permissionType

When creating a workspace through the Amazon Web Services API, CLI or Amazon Web Services CloudFormation, you must manage IAM roles and provision the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.

You must also specify a workspaceRoleArn for a role that you will manage for the workspace to use when accessing those datasources and notification channels.

The ability for Amazon Managed Grafana to create and update IAM roles on behalf of the user is supported only in the Amazon Managed Grafana console, where this value may be set to SERVICE_MANAGED.

Use only the CUSTOMER_MANAGED permission type when creating a workspace with the API, CLI or Amazon Web Services CloudFormation.

For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels.