diff --git a/LICENSE b/LICENSE
new file mode 100644
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,367 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,44 @@
+# Amazon Managed Grafana SDK
+
+* [Version](#version)
+* [Description](#description)
+* [Contribute](#contribute)
+* [Licence](#licence)
+
+
+## Version
+ 
+`2.0` - Derived from API version @2020-08-18@ of the AWS service descriptions, licensed under Apache 2.0.
+
+## Description
+
+Documentation is available via [Hackage](http://hackage.haskell.org/package/amazonka-grafana)
+and the [AWS API Reference](https://aws.amazon.com/documentation/).
+
+The types from this library are intended to be used with [amazonka](http://hackage.haskell.org/package/amazonka),
+which provides mechanisms for specifying AuthN/AuthZ information, sending requests,
+and receiving responses.
+
+Lenses are used for constructing and manipulating types,
+due to the depth of nesting of AWS types and transparency regarding
+de/serialisation into more palatable Haskell values.
+The provided lenses should be compatible with any of the major lens libraries
+[lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).
+
+See [Amazonka.Grafana](http://hackage.haskell.org/package/amazonka-grafana/docs/Amazonka-Grafana.html)
+or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.
+
+
+## Contribute
+
+For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/amazonka/issues).
+
+> _Note:_ this library is an auto-generated Haskell package. Please see `amazonka-gen` for more information.
+
+
+## Licence
+
+`amazonka-grafana` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).
+
+Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0.
+Source files subject to this contain an additional licensing clause in their header.
diff --git a/amazonka-grafana.cabal b/amazonka-grafana.cabal
new file mode 100644
--- /dev/null
+++ b/amazonka-grafana.cabal
@@ -0,0 +1,127 @@
+cabal-version:      2.2
+name:               amazonka-grafana
+version:            2.0
+synopsis:           Amazon Managed Grafana SDK.
+homepage:           https://github.com/brendanhay/amazonka
+bug-reports:        https://github.com/brendanhay/amazonka/issues
+license:            MPL-2.0
+license-file:       LICENSE
+author:             Brendan Hay
+maintainer:
+  Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>
+
+copyright:          Copyright (c) 2013-2023 Brendan Hay
+category:           AWS
+build-type:         Simple
+extra-source-files:
+  fixture/*.proto
+  fixture/*.yaml
+  README.md
+  src/.gitkeep
+
+description:
+  Derived from API version @2020-08-18@ of the AWS service descriptions, licensed under Apache 2.0.
+  .
+  The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,
+  which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.
+  .
+  It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.
+  .
+  Generated lenses can be found in "Amazonka.Grafana.Lens" and are
+  suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
+  .
+  See "Amazonka.Grafana" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.
+
+source-repository head
+  type:     git
+  location: git://github.com/brendanhay/amazonka.git
+  subdir:   amazonka-grafana
+
+library
+  default-language: Haskell2010
+  hs-source-dirs:   src gen
+  ghc-options:
+    -Wall -fwarn-incomplete-uni-patterns
+    -fwarn-incomplete-record-updates -funbox-strict-fields
+
+  exposed-modules:
+    Amazonka.Grafana
+    Amazonka.Grafana.AssociateLicense
+    Amazonka.Grafana.CreateWorkspace
+    Amazonka.Grafana.CreateWorkspaceApiKey
+    Amazonka.Grafana.DeleteWorkspace
+    Amazonka.Grafana.DeleteWorkspaceApiKey
+    Amazonka.Grafana.DescribeWorkspace
+    Amazonka.Grafana.DescribeWorkspaceAuthentication
+    Amazonka.Grafana.DescribeWorkspaceConfiguration
+    Amazonka.Grafana.DisassociateLicense
+    Amazonka.Grafana.Lens
+    Amazonka.Grafana.ListPermissions
+    Amazonka.Grafana.ListTagsForResource
+    Amazonka.Grafana.ListWorkspaces
+    Amazonka.Grafana.TagResource
+    Amazonka.Grafana.Types
+    Amazonka.Grafana.Types.AccountAccessType
+    Amazonka.Grafana.Types.AssertionAttributes
+    Amazonka.Grafana.Types.AuthenticationDescription
+    Amazonka.Grafana.Types.AuthenticationProviderTypes
+    Amazonka.Grafana.Types.AuthenticationSummary
+    Amazonka.Grafana.Types.AwsSsoAuthentication
+    Amazonka.Grafana.Types.DataSourceType
+    Amazonka.Grafana.Types.IdpMetadata
+    Amazonka.Grafana.Types.LicenseType
+    Amazonka.Grafana.Types.NotificationDestinationType
+    Amazonka.Grafana.Types.PermissionEntry
+    Amazonka.Grafana.Types.PermissionType
+    Amazonka.Grafana.Types.Role
+    Amazonka.Grafana.Types.RoleValues
+    Amazonka.Grafana.Types.SamlAuthentication
+    Amazonka.Grafana.Types.SamlConfiguration
+    Amazonka.Grafana.Types.SamlConfigurationStatus
+    Amazonka.Grafana.Types.UpdateAction
+    Amazonka.Grafana.Types.UpdateError
+    Amazonka.Grafana.Types.UpdateInstruction
+    Amazonka.Grafana.Types.User
+    Amazonka.Grafana.Types.UserType
+    Amazonka.Grafana.Types.VpcConfiguration
+    Amazonka.Grafana.Types.WorkspaceDescription
+    Amazonka.Grafana.Types.WorkspaceStatus
+    Amazonka.Grafana.Types.WorkspaceSummary
+    Amazonka.Grafana.UntagResource
+    Amazonka.Grafana.UpdatePermissions
+    Amazonka.Grafana.UpdateWorkspace
+    Amazonka.Grafana.UpdateWorkspaceAuthentication
+    Amazonka.Grafana.UpdateWorkspaceConfiguration
+    Amazonka.Grafana.Waiters
+
+  build-depends:
+    , amazonka-core  >=2.0  && <2.1
+    , base           >=4.12 && <5
+
+test-suite amazonka-grafana-test
+  type:             exitcode-stdio-1.0
+  default-language: Haskell2010
+  hs-source-dirs:   test
+  main-is:          Main.hs
+  ghc-options:      -Wall -threaded
+
+  -- This section is encoded by the template and any modules added by
+  -- hand outside these namespaces will not correctly be added to the
+  -- distribution package.
+  other-modules:
+    Test.Amazonka.Gen.Grafana
+    Test.Amazonka.Grafana
+    Test.Amazonka.Grafana.Internal
+
+  build-depends:
+    , amazonka-core         >=2.0 && <2.1
+    , amazonka-grafana
+    , amazonka-test         >=2.0 && <2.1
+    , base
+    , bytestring
+    , case-insensitive
+    , tasty
+    , tasty-hunit
+    , text
+    , time
+    , unordered-containers
diff --git a/fixture/AssociateLicense.yaml b/fixture/AssociateLicense.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateLicense.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AssociateLicenseResponse.proto b/fixture/AssociateLicenseResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateLicenseResponse.proto
diff --git a/fixture/CreateWorkspace.yaml b/fixture/CreateWorkspace.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateWorkspace.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateWorkspaceApiKey.yaml b/fixture/CreateWorkspaceApiKey.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateWorkspaceApiKey.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateWorkspaceApiKeyResponse.proto b/fixture/CreateWorkspaceApiKeyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateWorkspaceApiKeyResponse.proto
diff --git a/fixture/CreateWorkspaceResponse.proto b/fixture/CreateWorkspaceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateWorkspaceResponse.proto
diff --git a/fixture/DeleteWorkspace.yaml b/fixture/DeleteWorkspace.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteWorkspace.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteWorkspaceApiKey.yaml b/fixture/DeleteWorkspaceApiKey.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteWorkspaceApiKey.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteWorkspaceApiKeyResponse.proto b/fixture/DeleteWorkspaceApiKeyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteWorkspaceApiKeyResponse.proto
diff --git a/fixture/DeleteWorkspaceResponse.proto b/fixture/DeleteWorkspaceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteWorkspaceResponse.proto
diff --git a/fixture/DescribeWorkspace.yaml b/fixture/DescribeWorkspace.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeWorkspace.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeWorkspaceAuthentication.yaml b/fixture/DescribeWorkspaceAuthentication.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeWorkspaceAuthentication.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeWorkspaceAuthenticationResponse.proto b/fixture/DescribeWorkspaceAuthenticationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeWorkspaceAuthenticationResponse.proto
diff --git a/fixture/DescribeWorkspaceConfiguration.yaml b/fixture/DescribeWorkspaceConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeWorkspaceConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeWorkspaceConfigurationResponse.proto b/fixture/DescribeWorkspaceConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeWorkspaceConfigurationResponse.proto
diff --git a/fixture/DescribeWorkspaceResponse.proto b/fixture/DescribeWorkspaceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeWorkspaceResponse.proto
diff --git a/fixture/DisassociateLicense.yaml b/fixture/DisassociateLicense.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateLicense.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisassociateLicenseResponse.proto b/fixture/DisassociateLicenseResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateLicenseResponse.proto
diff --git a/fixture/ListPermissions.yaml b/fixture/ListPermissions.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListPermissions.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListPermissionsResponse.proto b/fixture/ListPermissionsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListPermissionsResponse.proto
diff --git a/fixture/ListTagsForResource.yaml b/fixture/ListTagsForResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResource.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListTagsForResourceResponse.proto b/fixture/ListTagsForResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResourceResponse.proto
diff --git a/fixture/ListWorkspaces.yaml b/fixture/ListWorkspaces.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListWorkspaces.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListWorkspacesResponse.proto b/fixture/ListWorkspacesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListWorkspacesResponse.proto
diff --git a/fixture/TagResource.yaml b/fixture/TagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/TagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/TagResourceResponse.proto b/fixture/TagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/TagResourceResponse.proto
diff --git a/fixture/UntagResource.yaml b/fixture/UntagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UntagResourceResponse.proto b/fixture/UntagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResourceResponse.proto
diff --git a/fixture/UpdatePermissions.yaml b/fixture/UpdatePermissions.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdatePermissions.yaml
@@ -0,0 +1,10 @@
+---
+method: PATCH
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdatePermissionsResponse.proto b/fixture/UpdatePermissionsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdatePermissionsResponse.proto
diff --git a/fixture/UpdateWorkspace.yaml b/fixture/UpdateWorkspace.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateWorkspace.yaml
@@ -0,0 +1,10 @@
+---
+method: PUT
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateWorkspaceAuthentication.yaml b/fixture/UpdateWorkspaceAuthentication.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateWorkspaceAuthentication.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateWorkspaceAuthenticationResponse.proto b/fixture/UpdateWorkspaceAuthenticationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateWorkspaceAuthenticationResponse.proto
diff --git a/fixture/UpdateWorkspaceConfiguration.yaml b/fixture/UpdateWorkspaceConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateWorkspaceConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: PUT
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/grafana/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  grafana.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateWorkspaceConfigurationResponse.proto b/fixture/UpdateWorkspaceConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateWorkspaceConfigurationResponse.proto
diff --git a/fixture/UpdateWorkspaceResponse.proto b/fixture/UpdateWorkspaceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateWorkspaceResponse.proto
diff --git a/gen/Amazonka/Grafana.hs b/gen/Amazonka/Grafana.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana.hs
@@ -0,0 +1,312 @@
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Amazonka.Grafana
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Derived from API version @2020-08-18@ of the AWS service descriptions, licensed under Apache 2.0.
+--
+-- Amazon Managed Grafana is a fully managed and secure data visualization
+-- service that you can use to instantly query, correlate, and visualize
+-- operational metrics, logs, and traces from multiple sources. Amazon
+-- Managed Grafana makes it easy to deploy, operate, and scale Grafana, a
+-- widely deployed data visualization tool that is popular for its
+-- extensible data support.
+--
+-- With Amazon Managed Grafana, you create logically isolated Grafana
+-- servers called /workspaces/. In a workspace, you can create Grafana
+-- dashboards and visualizations to analyze your metrics, logs, and traces
+-- without having to build, package, or deploy any hardware to run Grafana
+-- servers.
+module Amazonka.Grafana
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    -- $errors
+
+    -- ** AccessDeniedException
+    _AccessDeniedException,
+
+    -- ** ConflictException
+    _ConflictException,
+
+    -- ** InternalServerException
+    _InternalServerException,
+
+    -- ** ResourceNotFoundException
+    _ResourceNotFoundException,
+
+    -- ** ServiceQuotaExceededException
+    _ServiceQuotaExceededException,
+
+    -- ** ThrottlingException
+    _ThrottlingException,
+
+    -- ** ValidationException
+    _ValidationException,
+
+    -- * Waiters
+    -- $waiters
+
+    -- * Operations
+    -- $operations
+
+    -- ** AssociateLicense
+    AssociateLicense (AssociateLicense'),
+    newAssociateLicense,
+    AssociateLicenseResponse (AssociateLicenseResponse'),
+    newAssociateLicenseResponse,
+
+    -- ** CreateWorkspace
+    CreateWorkspace (CreateWorkspace'),
+    newCreateWorkspace,
+    CreateWorkspaceResponse (CreateWorkspaceResponse'),
+    newCreateWorkspaceResponse,
+
+    -- ** CreateWorkspaceApiKey
+    CreateWorkspaceApiKey (CreateWorkspaceApiKey'),
+    newCreateWorkspaceApiKey,
+    CreateWorkspaceApiKeyResponse (CreateWorkspaceApiKeyResponse'),
+    newCreateWorkspaceApiKeyResponse,
+
+    -- ** DeleteWorkspace
+    DeleteWorkspace (DeleteWorkspace'),
+    newDeleteWorkspace,
+    DeleteWorkspaceResponse (DeleteWorkspaceResponse'),
+    newDeleteWorkspaceResponse,
+
+    -- ** DeleteWorkspaceApiKey
+    DeleteWorkspaceApiKey (DeleteWorkspaceApiKey'),
+    newDeleteWorkspaceApiKey,
+    DeleteWorkspaceApiKeyResponse (DeleteWorkspaceApiKeyResponse'),
+    newDeleteWorkspaceApiKeyResponse,
+
+    -- ** DescribeWorkspace
+    DescribeWorkspace (DescribeWorkspace'),
+    newDescribeWorkspace,
+    DescribeWorkspaceResponse (DescribeWorkspaceResponse'),
+    newDescribeWorkspaceResponse,
+
+    -- ** DescribeWorkspaceAuthentication
+    DescribeWorkspaceAuthentication (DescribeWorkspaceAuthentication'),
+    newDescribeWorkspaceAuthentication,
+    DescribeWorkspaceAuthenticationResponse (DescribeWorkspaceAuthenticationResponse'),
+    newDescribeWorkspaceAuthenticationResponse,
+
+    -- ** DescribeWorkspaceConfiguration
+    DescribeWorkspaceConfiguration (DescribeWorkspaceConfiguration'),
+    newDescribeWorkspaceConfiguration,
+    DescribeWorkspaceConfigurationResponse (DescribeWorkspaceConfigurationResponse'),
+    newDescribeWorkspaceConfigurationResponse,
+
+    -- ** DisassociateLicense
+    DisassociateLicense (DisassociateLicense'),
+    newDisassociateLicense,
+    DisassociateLicenseResponse (DisassociateLicenseResponse'),
+    newDisassociateLicenseResponse,
+
+    -- ** ListPermissions (Paginated)
+    ListPermissions (ListPermissions'),
+    newListPermissions,
+    ListPermissionsResponse (ListPermissionsResponse'),
+    newListPermissionsResponse,
+
+    -- ** ListTagsForResource
+    ListTagsForResource (ListTagsForResource'),
+    newListTagsForResource,
+    ListTagsForResourceResponse (ListTagsForResourceResponse'),
+    newListTagsForResourceResponse,
+
+    -- ** ListWorkspaces (Paginated)
+    ListWorkspaces (ListWorkspaces'),
+    newListWorkspaces,
+    ListWorkspacesResponse (ListWorkspacesResponse'),
+    newListWorkspacesResponse,
+
+    -- ** TagResource
+    TagResource (TagResource'),
+    newTagResource,
+    TagResourceResponse (TagResourceResponse'),
+    newTagResourceResponse,
+
+    -- ** UntagResource
+    UntagResource (UntagResource'),
+    newUntagResource,
+    UntagResourceResponse (UntagResourceResponse'),
+    newUntagResourceResponse,
+
+    -- ** UpdatePermissions
+    UpdatePermissions (UpdatePermissions'),
+    newUpdatePermissions,
+    UpdatePermissionsResponse (UpdatePermissionsResponse'),
+    newUpdatePermissionsResponse,
+
+    -- ** UpdateWorkspace
+    UpdateWorkspace (UpdateWorkspace'),
+    newUpdateWorkspace,
+    UpdateWorkspaceResponse (UpdateWorkspaceResponse'),
+    newUpdateWorkspaceResponse,
+
+    -- ** UpdateWorkspaceAuthentication
+    UpdateWorkspaceAuthentication (UpdateWorkspaceAuthentication'),
+    newUpdateWorkspaceAuthentication,
+    UpdateWorkspaceAuthenticationResponse (UpdateWorkspaceAuthenticationResponse'),
+    newUpdateWorkspaceAuthenticationResponse,
+
+    -- ** UpdateWorkspaceConfiguration
+    UpdateWorkspaceConfiguration (UpdateWorkspaceConfiguration'),
+    newUpdateWorkspaceConfiguration,
+    UpdateWorkspaceConfigurationResponse (UpdateWorkspaceConfigurationResponse'),
+    newUpdateWorkspaceConfigurationResponse,
+
+    -- * Types
+
+    -- ** AccountAccessType
+    AccountAccessType (..),
+
+    -- ** AuthenticationProviderTypes
+    AuthenticationProviderTypes (..),
+
+    -- ** DataSourceType
+    DataSourceType (..),
+
+    -- ** LicenseType
+    LicenseType (..),
+
+    -- ** NotificationDestinationType
+    NotificationDestinationType (..),
+
+    -- ** PermissionType
+    PermissionType (..),
+
+    -- ** Role
+    Role (..),
+
+    -- ** SamlConfigurationStatus
+    SamlConfigurationStatus (..),
+
+    -- ** UpdateAction
+    UpdateAction (..),
+
+    -- ** UserType
+    UserType (..),
+
+    -- ** WorkspaceStatus
+    WorkspaceStatus (..),
+
+    -- ** AssertionAttributes
+    AssertionAttributes (AssertionAttributes'),
+    newAssertionAttributes,
+
+    -- ** AuthenticationDescription
+    AuthenticationDescription (AuthenticationDescription'),
+    newAuthenticationDescription,
+
+    -- ** AuthenticationSummary
+    AuthenticationSummary (AuthenticationSummary'),
+    newAuthenticationSummary,
+
+    -- ** AwsSsoAuthentication
+    AwsSsoAuthentication (AwsSsoAuthentication'),
+    newAwsSsoAuthentication,
+
+    -- ** IdpMetadata
+    IdpMetadata (IdpMetadata'),
+    newIdpMetadata,
+
+    -- ** PermissionEntry
+    PermissionEntry (PermissionEntry'),
+    newPermissionEntry,
+
+    -- ** RoleValues
+    RoleValues (RoleValues'),
+    newRoleValues,
+
+    -- ** SamlAuthentication
+    SamlAuthentication (SamlAuthentication'),
+    newSamlAuthentication,
+
+    -- ** SamlConfiguration
+    SamlConfiguration (SamlConfiguration'),
+    newSamlConfiguration,
+
+    -- ** UpdateError
+    UpdateError (UpdateError'),
+    newUpdateError,
+
+    -- ** UpdateInstruction
+    UpdateInstruction (UpdateInstruction'),
+    newUpdateInstruction,
+
+    -- ** User
+    User (User'),
+    newUser,
+
+    -- ** VpcConfiguration
+    VpcConfiguration (VpcConfiguration'),
+    newVpcConfiguration,
+
+    -- ** WorkspaceDescription
+    WorkspaceDescription (WorkspaceDescription'),
+    newWorkspaceDescription,
+
+    -- ** WorkspaceSummary
+    WorkspaceSummary (WorkspaceSummary'),
+    newWorkspaceSummary,
+  )
+where
+
+import Amazonka.Grafana.AssociateLicense
+import Amazonka.Grafana.CreateWorkspace
+import Amazonka.Grafana.CreateWorkspaceApiKey
+import Amazonka.Grafana.DeleteWorkspace
+import Amazonka.Grafana.DeleteWorkspaceApiKey
+import Amazonka.Grafana.DescribeWorkspace
+import Amazonka.Grafana.DescribeWorkspaceAuthentication
+import Amazonka.Grafana.DescribeWorkspaceConfiguration
+import Amazonka.Grafana.DisassociateLicense
+import Amazonka.Grafana.Lens
+import Amazonka.Grafana.ListPermissions
+import Amazonka.Grafana.ListTagsForResource
+import Amazonka.Grafana.ListWorkspaces
+import Amazonka.Grafana.TagResource
+import Amazonka.Grafana.Types
+import Amazonka.Grafana.UntagResource
+import Amazonka.Grafana.UpdatePermissions
+import Amazonka.Grafana.UpdateWorkspace
+import Amazonka.Grafana.UpdateWorkspaceAuthentication
+import Amazonka.Grafana.UpdateWorkspaceConfiguration
+import Amazonka.Grafana.Waiters
+
+-- $errors
+-- Error matchers are designed for use with the functions provided by
+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
+-- This allows catching (and rethrowing) service specific errors returned
+-- by 'Grafana'.
+
+-- $operations
+-- Some AWS operations return results that are incomplete and require subsequent
+-- requests in order to obtain the entire result set. The process of sending
+-- subsequent requests to continue where a previous request left off is called
+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
+-- 1000 objects at a time, and you must send subsequent requests with the
+-- appropriate Marker in order to retrieve the next page of results.
+--
+-- Operations that have an 'AWSPager' instance can transparently perform subsequent
+-- requests, correctly setting Markers and other request facets to iterate through
+-- the entire result set of a truncated API operation. Operations which support
+-- this have an additional note in the documentation.
+--
+-- Many operations have the ability to filter results on the server side. See the
+-- individual operation parameters for details.
+
+-- $waiters
+-- Waiters poll by repeatedly sending a request until some remote success condition
+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification
+-- determines how many attempts should be made, in addition to delay and retry strategies.
diff --git a/gen/Amazonka/Grafana/AssociateLicense.hs b/gen/Amazonka/Grafana/AssociateLicense.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/AssociateLicense.hs
@@ -0,0 +1,188 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.AssociateLicense
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Assigns a Grafana Enterprise license to a workspace. Upgrading to
+-- Grafana Enterprise incurs additional fees. For more information, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/upgrade-to-Grafana-Enterprise.html Upgrade a workspace to Grafana Enterprise>.
+module Amazonka.Grafana.AssociateLicense
+  ( -- * Creating a Request
+    AssociateLicense (..),
+    newAssociateLicense,
+
+    -- * Request Lenses
+    associateLicense_licenseType,
+    associateLicense_workspaceId,
+
+    -- * Destructuring the Response
+    AssociateLicenseResponse (..),
+    newAssociateLicenseResponse,
+
+    -- * Response Lenses
+    associateLicenseResponse_httpStatus,
+    associateLicenseResponse_workspace,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newAssociateLicense' smart constructor.
+data AssociateLicense = AssociateLicense'
+  { -- | The type of license to associate with the workspace.
+    licenseType :: LicenseType,
+    -- | The ID of the workspace to associate the license with.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateLicense' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'licenseType', 'associateLicense_licenseType' - The type of license to associate with the workspace.
