AWS::WorkSpacesWeb::PortalCfnPortal
This resource specifies a web portal, which users use to start browsing sessions. A `Standard` web portal can't start browsing sessions unless you have at defined and associated an `IdentityProvider` and `NetworkSettings` resource. An `IAM Identity Center` web portal does not require an `IdentityProvider` resource. For more information about web portals, see [What is Amazon WorkSpaces Secure Browser?](https://docs.aws.amazon.com/workspaces-web/latest/adminguide/what-is-workspaces-web.html.html) .
Import
import { CfnPortal } from 'aws-cdk-lib/aws-workspacesweb';Or use the module namespace:
import * as workspacesweb from 'aws-cdk-lib/aws-workspacesweb';
// workspacesweb.CfnPortalProperties
Configuration passed to the constructor as CfnPortalProps.
additionalEncryptionContextOptional{ [key: string]: string } | IResolvableThe additional encryption context of the portal.
authenticationTypeOptionalstringThe type of authentication integration points used when signing into the web portal. Defaults to `Standard` . `Standard` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser’s SP metadata with your IdP’s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps: 1. Create and deploy a CloudFormation template with a `Standard` portal with no `IdentityProvider` resource. 2. Retrieve the SP metadata using `Fn:GetAtt` , the WorkSpaces Secure Browser console, or by the calling the `GetPortalServiceProviderMetadata` API. 3. Submit the data to your IdP. 4. Add an `IdentityProvider` resource to your CloudFormation template. `SSO` web portals are authenticated through SSOlong . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in SSO . User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.
browserSettingsArnOptionalstringThe ARN of the browser settings that is associated with this web portal.
customerManagedKeyOptionalstringThe customer managed key of the web portal. *Pattern* : `^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:key\/[a-zA-Z0-9-]+$`
dataProtectionSettingsArnOptionalstringThe ARN of the data protection settings.
displayNameOptionalstringThe name of the web portal.
instanceTypeOptionalstringThe type and resources of the underlying instance.
ipAccessSettingsArnOptionalstringThe ARN of the IP access settings that is associated with the web portal.
maxConcurrentSessionsOptionalnumberThe maximum number of concurrent sessions for the portal.
networkSettingsArnOptionalstringThe ARN of the network settings that is associated with the web portal.
portalCustomDomainOptionalstringsessionLoggerArnOptionalstringThe ARN of the session logger that is associated with the portal.
tagsOptionalCfnTag[]The tags to add to the web portal. A tag is a key-value pair.
trustStoreArnOptionalstringThe ARN of the trust store that is associated with the web portal.
userAccessLoggingSettingsArnOptionalstringThe ARN of the user access logging settings that is associated with the web portal.
userSettingsArnOptionalstringThe ARN of the user settings that is associated with the web portal.
CloudFormation Resource
This L1 construct maps directly to the following CloudFormation resource type.
Learn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to NewsletterQuick Facts
aws-workspaceswebAWS::WorkSpacesWeb::Portal