new(shape: LicenseType, location_name: "licenseType"))
     WorkspaceDescription.add_member(:modified, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "modified"))
     WorkspaceDescription.add_member(:name, Shapes::ShapeRef.new(shape: WorkspaceName, location_name: "name"))
+    WorkspaceDescription.add_member(:network_access_control, Shapes::ShapeRef.new(shape: NetworkAccessConfiguration, location_name: "networkAccessControl"))
     WorkspaceDescription.add_member(:notification_destinations, Shapes::ShapeRef.new(shape: NotificationDestinationsList, location_name: "notificationDestinations"))
     WorkspaceDescription.add_member(:organization_role_name, Shapes::ShapeRef.new(shape: OrganizationRoleName, location_name: "organizationRoleName"))
     WorkspaceDescription.add_member(:organizational_units, Shapes::ShapeRef.new(shape: OrganizationalUnitList, location_name: "organizationalUnits"))

data/lib/aws-sdk-managedgrafana/endpoint_provider.rb

@@ -14,36 +14,69 @@ module Aws::ManagedGrafana
       use_dual_stack = parameters.use_dual_stack
       use_fips = parameters.use_fips
       endpoint = parameters.endpoint
-      if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-        if Aws::Endpoints::Matchers.set?(endpoint) && (url = Aws::Endpoints::Matchers.parse_url(endpoint))
+      if Aws::Endpoints::Matchers.set?(endpoint)
+        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+          raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
+        end
+        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
+        end
+        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+      end
+      if Aws::Endpoints::Matchers.set?(region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://grafana-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
+          end
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+              return Aws::Endpoints::Endpoint.new(url: "https://grafana-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-            raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://grafana.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
-          return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
-        end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-            return Aws::Endpoints::Endpoint.new(url: "https://grafana-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+          if Aws::Endpoints::Matchers.string_equals?(region, "ap-northeast-1")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.ap-northeast-1.amazonaws.com", headers: {}, properties: {})
           end
-          raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
-        end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-            return Aws::Endpoints::Endpoint.new(url: "https://grafana-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+          if Aws::Endpoints::Matchers.string_equals?(region, "ap-northeast-2")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.ap-northeast-2.amazonaws.com", headers: {}, properties: {})
           end
-          raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
-        end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-            return Aws::Endpoints::Endpoint.new(url: "https://grafana.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+          if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-1")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.ap-southeast-1.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-2")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.ap-southeast-2.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "eu-central-1")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.eu-central-1.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-1")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.eu-west-1.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-2")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.eu-west-2.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "us-east-1")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.us-east-1.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "us-east-2")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.us-east-2.amazonaws.com", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(region, "us-west-2")
+            return Aws::Endpoints::Endpoint.new(url: "https://grafana.us-west-2.amazonaws.com", headers: {}, properties: {})
           end
-          raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
+          return Aws::Endpoints::Endpoint.new(url: "https://grafana.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end
-        return Aws::Endpoints::Endpoint.new(url: "https://grafana.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
       end
+      raise ArgumentError, "Invalid Configuration: Missing Region"
       raise ArgumentError, 'No endpoint could be resolved'
 
     end

data/lib/aws-sdk-managedgrafana/types.rb

@@ -285,6 +285,18 @@ module Aws::ManagedGrafana
     #   [1]: https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html
     #   @return [String]
     #
+    # @!attribute [rw] network_access_control
+    #   Configuration for network access to your workspace.
+    #
+    #   When this is configured, only listed IP addresses and VPC endpoints
+    #   will be able to access your workspace. Standard Grafana
+    #   authentication and authorization will still be required.
+    #
+    #   If this is not configured, or is removed, then all IP addresses and
+    #   VPC endpoints will be allowed. Standard Grafana authentication and
+    #   authorization will still be required.
+    #   @return [Types::NetworkAccessConfiguration]
+    #
     # @!attribute [rw] organization_role_name
     #   The name of an IAM role that already exists to use with
     #   Organizations to access Amazon Web Services data sources and
@@ -383,6 +395,7 @@ module Aws::ManagedGrafana
       :authentication_providers,
       :client_token,
       :configuration,
+      :network_access_control,
       :organization_role_name,
       :permission_type,
       :stack_set_name,
@@ -750,6 +763,69 @@ module Aws::ManagedGrafana
       include Aws::Structure
     end
 