+--
+-- 'workspaceId', 'associateLicense_workspaceId' - The ID of the workspace to associate the license with.
+newAssociateLicense ::
+  -- | 'licenseType'
+  LicenseType ->
+  -- | 'workspaceId'
+  Prelude.Text ->
+  AssociateLicense
+newAssociateLicense pLicenseType_ pWorkspaceId_ =
+  AssociateLicense'
+    { licenseType = pLicenseType_,
+      workspaceId = pWorkspaceId_
+    }
+
+-- | The type of license to associate with the workspace.
+associateLicense_licenseType :: Lens.Lens' AssociateLicense LicenseType
+associateLicense_licenseType = Lens.lens (\AssociateLicense' {licenseType} -> licenseType) (\s@AssociateLicense' {} a -> s {licenseType = a} :: AssociateLicense)
+
+-- | The ID of the workspace to associate the license with.
+associateLicense_workspaceId :: Lens.Lens' AssociateLicense Prelude.Text
+associateLicense_workspaceId = Lens.lens (\AssociateLicense' {workspaceId} -> workspaceId) (\s@AssociateLicense' {} a -> s {workspaceId = a} :: AssociateLicense)
+
+instance Core.AWSRequest AssociateLicense where
+  type
+    AWSResponse AssociateLicense =
+      AssociateLicenseResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          AssociateLicenseResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "workspace")
+      )
+
+instance Prelude.Hashable AssociateLicense where
+  hashWithSalt _salt AssociateLicense' {..} =
+    _salt
+      `Prelude.hashWithSalt` licenseType
+      `Prelude.hashWithSalt` workspaceId
+
+instance Prelude.NFData AssociateLicense where
+  rnf AssociateLicense' {..} =
+    Prelude.rnf licenseType
+      `Prelude.seq` Prelude.rnf workspaceId
+
+instance Data.ToHeaders AssociateLicense where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON AssociateLicense where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath AssociateLicense where
+  toPath AssociateLicense' {..} =
+    Prelude.mconcat
+      [ "/workspaces/",
+        Data.toBS workspaceId,
+        "/licenses/",
+        Data.toBS licenseType
+      ]
+
+instance Data.ToQuery AssociateLicense where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAssociateLicenseResponse' smart constructor.
+data AssociateLicenseResponse = AssociateLicenseResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A structure containing data about the workspace.
+    workspace :: WorkspaceDescription
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateLicenseResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'associateLicenseResponse_httpStatus' - The response's http status code.
+--
+-- 'workspace', 'associateLicenseResponse_workspace' - A structure containing data about the workspace.
+newAssociateLicenseResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'workspace'
+  WorkspaceDescription ->
+  AssociateLicenseResponse
+newAssociateLicenseResponse pHttpStatus_ pWorkspace_ =
+  AssociateLicenseResponse'
+    { httpStatus =
+        pHttpStatus_,
+      workspace = pWorkspace_
+    }
+
+-- | The response's http status code.
+associateLicenseResponse_httpStatus :: Lens.Lens' AssociateLicenseResponse Prelude.Int
+associateLicenseResponse_httpStatus = Lens.lens (\AssociateLicenseResponse' {httpStatus} -> httpStatus) (\s@AssociateLicenseResponse' {} a -> s {httpStatus = a} :: AssociateLicenseResponse)
+
+-- | A structure containing data about the workspace.
+associateLicenseResponse_workspace :: Lens.Lens' AssociateLicenseResponse WorkspaceDescription
+associateLicenseResponse_workspace = Lens.lens (\AssociateLicenseResponse' {workspace} -> workspace) (\s@AssociateLicenseResponse' {} a -> s {workspace = a} :: AssociateLicenseResponse)
+
+instance Prelude.NFData AssociateLicenseResponse where
+  rnf AssociateLicenseResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf workspace
diff --git a/gen/Amazonka/Grafana/CreateWorkspace.hs b/gen/Amazonka/Grafana/CreateWorkspace.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/CreateWorkspace.hs
@@ -0,0 +1,531 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.CreateWorkspace
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a /workspace/. In a workspace, you can create Grafana dashboards
+-- and visualizations to analyze your metrics, logs, and traces. You don\'t
+-- have to build, package, or deploy any hardware to run the Grafana
+-- server.
+--
+-- Don\'t use @CreateWorkspace@ to modify an existing workspace. Instead,
+-- use
+-- <https://docs.aws.amazon.com/grafana/latest/APIReference/API_UpdateWorkspace.html UpdateWorkspace>.
+module Amazonka.Grafana.CreateWorkspace
+  ( -- * Creating a Request
+    CreateWorkspace (..),
+    newCreateWorkspace,
+
+    -- * Request Lenses
+    createWorkspace_clientToken,
+    createWorkspace_configuration,
+    createWorkspace_organizationRoleName,
+    createWorkspace_stackSetName,
+    createWorkspace_tags,
+    createWorkspace_vpcConfiguration,
+    createWorkspace_workspaceDataSources,
+    createWorkspace_workspaceDescription,
+    createWorkspace_workspaceName,
+    createWorkspace_workspaceNotificationDestinations,
+    createWorkspace_workspaceOrganizationalUnits,
+    createWorkspace_workspaceRoleArn,
+    createWorkspace_accountAccessType,
+    createWorkspace_authenticationProviders,
+    createWorkspace_permissionType,
+
+    -- * Destructuring the Response
+    CreateWorkspaceResponse (..),
+    newCreateWorkspaceResponse,
+
+    -- * Response Lenses
+    createWorkspaceResponse_httpStatus,
+    createWorkspaceResponse_workspace,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newCreateWorkspace' smart constructor.
+data CreateWorkspace = CreateWorkspace'
+  { -- | A unique, case-sensitive, user-provided identifier to ensure the
+    -- idempotency of the request.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The configuration string for the workspace that you create. For more
+    -- information about the format and configuration options available, see
+    -- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html Working in your Grafana workspace>.
+    configuration :: Prelude.Maybe Prelude.Text,
+    -- | The name of an IAM role that already exists to use with Organizations to
+    -- access Amazon Web Services data sources and notification channels in
+    -- other accounts in an organization.
+    organizationRoleName :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | The name of the CloudFormation stack set to use to generate IAM roles to
+    -- be used for this workspace.
+    stackSetName :: Prelude.Maybe Prelude.Text,
+    -- | The list of tags associated with the workspace.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The configuration settings for an Amazon VPC that contains data sources
+    -- for your Grafana workspace to connect to.
+    vpcConfiguration :: Prelude.Maybe VpcConfiguration,
+    -- | Specify the Amazon Web Services data sources that you want to be queried
+    -- in this workspace. Specifying these data sources here enables Amazon
+    -- Managed Grafana to create IAM roles and permissions that allow Amazon
+    -- Managed Grafana to read data from these sources. You must still add them
+    -- as data sources in the Grafana console in the workspace.
+    --
+    -- If you don\'t specify a data source here, you can still add it as a data
+    -- source in the workspace console later. However, you will then have to
+    -- manually configure permissions for it.
+    workspaceDataSources :: Prelude.Maybe [DataSourceType],
+    -- | A description for the workspace. This is used only to help you identify
+    -- this workspace.
+    --
+    -- Pattern: @^[\\\\p{L}\\\\p{Z}\\\\p{N}\\\\p{P}]{0,2048}$@
+    workspaceDescription :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | The name for the workspace. It does not have to be unique.
+    workspaceName :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | Specify the Amazon Web Services notification channels that you plan to
+    -- use in this workspace. Specifying these data sources here enables Amazon
+    -- Managed Grafana to create IAM roles and permissions that allow Amazon
+    -- Managed Grafana to use these channels.
+    workspaceNotificationDestinations :: Prelude.Maybe [NotificationDestinationType],
+    -- | Specifies the organizational units that this workspace is allowed to use
+    -- data sources from, if this workspace is in an account that is part of an
+    -- organization.
+    workspaceOrganizationalUnits :: Prelude.Maybe (Data.Sensitive [Prelude.Text]),
+    -- | The workspace needs an IAM role that grants permissions to the Amazon
+    -- Web Services resources that the workspace will view data from. If you
+    -- already have a role that you want to use, specify it here. The
+    -- permission type should be set to @CUSTOMER_MANAGED@.
+    workspaceRoleArn :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | Specifies whether the workspace can access Amazon Web Services resources
+    -- in this Amazon Web Services account only, or whether it can also access
+    -- Amazon Web Services resources in other accounts in the same
+    -- organization. If you specify @ORGANIZATION@, you must specify which
+    -- organizational units the workspace can access in the
+    -- @workspaceOrganizationalUnits@ parameter.
+    accountAccessType :: AccountAccessType,
+    -- | Specifies whether this workspace uses SAML 2.0, IAM Identity Center
+    -- (successor to Single Sign-On), or both to authenticate users for using
+    -- the Grafana console within a workspace. For more information, see
+    -- <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html User authentication in Amazon Managed Grafana>.
+    authenticationProviders :: [AuthenticationProviderTypes],
+    -- | If you specify @SERVICE_MANAGED@ on AWS Grafana console, Amazon Managed
+    -- Grafana automatically creates the IAM roles and provisions the
+    -- permissions that the workspace needs to use Amazon Web Services data
+    -- sources and notification channels. In the CLI mode, the permissionType
+    -- @SERVICE_MANAGED@ will not create the IAM role for you. The ability for
+    -- the Amazon Managed Grafana to create the IAM role on behalf of the user
+    -- is supported only in the Amazon Managed Grafana AWS console. Use only
+    -- the @CUSTOMER_MANAGED@ permission type when creating a workspace in the
+    -- CLI.
+    --
+    -- If you specify @CUSTOMER_MANAGED@, you will manage those roles and
+    -- permissions yourself. If you are creating this workspace in a member
+    -- account of an organization that is not a delegated administrator
+    -- account, and you want the workspace to access data sources in other
+    -- Amazon Web Services accounts in the organization, you must choose
+    -- @CUSTOMER_MANAGED@.
+    --
+    -- For more information, see
+    -- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels>.
+    permissionType :: PermissionType
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateWorkspace' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientToken', 'createWorkspace_clientToken' - A unique, case-sensitive, user-provided identifier to ensure the
+-- idempotency of the request.
+--
+-- 'configuration', 'createWorkspace_configuration' - The configuration string for the workspace that you create. For more
+-- information about the format and configuration options available, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html Working in your Grafana workspace>.
+--
+-- 'organizationRoleName', 'createWorkspace_organizationRoleName' - The name of an IAM role that already exists to use with Organizations to
+-- access Amazon Web Services data sources and notification channels in
+-- other accounts in an organization.
+--
+-- 'stackSetName', 'createWorkspace_stackSetName' - The name of the CloudFormation stack set to use to generate IAM roles to
+-- be used for this workspace.
+--
+-- 'tags', 'createWorkspace_tags' - The list of tags associated with the workspace.
+--
+-- 'vpcConfiguration', 'createWorkspace_vpcConfiguration' - The configuration settings for an Amazon VPC that contains data sources
+-- for your Grafana workspace to connect to.
+--
+-- 'workspaceDataSources', 'createWorkspace_workspaceDataSources' - Specify the Amazon Web Services data sources that you want to be queried
+-- in this workspace. Specifying these data sources here enables Amazon
+-- Managed Grafana to create IAM roles and permissions that allow Amazon
+-- Managed Grafana to read data from these sources. You must still add them
+-- as data sources in the Grafana console in the workspace.
+--
+-- If you don\'t specify a data source here, you can still add it as a data
+-- source in the workspace console later. However, you will then have to
+-- manually configure permissions for it.
+--
+-- 'workspaceDescription', 'createWorkspace_workspaceDescription' - A description for the workspace. This is used only to help you identify
+-- this workspace.
+--
+-- Pattern: @^[\\\\p{L}\\\\p{Z}\\\\p{N}\\\\p{P}]{0,2048}$@
+--
+-- 'workspaceName', 'createWorkspace_workspaceName' - The name for the workspace. It does not have to be unique.
+--
+-- 'workspaceNotificationDestinations', 'createWorkspace_workspaceNotificationDestinations' - Specify the Amazon Web Services notification channels that you plan to
+-- use in this workspace. Specifying these data sources here enables Amazon
+-- Managed Grafana to create IAM roles and permissions that allow Amazon
+-- Managed Grafana to use these channels.
+--
+-- 'workspaceOrganizationalUnits', 'createWorkspace_workspaceOrganizationalUnits' - Specifies the organizational units that this workspace is allowed to use
+-- data sources from, if this workspace is in an account that is part of an
+-- organization.
+--
+-- 'workspaceRoleArn', 'createWorkspace_workspaceRoleArn' - The workspace needs an IAM role that grants permissions to the Amazon
+-- Web Services resources that the workspace will view data from. If you
+-- already have a role that you want to use, specify it here. The
+-- permission type should be set to @CUSTOMER_MANAGED@.
+--
+-- 'accountAccessType', 'createWorkspace_accountAccessType' - Specifies whether the workspace can access Amazon Web Services resources
+-- in this Amazon Web Services account only, or whether it can also access
+-- Amazon Web Services resources in other accounts in the same
+-- organization. If you specify @ORGANIZATION@, you must specify which
+-- organizational units the workspace can access in the
+-- @workspaceOrganizationalUnits@ parameter.
+--
+-- 'authenticationProviders', 'createWorkspace_authenticationProviders' - Specifies whether this workspace uses SAML 2.0, IAM Identity Center
+-- (successor to Single Sign-On), or both to authenticate users for using
+-- the Grafana console within a workspace. For more information, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html User authentication in Amazon Managed Grafana>.
+--
+-- 'permissionType', 'createWorkspace_permissionType' - If you specify @SERVICE_MANAGED@ on AWS Grafana console, Amazon Managed
+-- Grafana automatically creates the IAM roles and provisions the
+-- permissions that the workspace needs to use Amazon Web Services data
+-- sources and notification channels. In the CLI mode, the permissionType
+-- @SERVICE_MANAGED@ will not create the IAM role for you. The ability for
+-- the Amazon Managed Grafana to create the IAM role on behalf of the user
+-- is supported only in the Amazon Managed Grafana AWS console. Use only
+-- the @CUSTOMER_MANAGED@ permission type when creating a workspace in the
+-- CLI.
+--
+-- If you specify @CUSTOMER_MANAGED@, you will manage those roles and
+-- permissions yourself. If you are creating this workspace in a member
+-- account of an organization that is not a delegated administrator
+-- account, and you want the workspace to access data sources in other
+-- Amazon Web Services accounts in the organization, you must choose
+-- @CUSTOMER_MANAGED@.
+--
+-- For more information, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels>.
+newCreateWorkspace ::
+  -- | 'accountAccessType'
+  AccountAccessType ->
+  -- | 'permissionType'
+  PermissionType ->
+  CreateWorkspace
+newCreateWorkspace
+  pAccountAccessType_
+  pPermissionType_ =
+    CreateWorkspace'
+      { clientToken = Prelude.Nothing,
+        configuration = Prelude.Nothing,
+        organizationRoleName = Prelude.Nothing,
+        stackSetName = Prelude.Nothing,
+        tags = Prelude.Nothing,
+        vpcConfiguration = Prelude.Nothing,
+        workspaceDataSources = Prelude.Nothing,
+        workspaceDescription = Prelude.Nothing,
+        workspaceName = Prelude.Nothing,
+        workspaceNotificationDestinations = Prelude.Nothing,
+        workspaceOrganizationalUnits = Prelude.Nothing,
+        workspaceRoleArn = Prelude.Nothing,
+        accountAccessType = pAccountAccessType_,
+        authenticationProviders = Prelude.mempty,
+        permissionType = pPermissionType_
+      }
+
+-- | A unique, case-sensitive, user-provided identifier to ensure the
+-- idempotency of the request.
+createWorkspace_clientToken :: Lens.Lens' CreateWorkspace (Prelude.Maybe Prelude.Text)
+createWorkspace_clientToken = Lens.lens (\CreateWorkspace' {clientToken} -> clientToken) (\s@CreateWorkspace' {} a -> s {clientToken = a} :: CreateWorkspace)
+
+-- | The configuration string for the workspace that you create. For more
+-- information about the format and configuration options available, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html Working in your Grafana workspace>.
+createWorkspace_configuration :: Lens.Lens' CreateWorkspace (Prelude.Maybe Prelude.Text)
+createWorkspace_configuration = Lens.lens (\CreateWorkspace' {configuration} -> configuration) (\s@CreateWorkspace' {} a -> s {configuration = a} :: CreateWorkspace)
+
+-- | The name of an IAM role that already exists to use with Organizations to
+-- access Amazon Web Services data sources and notification channels in
+-- other accounts in an organization.
+createWorkspace_organizationRoleName :: Lens.Lens' CreateWorkspace (Prelude.Maybe Prelude.Text)
+createWorkspace_organizationRoleName = Lens.lens (\CreateWorkspace' {organizationRoleName} -> organizationRoleName) (\s@CreateWorkspace' {} a -> s {organizationRoleName = a} :: CreateWorkspace) Prelude.. Lens.mapping Data._Sensitive
+
+-- | The name of the CloudFormation stack set to use to generate IAM roles to
+-- be used for this workspace.
+createWorkspace_stackSetName :: Lens.Lens' CreateWorkspace (Prelude.Maybe Prelude.Text)
+createWorkspace_stackSetName = Lens.lens (\CreateWorkspace' {stackSetName} -> stackSetName) (\s@CreateWorkspace' {} a -> s {stackSetName = a} :: CreateWorkspace)
+
+-- | The list of tags associated with the workspace.
+createWorkspace_tags :: Lens.Lens' CreateWorkspace (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+createWorkspace_tags = Lens.lens (\CreateWorkspace' {tags} -> tags) (\s@CreateWorkspace' {} a -> s {tags = a} :: CreateWorkspace) Prelude.. Lens.mapping Lens.coerced
+
+-- | The configuration settings for an Amazon VPC that contains data sources
+-- for your Grafana workspace to connect to.
+createWorkspace_vpcConfiguration :: Lens.Lens' CreateWorkspace (Prelude.Maybe VpcConfiguration)
+createWorkspace_vpcConfiguration = Lens.lens (\CreateWorkspace' {vpcConfiguration} -> vpcConfiguration) (\s@CreateWorkspace' {} a -> s {vpcConfiguration = a} :: CreateWorkspace)
+
+-- | Specify the Amazon Web Services data sources that you want to be queried
+-- in this workspace. Specifying these data sources here enables Amazon
+-- Managed Grafana to create IAM roles and permissions that allow Amazon
+-- Managed Grafana to read data from these sources. You must still add them
+-- as data sources in the Grafana console in the workspace.
+--
+-- If you don\'t specify a data source here, you can still add it as a data
+-- source in the workspace console later. However, you will then have to
+-- manually configure permissions for it.
+createWorkspace_workspaceDataSources :: Lens.Lens' CreateWorkspace (Prelude.Maybe [DataSourceType])
+createWorkspace_workspaceDataSources = Lens.lens (\CreateWorkspace' {workspaceDataSources} -> workspaceDataSources) (\s@CreateWorkspace' {} a -> s {workspaceDataSources = a} :: CreateWorkspace) Prelude.. Lens.mapping Lens.coerced
+
+-- | A description for the workspace. This is used only to help you identify
+-- this workspace.
+--
+-- Pattern: @^[\\\\p{L}\\\\p{Z}\\\\p{N}\\\\p{P}]{0,2048}$@
+createWorkspace_workspaceDescription :: Lens.Lens' CreateWorkspace (Prelude.Maybe Prelude.Text)
+createWorkspace_workspaceDescription = Lens.lens (\CreateWorkspace' {workspaceDescription} -> workspaceDescription) (\s@CreateWorkspace' {} a -> s {workspaceDescription = a} :: CreateWorkspace) Prelude.. Lens.mapping Data._Sensitive
+
+-- | The name for the workspace. It does not have to be unique.
+createWorkspace_workspaceName :: Lens.Lens' CreateWorkspace (Prelude.Maybe Prelude.Text)
+createWorkspace_workspaceName = Lens.lens (\CreateWorkspace' {workspaceName} -> workspaceName) (\s@CreateWorkspace' {} a -> s {workspaceName = a} :: CreateWorkspace) Prelude.. Lens.mapping Data._Sensitive
+
+-- | Specify the Amazon Web Services notification channels that you plan to
+-- use in this workspace. Specifying these data sources here enables Amazon
+-- Managed Grafana to create IAM roles and permissions that allow Amazon
+-- Managed Grafana to use these channels.
+createWorkspace_workspaceNotificationDestinations :: Lens.Lens' CreateWorkspace (Prelude.Maybe [NotificationDestinationType])
+createWorkspace_workspaceNotificationDestinations = Lens.lens (\CreateWorkspace' {workspaceNotificationDestinations} -> workspaceNotificationDestinations) (\s@CreateWorkspace' {} a -> s {workspaceNotificationDestinations = a} :: CreateWorkspace) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies the organizational units that this workspace is allowed to use
+-- data sources from, if this workspace is in an account that is part of an
+-- organization.
+createWorkspace_workspaceOrganizationalUnits :: Lens.Lens' CreateWorkspace (Prelude.Maybe [Prelude.Text])
+createWorkspace_workspaceOrganizationalUnits = Lens.lens (\CreateWorkspace' {workspaceOrganizationalUnits} -> workspaceOrganizationalUnits) (\s@CreateWorkspace' {} a -> s {workspaceOrganizationalUnits = a} :: CreateWorkspace) Prelude.. Lens.mapping (Data._Sensitive Prelude.. Lens.coerced)
+
+-- | The workspace needs an IAM role that grants permissions to the Amazon
+-- Web Services resources that the workspace will view data from. If you
+-- already have a role that you want to use, specify it here. The
+-- permission type should be set to @CUSTOMER_MANAGED@.
+createWorkspace_workspaceRoleArn :: Lens.Lens' CreateWorkspace (Prelude.Maybe Prelude.Text)
+createWorkspace_workspaceRoleArn = Lens.lens (\CreateWorkspace' {workspaceRoleArn} -> workspaceRoleArn) (\s@CreateWorkspace' {} a -> s {workspaceRoleArn = a} :: CreateWorkspace) Prelude.. Lens.mapping Data._Sensitive
+
+-- | Specifies whether the workspace can access Amazon Web Services resources
+-- in this Amazon Web Services account only, or whether it can also access
+-- Amazon Web Services resources in other accounts in the same
+-- organization. If you specify @ORGANIZATION@, you must specify which
+-- organizational units the workspace can access in the
+-- @workspaceOrganizationalUnits@ parameter.
+createWorkspace_accountAccessType :: Lens.Lens' CreateWorkspace AccountAccessType
+createWorkspace_accountAccessType = Lens.lens (\CreateWorkspace' {accountAccessType} -> accountAccessType) (\s@CreateWorkspace' {} a -> s {accountAccessType = a} :: CreateWorkspace)
+
+-- | Specifies whether this workspace uses SAML 2.0, IAM Identity Center
+-- (successor to Single Sign-On), or both to authenticate users for using
+-- the Grafana console within a workspace. For more information, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html User authentication in Amazon Managed Grafana>.
+createWorkspace_authenticationProviders :: Lens.Lens' CreateWorkspace [AuthenticationProviderTypes]
+createWorkspace_authenticationProviders = Lens.lens (\CreateWorkspace' {authenticationProviders} -> authenticationProviders) (\s@CreateWorkspace' {} a -> s {authenticationProviders = a} :: CreateWorkspace) Prelude.. Lens.coerced
+
+-- | If you specify @SERVICE_MANAGED@ on AWS Grafana console, Amazon Managed
+-- Grafana automatically creates the IAM roles and provisions the
+-- permissions that the workspace needs to use Amazon Web Services data
+-- sources and notification channels. In the CLI mode, the permissionType
+-- @SERVICE_MANAGED@ will not create the IAM role for you. The ability for
+-- the Amazon Managed Grafana to create the IAM role on behalf of the user
+-- is supported only in the Amazon Managed Grafana AWS console. Use only
+-- the @CUSTOMER_MANAGED@ permission type when creating a workspace in the
+-- CLI.
+--
+-- If you specify @CUSTOMER_MANAGED@, you will manage those roles and
+-- permissions yourself. If you are creating this workspace in a member
+-- account of an organization that is not a delegated administrator
+-- account, and you want the workspace to access data sources in other
+-- Amazon Web Services accounts in the organization, you must choose
+-- @CUSTOMER_MANAGED@.
+--
+-- For more information, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels>.
+createWorkspace_permissionType :: Lens.Lens' CreateWorkspace PermissionType
+createWorkspace_permissionType = Lens.lens (\CreateWorkspace' {permissionType} -> permissionType) (\s@CreateWorkspace' {} a -> s {permissionType = a} :: CreateWorkspace)
+
+instance Core.AWSRequest CreateWorkspace where
+  type
+    AWSResponse CreateWorkspace =
+      CreateWorkspaceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateWorkspaceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "workspace")
+      )
+
+instance Prelude.Hashable CreateWorkspace where
+  hashWithSalt _salt CreateWorkspace' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` configuration
+      `Prelude.hashWithSalt` organizationRoleName
+      `Prelude.hashWithSalt` stackSetName
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` vpcConfiguration
+      `Prelude.hashWithSalt` workspaceDataSources
+      `Prelude.hashWithSalt` workspaceDescription
+      `Prelude.hashWithSalt` workspaceName
+      `Prelude.hashWithSalt` workspaceNotificationDestinations
+      `Prelude.hashWithSalt` workspaceOrganizationalUnits
+      `Prelude.hashWithSalt` workspaceRoleArn
+      `Prelude.hashWithSalt` accountAccessType
+      `Prelude.hashWithSalt` authenticationProviders
+      `Prelude.hashWithSalt` permissionType
+
+instance Prelude.NFData CreateWorkspace where
+  rnf CreateWorkspace' {..} =
+    Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf configuration
+      `Prelude.seq` Prelude.rnf organizationRoleName
+      `Prelude.seq` Prelude.rnf stackSetName
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf vpcConfiguration
+      `Prelude.seq` Prelude.rnf workspaceDataSources
+      `Prelude.seq` Prelude.rnf workspaceDescription
+      `Prelude.seq` Prelude.rnf workspaceName
+      `Prelude.seq` Prelude.rnf workspaceNotificationDestinations
+      `Prelude.seq` Prelude.rnf workspaceOrganizationalUnits
+      `Prelude.seq` Prelude.rnf workspaceRoleArn
+      `Prelude.seq` Prelude.rnf accountAccessType
+      `Prelude.seq` Prelude.rnf authenticationProviders
+      `Prelude.seq` Prelude.rnf permissionType
+
+instance Data.ToHeaders CreateWorkspace where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateWorkspace where
+  toJSON CreateWorkspace' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("clientToken" Data..=) Prelude.<$> clientToken,
+            ("configuration" Data..=) Prelude.<$> configuration,
+            ("organizationRoleName" Data..=)
+              Prelude.<$> organizationRoleName,
+            ("stackSetName" Data..=) Prelude.<$> stackSetName,
+            ("tags" Data..=) Prelude.<$> tags,
+            ("vpcConfiguration" Data..=)
+              Prelude.<$> vpcConfiguration,
+            ("workspaceDataSources" Data..=)
+              Prelude.<$> workspaceDataSources,
+            ("workspaceDescription" Data..=)
+              Prelude.<$> workspaceDescription,
+            ("workspaceName" Data..=) Prelude.<$> workspaceName,
+            ("workspaceNotificationDestinations" Data..=)
+              Prelude.<$> workspaceNotificationDestinations,
+            ("workspaceOrganizationalUnits" Data..=)
+              Prelude.<$> workspaceOrganizationalUnits,
+            ("workspaceRoleArn" Data..=)
+              Prelude.<$> workspaceRoleArn,
+            Prelude.Just
+              ("accountAccessType" Data..= accountAccessType),
+            Prelude.Just
+              ( "authenticationProviders"
+                  Data..= authenticationProviders
+              ),
+            Prelude.Just
+              ("permissionType" Data..= permissionType)
+          ]
+      )
+
+instance Data.ToPath CreateWorkspace where
+  toPath = Prelude.const "/workspaces"
+
+instance Data.ToQuery CreateWorkspace where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateWorkspaceResponse' smart constructor.
+data CreateWorkspaceResponse = CreateWorkspaceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A structure containing data about the workspace that was created.
+    workspace :: WorkspaceDescription
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateWorkspaceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createWorkspaceResponse_httpStatus' - The response's http status code.
+--
+-- 'workspace', 'createWorkspaceResponse_workspace' - A structure containing data about the workspace that was created.
+newCreateWorkspaceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'workspace'
+  WorkspaceDescription ->
+  CreateWorkspaceResponse
+newCreateWorkspaceResponse pHttpStatus_ pWorkspace_ =
+  CreateWorkspaceResponse'
+    { httpStatus = pHttpStatus_,
+      workspace = pWorkspace_
+    }
+
+-- | The response's http status code.
+createWorkspaceResponse_httpStatus :: Lens.Lens' CreateWorkspaceResponse Prelude.Int
+createWorkspaceResponse_httpStatus = Lens.lens (\CreateWorkspaceResponse' {httpStatus} -> httpStatus) (\s@CreateWorkspaceResponse' {} a -> s {httpStatus = a} :: CreateWorkspaceResponse)
+
+-- | A structure containing data about the workspace that was created.
+createWorkspaceResponse_workspace :: Lens.Lens' CreateWorkspaceResponse WorkspaceDescription
+createWorkspaceResponse_workspace = Lens.lens (\CreateWorkspaceResponse' {workspace} -> workspace) (\s@CreateWorkspaceResponse' {} a -> s {workspace = a} :: CreateWorkspaceResponse)
+
+instance Prelude.NFData CreateWorkspaceResponse where
+  rnf CreateWorkspaceResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf workspace
diff --git a/gen/Amazonka/Grafana/CreateWorkspaceApiKey.hs b/gen/Amazonka/Grafana/CreateWorkspaceApiKey.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/CreateWorkspaceApiKey.hs
@@ -0,0 +1,269 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.CreateWorkspaceApiKey
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a Grafana API key for the workspace. This key can be used to
+-- authenticate requests sent to the workspace\'s HTTP API. See
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/Using-Grafana-APIs.html>
+-- for available APIs and example requests.
+module Amazonka.Grafana.CreateWorkspaceApiKey
+  ( -- * Creating a Request
+    CreateWorkspaceApiKey (..),
+    newCreateWorkspaceApiKey,
+
+    -- * Request Lenses
+    createWorkspaceApiKey_keyName,
+    createWorkspaceApiKey_keyRole,
+    createWorkspaceApiKey_secondsToLive,
+    createWorkspaceApiKey_workspaceId,
+
+    -- * Destructuring the Response
+    CreateWorkspaceApiKeyResponse (..),
+    newCreateWorkspaceApiKeyResponse,
+
+    -- * Response Lenses
+    createWorkspaceApiKeyResponse_httpStatus,
+    createWorkspaceApiKeyResponse_key,
+    createWorkspaceApiKeyResponse_keyName,
+    createWorkspaceApiKeyResponse_workspaceId,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newCreateWorkspaceApiKey' smart constructor.
+data CreateWorkspaceApiKey = CreateWorkspaceApiKey'
+  { -- | Specifies the name of the key. Keynames must be unique to the workspace.
+    keyName :: Prelude.Text,
+    -- | Specifies the permission level of the key.
+    --
+    -- Valid values: @VIEWER@|@EDITOR@|@ADMIN@
+    keyRole :: Prelude.Text,
+    -- | Specifies the time in seconds until the key expires. Keys can be valid
+    -- for up to 30 days.
+    secondsToLive :: Prelude.Natural,
+    -- | The ID of the workspace to create an API key.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateWorkspaceApiKey' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'keyName', 'createWorkspaceApiKey_keyName' - Specifies the name of the key. Keynames must be unique to the workspace.
+--
+-- 'keyRole', 'createWorkspaceApiKey_keyRole' - Specifies the permission level of the key.
+--
+-- Valid values: @VIEWER@|@EDITOR@|@ADMIN@
+--
+-- 'secondsToLive', 'createWorkspaceApiKey_secondsToLive' - Specifies the time in seconds until the key expires. Keys can be valid
+-- for up to 30 days.
+--
+-- 'workspaceId', 'createWorkspaceApiKey_workspaceId' - The ID of the workspace to create an API key.
+newCreateWorkspaceApiKey ::
+  -- | 'keyName'
+  Prelude.Text ->
+  -- | 'keyRole'
+  Prelude.Text ->
+  -- | 'secondsToLive'
+  Prelude.Natural ->
+  -- | 'workspaceId'
+  Prelude.Text ->
+  CreateWorkspaceApiKey
+newCreateWorkspaceApiKey
+  pKeyName_
+  pKeyRole_
+  pSecondsToLive_
+  pWorkspaceId_ =
+    CreateWorkspaceApiKey'
+      { keyName = pKeyName_,
+        keyRole = pKeyRole_,
+        secondsToLive = pSecondsToLive_,
+        workspaceId = pWorkspaceId_
+      }
+
+-- | Specifies the name of the key. Keynames must be unique to the workspace.
+createWorkspaceApiKey_keyName :: Lens.Lens' CreateWorkspaceApiKey Prelude.Text
+createWorkspaceApiKey_keyName = Lens.lens (\CreateWorkspaceApiKey' {keyName} -> keyName) (\s@CreateWorkspaceApiKey' {} a -> s {keyName = a} :: CreateWorkspaceApiKey)
+
+-- | Specifies the permission level of the key.
+--
+-- Valid values: @VIEWER@|@EDITOR@|@ADMIN@
+createWorkspaceApiKey_keyRole :: Lens.Lens' CreateWorkspaceApiKey Prelude.Text
+createWorkspaceApiKey_keyRole = Lens.lens (\CreateWorkspaceApiKey' {keyRole} -> keyRole) (\s@CreateWorkspaceApiKey' {} a -> s {keyRole = a} :: CreateWorkspaceApiKey)
+
+-- | Specifies the time in seconds until the key expires. Keys can be valid
+-- for up to 30 days.
+createWorkspaceApiKey_secondsToLive :: Lens.Lens' CreateWorkspaceApiKey Prelude.Natural
+createWorkspaceApiKey_secondsToLive = Lens.lens (\CreateWorkspaceApiKey' {secondsToLive} -> secondsToLive) (\s@CreateWorkspaceApiKey' {} a -> s {secondsToLive = a} :: CreateWorkspaceApiKey)
+
+-- | The ID of the workspace to create an API key.
+createWorkspaceApiKey_workspaceId :: Lens.Lens' CreateWorkspaceApiKey Prelude.Text
+createWorkspaceApiKey_workspaceId = Lens.lens (\CreateWorkspaceApiKey' {workspaceId} -> workspaceId) (\s@CreateWorkspaceApiKey' {} a -> s {workspaceId = a} :: CreateWorkspaceApiKey)
+
+instance Core.AWSRequest CreateWorkspaceApiKey where
+  type
+    AWSResponse CreateWorkspaceApiKey =
+      CreateWorkspaceApiKeyResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateWorkspaceApiKeyResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "key")
+            Prelude.<*> (x Data..:> "keyName")
+            Prelude.<*> (x Data..:> "workspaceId")
+      )
+
+instance Prelude.Hashable CreateWorkspaceApiKey where
+  hashWithSalt _salt CreateWorkspaceApiKey' {..} =
+    _salt
+      `Prelude.hashWithSalt` keyName
+      `Prelude.hashWithSalt` keyRole
+      `Prelude.hashWithSalt` secondsToLive
+      `Prelude.hashWithSalt` workspaceId
+
+instance Prelude.NFData CreateWorkspaceApiKey where
+  rnf CreateWorkspaceApiKey' {..} =
+    Prelude.rnf keyName
+      `Prelude.seq` Prelude.rnf keyRole
+      `Prelude.seq` Prelude.rnf secondsToLive
+      `Prelude.seq` Prelude.rnf workspaceId
+
+instance Data.ToHeaders CreateWorkspaceApiKey where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateWorkspaceApiKey where
+  toJSON CreateWorkspaceApiKey' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("keyName" Data..= keyName),
+            Prelude.Just ("keyRole" Data..= keyRole),
+            Prelude.Just
+              ("secondsToLive" Data..= secondsToLive)
+          ]
+      )
+
+instance Data.ToPath CreateWorkspaceApiKey where
+  toPath CreateWorkspaceApiKey' {..} =
+    Prelude.mconcat
+      ["/workspaces/", Data.toBS workspaceId, "/apikeys"]
+
+instance Data.ToQuery CreateWorkspaceApiKey where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateWorkspaceApiKeyResponse' smart constructor.
+data CreateWorkspaceApiKeyResponse = CreateWorkspaceApiKeyResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The key token. Use this value as a bearer token to authenticate HTTP
+    -- requests to the workspace.
+    key :: Data.Sensitive Prelude.Text,
+    -- | The name of the key that was created.
+    keyName :: Prelude.Text,
+    -- | The ID of the workspace that the key is valid for.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateWorkspaceApiKeyResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createWorkspaceApiKeyResponse_httpStatus' - The response's http status code.
+--
+-- 'key', 'createWorkspaceApiKeyResponse_key' - The key token. Use this value as a bearer token to authenticate HTTP
+-- requests to the workspace.
+--
+-- 'keyName', 'createWorkspaceApiKeyResponse_keyName' - The name of the key that was created.
+--
+-- 'workspaceId', 'createWorkspaceApiKeyResponse_workspaceId' - The ID of the workspace that the key is valid for.
+newCreateWorkspaceApiKeyResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'key'
+  Prelude.Text ->
+  -- | 'keyName'
+  Prelude.Text ->
+  -- | 'workspaceId'
+  Prelude.Text ->
+  CreateWorkspaceApiKeyResponse
+newCreateWorkspaceApiKeyResponse
+  pHttpStatus_
+  pKey_
+  pKeyName_
+  pWorkspaceId_ =
+    CreateWorkspaceApiKeyResponse'
+      { httpStatus =
+          pHttpStatus_,
+        key = Data._Sensitive Lens.# pKey_,
+        keyName = pKeyName_,
+        workspaceId = pWorkspaceId_
+      }
+
+-- | The response's http status code.
+createWorkspaceApiKeyResponse_httpStatus :: Lens.Lens' CreateWorkspaceApiKeyResponse Prelude.Int
+createWorkspaceApiKeyResponse_httpStatus = Lens.lens (\CreateWorkspaceApiKeyResponse' {httpStatus} -> httpStatus) (\s@CreateWorkspaceApiKeyResponse' {} a -> s {httpStatus = a} :: CreateWorkspaceApiKeyResponse)
+
+-- | The key token. Use this value as a bearer token to authenticate HTTP
+-- requests to the workspace.
+createWorkspaceApiKeyResponse_key :: Lens.Lens' CreateWorkspaceApiKeyResponse Prelude.Text
+createWorkspaceApiKeyResponse_key = Lens.lens (\CreateWorkspaceApiKeyResponse' {key} -> key) (\s@CreateWorkspaceApiKeyResponse' {} a -> s {key = a} :: CreateWorkspaceApiKeyResponse) Prelude.. Data._Sensitive
+
+-- | The name of the key that was created.
+createWorkspaceApiKeyResponse_keyName :: Lens.Lens' CreateWorkspaceApiKeyResponse Prelude.Text
+createWorkspaceApiKeyResponse_keyName = Lens.lens (\CreateWorkspaceApiKeyResponse' {keyName} -> keyName) (\s@CreateWorkspaceApiKeyResponse' {} a -> s {keyName = a} :: CreateWorkspaceApiKeyResponse)
+
+-- | The ID of the workspace that the key is valid for.
+createWorkspaceApiKeyResponse_workspaceId :: Lens.Lens' CreateWorkspaceApiKeyResponse Prelude.Text
+createWorkspaceApiKeyResponse_workspaceId = Lens.lens (\CreateWorkspaceApiKeyResponse' {workspaceId} -> workspaceId) (\s@CreateWorkspaceApiKeyResponse' {} a -> s {workspaceId = a} :: CreateWorkspaceApiKeyResponse)
+
+instance Prelude.NFData CreateWorkspaceApiKeyResponse where
+  rnf CreateWorkspaceApiKeyResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf key
+      `Prelude.seq` Prelude.rnf keyName
+      `Prelude.seq` Prelude.rnf workspaceId
diff --git a/gen/Amazonka/Grafana/DeleteWorkspace.hs b/gen/Amazonka/Grafana/DeleteWorkspace.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/DeleteWorkspace.hs
@@ -0,0 +1,160 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.DeleteWorkspace
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes an Amazon Managed Grafana workspace.
+module Amazonka.Grafana.DeleteWorkspace
+  ( -- * Creating a Request
+    DeleteWorkspace (..),
+    newDeleteWorkspace,
+
+    -- * Request Lenses
+    deleteWorkspace_workspaceId,
+
+    -- * Destructuring the Response
+    DeleteWorkspaceResponse (..),
+    newDeleteWorkspaceResponse,
+
+    -- * Response Lenses
+    deleteWorkspaceResponse_httpStatus,
+    deleteWorkspaceResponse_workspace,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDeleteWorkspace' smart constructor.
+data DeleteWorkspace = DeleteWorkspace'
+  { -- | The ID of the workspace to delete.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteWorkspace' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'workspaceId', 'deleteWorkspace_workspaceId' - The ID of the workspace to delete.
+newDeleteWorkspace ::
+  -- | 'workspaceId'
+  Prelude.Text ->
+  DeleteWorkspace
+newDeleteWorkspace pWorkspaceId_ =
+  DeleteWorkspace' {workspaceId = pWorkspaceId_}
+
+-- | The ID of the workspace to delete.
+deleteWorkspace_workspaceId :: Lens.Lens' DeleteWorkspace Prelude.Text
+deleteWorkspace_workspaceId = Lens.lens (\DeleteWorkspace' {workspaceId} -> workspaceId) (\s@DeleteWorkspace' {} a -> s {workspaceId = a} :: DeleteWorkspace)
+
+instance Core.AWSRequest DeleteWorkspace where
+  type
+    AWSResponse DeleteWorkspace =
+      DeleteWorkspaceResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteWorkspaceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "workspace")
+      )
+
+instance Prelude.Hashable DeleteWorkspace where
+  hashWithSalt _salt DeleteWorkspace' {..} =
+    _salt `Prelude.hashWithSalt` workspaceId
+
+instance Prelude.NFData DeleteWorkspace where
+  rnf DeleteWorkspace' {..} = Prelude.rnf workspaceId
+
+instance Data.ToHeaders DeleteWorkspace where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteWorkspace where
+  toPath DeleteWorkspace' {..} =
+    Prelude.mconcat
+      ["/workspaces/", Data.toBS workspaceId]
+
+instance Data.ToQuery DeleteWorkspace where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteWorkspaceResponse' smart constructor.
+data DeleteWorkspaceResponse = DeleteWorkspaceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A structure containing information about the workspace that was deleted.
+    workspace :: WorkspaceDescription
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteWorkspaceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteWorkspaceResponse_httpStatus' - The response's http status code.
+--
+-- 'workspace', 'deleteWorkspaceResponse_workspace' - A structure containing information about the workspace that was deleted.
+newDeleteWorkspaceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'workspace'
+  WorkspaceDescription ->
+  DeleteWorkspaceResponse
+newDeleteWorkspaceResponse pHttpStatus_ pWorkspace_ =
+  DeleteWorkspaceResponse'
+    { httpStatus = pHttpStatus_,
+      workspace = pWorkspace_
+    }
+
+-- | The response's http status code.
+deleteWorkspaceResponse_httpStatus :: Lens.Lens' DeleteWorkspaceResponse Prelude.Int
+deleteWorkspaceResponse_httpStatus = Lens.lens (\DeleteWorkspaceResponse' {httpStatus} -> httpStatus) (\s@DeleteWorkspaceResponse' {} a -> s {httpStatus = a} :: DeleteWorkspaceResponse)
+
+-- | A structure containing information about the workspace that was deleted.
+deleteWorkspaceResponse_workspace :: Lens.Lens' DeleteWorkspaceResponse WorkspaceDescription
+deleteWorkspaceResponse_workspace = Lens.lens (\DeleteWorkspaceResponse' {workspace} -> workspace) (\s@DeleteWorkspaceResponse' {} a -> s {workspace = a} :: DeleteWorkspaceResponse)
+
+instance Prelude.NFData DeleteWorkspaceResponse where
+  rnf DeleteWorkspaceResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf workspace
diff --git a/gen/Amazonka/Grafana/DeleteWorkspaceApiKey.hs b/gen/Amazonka/Grafana/DeleteWorkspaceApiKey.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/DeleteWorkspaceApiKey.hs
@@ -0,0 +1,200 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.DeleteWorkspaceApiKey
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes a Grafana API key for the workspace.
+module Amazonka.Grafana.DeleteWorkspaceApiKey
+  ( -- * Creating a Request
+    DeleteWorkspaceApiKey (..),
+    newDeleteWorkspaceApiKey,
+
+    -- * Request Lenses
+    deleteWorkspaceApiKey_keyName,
+    deleteWorkspaceApiKey_workspaceId,
+
+    -- * Destructuring the Response
+    DeleteWorkspaceApiKeyResponse (..),
+    newDeleteWorkspaceApiKeyResponse,
+
+    -- * Response Lenses
+    deleteWorkspaceApiKeyResponse_httpStatus,
+    deleteWorkspaceApiKeyResponse_keyName,
+    deleteWorkspaceApiKeyResponse_workspaceId,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDeleteWorkspaceApiKey' smart constructor.
+data DeleteWorkspaceApiKey = DeleteWorkspaceApiKey'
+  { -- | The name of the API key to delete.
+    keyName :: Prelude.Text,
+    -- | The ID of the workspace to delete.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteWorkspaceApiKey' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'keyName', 'deleteWorkspaceApiKey_keyName' - The name of the API key to delete.
+--
+-- 'workspaceId', 'deleteWorkspaceApiKey_workspaceId' - The ID of the workspace to delete.
+newDeleteWorkspaceApiKey ::
+  -- | 'keyName'
+  Prelude.Text ->
+  -- | 'workspaceId'
+  Prelude.Text ->
+  DeleteWorkspaceApiKey
+newDeleteWorkspaceApiKey pKeyName_ pWorkspaceId_ =
+  DeleteWorkspaceApiKey'
+    { keyName = pKeyName_,
+      workspaceId = pWorkspaceId_
+    }
+
+-- | The name of the API key to delete.
+deleteWorkspaceApiKey_keyName :: Lens.Lens' DeleteWorkspaceApiKey Prelude.Text
+deleteWorkspaceApiKey_keyName = Lens.lens (\DeleteWorkspaceApiKey' {keyName} -> keyName) (\s@DeleteWorkspaceApiKey' {} a -> s {keyName = a} :: DeleteWorkspaceApiKey)
+
+-- | The ID of the workspace to delete.