+    # The configuration settings for in-bound network access to your
+    # workspace.
+    #
+    # When this is configured, only listed IP addresses and VPC endpoints
+    # will be able to access your workspace. Standard Grafana authentication
+    # and authorization will still be required.
+    #
+    # If this is not configured, or is removed, then all IP addresses and
+    # VPC endpoints will be allowed. Standard Grafana authentication and
+    # authorization will still be required.
+    #
+    # @!attribute [rw] prefix_list_ids
+    #   An array of prefix list IDs. A prefix list is a list of CIDR ranges
+    #   of IP addresses. The IP addresses specified are allowed to access
+    #   your workspace. If the list is not included in the configuration
+    #   then no IP addresses will be allowed to access the workspace. You
+    #   create a prefix list using the Amazon VPC console.
+    #
+    #   Prefix list IDs have the format `pl-1a2b3c4d `.
+    #
+    #   For more information about prefix lists, see [Group CIDR blocks
+    #   using managed prefix lists][1]in the *Amazon Virtual Private Cloud
+    #   User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] vpce_ids
+    #   An array of Amazon VPC endpoint IDs for the workspace. You can
+    #   create VPC endpoints to your Amazon Managed Grafana workspace for
+    #   access from within a VPC. If a `NetworkAccessConfiguration` is
+    #   specified then only VPC endpoints specified here will be allowed to
+    #   access the workspace.
+    #
+    #   VPC endpoint IDs have the format `vpce-1a2b3c4d `.
+    #
+    #   For more information about creating an interface VPC endpoint, see
+    #   [Interface VPC endpoints][1] in the *Amazon Managed Grafana User
+    #   Guide*.
+    #
+    #   <note markdown="1"> The only VPC endpoints that can be specified here are interface VPC
+    #   endpoints for Grafana workspaces (using the
+    #   `com.amazonaws.[region].grafana-workspace` service endpoint). Other
+    #   VPC endpoints will be ignored.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/grafana/latest/userguide/VPC-endpoints
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/grafana-2020-08-18/NetworkAccessConfiguration AWS API Documentation
+    #
+    class NetworkAccessConfiguration < Struct.new(
+      :prefix_list_ids,
+      :vpce_ids)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A structure containing the identity of one user or group and the
     # `Admin`, `Editor`, or `Viewer` role that they have.
     #
@@ -1162,13 +1238,25 @@ module Aws::ManagedGrafana
     #   `workspaceOrganizationalUnits` parameter.
     #   @return [String]
     #
+    # @!attribute [rw] network_access_control
+    #   The configuration settings for network access to your workspace.
+    #
+    #   When this is configured, only listed IP addresses and VPC endpoints
+    #   will be able to access your workspace. Standard Grafana
+    #   authentication and authorization will still be required.
+    #
+    #   If this is not configured, or is removed, then all IP addresses and
+    #   VPC endpoints will be allowed. Standard Grafana authentication and
+    #   authorization will still be required.
+    #   @return [Types::NetworkAccessConfiguration]
+    #
     # @!attribute [rw] organization_role_name
     #   The name of an IAM role that already exists to use to access
     #   resources through Organizations.
     #   @return [String]
     #
     # @!attribute [rw] permission_type
-    #   If you specify `Service Managed`, Amazon Managed Grafana
+    #   If you specify `SERVICE_MANAGED`, Amazon Managed Grafana
     #   automatically creates the IAM roles and provisions the permissions
     #   that the workspace needs to use Amazon Web Services data sources and
     #   notification channels.
@@ -1189,6 +1277,18 @@ module Aws::ManagedGrafana
     #   [1]: https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html
     #   @return [String]
     #
+    # @!attribute [rw] remove_network_access_configuration
+    #   Whether to remove the network access configuration from the
+    #   workspace.
+    #
+    #   Setting this to `true` and providing a `networkAccessControl` to set
+    #   will return an error.
+    #
+    #   If you remove this configuration by setting this to `true`, then all
+    #   IP addresses and VPC endpoints will be allowed. Standard Grafana
+    #   authentication and authorization will still be required.
+    #   @return [Boolean]
+    #
     # @!attribute [rw] remove_vpc_configuration
     #   Whether to remove the VPC configuration from the workspace.
     #
@@ -1259,8 +1359,10 @@ module Aws::ManagedGrafana
     #
     class UpdateWorkspaceRequest < Struct.new(
       :account_access_type,
+      :network_access_control,
       :organization_role_name,
       :permission_type,
+      :remove_network_access_configuration,
       :remove_vpc_configuration,
       :stack_set_name,
       :vpc_configuration,
@@ -1356,14 +1458,19 @@ module Aws::ManagedGrafana
     # The configuration settings for an Amazon VPC that contains data
     # sources for your Grafana workspace to connect to.
     #
+    # <note markdown="1"> Provided `securityGroupIds` and `subnetIds` must be part of the same
+    # VPC.
+    #
+    #  </note>
+    #
     # @!attribute [rw] security_group_ids
     #   The list of Amazon EC2 security group IDs attached to the Amazon VPC
-    #   for your Grafana workspace to connect.
+    #   for your Grafana workspace to connect. Duplicates not allowed.
     #   @return [Array<String>]
     #
     # @!attribute [rw] subnet_ids
     #   The list of Amazon EC2 subnet IDs created in the Amazon VPC for your
-    #   Grafana workspace to connect.
+    #   Grafana workspace to connect. Duplicates not allowed.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/grafana-2020-08-18/VpcConfiguration AWS API Documentation
@@ -1447,6 +1554,10 @@ module Aws::ManagedGrafana
     #   The name of the workspace.
     #   @return [String]
     #
+    # @!attribute [rw] network_access_control
+    #   The configuration settings for network access to your workspace.
+    #   @return [Types::NetworkAccessConfiguration]
+    #
     # @!attribute [rw] notification_destinations
     #   The Amazon Web Services notification channels that Amazon Managed
     #   Grafana can automatically create IAM roles and permissions for, to
@@ -1465,7 +1576,7 @@ module Aws::ManagedGrafana
     #   @return [Array<String>]
     #
     # @!attribute [rw] permission_type
-    #   If this is `Service Managed`, Amazon Managed Grafana automatically
+    #   If this is `SERVICE_MANAGED`, Amazon Managed Grafana automatically
     #   creates the IAM roles and provisions the permissions that the
     #   workspace needs to use Amazon Web Services data sources and
     #   notification channels.
@@ -1527,6 +1638,7 @@ module Aws::ManagedGrafana
       :license_type,
       :modified,
       :name,
+      :network_access_control,
       :notification_destinations,
       :organization_role_name,
       :organizational_units,

data/lib/aws-sdk-managedgrafana.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-managedgrafana/customizations'
 # @!group service
 module Aws::ManagedGrafana
 
-  GEM_VERSION = '1.11.0'
+  GEM_VERSION = '1.12.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-managedgrafana
 version: !ruby/object:Gem::Version
-  version: 1.11.0
+  version: 1.12.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-01-18 00:00:00.000000000 Z
+date: 2023-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core