+deleteWorkspaceApiKey_workspaceId :: Lens.Lens' DeleteWorkspaceApiKey Prelude.Text
+deleteWorkspaceApiKey_workspaceId = Lens.lens (\DeleteWorkspaceApiKey' {workspaceId} -> workspaceId) (\s@DeleteWorkspaceApiKey' {} a -> s {workspaceId = a} :: DeleteWorkspaceApiKey)
+
+instance Core.AWSRequest DeleteWorkspaceApiKey where
+  type
+    AWSResponse DeleteWorkspaceApiKey =
+      DeleteWorkspaceApiKeyResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteWorkspaceApiKeyResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "keyName")
+            Prelude.<*> (x Data..:> "workspaceId")
+      )
+
+instance Prelude.Hashable DeleteWorkspaceApiKey where
+  hashWithSalt _salt DeleteWorkspaceApiKey' {..} =
+    _salt
+      `Prelude.hashWithSalt` keyName
+      `Prelude.hashWithSalt` workspaceId
+
+instance Prelude.NFData DeleteWorkspaceApiKey where
+  rnf DeleteWorkspaceApiKey' {..} =
+    Prelude.rnf keyName
+      `Prelude.seq` Prelude.rnf workspaceId
+
+instance Data.ToHeaders DeleteWorkspaceApiKey where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteWorkspaceApiKey where
+  toPath DeleteWorkspaceApiKey' {..} =
+    Prelude.mconcat
+      [ "/workspaces/",
+        Data.toBS workspaceId,
+        "/apikeys/",
+        Data.toBS keyName
+      ]
+
+instance Data.ToQuery DeleteWorkspaceApiKey where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteWorkspaceApiKeyResponse' smart constructor.
+data DeleteWorkspaceApiKeyResponse = DeleteWorkspaceApiKeyResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The name of the key that was deleted.
+    keyName :: Prelude.Text,
+    -- | The ID of the workspace where the key was deleted.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteWorkspaceApiKeyResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteWorkspaceApiKeyResponse_httpStatus' - The response's http status code.
+--
+-- 'keyName', 'deleteWorkspaceApiKeyResponse_keyName' - The name of the key that was deleted.
+--
+-- 'workspaceId', 'deleteWorkspaceApiKeyResponse_workspaceId' - The ID of the workspace where the key was deleted.
+newDeleteWorkspaceApiKeyResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'keyName'
+  Prelude.Text ->
+  -- | 'workspaceId'
+  Prelude.Text ->
+  DeleteWorkspaceApiKeyResponse
+newDeleteWorkspaceApiKeyResponse
+  pHttpStatus_
+  pKeyName_
+  pWorkspaceId_ =
+    DeleteWorkspaceApiKeyResponse'
+      { httpStatus =
+          pHttpStatus_,
+        keyName = pKeyName_,
+        workspaceId = pWorkspaceId_
+      }
+
+-- | The response's http status code.
+deleteWorkspaceApiKeyResponse_httpStatus :: Lens.Lens' DeleteWorkspaceApiKeyResponse Prelude.Int
+deleteWorkspaceApiKeyResponse_httpStatus = Lens.lens (\DeleteWorkspaceApiKeyResponse' {httpStatus} -> httpStatus) (\s@DeleteWorkspaceApiKeyResponse' {} a -> s {httpStatus = a} :: DeleteWorkspaceApiKeyResponse)
+
+-- | The name of the key that was deleted.
+deleteWorkspaceApiKeyResponse_keyName :: Lens.Lens' DeleteWorkspaceApiKeyResponse Prelude.Text
+deleteWorkspaceApiKeyResponse_keyName = Lens.lens (\DeleteWorkspaceApiKeyResponse' {keyName} -> keyName) (\s@DeleteWorkspaceApiKeyResponse' {} a -> s {keyName = a} :: DeleteWorkspaceApiKeyResponse)
+
+-- | The ID of the workspace where the key was deleted.
+deleteWorkspaceApiKeyResponse_workspaceId :: Lens.Lens' DeleteWorkspaceApiKeyResponse Prelude.Text
+deleteWorkspaceApiKeyResponse_workspaceId = Lens.lens (\DeleteWorkspaceApiKeyResponse' {workspaceId} -> workspaceId) (\s@DeleteWorkspaceApiKeyResponse' {} a -> s {workspaceId = a} :: DeleteWorkspaceApiKeyResponse)
+
+instance Prelude.NFData DeleteWorkspaceApiKeyResponse where
+  rnf DeleteWorkspaceApiKeyResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf keyName
+      `Prelude.seq` Prelude.rnf workspaceId
diff --git a/gen/Amazonka/Grafana/DescribeWorkspace.hs b/gen/Amazonka/Grafana/DescribeWorkspace.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/DescribeWorkspace.hs
@@ -0,0 +1,161 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.DescribeWorkspace
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Displays information about one Amazon Managed Grafana workspace.
+module Amazonka.Grafana.DescribeWorkspace
+  ( -- * Creating a Request
+    DescribeWorkspace (..),
+    newDescribeWorkspace,
+
+    -- * Request Lenses
+    describeWorkspace_workspaceId,
+
+    -- * Destructuring the Response
+    DescribeWorkspaceResponse (..),
+    newDescribeWorkspaceResponse,
+
+    -- * Response Lenses
+    describeWorkspaceResponse_httpStatus,
+    describeWorkspaceResponse_workspace,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDescribeWorkspace' smart constructor.
+data DescribeWorkspace = DescribeWorkspace'
+  { -- | The ID of the workspace to display information about.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeWorkspace' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'workspaceId', 'describeWorkspace_workspaceId' - The ID of the workspace to display information about.
+newDescribeWorkspace ::
+  -- | 'workspaceId'
+  Prelude.Text ->
+  DescribeWorkspace
+newDescribeWorkspace pWorkspaceId_ =
+  DescribeWorkspace' {workspaceId = pWorkspaceId_}
+
+-- | The ID of the workspace to display information about.
+describeWorkspace_workspaceId :: Lens.Lens' DescribeWorkspace Prelude.Text
+describeWorkspace_workspaceId = Lens.lens (\DescribeWorkspace' {workspaceId} -> workspaceId) (\s@DescribeWorkspace' {} a -> s {workspaceId = a} :: DescribeWorkspace)
+
+instance Core.AWSRequest DescribeWorkspace where
+  type
+    AWSResponse DescribeWorkspace =
+      DescribeWorkspaceResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeWorkspaceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "workspace")
+      )
+
+instance Prelude.Hashable DescribeWorkspace where
+  hashWithSalt _salt DescribeWorkspace' {..} =
+    _salt `Prelude.hashWithSalt` workspaceId
+
+instance Prelude.NFData DescribeWorkspace where
+  rnf DescribeWorkspace' {..} = Prelude.rnf workspaceId
+
+instance Data.ToHeaders DescribeWorkspace where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DescribeWorkspace where
+  toPath DescribeWorkspace' {..} =
+    Prelude.mconcat
+      ["/workspaces/", Data.toBS workspaceId]
+
+instance Data.ToQuery DescribeWorkspace where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeWorkspaceResponse' smart constructor.
+data DescribeWorkspaceResponse = DescribeWorkspaceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A structure containing information about the workspace.
+    workspace :: WorkspaceDescription
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeWorkspaceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'describeWorkspaceResponse_httpStatus' - The response's http status code.
+--
+-- 'workspace', 'describeWorkspaceResponse_workspace' - A structure containing information about the workspace.
+newDescribeWorkspaceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'workspace'
+  WorkspaceDescription ->
+  DescribeWorkspaceResponse
+newDescribeWorkspaceResponse pHttpStatus_ pWorkspace_ =
+  DescribeWorkspaceResponse'
+    { httpStatus =
+        pHttpStatus_,
+      workspace = pWorkspace_
+    }
+
+-- | The response's http status code.
+describeWorkspaceResponse_httpStatus :: Lens.Lens' DescribeWorkspaceResponse Prelude.Int
+describeWorkspaceResponse_httpStatus = Lens.lens (\DescribeWorkspaceResponse' {httpStatus} -> httpStatus) (\s@DescribeWorkspaceResponse' {} a -> s {httpStatus = a} :: DescribeWorkspaceResponse)
+
+-- | A structure containing information about the workspace.
+describeWorkspaceResponse_workspace :: Lens.Lens' DescribeWorkspaceResponse WorkspaceDescription
+describeWorkspaceResponse_workspace = Lens.lens (\DescribeWorkspaceResponse' {workspace} -> workspace) (\s@DescribeWorkspaceResponse' {} a -> s {workspace = a} :: DescribeWorkspaceResponse)
+
+instance Prelude.NFData DescribeWorkspaceResponse where
+  rnf DescribeWorkspaceResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf workspace
diff --git a/gen/Amazonka/Grafana/DescribeWorkspaceAuthentication.hs b/gen/Amazonka/Grafana/DescribeWorkspaceAuthentication.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/DescribeWorkspaceAuthentication.hs
@@ -0,0 +1,191 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.DescribeWorkspaceAuthentication
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Displays information about the authentication methods used in one Amazon
+-- Managed Grafana workspace.
+module Amazonka.Grafana.DescribeWorkspaceAuthentication
+  ( -- * Creating a Request
+    DescribeWorkspaceAuthentication (..),
+    newDescribeWorkspaceAuthentication,
+
+    -- * Request Lenses
+    describeWorkspaceAuthentication_workspaceId,
+
+    -- * Destructuring the Response
+    DescribeWorkspaceAuthenticationResponse (..),
+    newDescribeWorkspaceAuthenticationResponse,
+
+    -- * Response Lenses
+    describeWorkspaceAuthenticationResponse_httpStatus,
+    describeWorkspaceAuthenticationResponse_authentication,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDescribeWorkspaceAuthentication' smart constructor.
+data DescribeWorkspaceAuthentication = DescribeWorkspaceAuthentication'
+  { -- | The ID of the workspace to return authentication information about.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeWorkspaceAuthentication' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'workspaceId', 'describeWorkspaceAuthentication_workspaceId' - The ID of the workspace to return authentication information about.
+newDescribeWorkspaceAuthentication ::
+  -- | 'workspaceId'
+  Prelude.Text ->
+  DescribeWorkspaceAuthentication
+newDescribeWorkspaceAuthentication pWorkspaceId_ =
+  DescribeWorkspaceAuthentication'
+    { workspaceId =
+        pWorkspaceId_
+    }
+
+-- | The ID of the workspace to return authentication information about.
+describeWorkspaceAuthentication_workspaceId :: Lens.Lens' DescribeWorkspaceAuthentication Prelude.Text
+describeWorkspaceAuthentication_workspaceId = Lens.lens (\DescribeWorkspaceAuthentication' {workspaceId} -> workspaceId) (\s@DescribeWorkspaceAuthentication' {} a -> s {workspaceId = a} :: DescribeWorkspaceAuthentication)
+
+instance
+  Core.AWSRequest
+    DescribeWorkspaceAuthentication
+  where
+  type
+    AWSResponse DescribeWorkspaceAuthentication =
+      DescribeWorkspaceAuthenticationResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeWorkspaceAuthenticationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "authentication")
+      )
+
+instance
+  Prelude.Hashable
+    DescribeWorkspaceAuthentication
+  where
+  hashWithSalt
+    _salt
+    DescribeWorkspaceAuthentication' {..} =
+      _salt `Prelude.hashWithSalt` workspaceId
+
+instance
+  Prelude.NFData
+    DescribeWorkspaceAuthentication
+  where
+  rnf DescribeWorkspaceAuthentication' {..} =
+    Prelude.rnf workspaceId
+
+instance
+  Data.ToHeaders
+    DescribeWorkspaceAuthentication
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DescribeWorkspaceAuthentication where
+  toPath DescribeWorkspaceAuthentication' {..} =
+    Prelude.mconcat
+      [ "/workspaces/",
+        Data.toBS workspaceId,
+        "/authentication"
+      ]
+
+instance Data.ToQuery DescribeWorkspaceAuthentication where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeWorkspaceAuthenticationResponse' smart constructor.
+data DescribeWorkspaceAuthenticationResponse = DescribeWorkspaceAuthenticationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A structure containing information about the authentication methods used
+    -- in the workspace.
+    authentication :: AuthenticationDescription
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeWorkspaceAuthenticationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'describeWorkspaceAuthenticationResponse_httpStatus' - The response's http status code.
+--
+-- 'authentication', 'describeWorkspaceAuthenticationResponse_authentication' - A structure containing information about the authentication methods used
+-- in the workspace.
+newDescribeWorkspaceAuthenticationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'authentication'
+  AuthenticationDescription ->
+  DescribeWorkspaceAuthenticationResponse
+newDescribeWorkspaceAuthenticationResponse
+  pHttpStatus_
+  pAuthentication_ =
+    DescribeWorkspaceAuthenticationResponse'
+      { httpStatus =
+          pHttpStatus_,
+        authentication = pAuthentication_
+      }
+
+-- | The response's http status code.
+describeWorkspaceAuthenticationResponse_httpStatus :: Lens.Lens' DescribeWorkspaceAuthenticationResponse Prelude.Int
+describeWorkspaceAuthenticationResponse_httpStatus = Lens.lens (\DescribeWorkspaceAuthenticationResponse' {httpStatus} -> httpStatus) (\s@DescribeWorkspaceAuthenticationResponse' {} a -> s {httpStatus = a} :: DescribeWorkspaceAuthenticationResponse)
+
+-- | A structure containing information about the authentication methods used
+-- in the workspace.
+describeWorkspaceAuthenticationResponse_authentication :: Lens.Lens' DescribeWorkspaceAuthenticationResponse AuthenticationDescription
+describeWorkspaceAuthenticationResponse_authentication = Lens.lens (\DescribeWorkspaceAuthenticationResponse' {authentication} -> authentication) (\s@DescribeWorkspaceAuthenticationResponse' {} a -> s {authentication = a} :: DescribeWorkspaceAuthenticationResponse)
+
+instance
+  Prelude.NFData
+    DescribeWorkspaceAuthenticationResponse
+  where
+  rnf DescribeWorkspaceAuthenticationResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf authentication
diff --git a/gen/Amazonka/Grafana/DescribeWorkspaceConfiguration.hs b/gen/Amazonka/Grafana/DescribeWorkspaceConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/DescribeWorkspaceConfiguration.hs
@@ -0,0 +1,193 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.DescribeWorkspaceConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets the current configuration string for the given workspace.
+module Amazonka.Grafana.DescribeWorkspaceConfiguration
+  ( -- * Creating a Request
+    DescribeWorkspaceConfiguration (..),
+    newDescribeWorkspaceConfiguration,
+
+    -- * Request Lenses
+    describeWorkspaceConfiguration_workspaceId,
+
+    -- * Destructuring the Response
+    DescribeWorkspaceConfigurationResponse (..),
+    newDescribeWorkspaceConfigurationResponse,
+
+    -- * Response Lenses
+    describeWorkspaceConfigurationResponse_httpStatus,
+    describeWorkspaceConfigurationResponse_configuration,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDescribeWorkspaceConfiguration' smart constructor.
+data DescribeWorkspaceConfiguration = DescribeWorkspaceConfiguration'
+  { -- | The ID of the workspace to get configuration information for.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeWorkspaceConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'workspaceId', 'describeWorkspaceConfiguration_workspaceId' - The ID of the workspace to get configuration information for.
+newDescribeWorkspaceConfiguration ::
+  -- | 'workspaceId'
+  Prelude.Text ->
+  DescribeWorkspaceConfiguration
+newDescribeWorkspaceConfiguration pWorkspaceId_ =
+  DescribeWorkspaceConfiguration'
+    { workspaceId =
+        pWorkspaceId_
+    }
+
+-- | The ID of the workspace to get configuration information for.
+describeWorkspaceConfiguration_workspaceId :: Lens.Lens' DescribeWorkspaceConfiguration Prelude.Text
+describeWorkspaceConfiguration_workspaceId = Lens.lens (\DescribeWorkspaceConfiguration' {workspaceId} -> workspaceId) (\s@DescribeWorkspaceConfiguration' {} a -> s {workspaceId = a} :: DescribeWorkspaceConfiguration)
+
+instance
+  Core.AWSRequest
+    DescribeWorkspaceConfiguration
+  where
+  type
+    AWSResponse DescribeWorkspaceConfiguration =
+      DescribeWorkspaceConfigurationResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeWorkspaceConfigurationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "configuration")
+      )
+
+instance
+  Prelude.Hashable
+    DescribeWorkspaceConfiguration
+  where
+  hashWithSalt
+    _salt
+    DescribeWorkspaceConfiguration' {..} =
+      _salt `Prelude.hashWithSalt` workspaceId
+
+instance
+  Prelude.NFData
+    DescribeWorkspaceConfiguration
+  where
+  rnf DescribeWorkspaceConfiguration' {..} =
+    Prelude.rnf workspaceId
+
+instance
+  Data.ToHeaders
+    DescribeWorkspaceConfiguration
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DescribeWorkspaceConfiguration where
+  toPath DescribeWorkspaceConfiguration' {..} =
+    Prelude.mconcat
+      [ "/workspaces/",
+        Data.toBS workspaceId,
+        "/configuration"
+      ]
+
+instance Data.ToQuery DescribeWorkspaceConfiguration where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeWorkspaceConfigurationResponse' smart constructor.
+data DescribeWorkspaceConfigurationResponse = DescribeWorkspaceConfigurationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The configuration string for the workspace that you requested. For more
+    -- information about the format and configuration options available, see
+    -- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html Working in your Grafana workspace>.
+    configuration :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeWorkspaceConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'describeWorkspaceConfigurationResponse_httpStatus' - The response's http status code.
+--
+-- 'configuration', 'describeWorkspaceConfigurationResponse_configuration' - The configuration string for the workspace that you requested. For more
+-- information about the format and configuration options available, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html Working in your Grafana workspace>.
+newDescribeWorkspaceConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'configuration'
+  Prelude.Text ->
+  DescribeWorkspaceConfigurationResponse
+newDescribeWorkspaceConfigurationResponse
+  pHttpStatus_
+  pConfiguration_ =
+    DescribeWorkspaceConfigurationResponse'
+      { httpStatus =
+          pHttpStatus_,
+        configuration = pConfiguration_
+      }
+
+-- | The response's http status code.
+describeWorkspaceConfigurationResponse_httpStatus :: Lens.Lens' DescribeWorkspaceConfigurationResponse Prelude.Int
+describeWorkspaceConfigurationResponse_httpStatus = Lens.lens (\DescribeWorkspaceConfigurationResponse' {httpStatus} -> httpStatus) (\s@DescribeWorkspaceConfigurationResponse' {} a -> s {httpStatus = a} :: DescribeWorkspaceConfigurationResponse)
+
+-- | The configuration string for the workspace that you requested. For more
+-- information about the format and configuration options available, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html Working in your Grafana workspace>.
+describeWorkspaceConfigurationResponse_configuration :: Lens.Lens' DescribeWorkspaceConfigurationResponse Prelude.Text
+describeWorkspaceConfigurationResponse_configuration = Lens.lens (\DescribeWorkspaceConfigurationResponse' {configuration} -> configuration) (\s@DescribeWorkspaceConfigurationResponse' {} a -> s {configuration = a} :: DescribeWorkspaceConfigurationResponse)
+
+instance
+  Prelude.NFData
+    DescribeWorkspaceConfigurationResponse
+  where
+  rnf DescribeWorkspaceConfigurationResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf configuration
diff --git a/gen/Amazonka/Grafana/DisassociateLicense.hs b/gen/Amazonka/Grafana/DisassociateLicense.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/DisassociateLicense.hs
@@ -0,0 +1,185 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.DisassociateLicense
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes the Grafana Enterprise license from a workspace.
+module Amazonka.Grafana.DisassociateLicense
+  ( -- * Creating a Request
+    DisassociateLicense (..),
+    newDisassociateLicense,
+
+    -- * Request Lenses
+    disassociateLicense_licenseType,
+    disassociateLicense_workspaceId,
+
+    -- * Destructuring the Response
+    DisassociateLicenseResponse (..),
+    newDisassociateLicenseResponse,
+
+    -- * Response Lenses
+    disassociateLicenseResponse_httpStatus,
+    disassociateLicenseResponse_workspace,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDisassociateLicense' smart constructor.
+data DisassociateLicense = DisassociateLicense'
+  { -- | The type of license to remove from the workspace.
+    licenseType :: LicenseType,
+    -- | The ID of the workspace to remove the Grafana Enterprise license from.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateLicense' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'licenseType', 'disassociateLicense_licenseType' - The type of license to remove from the workspace.
+--
+-- 'workspaceId', 'disassociateLicense_workspaceId' - The ID of the workspace to remove the Grafana Enterprise license from.
+newDisassociateLicense ::
+  -- | 'licenseType'
+  LicenseType ->
+  -- | 'workspaceId'
+  Prelude.Text ->
+  DisassociateLicense
+newDisassociateLicense pLicenseType_ pWorkspaceId_ =
+  DisassociateLicense'
+    { licenseType = pLicenseType_,
+      workspaceId = pWorkspaceId_
+    }
+
+-- | The type of license to remove from the workspace.
+disassociateLicense_licenseType :: Lens.Lens' DisassociateLicense LicenseType
+disassociateLicense_licenseType = Lens.lens (\DisassociateLicense' {licenseType} -> licenseType) (\s@DisassociateLicense' {} a -> s {licenseType = a} :: DisassociateLicense)
+
+-- | The ID of the workspace to remove the Grafana Enterprise license from.
+disassociateLicense_workspaceId :: Lens.Lens' DisassociateLicense Prelude.Text
+disassociateLicense_workspaceId = Lens.lens (\DisassociateLicense' {workspaceId} -> workspaceId) (\s@DisassociateLicense' {} a -> s {workspaceId = a} :: DisassociateLicense)
+
+instance Core.AWSRequest DisassociateLicense where
+  type
+    AWSResponse DisassociateLicense =
+      DisassociateLicenseResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DisassociateLicenseResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "workspace")
+      )
+
+instance Prelude.Hashable DisassociateLicense where
+  hashWithSalt _salt DisassociateLicense' {..} =
+    _salt
+      `Prelude.hashWithSalt` licenseType
+      `Prelude.hashWithSalt` workspaceId
+
+instance Prelude.NFData DisassociateLicense where
+  rnf DisassociateLicense' {..} =
+    Prelude.rnf licenseType
+      `Prelude.seq` Prelude.rnf workspaceId
+
+instance Data.ToHeaders DisassociateLicense where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DisassociateLicense where
+  toPath DisassociateLicense' {..} =
+    Prelude.mconcat
+      [ "/workspaces/",
+        Data.toBS workspaceId,
+        "/licenses/",
+        Data.toBS licenseType
+      ]
+
+instance Data.ToQuery DisassociateLicense where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisassociateLicenseResponse' smart constructor.
+data DisassociateLicenseResponse = DisassociateLicenseResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A structure containing information about the workspace.
+    workspace :: WorkspaceDescription
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateLicenseResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disassociateLicenseResponse_httpStatus' - The response's http status code.
+--
+-- 'workspace', 'disassociateLicenseResponse_workspace' - A structure containing information about the workspace.
+newDisassociateLicenseResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'workspace'
+  WorkspaceDescription ->
+  DisassociateLicenseResponse
+newDisassociateLicenseResponse
+  pHttpStatus_
+  pWorkspace_ =
+    DisassociateLicenseResponse'
+      { httpStatus =
+          pHttpStatus_,
+        workspace = pWorkspace_
+      }
+
+-- | The response's http status code.
+disassociateLicenseResponse_httpStatus :: Lens.Lens' DisassociateLicenseResponse Prelude.Int
+disassociateLicenseResponse_httpStatus = Lens.lens (\DisassociateLicenseResponse' {httpStatus} -> httpStatus) (\s@DisassociateLicenseResponse' {} a -> s {httpStatus = a} :: DisassociateLicenseResponse)
+
+-- | A structure containing information about the workspace.
+disassociateLicenseResponse_workspace :: Lens.Lens' DisassociateLicenseResponse WorkspaceDescription
+disassociateLicenseResponse_workspace = Lens.lens (\DisassociateLicenseResponse' {workspace} -> workspace) (\s@DisassociateLicenseResponse' {} a -> s {workspace = a} :: DisassociateLicenseResponse)
+
+instance Prelude.NFData DisassociateLicenseResponse where
+  rnf DisassociateLicenseResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf workspace
diff --git a/gen/Amazonka/Grafana/Lens.hs b/gen/Amazonka/Grafana/Lens.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Lens.hs
@@ -0,0 +1,288 @@
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Lens
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Lens
+  ( -- * Operations
+
+    -- ** AssociateLicense
+    associateLicense_licenseType,
+    associateLicense_workspaceId,
+    associateLicenseResponse_httpStatus,
+    associateLicenseResponse_workspace,
+
+    -- ** CreateWorkspace
+    createWorkspace_clientToken,
+    createWorkspace_configuration,
+    createWorkspace_organizationRoleName,
+    createWorkspace_stackSetName,
+    createWorkspace_tags,
+    createWorkspace_vpcConfiguration,
+    createWorkspace_workspaceDataSources,
+    createWorkspace_workspaceDescription,
+    createWorkspace_workspaceName,
+    createWorkspace_workspaceNotificationDestinations,
+    createWorkspace_workspaceOrganizationalUnits,
+    createWorkspace_workspaceRoleArn,
+    createWorkspace_accountAccessType,
+    createWorkspace_authenticationProviders,
+    createWorkspace_permissionType,
+    createWorkspaceResponse_httpStatus,
+    createWorkspaceResponse_workspace,
+
+    -- ** CreateWorkspaceApiKey
+    createWorkspaceApiKey_keyName,
+    createWorkspaceApiKey_keyRole,
+    createWorkspaceApiKey_secondsToLive,
+    createWorkspaceApiKey_workspaceId,
+    createWorkspaceApiKeyResponse_httpStatus,
+    createWorkspaceApiKeyResponse_key,
+    createWorkspaceApiKeyResponse_keyName,
+    createWorkspaceApiKeyResponse_workspaceId,
+
+    -- ** DeleteWorkspace
+    deleteWorkspace_workspaceId,
+    deleteWorkspaceResponse_httpStatus,
+    deleteWorkspaceResponse_workspace,
+
+    -- ** DeleteWorkspaceApiKey
+    deleteWorkspaceApiKey_keyName,
+    deleteWorkspaceApiKey_workspaceId,
+    deleteWorkspaceApiKeyResponse_httpStatus,
+    deleteWorkspaceApiKeyResponse_keyName,
+    deleteWorkspaceApiKeyResponse_workspaceId,
+
+    -- ** DescribeWorkspace
+    describeWorkspace_workspaceId,
+    describeWorkspaceResponse_httpStatus,
+    describeWorkspaceResponse_workspace,
+
+    -- ** DescribeWorkspaceAuthentication
+    describeWorkspaceAuthentication_workspaceId,
+    describeWorkspaceAuthenticationResponse_httpStatus,
+    describeWorkspaceAuthenticationResponse_authentication,
+
+    -- ** DescribeWorkspaceConfiguration
+    describeWorkspaceConfiguration_workspaceId,
+    describeWorkspaceConfigurationResponse_httpStatus,
+    describeWorkspaceConfigurationResponse_configuration,
+
+    -- ** DisassociateLicense
+    disassociateLicense_licenseType,
+    disassociateLicense_workspaceId,
+    disassociateLicenseResponse_httpStatus,
+    disassociateLicenseResponse_workspace,
+
+    -- ** ListPermissions
+    listPermissions_groupId,
+    listPermissions_maxResults,
+    listPermissions_nextToken,
+    listPermissions_userId,
+    listPermissions_userType,
+    listPermissions_workspaceId,
+    listPermissionsResponse_nextToken,
+    listPermissionsResponse_httpStatus,
+    listPermissionsResponse_permissions,
+
+    -- ** ListTagsForResource
+    listTagsForResource_resourceArn,
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+
+    -- ** ListWorkspaces
+    listWorkspaces_maxResults,
+    listWorkspaces_nextToken,
+    listWorkspacesResponse_nextToken,
+    listWorkspacesResponse_httpStatus,
+    listWorkspacesResponse_workspaces,
+
+    -- ** TagResource
+    tagResource_resourceArn,
+    tagResource_tags,
+    tagResourceResponse_httpStatus,
+
+    -- ** UntagResource
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+    untagResourceResponse_httpStatus,
+
+    -- ** UpdatePermissions
+    updatePermissions_updateInstructionBatch,
+    updatePermissions_workspaceId,
+    updatePermissionsResponse_httpStatus,
+    updatePermissionsResponse_errors,
+
+    -- ** UpdateWorkspace
+    updateWorkspace_accountAccessType,
+    updateWorkspace_organizationRoleName,
+    updateWorkspace_permissionType,
+    updateWorkspace_removeVpcConfiguration,
+    updateWorkspace_stackSetName,
+    updateWorkspace_vpcConfiguration,
+    updateWorkspace_workspaceDataSources,
+    updateWorkspace_workspaceDescription,
+    updateWorkspace_workspaceName,
+    updateWorkspace_workspaceNotificationDestinations,
+    updateWorkspace_workspaceOrganizationalUnits,
+    updateWorkspace_workspaceRoleArn,
+    updateWorkspace_workspaceId,
+    updateWorkspaceResponse_httpStatus,
+    updateWorkspaceResponse_workspace,
+
+    -- ** UpdateWorkspaceAuthentication
+    updateWorkspaceAuthentication_samlConfiguration,
+    updateWorkspaceAuthentication_authenticationProviders,
+    updateWorkspaceAuthentication_workspaceId,
+    updateWorkspaceAuthenticationResponse_httpStatus,
+    updateWorkspaceAuthenticationResponse_authentication,
+
+    -- ** UpdateWorkspaceConfiguration
+    updateWorkspaceConfiguration_configuration,
+    updateWorkspaceConfiguration_workspaceId,
+    updateWorkspaceConfigurationResponse_httpStatus,
+
+    -- * Types
+
+    -- ** AssertionAttributes
+    assertionAttributes_email,
+    assertionAttributes_groups,
+    assertionAttributes_login,
+    assertionAttributes_name,
+    assertionAttributes_org,
+    assertionAttributes_role,
+
+    -- ** AuthenticationDescription
+    authenticationDescription_awsSso,
+    authenticationDescription_saml,
+    authenticationDescription_providers,
+
+    -- ** AuthenticationSummary
+    authenticationSummary_samlConfigurationStatus,
+    authenticationSummary_providers,
+
+    -- ** AwsSsoAuthentication
+    awsSsoAuthentication_ssoClientId,
+
+    -- ** IdpMetadata
+    idpMetadata_url,
+    idpMetadata_xml,
+
+    -- ** PermissionEntry
+    permissionEntry_role,
+    permissionEntry_user,
+
+    -- ** RoleValues
+    roleValues_admin,
+    roleValues_editor,
+
+    -- ** SamlAuthentication
+    samlAuthentication_configuration,
+    samlAuthentication_status,
+
+    -- ** SamlConfiguration
+    samlConfiguration_allowedOrganizations,
+    samlConfiguration_assertionAttributes,
+    samlConfiguration_loginValidityDuration,
+    samlConfiguration_roleValues,
+    samlConfiguration_idpMetadata,
+
+    -- ** UpdateError
+    updateError_causedBy,
+    updateError_code,
+    updateError_message,
+
+    -- ** UpdateInstruction
+    updateInstruction_action,
+    updateInstruction_role,
+    updateInstruction_users,
+
+    -- ** User
+    user_id,
+    user_type,
+
+    -- ** VpcConfiguration
+    vpcConfiguration_securityGroupIds,
+    vpcConfiguration_subnetIds,
+
+    -- ** WorkspaceDescription
+    workspaceDescription_accountAccessType,
+    workspaceDescription_description,
+    workspaceDescription_freeTrialConsumed,
+    workspaceDescription_freeTrialExpiration,
+    workspaceDescription_licenseExpiration,
+    workspaceDescription_licenseType,
+    workspaceDescription_name,
+    workspaceDescription_notificationDestinations,
+    workspaceDescription_organizationRoleName,
+    workspaceDescription_organizationalUnits,
+    workspaceDescription_permissionType,
+    workspaceDescription_stackSetName,
+    workspaceDescription_tags,
+    workspaceDescription_vpcConfiguration,
+    workspaceDescription_workspaceRoleArn,
+    workspaceDescription_authentication,
+    workspaceDescription_created,
+    workspaceDescription_dataSources,
+    workspaceDescription_endpoint,
+    workspaceDescription_grafanaVersion,
+    workspaceDescription_id,
+    workspaceDescription_modified,
+    workspaceDescription_status,
+
+    -- ** WorkspaceSummary
+    workspaceSummary_description,
+    workspaceSummary_name,
+    workspaceSummary_notificationDestinations,
+    workspaceSummary_tags,
+    workspaceSummary_authentication,
+    workspaceSummary_created,
+    workspaceSummary_endpoint,
+    workspaceSummary_grafanaVersion,
+    workspaceSummary_id,
+    workspaceSummary_modified,
+    workspaceSummary_status,
+  )
+where
+
+import Amazonka.Grafana.AssociateLicense
+import Amazonka.Grafana.CreateWorkspace
+import Amazonka.Grafana.CreateWorkspaceApiKey
+import Amazonka.Grafana.DeleteWorkspace
+import Amazonka.Grafana.DeleteWorkspaceApiKey
+import Amazonka.Grafana.DescribeWorkspace
+import Amazonka.Grafana.DescribeWorkspaceAuthentication
+import Amazonka.Grafana.DescribeWorkspaceConfiguration
+import Amazonka.Grafana.DisassociateLicense
+import Amazonka.Grafana.ListPermissions
+import Amazonka.Grafana.ListTagsForResource
+import Amazonka.Grafana.ListWorkspaces
+import Amazonka.Grafana.TagResource
+import Amazonka.Grafana.Types.AssertionAttributes
+import Amazonka.Grafana.Types.AuthenticationDescription
+import Amazonka.Grafana.Types.AuthenticationSummary
+import Amazonka.Grafana.Types.AwsSsoAuthentication
+import Amazonka.Grafana.Types.IdpMetadata
+import Amazonka.Grafana.Types.PermissionEntry
+import Amazonka.Grafana.Types.RoleValues
+import Amazonka.Grafana.Types.SamlAuthentication
+import Amazonka.Grafana.Types.SamlConfiguration
+import Amazonka.Grafana.Types.UpdateError
+import Amazonka.Grafana.Types.UpdateInstruction
+import Amazonka.Grafana.Types.User
+import Amazonka.Grafana.Types.VpcConfiguration
+import Amazonka.Grafana.Types.WorkspaceDescription
+import Amazonka.Grafana.Types.WorkspaceSummary
+import Amazonka.Grafana.UntagResource
+import Amazonka.Grafana.UpdatePermissions
+import Amazonka.Grafana.UpdateWorkspace
+import Amazonka.Grafana.UpdateWorkspaceAuthentication
+import Amazonka.Grafana.UpdateWorkspaceConfiguration
diff --git a/gen/Amazonka/Grafana/ListPermissions.hs b/gen/Amazonka/Grafana/ListPermissions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/ListPermissions.hs
@@ -0,0 +1,286 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.ListPermissions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the users and groups who have the Grafana @Admin@ and @Editor@
+-- roles in this workspace. If you use this operation without specifying
+-- @userId@ or @groupId@, the operation returns the roles of all users and
+-- groups. If you specify a @userId@ or a @groupId@, only the roles for
+-- that user or group are returned. If you do this, you can specify only
+-- one @userId@ or one @groupId@.
+--
+-- This operation returns paginated results.
+module Amazonka.Grafana.ListPermissions
+  ( -- * Creating a Request
+    ListPermissions (..),
+    newListPermissions,
+
+    -- * Request Lenses
+    listPermissions_groupId,
+    listPermissions_maxResults,
+    listPermissions_nextToken,
+    listPermissions_userId,
+    listPermissions_userType,
+    listPermissions_workspaceId,
+
+    -- * Destructuring the Response
+    ListPermissionsResponse (..),
+    newListPermissionsResponse,
+
+    -- * Response Lenses
+    listPermissionsResponse_nextToken,
+    listPermissionsResponse_httpStatus,
+    listPermissionsResponse_permissions,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListPermissions' smart constructor.
+data ListPermissions = ListPermissions'
+  { -- | (Optional) Limits the results to only the group that matches this ID.
+    groupId :: Prelude.Maybe Prelude.Text,
+    -- | The maximum number of results to include in the response.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token to use when requesting the next set of results. You received
+    -- this token from a previous @ListPermissions@ operation.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | (Optional) Limits the results to only the user that matches this ID.
+    userId :: Prelude.Maybe Prelude.Text,
+    -- | (Optional) If you specify @SSO_USER@, then only the permissions of IAM
+    -- Identity Center users are returned. If you specify @SSO_GROUP@, only the
+    -- permissions of IAM Identity Center groups are returned.
+    userType :: Prelude.Maybe UserType,
+    -- | The ID of the workspace to list permissions for. This parameter is
+    -- required.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListPermissions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'groupId', 'listPermissions_groupId' - (Optional) Limits the results to only the group that matches this ID.
+--
+-- 'maxResults', 'listPermissions_maxResults' - The maximum number of results to include in the response.
+--
+-- 'nextToken', 'listPermissions_nextToken' - The token to use when requesting the next set of results. You received
+-- this token from a previous @ListPermissions@ operation.
+--
+-- 'userId', 'listPermissions_userId' - (Optional) Limits the results to only the user that matches this ID.
+--
+-- 'userType', 'listPermissions_userType' - (Optional) If you specify @SSO_USER@, then only the permissions of IAM
+-- Identity Center users are returned. If you specify @SSO_GROUP@, only the
+-- permissions of IAM Identity Center groups are returned.
+--
+-- 'workspaceId', 'listPermissions_workspaceId' - The ID of the workspace to list permissions for. This parameter is
+-- required.
+newListPermissions ::
+  -- | 'workspaceId'
+  Prelude.Text ->
+  ListPermissions
+newListPermissions pWorkspaceId_ =
+  ListPermissions'
+    { groupId = Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      userId = Prelude.Nothing,
+      userType = Prelude.Nothing,
+      workspaceId = pWorkspaceId_
+    }
+
+-- | (Optional) Limits the results to only the group that matches this ID.
+listPermissions_groupId :: Lens.Lens' ListPermissions (Prelude.Maybe Prelude.Text)
+listPermissions_groupId = Lens.lens (\ListPermissions' {groupId} -> groupId) (\s@ListPermissions' {} a -> s {groupId = a} :: ListPermissions)
+
+-- | The maximum number of results to include in the response.
+listPermissions_maxResults :: Lens.Lens' ListPermissions (Prelude.Maybe Prelude.Natural)
+listPermissions_maxResults = Lens.lens (\ListPermissions' {maxResults} -> maxResults) (\s@ListPermissions' {} a -> s {maxResults = a} :: ListPermissions)
+
+-- | The token to use when requesting the next set of results. You received
+-- this token from a previous @ListPermissions@ operation.
+listPermissions_nextToken :: Lens.Lens' ListPermissions (Prelude.Maybe Prelude.Text)
+listPermissions_nextToken = Lens.lens (\ListPermissions' {nextToken} -> nextToken) (\s@ListPermissions' {} a -> s {nextToken = a} :: ListPermissions)
+
+-- | (Optional) Limits the results to only the user that matches this ID.
+listPermissions_userId :: Lens.Lens' ListPermissions (Prelude.Maybe Prelude.Text)
+listPermissions_userId = Lens.lens (\ListPermissions' {userId} -> userId) (\s@ListPermissions' {} a -> s {userId = a} :: ListPermissions)
+
+-- | (Optional) If you specify @SSO_USER@, then only the permissions of IAM
+-- Identity Center users are returned. If you specify @SSO_GROUP@, only the
+-- permissions of IAM Identity Center groups are returned.
+listPermissions_userType :: Lens.Lens' ListPermissions (Prelude.Maybe UserType)
+listPermissions_userType = Lens.lens (\ListPermissions' {userType} -> userType) (\s@ListPermissions' {} a -> s {userType = a} :: ListPermissions)
+
+-- | The ID of the workspace to list permissions for. This parameter is
+-- required.
+listPermissions_workspaceId :: Lens.Lens' ListPermissions Prelude.Text
+listPermissions_workspaceId = Lens.lens (\ListPermissions' {workspaceId} -> workspaceId) (\s@ListPermissions' {} a -> s {workspaceId = a} :: ListPermissions)
+
+instance Core.AWSPager ListPermissions where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listPermissionsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        (rs Lens.^. listPermissionsResponse_permissions) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listPermissions_nextToken
+          Lens..~ rs
+          Lens.^? listPermissionsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListPermissions where
+  type
+    AWSResponse ListPermissions =
+      ListPermissionsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListPermissionsResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "permissions" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable ListPermissions where
+  hashWithSalt _salt ListPermissions' {..} =
+    _salt
+      `Prelude.hashWithSalt` groupId
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` userId
+      `Prelude.hashWithSalt` userType
+      `Prelude.hashWithSalt` workspaceId
+
+instance Prelude.NFData ListPermissions where
+  rnf ListPermissions' {..} =
+    Prelude.rnf groupId
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf userId
+      `Prelude.seq` Prelude.rnf userType
+      `Prelude.seq` Prelude.rnf workspaceId
+
+instance Data.ToHeaders ListPermissions where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListPermissions where
+  toPath ListPermissions' {..} =
+    Prelude.mconcat
+      [ "/workspaces/",
+        Data.toBS workspaceId,
+        "/permissions"
+      ]
+
+instance Data.ToQuery ListPermissions where
+  toQuery ListPermissions' {..} =
+    Prelude.mconcat
+      [ "groupId" Data.=: groupId,
+        "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken,
+        "userId" Data.=: userId,
+        "userType" Data.=: userType
+      ]
+
+-- | /See:/ 'newListPermissionsResponse' smart constructor.
+data ListPermissionsResponse = ListPermissionsResponse'
+  { -- | The token to use in a subsequent @ListPermissions@ operation to return
+    -- the next set of results.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The permissions returned by the operation.
+    permissions :: [PermissionEntry]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListPermissionsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listPermissionsResponse_nextToken' - The token to use in a subsequent @ListPermissions@ operation to return
+-- the next set of results.
+--
+-- 'httpStatus', 'listPermissionsResponse_httpStatus' - The response's http status code.
+--
+-- 'permissions', 'listPermissionsResponse_permissions' - The permissions returned by the operation.
+newListPermissionsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListPermissionsResponse
+newListPermissionsResponse pHttpStatus_ =
+  ListPermissionsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      permissions = Prelude.mempty
+    }
+
+-- | The token to use in a subsequent @ListPermissions@ operation to return
+-- the next set of results.
+listPermissionsResponse_nextToken :: Lens.Lens' ListPermissionsResponse (Prelude.Maybe Prelude.Text)
+listPermissionsResponse_nextToken = Lens.lens (\ListPermissionsResponse' {nextToken} -> nextToken) (\s@ListPermissionsResponse' {} a -> s {nextToken = a} :: ListPermissionsResponse)
+
+-- | The response's http status code.
+listPermissionsResponse_httpStatus :: Lens.Lens' ListPermissionsResponse Prelude.Int
+listPermissionsResponse_httpStatus = Lens.lens (\ListPermissionsResponse' {httpStatus} -> httpStatus) (\s@ListPermissionsResponse' {} a -> s {httpStatus = a} :: ListPermissionsResponse)
+
+-- | The permissions returned by the operation.
+listPermissionsResponse_permissions :: Lens.Lens' ListPermissionsResponse [PermissionEntry]
+listPermissionsResponse_permissions = Lens.lens (\ListPermissionsResponse' {permissions} -> permissions) (\s@ListPermissionsResponse' {} a -> s {permissions = a} :: ListPermissionsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListPermissionsResponse where
+  rnf ListPermissionsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf permissions
diff --git a/gen/Amazonka/Grafana/ListTagsForResource.hs b/gen/Amazonka/Grafana/ListTagsForResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/ListTagsForResource.hs
@@ -0,0 +1,162 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.ListTagsForResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- The @ListTagsForResource@ operation returns the tags that are associated
+-- with the Amazon Managed Service for Grafana resource specified by the
+-- @resourceArn@. Currently, the only resource that can be tagged is a
+-- workspace.
+module Amazonka.Grafana.ListTagsForResource
+  ( -- * Creating a Request
+    ListTagsForResource (..),
+    newListTagsForResource,
+
+    -- * Request Lenses
+    listTagsForResource_resourceArn,
+
+    -- * Destructuring the Response
+    ListTagsForResourceResponse (..),
+    newListTagsForResourceResponse,
+
+    -- * Response Lenses
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListTagsForResource' smart constructor.
+data ListTagsForResource = ListTagsForResource'
+  { -- | The ARN of the resource the list of tags are associated with.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'listTagsForResource_resourceArn' - The ARN of the resource the list of tags are associated with.
+newListTagsForResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  ListTagsForResource
+newListTagsForResource pResourceArn_ =
+  ListTagsForResource' {resourceArn = pResourceArn_}
+
+-- | The ARN of the resource the list of tags are associated with.
+listTagsForResource_resourceArn :: Lens.Lens' ListTagsForResource Prelude.Text
+listTagsForResource_resourceArn = Lens.lens (\ListTagsForResource' {resourceArn} -> resourceArn) (\s@ListTagsForResource' {} a -> s {resourceArn = a} :: ListTagsForResource)
+
+instance Core.AWSRequest ListTagsForResource where
+  type
+    AWSResponse ListTagsForResource =
+      ListTagsForResourceResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListTagsForResourceResponse'
+            Prelude.<$> (x Data..?> "tags" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListTagsForResource where
+  hashWithSalt _salt ListTagsForResource' {..} =
+    _salt `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData ListTagsForResource where
+  rnf ListTagsForResource' {..} =
+    Prelude.rnf resourceArn
+
+instance Data.ToHeaders ListTagsForResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListTagsForResource where
+  toPath ListTagsForResource' {..} =
+    Prelude.mconcat ["/tags/", Data.toBS resourceArn]
+
+instance Data.ToQuery ListTagsForResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListTagsForResourceResponse' smart constructor.
+data ListTagsForResourceResponse = ListTagsForResourceResponse'
+  { -- | The list of tags that are associated with the resource.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'tags', 'listTagsForResourceResponse_tags' - The list of tags that are associated with the resource.
+--
+-- 'httpStatus', 'listTagsForResourceResponse_httpStatus' - The response's http status code.
+newListTagsForResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListTagsForResourceResponse
+newListTagsForResourceResponse pHttpStatus_ =
+  ListTagsForResourceResponse'
+    { tags =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The list of tags that are associated with the resource.
+listTagsForResourceResponse_tags :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+listTagsForResourceResponse_tags = Lens.lens (\ListTagsForResourceResponse' {tags} -> tags) (\s@ListTagsForResourceResponse' {} a -> s {tags = a} :: ListTagsForResourceResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listTagsForResourceResponse_httpStatus :: Lens.Lens' ListTagsForResourceResponse Prelude.Int
+listTagsForResourceResponse_httpStatus = Lens.lens (\ListTagsForResourceResponse' {httpStatus} -> httpStatus) (\s@ListTagsForResourceResponse' {} a -> s {httpStatus = a} :: ListTagsForResourceResponse)
+
+instance Prelude.NFData ListTagsForResourceResponse where
+  rnf ListTagsForResourceResponse' {..} =
+    Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Grafana/ListWorkspaces.hs b/gen/Amazonka/Grafana/ListWorkspaces.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/ListWorkspaces.hs
@@ -0,0 +1,217 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.ListWorkspaces
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns a list of Amazon Managed Grafana workspaces in the account, with
+-- some information about each workspace. For more complete information
+-- about one workspace, use
+-- <https://docs.aws.amazon.com/AAMG/latest/APIReference/API_DescribeWorkspace.html DescribeWorkspace>.
+--
+-- This operation returns paginated results.
+module Amazonka.Grafana.ListWorkspaces
+  ( -- * Creating a Request
+    ListWorkspaces (..),
+    newListWorkspaces,
+
+    -- * Request Lenses
+    listWorkspaces_maxResults,
+    listWorkspaces_nextToken,
+
+    -- * Destructuring the Response
+    ListWorkspacesResponse (..),
+    newListWorkspacesResponse,
+
+    -- * Response Lenses
+    listWorkspacesResponse_nextToken,
+    listWorkspacesResponse_httpStatus,
+    listWorkspacesResponse_workspaces,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListWorkspaces' smart constructor.
+data ListWorkspaces = ListWorkspaces'
+  { -- | The maximum number of workspaces to include in the results.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token for the next set of workspaces to return. (You receive this
+    -- token from a previous @ListWorkspaces@ operation.)
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListWorkspaces' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listWorkspaces_maxResults' - The maximum number of workspaces to include in the results.
+--
+-- 'nextToken', 'listWorkspaces_nextToken' - The token for the next set of workspaces to return. (You receive this
+-- token from a previous @ListWorkspaces@ operation.)
+newListWorkspaces ::
+  ListWorkspaces
+newListWorkspaces =
+  ListWorkspaces'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | The maximum number of workspaces to include in the results.
+listWorkspaces_maxResults :: Lens.Lens' ListWorkspaces (Prelude.Maybe Prelude.Natural)
+listWorkspaces_maxResults = Lens.lens (\ListWorkspaces' {maxResults} -> maxResults) (\s@ListWorkspaces' {} a -> s {maxResults = a} :: ListWorkspaces)
+
+-- | The token for the next set of workspaces to return. (You receive this
+-- token from a previous @ListWorkspaces@ operation.)
+listWorkspaces_nextToken :: Lens.Lens' ListWorkspaces (Prelude.Maybe Prelude.Text)
+listWorkspaces_nextToken = Lens.lens (\ListWorkspaces' {nextToken} -> nextToken) (\s@ListWorkspaces' {} a -> s {nextToken = a} :: ListWorkspaces)
+
+instance Core.AWSPager ListWorkspaces where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listWorkspacesResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        (rs Lens.^. listWorkspacesResponse_workspaces) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listWorkspaces_nextToken
+          Lens..~ rs
+          Lens.^? listWorkspacesResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListWorkspaces where
+  type
+    AWSResponse ListWorkspaces =
+      ListWorkspacesResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListWorkspacesResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "workspaces" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable ListWorkspaces where
+  hashWithSalt _salt ListWorkspaces' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListWorkspaces where
+  rnf ListWorkspaces' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListWorkspaces where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListWorkspaces where
+  toPath = Prelude.const "/workspaces"
+
+instance Data.ToQuery ListWorkspaces where
+  toQuery ListWorkspaces' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newListWorkspacesResponse' smart constructor.
+data ListWorkspacesResponse = ListWorkspacesResponse'
+  { -- | The token to use when requesting the next set of workspaces.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | An array of structures that contain some information about the
+    -- workspaces in the account.
+    workspaces :: [WorkspaceSummary]
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListWorkspacesResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listWorkspacesResponse_nextToken' - The token to use when requesting the next set of workspaces.
+--
+-- 'httpStatus', 'listWorkspacesResponse_httpStatus' - The response's http status code.
+--
+-- 'workspaces', 'listWorkspacesResponse_workspaces' - An array of structures that contain some information about the
+-- workspaces in the account.
+newListWorkspacesResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListWorkspacesResponse
+newListWorkspacesResponse pHttpStatus_ =
+  ListWorkspacesResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      workspaces = Prelude.mempty
+    }
+
+-- | The token to use when requesting the next set of workspaces.
+listWorkspacesResponse_nextToken :: Lens.Lens' ListWorkspacesResponse (Prelude.Maybe Prelude.Text)
+listWorkspacesResponse_nextToken = Lens.lens (\ListWorkspacesResponse' {nextToken} -> nextToken) (\s@ListWorkspacesResponse' {} a -> s {nextToken = a} :: ListWorkspacesResponse)
+
+-- | The response's http status code.
+listWorkspacesResponse_httpStatus :: Lens.Lens' ListWorkspacesResponse Prelude.Int
+listWorkspacesResponse_httpStatus = Lens.lens (\ListWorkspacesResponse' {httpStatus} -> httpStatus) (\s@ListWorkspacesResponse' {} a -> s {httpStatus = a} :: ListWorkspacesResponse)
+
+-- | An array of structures that contain some information about the
+-- workspaces in the account.
+listWorkspacesResponse_workspaces :: Lens.Lens' ListWorkspacesResponse [WorkspaceSummary]
+listWorkspacesResponse_workspaces = Lens.lens (\ListWorkspacesResponse' {workspaces} -> workspaces) (\s@ListWorkspacesResponse' {} a -> s {workspaces = a} :: ListWorkspacesResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListWorkspacesResponse where
+  rnf ListWorkspacesResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf workspaces
diff --git a/gen/Amazonka/Grafana/TagResource.hs b/gen/Amazonka/Grafana/TagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/TagResource.hs
@@ -0,0 +1,176 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.TagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- The @TagResource@ operation associates tags with an Amazon Managed
+-- Grafana resource. Currently, the only resource that can be tagged is
+-- workspaces.
+--
+-- If you specify a new tag key for the resource, this tag is appended to
+-- the list of tags associated with the resource. If you specify a tag key
+-- that is already associated with the resource, the new tag value that you
+-- specify replaces the previous value for that tag.
+module Amazonka.Grafana.TagResource
+  ( -- * Creating a Request
+    TagResource (..),
+    newTagResource,
+
+    -- * Request Lenses
+    tagResource_resourceArn,
+    tagResource_tags,
+
+    -- * Destructuring the Response
+    TagResourceResponse (..),
+    newTagResourceResponse,
+
+    -- * Response Lenses
+    tagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newTagResource' smart constructor.
+data TagResource = TagResource'
+  { -- | The ARN of the resource the tag is associated with.
+    resourceArn :: Prelude.Text,
+    -- | The list of tag keys and values to associate with the resource. You can
+    -- associate tag keys only, tags (key and values) only or a combination of
+    -- tag keys and tags.
+    tags :: Prelude.HashMap Prelude.Text Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'tagResource_resourceArn' - The ARN of the resource the tag is associated with.
+--
+-- 'tags', 'tagResource_tags' - The list of tag keys and values to associate with the resource. You can
+-- associate tag keys only, tags (key and values) only or a combination of
+-- tag keys and tags.
+newTagResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  TagResource
+newTagResource pResourceArn_ =
+  TagResource'
+    { resourceArn = pResourceArn_,
+      tags = Prelude.mempty
+    }
+
+-- | The ARN of the resource the tag is associated with.
+tagResource_resourceArn :: Lens.Lens' TagResource Prelude.Text
+tagResource_resourceArn = Lens.lens (\TagResource' {resourceArn} -> resourceArn) (\s@TagResource' {} a -> s {resourceArn = a} :: TagResource)
+
+-- | The list of tag keys and values to associate with the resource. You can
+-- associate tag keys only, tags (key and values) only or a combination of
+-- tag keys and tags.
+tagResource_tags :: Lens.Lens' TagResource (Prelude.HashMap Prelude.Text Prelude.Text)
+tagResource_tags = Lens.lens (\TagResource' {tags} -> tags) (\s@TagResource' {} a -> s {tags = a} :: TagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest TagResource where
+  type AWSResponse TagResource = TagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          TagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable TagResource where
+  hashWithSalt _salt TagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tags
+
+instance Prelude.NFData TagResource where
+  rnf TagResource' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tags
+
+instance Data.ToHeaders TagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON TagResource where
+  toJSON TagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("tags" Data..= tags)]
+      )
+
+instance Data.ToPath TagResource where
+  toPath TagResource' {..} =
+    Prelude.mconcat ["/tags/", Data.toBS resourceArn]
+
+instance Data.ToQuery TagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newTagResourceResponse' smart constructor.
+data TagResourceResponse = TagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'tagResourceResponse_httpStatus' - The response's http status code.
+newTagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  TagResourceResponse
+newTagResourceResponse pHttpStatus_ =
+  TagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+tagResourceResponse_httpStatus :: Lens.Lens' TagResourceResponse Prelude.Int
+tagResourceResponse_httpStatus = Lens.lens (\TagResourceResponse' {httpStatus} -> httpStatus) (\s@TagResourceResponse' {} a -> s {httpStatus = a} :: TagResourceResponse)
+
+instance Prelude.NFData TagResourceResponse where
+  rnf TagResourceResponse' {..} = Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Grafana/Types.hs b/gen/Amazonka/Grafana/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types.hs
@@ -0,0 +1,348 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    _AccessDeniedException,
+    _ConflictException,
+    _InternalServerException,
+    _ResourceNotFoundException,
+    _ServiceQuotaExceededException,
+    _ThrottlingException,
+    _ValidationException,
+
+    -- * AccountAccessType
+    AccountAccessType (..),
+
+    -- * AuthenticationProviderTypes
+    AuthenticationProviderTypes (..),
+
+    -- * DataSourceType
+    DataSourceType (..),
+
+    -- * LicenseType
+    LicenseType (..),
+
+    -- * NotificationDestinationType
+    NotificationDestinationType (..),
+
+    -- * PermissionType
+    PermissionType (..),
+
+    -- * Role
+    Role (..),
+
+    -- * SamlConfigurationStatus
+    SamlConfigurationStatus (..),
+
+    -- * UpdateAction
+    UpdateAction (..),
+
+    -- * UserType
+    UserType (..),
+
+    -- * WorkspaceStatus
+    WorkspaceStatus (..),
+
+    -- * AssertionAttributes
+    AssertionAttributes (..),
+    newAssertionAttributes,
+    assertionAttributes_email,
+    assertionAttributes_groups,
+    assertionAttributes_login,
+    assertionAttributes_name,
+    assertionAttributes_org,
+    assertionAttributes_role,
+
+    -- * AuthenticationDescription
+    AuthenticationDescription (..),
+    newAuthenticationDescription,
+    authenticationDescription_awsSso,
+    authenticationDescription_saml,
+    authenticationDescription_providers,
+
+    -- * AuthenticationSummary
+    AuthenticationSummary (..),
+    newAuthenticationSummary,
+    authenticationSummary_samlConfigurationStatus,
+    authenticationSummary_providers,
+
+    -- * AwsSsoAuthentication
+    AwsSsoAuthentication (..),
+    newAwsSsoAuthentication,
+    awsSsoAuthentication_ssoClientId,
+
+    -- * IdpMetadata
+    IdpMetadata (..),
+    newIdpMetadata,
+    idpMetadata_url,
+    idpMetadata_xml,
+
+    -- * PermissionEntry
+    PermissionEntry (..),
+    newPermissionEntry,
+    permissionEntry_role,
+    permissionEntry_user,
+
+    -- * RoleValues
+    RoleValues (..),
+    newRoleValues,
+    roleValues_admin,
+    roleValues_editor,
+
+    -- * SamlAuthentication
+    SamlAuthentication (..),
+    newSamlAuthentication,
+    samlAuthentication_configuration,
+    samlAuthentication_status,
+
+    -- * SamlConfiguration
+    SamlConfiguration (..),
+    newSamlConfiguration,
+    samlConfiguration_allowedOrganizations,
+    samlConfiguration_assertionAttributes,
+    samlConfiguration_loginValidityDuration,
+    samlConfiguration_roleValues,
+    samlConfiguration_idpMetadata,
+
+    -- * UpdateError
+    UpdateError (..),
+    newUpdateError,
+    updateError_causedBy,
+    updateError_code,
+    updateError_message,
+
+    -- * UpdateInstruction
+    UpdateInstruction (..),
+    newUpdateInstruction,
+    updateInstruction_action,
+    updateInstruction_role,
+    updateInstruction_users,
+
+    -- * User
+    User (..),
+    newUser,
+    user_id,
+    user_type,
+
+    -- * VpcConfiguration
+    VpcConfiguration (..),
+    newVpcConfiguration,
+    vpcConfiguration_securityGroupIds,
+    vpcConfiguration_subnetIds,
+
+    -- * WorkspaceDescription
+    WorkspaceDescription (..),
+    newWorkspaceDescription,
+    workspaceDescription_accountAccessType,
+    workspaceDescription_description,
+    workspaceDescription_freeTrialConsumed,
+    workspaceDescription_freeTrialExpiration,
+    workspaceDescription_licenseExpiration,
+    workspaceDescription_licenseType,
+    workspaceDescription_name,
+    workspaceDescription_notificationDestinations,
+    workspaceDescription_organizationRoleName,
+    workspaceDescription_organizationalUnits,
+    workspaceDescription_permissionType,
+    workspaceDescription_stackSetName,
+    workspaceDescription_tags,
+    workspaceDescription_vpcConfiguration,
+    workspaceDescription_workspaceRoleArn,
+    workspaceDescription_authentication,
+    workspaceDescription_created,
+    workspaceDescription_dataSources,
+    workspaceDescription_endpoint,
+    workspaceDescription_grafanaVersion,
+    workspaceDescription_id,
+    workspaceDescription_modified,
+    workspaceDescription_status,
+
+    -- * WorkspaceSummary
+    WorkspaceSummary (..),
+    newWorkspaceSummary,
+    workspaceSummary_description,
+    workspaceSummary_name,
+    workspaceSummary_notificationDestinations,
+    workspaceSummary_tags,
+    workspaceSummary_authentication,
+    workspaceSummary_created,
+    workspaceSummary_endpoint,
+    workspaceSummary_grafanaVersion,
+    workspaceSummary_id,
+    workspaceSummary_modified,
+    workspaceSummary_status,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import Amazonka.Grafana.Types.AccountAccessType
+import Amazonka.Grafana.Types.AssertionAttributes
+import Amazonka.Grafana.Types.AuthenticationDescription
+import Amazonka.Grafana.Types.AuthenticationProviderTypes
+import Amazonka.Grafana.Types.AuthenticationSummary
+import Amazonka.Grafana.Types.AwsSsoAuthentication
+import Amazonka.Grafana.Types.DataSourceType
+import Amazonka.Grafana.Types.IdpMetadata
+import Amazonka.Grafana.Types.LicenseType
+import Amazonka.Grafana.Types.NotificationDestinationType
+import Amazonka.Grafana.Types.PermissionEntry
+import Amazonka.Grafana.Types.PermissionType
+import Amazonka.Grafana.Types.Role
+import Amazonka.Grafana.Types.RoleValues
+import Amazonka.Grafana.Types.SamlAuthentication
+import Amazonka.Grafana.Types.SamlConfiguration
+import Amazonka.Grafana.Types.SamlConfigurationStatus
+import Amazonka.Grafana.Types.UpdateAction
+import Amazonka.Grafana.Types.UpdateError
+import Amazonka.Grafana.Types.UpdateInstruction
+import Amazonka.Grafana.Types.User
+import Amazonka.Grafana.Types.UserType
+import Amazonka.Grafana.Types.VpcConfiguration
+import Amazonka.Grafana.Types.WorkspaceDescription
+import Amazonka.Grafana.Types.WorkspaceStatus
+import Amazonka.Grafana.Types.WorkspaceSummary
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Sign.V4 as Sign
+
+-- | API version @2020-08-18@ of the Amazon Managed Grafana SDK configuration.
+defaultService :: Core.Service
+defaultService =
+  Core.Service
+    { Core.abbrev = "Grafana",
+      Core.signer = Sign.v4,
+      Core.endpointPrefix = "grafana",
+      Core.signingName = "grafana",
+      Core.version = "2020-08-18",
+      Core.s3AddressingStyle = Core.S3AddressingStyleAuto,
+      Core.endpoint = Core.defaultEndpoint defaultService,
+      Core.timeout = Prelude.Just 70,
+      Core.check = Core.statusSuccess,
+      Core.error = Core.parseJSONError "Grafana",
+      Core.retry = retry
+    }
+  where
+    retry =
+      Core.Exponential
+        { Core.base = 5.0e-2,
+          Core.growth = 2,
+          Core.attempts = 5,
+          Core.check = check
+        }
+    check e
+      | Lens.has (Core.hasStatus 502) e =
+          Prelude.Just "bad_gateway"
+      | Lens.has (Core.hasStatus 504) e =
+          Prelude.Just "gateway_timeout"
+      | Lens.has (Core.hasStatus 500) e =
+          Prelude.Just "general_server_error"
+      | Lens.has (Core.hasStatus 509) e =
+          Prelude.Just "limit_exceeded"
+      | Lens.has
+          ( Core.hasCode "RequestThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "request_throttled_exception"
+      | Lens.has (Core.hasStatus 503) e =
+          Prelude.Just "service_unavailable"
+      | Lens.has
+          ( Core.hasCode "ThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttled_exception"
+      | Lens.has
+          ( Core.hasCode "Throttling"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling"
+      | Lens.has
+          ( Core.hasCode "ThrottlingException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling_exception"
+      | Lens.has
+          ( Core.hasCode
+              "ProvisionedThroughputExceededException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throughput_exceeded"
+      | Lens.has (Core.hasStatus 429) e =
+          Prelude.Just "too_many_requests"
+      | Prelude.otherwise = Prelude.Nothing
+
+-- | You do not have sufficient permissions to perform this action.
+_AccessDeniedException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_AccessDeniedException =
+  Core._MatchServiceError
+    defaultService
+    "AccessDeniedException"
+    Prelude.. Core.hasStatus 403
+
+-- | A resource was in an inconsistent state during an update or a deletion.
+_ConflictException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ConflictException =
+  Core._MatchServiceError
+    defaultService
+    "ConflictException"
+    Prelude.. Core.hasStatus 409
+
+-- | Unexpected error while processing the request. Retry the request.
+_InternalServerException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InternalServerException =
+  Core._MatchServiceError
+    defaultService
+    "InternalServerException"
+    Prelude.. Core.hasStatus 500
+
+-- | The request references a resource that does not exist.
+_ResourceNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ResourceNotFoundException =
+  Core._MatchServiceError
+    defaultService
+    "ResourceNotFoundException"
+    Prelude.. Core.hasStatus 404
+
+-- | The request would cause a service quota to be exceeded.
+_ServiceQuotaExceededException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ServiceQuotaExceededException =
+  Core._MatchServiceError
+    defaultService
+    "ServiceQuotaExceededException"
+    Prelude.. Core.hasStatus 402
+
+-- | The request was denied because of request throttling. Retry the request.
+_ThrottlingException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ThrottlingException =
+  Core._MatchServiceError
+    defaultService
+    "ThrottlingException"
+    Prelude.. Core.hasStatus 429
+
+-- | The value of a parameter in the request caused an error.
+_ValidationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ValidationException =
+  Core._MatchServiceError
+    defaultService
+    "ValidationException"
+    Prelude.. Core.hasStatus 400
diff --git a/gen/Amazonka/Grafana/Types/AccountAccessType.hs b/gen/Amazonka/Grafana/Types/AccountAccessType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/AccountAccessType.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.AccountAccessType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.AccountAccessType
+  ( AccountAccessType
+      ( ..,
+        AccountAccessType_CURRENT_ACCOUNT,
+        AccountAccessType_ORGANIZATION
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AccountAccessType = AccountAccessType'
+  { fromAccountAccessType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AccountAccessType_CURRENT_ACCOUNT :: AccountAccessType
+pattern AccountAccessType_CURRENT_ACCOUNT = AccountAccessType' "CURRENT_ACCOUNT"
+
+pattern AccountAccessType_ORGANIZATION :: AccountAccessType
+pattern AccountAccessType_ORGANIZATION = AccountAccessType' "ORGANIZATION"
+
+{-# COMPLETE
+  AccountAccessType_CURRENT_ACCOUNT,
+  AccountAccessType_ORGANIZATION,
+  AccountAccessType'
+  #-}
diff --git a/gen/Amazonka/Grafana/Types/AssertionAttributes.hs b/gen/Amazonka/Grafana/Types/AssertionAttributes.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/AssertionAttributes.hs
@@ -0,0 +1,165 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.AssertionAttributes
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.AssertionAttributes where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A structure that defines which attributes in the IdP assertion are to be
+-- used to define information about the users authenticated by the IdP to
+-- use the workspace.
+--
+-- /See:/ 'newAssertionAttributes' smart constructor.
+data AssertionAttributes = AssertionAttributes'
+  { -- | The name of the attribute within the SAML assertion to use as the email
+    -- names for SAML users.
+    email :: Prelude.Maybe Prelude.Text,
+    -- | The name of the attribute within the SAML assertion to use as the user
+    -- full \"friendly\" names for user groups.
+    groups :: Prelude.Maybe Prelude.Text,
+    -- | The name of the attribute within the SAML assertion to use as the login
+    -- names for SAML users.
+    login :: Prelude.Maybe Prelude.Text,
+    -- | The name of the attribute within the SAML assertion to use as the user
+    -- full \"friendly\" names for SAML users.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The name of the attribute within the SAML assertion to use as the user
+    -- full \"friendly\" names for the users\' organizations.
+    org :: Prelude.Maybe Prelude.Text,
+    -- | The name of the attribute within the SAML assertion to use as the user
+    -- roles.
+    role' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssertionAttributes' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'email', 'assertionAttributes_email' - The name of the attribute within the SAML assertion to use as the email
+-- names for SAML users.
+--
+-- 'groups', 'assertionAttributes_groups' - The name of the attribute within the SAML assertion to use as the user
+-- full \"friendly\" names for user groups.
+--
+-- 'login', 'assertionAttributes_login' - The name of the attribute within the SAML assertion to use as the login
+-- names for SAML users.
+--
+-- 'name', 'assertionAttributes_name' - The name of the attribute within the SAML assertion to use as the user
+-- full \"friendly\" names for SAML users.
+--
+-- 'org', 'assertionAttributes_org' - The name of the attribute within the SAML assertion to use as the user
+-- full \"friendly\" names for the users\' organizations.
+--
+-- 'role'', 'assertionAttributes_role' - The name of the attribute within the SAML assertion to use as the user
+-- roles.
+newAssertionAttributes ::
+  AssertionAttributes
+newAssertionAttributes =
+  AssertionAttributes'
+    { email = Prelude.Nothing,
+      groups = Prelude.Nothing,
+      login = Prelude.Nothing,
+      name = Prelude.Nothing,
+      org = Prelude.Nothing,
+      role' = Prelude.Nothing
+    }
+
+-- | The name of the attribute within the SAML assertion to use as the email
+-- names for SAML users.
+assertionAttributes_email :: Lens.Lens' AssertionAttributes (Prelude.Maybe Prelude.Text)
+assertionAttributes_email = Lens.lens (\AssertionAttributes' {email} -> email) (\s@AssertionAttributes' {} a -> s {email = a} :: AssertionAttributes)
+
+-- | The name of the attribute within the SAML assertion to use as the user
+-- full \"friendly\" names for user groups.
+assertionAttributes_groups :: Lens.Lens' AssertionAttributes (Prelude.Maybe Prelude.Text)
+assertionAttributes_groups = Lens.lens (\AssertionAttributes' {groups} -> groups) (\s@AssertionAttributes' {} a -> s {groups = a} :: AssertionAttributes)
+
+-- | The name of the attribute within the SAML assertion to use as the login
+-- names for SAML users.
+assertionAttributes_login :: Lens.Lens' AssertionAttributes (Prelude.Maybe Prelude.Text)
+assertionAttributes_login = Lens.lens (\AssertionAttributes' {login} -> login) (\s@AssertionAttributes' {} a -> s {login = a} :: AssertionAttributes)
+
+-- | The name of the attribute within the SAML assertion to use as the user
+-- full \"friendly\" names for SAML users.
+assertionAttributes_name :: Lens.Lens' AssertionAttributes (Prelude.Maybe Prelude.Text)
+assertionAttributes_name = Lens.lens (\AssertionAttributes' {name} -> name) (\s@AssertionAttributes' {} a -> s {name = a} :: AssertionAttributes)
+
+-- | The name of the attribute within the SAML assertion to use as the user
+-- full \"friendly\" names for the users\' organizations.
+assertionAttributes_org :: Lens.Lens' AssertionAttributes (Prelude.Maybe Prelude.Text)
+assertionAttributes_org = Lens.lens (\AssertionAttributes' {org} -> org) (\s@AssertionAttributes' {} a -> s {org = a} :: AssertionAttributes)
+
+-- | The name of the attribute within the SAML assertion to use as the user
+-- roles.
+assertionAttributes_role :: Lens.Lens' AssertionAttributes (Prelude.Maybe Prelude.Text)
+assertionAttributes_role = Lens.lens (\AssertionAttributes' {role'} -> role') (\s@AssertionAttributes' {} a -> s {role' = a} :: AssertionAttributes)
+
+instance Data.FromJSON AssertionAttributes where
+  parseJSON =
+    Data.withObject
+      "AssertionAttributes"
+      ( \x ->
+          AssertionAttributes'
+            Prelude.<$> (x Data..:? "email")
+            Prelude.<*> (x Data..:? "groups")
+            Prelude.<*> (x Data..:? "login")
+            Prelude.<*> (x Data..:? "name")
+            Prelude.<*> (x Data..:? "org")
+            Prelude.<*> (x Data..:? "role")
+      )
+
+instance Prelude.Hashable AssertionAttributes where
+  hashWithSalt _salt AssertionAttributes' {..} =
+    _salt
+      `Prelude.hashWithSalt` email
+      `Prelude.hashWithSalt` groups
+      `Prelude.hashWithSalt` login
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` org
+      `Prelude.hashWithSalt` role'
+
+instance Prelude.NFData AssertionAttributes where
+  rnf AssertionAttributes' {..} =
+    Prelude.rnf email
+      `Prelude.seq` Prelude.rnf groups
+      `Prelude.seq` Prelude.rnf login
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf org
+      `Prelude.seq` Prelude.rnf role'
+
+instance Data.ToJSON AssertionAttributes where
+  toJSON AssertionAttributes' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("email" Data..=) Prelude.<$> email,
+            ("groups" Data..=) Prelude.<$> groups,
+            ("login" Data..=) Prelude.<$> login,
+            ("name" Data..=) Prelude.<$> name,
+            ("org" Data..=) Prelude.<$> org,
+            ("role" Data..=) Prelude.<$> role'
+          ]
+      )
diff --git a/gen/Amazonka/Grafana/Types/AuthenticationDescription.hs b/gen/Amazonka/Grafana/Types/AuthenticationDescription.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/AuthenticationDescription.hs
@@ -0,0 +1,116 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.AuthenticationDescription
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.AuthenticationDescription where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types.AuthenticationProviderTypes
+import Amazonka.Grafana.Types.AwsSsoAuthentication
+import Amazonka.Grafana.Types.SamlAuthentication
+import qualified Amazonka.Prelude as Prelude
+
+-- | A structure containing information about the user authentication methods
+-- used by the workspace.
+--
+-- /See:/ 'newAuthenticationDescription' smart constructor.
+data AuthenticationDescription = AuthenticationDescription'
+  { -- | A structure containing information about how this workspace works with
+    -- IAM Identity Center.
+    awsSso :: Prelude.Maybe AwsSsoAuthentication,
+    -- | A structure containing information about how this workspace works with
+    -- SAML, including what attributes within the assertion are to be mapped to
+    -- user information in the workspace.
+    saml :: Prelude.Maybe SamlAuthentication,
+    -- | Specifies whether this workspace uses IAM Identity Center, SAML, or both
+    -- methods to authenticate users to use the Grafana console in the Amazon
+    -- Managed Grafana workspace.
+    providers :: [AuthenticationProviderTypes]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AuthenticationDescription' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'awsSso', 'authenticationDescription_awsSso' - A structure containing information about how this workspace works with
+-- IAM Identity Center.
+--
+-- 'saml', 'authenticationDescription_saml' - A structure containing information about how this workspace works with
+-- SAML, including what attributes within the assertion are to be mapped to
+-- user information in the workspace.
+--
+-- 'providers', 'authenticationDescription_providers' - Specifies whether this workspace uses IAM Identity Center, SAML, or both
+-- methods to authenticate users to use the Grafana console in the Amazon
+-- Managed Grafana workspace.
+newAuthenticationDescription ::
+  AuthenticationDescription
+newAuthenticationDescription =
+  AuthenticationDescription'
+    { awsSso =
+        Prelude.Nothing,
+      saml = Prelude.Nothing,
+      providers = Prelude.mempty
+    }
+
+-- | A structure containing information about how this workspace works with
+-- IAM Identity Center.
+authenticationDescription_awsSso :: Lens.Lens' AuthenticationDescription (Prelude.Maybe AwsSsoAuthentication)
+authenticationDescription_awsSso = Lens.lens (\AuthenticationDescription' {awsSso} -> awsSso) (\s@AuthenticationDescription' {} a -> s {awsSso = a} :: AuthenticationDescription)
+
+-- | A structure containing information about how this workspace works with
+-- SAML, including what attributes within the assertion are to be mapped to
+-- user information in the workspace.
+authenticationDescription_saml :: Lens.Lens' AuthenticationDescription (Prelude.Maybe SamlAuthentication)
+authenticationDescription_saml = Lens.lens (\AuthenticationDescription' {saml} -> saml) (\s@AuthenticationDescription' {} a -> s {saml = a} :: AuthenticationDescription)
+
+-- | Specifies whether this workspace uses IAM Identity Center, SAML, or both
+-- methods to authenticate users to use the Grafana console in the Amazon
+-- Managed Grafana workspace.
+authenticationDescription_providers :: Lens.Lens' AuthenticationDescription [AuthenticationProviderTypes]
+authenticationDescription_providers = Lens.lens (\AuthenticationDescription' {providers} -> providers) (\s@AuthenticationDescription' {} a -> s {providers = a} :: AuthenticationDescription) Prelude.. Lens.coerced
+
+instance Data.FromJSON AuthenticationDescription where
+  parseJSON =
+    Data.withObject
+      "AuthenticationDescription"
+      ( \x ->
+          AuthenticationDescription'
+            Prelude.<$> (x Data..:? "awsSso")
+            Prelude.<*> (x Data..:? "saml")
+            Prelude.<*> (x Data..:? "providers" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable AuthenticationDescription where
+  hashWithSalt _salt AuthenticationDescription' {..} =
+    _salt
+      `Prelude.hashWithSalt` awsSso
+      `Prelude.hashWithSalt` saml
+      `Prelude.hashWithSalt` providers
+
+instance Prelude.NFData AuthenticationDescription where
+  rnf AuthenticationDescription' {..} =
+    Prelude.rnf awsSso
+      `Prelude.seq` Prelude.rnf saml
+      `Prelude.seq` Prelude.rnf providers
diff --git a/gen/Amazonka/Grafana/Types/AuthenticationProviderTypes.hs b/gen/Amazonka/Grafana/Types/AuthenticationProviderTypes.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/AuthenticationProviderTypes.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.AuthenticationProviderTypes
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.AuthenticationProviderTypes
+  ( AuthenticationProviderTypes
+      ( ..,
+        AuthenticationProviderTypes_AWS_SSO,
+        AuthenticationProviderTypes_SAML
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AuthenticationProviderTypes = AuthenticationProviderTypes'
+  { fromAuthenticationProviderTypes ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AuthenticationProviderTypes_AWS_SSO :: AuthenticationProviderTypes
+pattern AuthenticationProviderTypes_AWS_SSO = AuthenticationProviderTypes' "AWS_SSO"
+
+pattern AuthenticationProviderTypes_SAML :: AuthenticationProviderTypes
+pattern AuthenticationProviderTypes_SAML = AuthenticationProviderTypes' "SAML"
+
+{-# COMPLETE
+  AuthenticationProviderTypes_AWS_SSO,
+  AuthenticationProviderTypes_SAML,
+  AuthenticationProviderTypes'
+  #-}
diff --git a/gen/Amazonka/Grafana/Types/AuthenticationSummary.hs b/gen/Amazonka/Grafana/Types/AuthenticationSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/AuthenticationSummary.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.AuthenticationSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.AuthenticationSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types.AuthenticationProviderTypes
+import Amazonka.Grafana.Types.SamlConfigurationStatus
+import qualified Amazonka.Prelude as Prelude
+
+-- | A structure that describes whether the workspace uses SAML, IAM Identity
+-- Center, or both methods for user authentication, and whether that
+-- authentication is fully configured.
+--
+-- /See:/ 'newAuthenticationSummary' smart constructor.
+data AuthenticationSummary = AuthenticationSummary'
+  { -- | Specifies whether the workplace\'s user authentication method is fully
+    -- configured.
+    samlConfigurationStatus :: Prelude.Maybe SamlConfigurationStatus,
+    -- | Specifies whether the workspace uses SAML, IAM Identity Center, or both
+    -- methods for user authentication.
+    providers :: [AuthenticationProviderTypes]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AuthenticationSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'samlConfigurationStatus', 'authenticationSummary_samlConfigurationStatus' - Specifies whether the workplace\'s user authentication method is fully
+-- configured.
+--
+-- 'providers', 'authenticationSummary_providers' - Specifies whether the workspace uses SAML, IAM Identity Center, or both
+-- methods for user authentication.
+newAuthenticationSummary ::
+  AuthenticationSummary
+newAuthenticationSummary =
+  AuthenticationSummary'
+    { samlConfigurationStatus =
+        Prelude.Nothing,
+      providers = Prelude.mempty
+    }
+
+-- | Specifies whether the workplace\'s user authentication method is fully
+-- configured.
+authenticationSummary_samlConfigurationStatus :: Lens.Lens' AuthenticationSummary (Prelude.Maybe SamlConfigurationStatus)
+authenticationSummary_samlConfigurationStatus = Lens.lens (\AuthenticationSummary' {samlConfigurationStatus} -> samlConfigurationStatus) (\s@AuthenticationSummary' {} a -> s {samlConfigurationStatus = a} :: AuthenticationSummary)
+
+-- | Specifies whether the workspace uses SAML, IAM Identity Center, or both
+-- methods for user authentication.
+authenticationSummary_providers :: Lens.Lens' AuthenticationSummary [AuthenticationProviderTypes]
+authenticationSummary_providers = Lens.lens (\AuthenticationSummary' {providers} -> providers) (\s@AuthenticationSummary' {} a -> s {providers = a} :: AuthenticationSummary) Prelude.. Lens.coerced
+
+instance Data.FromJSON AuthenticationSummary where
+  parseJSON =
+    Data.withObject
+      "AuthenticationSummary"
+      ( \x ->
+          AuthenticationSummary'
+            Prelude.<$> (x Data..:? "samlConfigurationStatus")
+            Prelude.<*> (x Data..:? "providers" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable AuthenticationSummary where
+  hashWithSalt _salt AuthenticationSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` samlConfigurationStatus
+      `Prelude.hashWithSalt` providers
+
+instance Prelude.NFData AuthenticationSummary where
+  rnf AuthenticationSummary' {..} =
+    Prelude.rnf samlConfigurationStatus
+      `Prelude.seq` Prelude.rnf providers
diff --git a/gen/Amazonka/Grafana/Types/AwsSsoAuthentication.hs b/gen/Amazonka/Grafana/Types/AwsSsoAuthentication.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/AwsSsoAuthentication.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.AwsSsoAuthentication
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.AwsSsoAuthentication where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A structure containing information about how this workspace works with
+-- IAM Identity Center.
+--
+-- /See:/ 'newAwsSsoAuthentication' smart constructor.
+data AwsSsoAuthentication = AwsSsoAuthentication'
+  { -- | The ID of the IAM Identity Center-managed application that is created by
+    -- Amazon Managed Grafana.
+    ssoClientId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSsoAuthentication' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ssoClientId', 'awsSsoAuthentication_ssoClientId' - The ID of the IAM Identity Center-managed application that is created by
+-- Amazon Managed Grafana.
+newAwsSsoAuthentication ::
+  AwsSsoAuthentication
+newAwsSsoAuthentication =
+  AwsSsoAuthentication'
+    { ssoClientId =
+        Prelude.Nothing
+    }
+
+-- | The ID of the IAM Identity Center-managed application that is created by
+-- Amazon Managed Grafana.
+awsSsoAuthentication_ssoClientId :: Lens.Lens' AwsSsoAuthentication (Prelude.Maybe Prelude.Text)
+awsSsoAuthentication_ssoClientId = Lens.lens (\AwsSsoAuthentication' {ssoClientId} -> ssoClientId) (\s@AwsSsoAuthentication' {} a -> s {ssoClientId = a} :: AwsSsoAuthentication)
+
+instance Data.FromJSON AwsSsoAuthentication where
+  parseJSON =
+    Data.withObject
+      "AwsSsoAuthentication"
+      ( \x ->
+          AwsSsoAuthentication'
+            Prelude.<$> (x Data..:? "ssoClientId")
+      )
+
+instance Prelude.Hashable AwsSsoAuthentication where
+  hashWithSalt _salt AwsSsoAuthentication' {..} =
+    _salt `Prelude.hashWithSalt` ssoClientId
+
+instance Prelude.NFData AwsSsoAuthentication where
+  rnf AwsSsoAuthentication' {..} =
+    Prelude.rnf ssoClientId
diff --git a/gen/Amazonka/Grafana/Types/DataSourceType.hs b/gen/Amazonka/Grafana/Types/DataSourceType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/DataSourceType.hs
@@ -0,0 +1,106 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.DataSourceType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.DataSourceType
+  ( DataSourceType
+      ( ..,
+        DataSourceType_AMAZON_OPENSEARCH_SERVICE,
+        DataSourceType_ATHENA,
+        DataSourceType_CLOUDWATCH,
+        DataSourceType_PROMETHEUS,
+        DataSourceType_REDSHIFT,
+        DataSourceType_SITEWISE,
+        DataSourceType_TIMESTREAM,
+        DataSourceType_TWINMAKER,
+        DataSourceType_XRAY
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype DataSourceType = DataSourceType'
+  { fromDataSourceType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern DataSourceType_AMAZON_OPENSEARCH_SERVICE :: DataSourceType
+pattern DataSourceType_AMAZON_OPENSEARCH_SERVICE = DataSourceType' "AMAZON_OPENSEARCH_SERVICE"
+
+pattern DataSourceType_ATHENA :: DataSourceType
+pattern DataSourceType_ATHENA = DataSourceType' "ATHENA"
+
+pattern DataSourceType_CLOUDWATCH :: DataSourceType
+pattern DataSourceType_CLOUDWATCH = DataSourceType' "CLOUDWATCH"
+
+pattern DataSourceType_PROMETHEUS :: DataSourceType
+pattern DataSourceType_PROMETHEUS = DataSourceType' "PROMETHEUS"
+
+pattern DataSourceType_REDSHIFT :: DataSourceType
+pattern DataSourceType_REDSHIFT = DataSourceType' "REDSHIFT"
+
+pattern DataSourceType_SITEWISE :: DataSourceType
+pattern DataSourceType_SITEWISE = DataSourceType' "SITEWISE"
+
+pattern DataSourceType_TIMESTREAM :: DataSourceType
+pattern DataSourceType_TIMESTREAM = DataSourceType' "TIMESTREAM"
+
+pattern DataSourceType_TWINMAKER :: DataSourceType
+pattern DataSourceType_TWINMAKER = DataSourceType' "TWINMAKER"
+
+pattern DataSourceType_XRAY :: DataSourceType
+pattern DataSourceType_XRAY = DataSourceType' "XRAY"
+
+{-# COMPLETE
+  DataSourceType_AMAZON_OPENSEARCH_SERVICE,
+  DataSourceType_ATHENA,
+  DataSourceType_CLOUDWATCH,
+  DataSourceType_PROMETHEUS,
+  DataSourceType_REDSHIFT,
+  DataSourceType_SITEWISE,
+  DataSourceType_TIMESTREAM,
+  DataSourceType_TWINMAKER,
+  DataSourceType_XRAY,
+  DataSourceType'
+  #-}
diff --git a/gen/Amazonka/Grafana/Types/IdpMetadata.hs b/gen/Amazonka/Grafana/Types/IdpMetadata.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/IdpMetadata.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.IdpMetadata
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.IdpMetadata where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A structure containing the identity provider (IdP) metadata used to
+-- integrate the identity provider with this workspace. You can specify the
+-- metadata either by providing a URL to its location in the @url@
+-- parameter, or by specifying the full metadata in XML format in the @xml@
+-- parameter. Specifying both will cause an error.
+--
+-- /See:/ 'newIdpMetadata' smart constructor.
+data IdpMetadata = IdpMetadata'
+  { -- | The URL of the location containing the IdP metadata.
+    url :: Prelude.Maybe Prelude.Text,
+    -- | The full IdP metadata, in XML format.
+    xml :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'IdpMetadata' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'url', 'idpMetadata_url' - The URL of the location containing the IdP metadata.
+--
+-- 'xml', 'idpMetadata_xml' - The full IdP metadata, in XML format.
+newIdpMetadata ::
+  IdpMetadata
+newIdpMetadata =
+  IdpMetadata'
+    { url = Prelude.Nothing,
+      xml = Prelude.Nothing
+    }
+
+-- | The URL of the location containing the IdP metadata.
+idpMetadata_url :: Lens.Lens' IdpMetadata (Prelude.Maybe Prelude.Text)
+idpMetadata_url = Lens.lens (\IdpMetadata' {url} -> url) (\s@IdpMetadata' {} a -> s {url = a} :: IdpMetadata)
+
+-- | The full IdP metadata, in XML format.
+idpMetadata_xml :: Lens.Lens' IdpMetadata (Prelude.Maybe Prelude.Text)
+idpMetadata_xml = Lens.lens (\IdpMetadata' {xml} -> xml) (\s@IdpMetadata' {} a -> s {xml = a} :: IdpMetadata)
+
+instance Data.FromJSON IdpMetadata where
+  parseJSON =
+    Data.withObject
+      "IdpMetadata"
+      ( \x ->
+          IdpMetadata'
+            Prelude.<$> (x Data..:? "url")
+            Prelude.<*> (x Data..:? "xml")
+      )
+
+instance Prelude.Hashable IdpMetadata where
+  hashWithSalt _salt IdpMetadata' {..} =
+    _salt
+      `Prelude.hashWithSalt` url
+      `Prelude.hashWithSalt` xml
+
+instance Prelude.NFData IdpMetadata where
+  rnf IdpMetadata' {..} =
+    Prelude.rnf url `Prelude.seq` Prelude.rnf xml
+
+instance Data.ToJSON IdpMetadata where
+  toJSON IdpMetadata' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("url" Data..=) Prelude.<$> url,
+            ("xml" Data..=) Prelude.<$> xml
+          ]
+      )
diff --git a/gen/Amazonka/Grafana/Types/LicenseType.hs b/gen/Amazonka/Grafana/Types/LicenseType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/LicenseType.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.LicenseType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.LicenseType
+  ( LicenseType
+      ( ..,
+        LicenseType_ENTERPRISE,
+        LicenseType_ENTERPRISE_FREE_TRIAL
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype LicenseType = LicenseType'
+  { fromLicenseType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern LicenseType_ENTERPRISE :: LicenseType
+pattern LicenseType_ENTERPRISE = LicenseType' "ENTERPRISE"
+
+pattern LicenseType_ENTERPRISE_FREE_TRIAL :: LicenseType
+pattern LicenseType_ENTERPRISE_FREE_TRIAL = LicenseType' "ENTERPRISE_FREE_TRIAL"
+
+{-# COMPLETE
+  LicenseType_ENTERPRISE,
+  LicenseType_ENTERPRISE_FREE_TRIAL,
+  LicenseType'
+  #-}
diff --git a/gen/Amazonka/Grafana/Types/NotificationDestinationType.hs b/gen/Amazonka/Grafana/Types/NotificationDestinationType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/NotificationDestinationType.hs
@@ -0,0 +1,66 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.NotificationDestinationType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.NotificationDestinationType
+  ( NotificationDestinationType
+      ( ..,
+        NotificationDestinationType_SNS
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype NotificationDestinationType = NotificationDestinationType'
+  { fromNotificationDestinationType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern NotificationDestinationType_SNS :: NotificationDestinationType
+pattern NotificationDestinationType_SNS = NotificationDestinationType' "SNS"
+
+{-# COMPLETE
+  NotificationDestinationType_SNS,
+  NotificationDestinationType'
+  #-}
diff --git a/gen/Amazonka/Grafana/Types/PermissionEntry.hs b/gen/Amazonka/Grafana/Types/PermissionEntry.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/PermissionEntry.hs
@@ -0,0 +1,90 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.PermissionEntry
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.PermissionEntry where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types.Role
+import Amazonka.Grafana.Types.User
+import qualified Amazonka.Prelude as Prelude
+
+-- | A structure containing the identity of one user or group and the
+-- @Admin@, @Editor@, or @Viewer@ role that they have.
+--
+-- /See:/ 'newPermissionEntry' smart constructor.
+data PermissionEntry = PermissionEntry'
+  { -- | Specifies whether the user or group has the @Admin@, @Editor@, or
+    -- @Viewer@ role.
+    role' :: Role,
+    -- | A structure with the ID of the user or group with this role.
+    user :: User
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PermissionEntry' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'role'', 'permissionEntry_role' - Specifies whether the user or group has the @Admin@, @Editor@, or
+-- @Viewer@ role.
+--
+-- 'user', 'permissionEntry_user' - A structure with the ID of the user or group with this role.
+newPermissionEntry ::
+  -- | 'role''
+  Role ->
+  -- | 'user'
+  User ->
+  PermissionEntry
+newPermissionEntry pRole_ pUser_ =
+  PermissionEntry' {role' = pRole_, user = pUser_}
+
+-- | Specifies whether the user or group has the @Admin@, @Editor@, or
+-- @Viewer@ role.
+permissionEntry_role :: Lens.Lens' PermissionEntry Role
+permissionEntry_role = Lens.lens (\PermissionEntry' {role'} -> role') (\s@PermissionEntry' {} a -> s {role' = a} :: PermissionEntry)
+
+-- | A structure with the ID of the user or group with this role.
+permissionEntry_user :: Lens.Lens' PermissionEntry User
+permissionEntry_user = Lens.lens (\PermissionEntry' {user} -> user) (\s@PermissionEntry' {} a -> s {user = a} :: PermissionEntry)
+
+instance Data.FromJSON PermissionEntry where
+  parseJSON =
+    Data.withObject
+      "PermissionEntry"
+      ( \x ->
+          PermissionEntry'
+            Prelude.<$> (x Data..: "role")
+            Prelude.<*> (x Data..: "user")
+      )
+
+instance Prelude.Hashable PermissionEntry where
+  hashWithSalt _salt PermissionEntry' {..} =
+    _salt
+      `Prelude.hashWithSalt` role'
+      `Prelude.hashWithSalt` user
+
+instance Prelude.NFData PermissionEntry where
+  rnf PermissionEntry' {..} =
+    Prelude.rnf role' `Prelude.seq` Prelude.rnf user
diff --git a/gen/Amazonka/Grafana/Types/PermissionType.hs b/gen/Amazonka/Grafana/Types/PermissionType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/PermissionType.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.PermissionType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.PermissionType
+  ( PermissionType
+      ( ..,
+        PermissionType_CUSTOMER_MANAGED,
+        PermissionType_SERVICE_MANAGED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype PermissionType = PermissionType'
+  { fromPermissionType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern PermissionType_CUSTOMER_MANAGED :: PermissionType
+pattern PermissionType_CUSTOMER_MANAGED = PermissionType' "CUSTOMER_MANAGED"
+
+pattern PermissionType_SERVICE_MANAGED :: PermissionType
+pattern PermissionType_SERVICE_MANAGED = PermissionType' "SERVICE_MANAGED"
+
+{-# COMPLETE
+  PermissionType_CUSTOMER_MANAGED,
+  PermissionType_SERVICE_MANAGED,
+  PermissionType'
+  #-}
diff --git a/gen/Amazonka/Grafana/Types/Role.hs b/gen/Amazonka/Grafana/Types/Role.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/Role.hs
@@ -0,0 +1,73 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.Role
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.Role
+  ( Role
+      ( ..,
+        Role_ADMIN,
+        Role_EDITOR,
+        Role_VIEWER
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype Role = Role' {fromRole :: Data.Text}
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern Role_ADMIN :: Role
+pattern Role_ADMIN = Role' "ADMIN"
+
+pattern Role_EDITOR :: Role
+pattern Role_EDITOR = Role' "EDITOR"
+
+pattern Role_VIEWER :: Role
+pattern Role_VIEWER = Role' "VIEWER"
+
+{-# COMPLETE
+  Role_ADMIN,
+  Role_EDITOR,
+  Role_VIEWER,
+  Role'
+  #-}
diff --git a/gen/Amazonka/Grafana/Types/RoleValues.hs b/gen/Amazonka/Grafana/Types/RoleValues.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/RoleValues.hs
@@ -0,0 +1,101 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.RoleValues
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.RoleValues where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | This structure defines which groups defined in the SAML assertion
+-- attribute are to be mapped to the Grafana @Admin@ and @Editor@ roles in
+-- the workspace. SAML authenticated users not part of @Admin@ or @Editor@
+-- role groups have @Viewer@ permission over the workspace.
+--
+-- /See:/ 'newRoleValues' smart constructor.
+data RoleValues = RoleValues'
+  { -- | A list of groups from the SAML assertion attribute to grant the Grafana
+    -- @Admin@ role to.
+    admin :: Prelude.Maybe [Prelude.Text],
+    -- | A list of groups from the SAML assertion attribute to grant the Grafana
+    -- @Editor@ role to.
+    editor :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RoleValues' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'admin', 'roleValues_admin' - A list of groups from the SAML assertion attribute to grant the Grafana
+-- @Admin@ role to.
+--
+-- 'editor', 'roleValues_editor' - A list of groups from the SAML assertion attribute to grant the Grafana
+-- @Editor@ role to.
+newRoleValues ::
+  RoleValues
+newRoleValues =
+  RoleValues'
+    { admin = Prelude.Nothing,
+      editor = Prelude.Nothing
+    }
+
+-- | A list of groups from the SAML assertion attribute to grant the Grafana
+-- @Admin@ role to.
+roleValues_admin :: Lens.Lens' RoleValues (Prelude.Maybe [Prelude.Text])
+roleValues_admin = Lens.lens (\RoleValues' {admin} -> admin) (\s@RoleValues' {} a -> s {admin = a} :: RoleValues) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of groups from the SAML assertion attribute to grant the Grafana
+-- @Editor@ role to.
+roleValues_editor :: Lens.Lens' RoleValues (Prelude.Maybe [Prelude.Text])
+roleValues_editor = Lens.lens (\RoleValues' {editor} -> editor) (\s@RoleValues' {} a -> s {editor = a} :: RoleValues) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON RoleValues where
+  parseJSON =
+    Data.withObject
+      "RoleValues"
+      ( \x ->
+          RoleValues'
+            Prelude.<$> (x Data..:? "admin" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "editor" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable RoleValues where
+  hashWithSalt _salt RoleValues' {..} =
+    _salt
+      `Prelude.hashWithSalt` admin
+      `Prelude.hashWithSalt` editor
+
+instance Prelude.NFData RoleValues where
+  rnf RoleValues' {..} =
+    Prelude.rnf admin `Prelude.seq` Prelude.rnf editor
+
+instance Data.ToJSON RoleValues where
+  toJSON RoleValues' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("admin" Data..=) Prelude.<$> admin,
+            ("editor" Data..=) Prelude.<$> editor
+          ]
+      )
diff --git a/gen/Amazonka/Grafana/Types/SamlAuthentication.hs b/gen/Amazonka/Grafana/Types/SamlAuthentication.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/SamlAuthentication.hs
@@ -0,0 +1,90 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.SamlAuthentication
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.SamlAuthentication where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types.SamlConfiguration
+import Amazonka.Grafana.Types.SamlConfigurationStatus
+import qualified Amazonka.Prelude as Prelude
+
+-- | A structure containing information about how this workspace works with
+-- SAML.
+--
+-- /See:/ 'newSamlAuthentication' smart constructor.
+data SamlAuthentication = SamlAuthentication'
+  { -- | A structure containing details about how this workspace works with SAML.
+    configuration :: Prelude.Maybe SamlConfiguration,
+    -- | Specifies whether the workspace\'s SAML configuration is complete.
+    status :: SamlConfigurationStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SamlAuthentication' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'configuration', 'samlAuthentication_configuration' - A structure containing details about how this workspace works with SAML.
+--
+-- 'status', 'samlAuthentication_status' - Specifies whether the workspace\'s SAML configuration is complete.
+newSamlAuthentication ::
+  -- | 'status'
+  SamlConfigurationStatus ->
+  SamlAuthentication
+newSamlAuthentication pStatus_ =
+  SamlAuthentication'
+    { configuration =
+        Prelude.Nothing,
+      status = pStatus_
+    }
+
+-- | A structure containing details about how this workspace works with SAML.
+samlAuthentication_configuration :: Lens.Lens' SamlAuthentication (Prelude.Maybe SamlConfiguration)
+samlAuthentication_configuration = Lens.lens (\SamlAuthentication' {configuration} -> configuration) (\s@SamlAuthentication' {} a -> s {configuration = a} :: SamlAuthentication)
+
+-- | Specifies whether the workspace\'s SAML configuration is complete.
+samlAuthentication_status :: Lens.Lens' SamlAuthentication SamlConfigurationStatus
+samlAuthentication_status = Lens.lens (\SamlAuthentication' {status} -> status) (\s@SamlAuthentication' {} a -> s {status = a} :: SamlAuthentication)
+
+instance Data.FromJSON SamlAuthentication where
+  parseJSON =
+    Data.withObject
+      "SamlAuthentication"
+      ( \x ->
+          SamlAuthentication'
+            Prelude.<$> (x Data..:? "configuration")
+            Prelude.<*> (x Data..: "status")
+      )
+
+instance Prelude.Hashable SamlAuthentication where
+  hashWithSalt _salt SamlAuthentication' {..} =
+    _salt
+      `Prelude.hashWithSalt` configuration
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData SamlAuthentication where
+  rnf SamlAuthentication' {..} =
+    Prelude.rnf configuration
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/Grafana/Types/SamlConfiguration.hs b/gen/Amazonka/Grafana/Types/SamlConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/SamlConfiguration.hs
@@ -0,0 +1,166 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.SamlConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.SamlConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types.AssertionAttributes
+import Amazonka.Grafana.Types.IdpMetadata
+import Amazonka.Grafana.Types.RoleValues
+import qualified Amazonka.Prelude as Prelude
+
+-- | A structure containing information about how this workspace works with
+-- SAML.
+--
+-- /See:/ 'newSamlConfiguration' smart constructor.
+data SamlConfiguration = SamlConfiguration'
+  { -- | Lists which organizations defined in the SAML assertion are allowed to
+    -- use the Amazon Managed Grafana workspace. If this is empty, all
+    -- organizations in the assertion attribute have access.
+    allowedOrganizations :: Prelude.Maybe [Prelude.Text],
+    -- | A structure that defines which attributes in the SAML assertion are to
+    -- be used to define information about the users authenticated by that IdP
+    -- to use the workspace.
+    assertionAttributes :: Prelude.Maybe AssertionAttributes,
+    -- | How long a sign-on session by a SAML user is valid, before the user has
+    -- to sign on again.
+    loginValidityDuration :: Prelude.Maybe Prelude.Int,
+    -- | A structure containing arrays that map group names in the SAML assertion
+    -- to the Grafana @Admin@ and @Editor@ roles in the workspace.
+    roleValues :: Prelude.Maybe RoleValues,
+    -- | A structure containing the identity provider (IdP) metadata used to
+    -- integrate the identity provider with this workspace.
+    idpMetadata :: IdpMetadata
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SamlConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allowedOrganizations', 'samlConfiguration_allowedOrganizations' - Lists which organizations defined in the SAML assertion are allowed to
+-- use the Amazon Managed Grafana workspace. If this is empty, all
+-- organizations in the assertion attribute have access.
+--
+-- 'assertionAttributes', 'samlConfiguration_assertionAttributes' - A structure that defines which attributes in the SAML assertion are to
+-- be used to define information about the users authenticated by that IdP
+-- to use the workspace.
+--
+-- 'loginValidityDuration', 'samlConfiguration_loginValidityDuration' - How long a sign-on session by a SAML user is valid, before the user has
+-- to sign on again.
+--
+-- 'roleValues', 'samlConfiguration_roleValues' - A structure containing arrays that map group names in the SAML assertion
+-- to the Grafana @Admin@ and @Editor@ roles in the workspace.
+--
+-- 'idpMetadata', 'samlConfiguration_idpMetadata' - A structure containing the identity provider (IdP) metadata used to
+-- integrate the identity provider with this workspace.
+newSamlConfiguration ::
+  -- | 'idpMetadata'
+  IdpMetadata ->
+  SamlConfiguration
+newSamlConfiguration pIdpMetadata_ =
+  SamlConfiguration'
+    { allowedOrganizations =
+        Prelude.Nothing,
+      assertionAttributes = Prelude.Nothing,
+      loginValidityDuration = Prelude.Nothing,
+      roleValues = Prelude.Nothing,
+      idpMetadata = pIdpMetadata_
+    }
+
+-- | Lists which organizations defined in the SAML assertion are allowed to
+-- use the Amazon Managed Grafana workspace. If this is empty, all
+-- organizations in the assertion attribute have access.
+samlConfiguration_allowedOrganizations :: Lens.Lens' SamlConfiguration (Prelude.Maybe [Prelude.Text])
+samlConfiguration_allowedOrganizations = Lens.lens (\SamlConfiguration' {allowedOrganizations} -> allowedOrganizations) (\s@SamlConfiguration' {} a -> s {allowedOrganizations = a} :: SamlConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+-- | A structure that defines which attributes in the SAML assertion are to
+-- be used to define information about the users authenticated by that IdP
+-- to use the workspace.
+samlConfiguration_assertionAttributes :: Lens.Lens' SamlConfiguration (Prelude.Maybe AssertionAttributes)
+samlConfiguration_assertionAttributes = Lens.lens (\SamlConfiguration' {assertionAttributes} -> assertionAttributes) (\s@SamlConfiguration' {} a -> s {assertionAttributes = a} :: SamlConfiguration)
+
+-- | How long a sign-on session by a SAML user is valid, before the user has
+-- to sign on again.
+samlConfiguration_loginValidityDuration :: Lens.Lens' SamlConfiguration (Prelude.Maybe Prelude.Int)
+samlConfiguration_loginValidityDuration = Lens.lens (\SamlConfiguration' {loginValidityDuration} -> loginValidityDuration) (\s@SamlConfiguration' {} a -> s {loginValidityDuration = a} :: SamlConfiguration)
+
+-- | A structure containing arrays that map group names in the SAML assertion
+-- to the Grafana @Admin@ and @Editor@ roles in the workspace.
+samlConfiguration_roleValues :: Lens.Lens' SamlConfiguration (Prelude.Maybe RoleValues)
+samlConfiguration_roleValues = Lens.lens (\SamlConfiguration' {roleValues} -> roleValues) (\s@SamlConfiguration' {} a -> s {roleValues = a} :: SamlConfiguration)
+
+-- | A structure containing the identity provider (IdP) metadata used to
+-- integrate the identity provider with this workspace.
+samlConfiguration_idpMetadata :: Lens.Lens' SamlConfiguration IdpMetadata
+samlConfiguration_idpMetadata = Lens.lens (\SamlConfiguration' {idpMetadata} -> idpMetadata) (\s@SamlConfiguration' {} a -> s {idpMetadata = a} :: SamlConfiguration)
+
+instance Data.FromJSON SamlConfiguration where
+  parseJSON =
+    Data.withObject
+      "SamlConfiguration"
+      ( \x ->
+          SamlConfiguration'
+            Prelude.<$> ( x
+                            Data..:? "allowedOrganizations"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "assertionAttributes")
+            Prelude.<*> (x Data..:? "loginValidityDuration")
+            Prelude.<*> (x Data..:? "roleValues")
+            Prelude.<*> (x Data..: "idpMetadata")
+      )
+
+instance Prelude.Hashable SamlConfiguration where
+  hashWithSalt _salt SamlConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` allowedOrganizations
+      `Prelude.hashWithSalt` assertionAttributes
+      `Prelude.hashWithSalt` loginValidityDuration
+      `Prelude.hashWithSalt` roleValues
+      `Prelude.hashWithSalt` idpMetadata
+
+instance Prelude.NFData SamlConfiguration where
+  rnf SamlConfiguration' {..} =
+    Prelude.rnf allowedOrganizations
+      `Prelude.seq` Prelude.rnf assertionAttributes
+      `Prelude.seq` Prelude.rnf loginValidityDuration
+      `Prelude.seq` Prelude.rnf roleValues
+      `Prelude.seq` Prelude.rnf idpMetadata
+
+instance Data.ToJSON SamlConfiguration where
+  toJSON SamlConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("allowedOrganizations" Data..=)
+              Prelude.<$> allowedOrganizations,
+            ("assertionAttributes" Data..=)
+              Prelude.<$> assertionAttributes,
+            ("loginValidityDuration" Data..=)
+              Prelude.<$> loginValidityDuration,
+            ("roleValues" Data..=) Prelude.<$> roleValues,
+            Prelude.Just ("idpMetadata" Data..= idpMetadata)
+          ]
+      )
diff --git a/gen/Amazonka/Grafana/Types/SamlConfigurationStatus.hs b/gen/Amazonka/Grafana/Types/SamlConfigurationStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/SamlConfigurationStatus.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.SamlConfigurationStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.SamlConfigurationStatus
+  ( SamlConfigurationStatus
+      ( ..,
+        SamlConfigurationStatus_CONFIGURED,
+        SamlConfigurationStatus_NOT_CONFIGURED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype SamlConfigurationStatus = SamlConfigurationStatus'
+  { fromSamlConfigurationStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern SamlConfigurationStatus_CONFIGURED :: SamlConfigurationStatus
+pattern SamlConfigurationStatus_CONFIGURED = SamlConfigurationStatus' "CONFIGURED"
+
+pattern SamlConfigurationStatus_NOT_CONFIGURED :: SamlConfigurationStatus
+pattern SamlConfigurationStatus_NOT_CONFIGURED = SamlConfigurationStatus' "NOT_CONFIGURED"
+
+{-# COMPLETE
+  SamlConfigurationStatus_CONFIGURED,
+  SamlConfigurationStatus_NOT_CONFIGURED,
+  SamlConfigurationStatus'
+  #-}
diff --git a/gen/Amazonka/Grafana/Types/UpdateAction.hs b/gen/Amazonka/Grafana/Types/UpdateAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/UpdateAction.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.UpdateAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.UpdateAction
+  ( UpdateAction
+      ( ..,
+        UpdateAction_ADD,
+        UpdateAction_REVOKE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype UpdateAction = UpdateAction'
+  { fromUpdateAction ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern UpdateAction_ADD :: UpdateAction
+pattern UpdateAction_ADD = UpdateAction' "ADD"
+
+pattern UpdateAction_REVOKE :: UpdateAction
+pattern UpdateAction_REVOKE = UpdateAction' "REVOKE"
+
+{-# COMPLETE
+  UpdateAction_ADD,
+  UpdateAction_REVOKE,
+  UpdateAction'
+  #-}
diff --git a/gen/Amazonka/Grafana/Types/UpdateError.hs b/gen/Amazonka/Grafana/Types/UpdateError.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/UpdateError.hs
@@ -0,0 +1,106 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.UpdateError
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.UpdateError where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types.UpdateInstruction
+import qualified Amazonka.Prelude as Prelude
+
+-- | A structure containing information about one error encountered while
+-- performing an
+-- <https://docs.aws.amazon.com/grafana/latest/APIReference/API_UpdatePermissions.html UpdatePermissions>
+-- operation.
+--
+-- /See:/ 'newUpdateError' smart constructor.
+data UpdateError = UpdateError'
+  { -- | Specifies which permission update caused the error.
+    causedBy :: UpdateInstruction,
+    -- | The error code.
+    code :: Prelude.Natural,
+    -- | The message for this error.
+    message :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateError' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'causedBy', 'updateError_causedBy' - Specifies which permission update caused the error.
+--
+-- 'code', 'updateError_code' - The error code.
+--
+-- 'message', 'updateError_message' - The message for this error.
+newUpdateError ::
+  -- | 'causedBy'
+  UpdateInstruction ->
+  -- | 'code'
+  Prelude.Natural ->
+  -- | 'message'
+  Prelude.Text ->
+  UpdateError
+newUpdateError pCausedBy_ pCode_ pMessage_ =
+  UpdateError'
+    { causedBy = pCausedBy_,
+      code = pCode_,
+      message = pMessage_
+    }
+
+-- | Specifies which permission update caused the error.
+updateError_causedBy :: Lens.Lens' UpdateError UpdateInstruction
+updateError_causedBy = Lens.lens (\UpdateError' {causedBy} -> causedBy) (\s@UpdateError' {} a -> s {causedBy = a} :: UpdateError)
+
+-- | The error code.
+updateError_code :: Lens.Lens' UpdateError Prelude.Natural
+updateError_code = Lens.lens (\UpdateError' {code} -> code) (\s@UpdateError' {} a -> s {code = a} :: UpdateError)
+
+-- | The message for this error.
+updateError_message :: Lens.Lens' UpdateError Prelude.Text
+updateError_message = Lens.lens (\UpdateError' {message} -> message) (\s@UpdateError' {} a -> s {message = a} :: UpdateError)
+
+instance Data.FromJSON UpdateError where
+  parseJSON =
+    Data.withObject
+      "UpdateError"
+      ( \x ->
+          UpdateError'
+            Prelude.<$> (x Data..: "causedBy")
+            Prelude.<*> (x Data..: "code")
+            Prelude.<*> (x Data..: "message")
+      )
+
+instance Prelude.Hashable UpdateError where
+  hashWithSalt _salt UpdateError' {..} =
+    _salt
+      `Prelude.hashWithSalt` causedBy
+      `Prelude.hashWithSalt` code
+      `Prelude.hashWithSalt` message
+
+instance Prelude.NFData UpdateError where
+  rnf UpdateError' {..} =
+    Prelude.rnf causedBy
+      `Prelude.seq` Prelude.rnf code
+      `Prelude.seq` Prelude.rnf message
diff --git a/gen/Amazonka/Grafana/Types/UpdateInstruction.hs b/gen/Amazonka/Grafana/Types/UpdateInstruction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/UpdateInstruction.hs
@@ -0,0 +1,121 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.UpdateInstruction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.UpdateInstruction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types.Role
+import Amazonka.Grafana.Types.UpdateAction
+import Amazonka.Grafana.Types.User
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains the instructions for one Grafana role permission update in a
+-- <https://docs.aws.amazon.com/grafana/latest/APIReference/API_UpdatePermissions.html UpdatePermissions>
+-- operation.
+--
+-- /See:/ 'newUpdateInstruction' smart constructor.
+data UpdateInstruction = UpdateInstruction'
+  { -- | Specifies whether this update is to add or revoke role permissions.
+    action :: UpdateAction,
+    -- | The role to add or revoke for the user or the group specified in
+    -- @users@.
+    role' :: Role,
+    -- | A structure that specifies the user or group to add or revoke the role
+    -- for.
+    users :: [User]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateInstruction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'updateInstruction_action' - Specifies whether this update is to add or revoke role permissions.
+--
+-- 'role'', 'updateInstruction_role' - The role to add or revoke for the user or the group specified in
+-- @users@.
+--
+-- 'users', 'updateInstruction_users' - A structure that specifies the user or group to add or revoke the role
+-- for.
+newUpdateInstruction ::
+  -- | 'action'
+  UpdateAction ->
+  -- | 'role''
+  Role ->
+  UpdateInstruction
+newUpdateInstruction pAction_ pRole_ =
+  UpdateInstruction'
+    { action = pAction_,
+      role' = pRole_,
+      users = Prelude.mempty
+    }
+
+-- | Specifies whether this update is to add or revoke role permissions.
+updateInstruction_action :: Lens.Lens' UpdateInstruction UpdateAction
+updateInstruction_action = Lens.lens (\UpdateInstruction' {action} -> action) (\s@UpdateInstruction' {} a -> s {action = a} :: UpdateInstruction)
+
+-- | The role to add or revoke for the user or the group specified in
+-- @users@.
+updateInstruction_role :: Lens.Lens' UpdateInstruction Role
+updateInstruction_role = Lens.lens (\UpdateInstruction' {role'} -> role') (\s@UpdateInstruction' {} a -> s {role' = a} :: UpdateInstruction)
+
+-- | A structure that specifies the user or group to add or revoke the role
+-- for.
+updateInstruction_users :: Lens.Lens' UpdateInstruction [User]
+updateInstruction_users = Lens.lens (\UpdateInstruction' {users} -> users) (\s@UpdateInstruction' {} a -> s {users = a} :: UpdateInstruction) Prelude.. Lens.coerced
+
+instance Data.FromJSON UpdateInstruction where
+  parseJSON =
+    Data.withObject
+      "UpdateInstruction"
+      ( \x ->
+          UpdateInstruction'
+            Prelude.<$> (x Data..: "action")
+            Prelude.<*> (x Data..: "role")
+            Prelude.<*> (x Data..:? "users" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable UpdateInstruction where
+  hashWithSalt _salt UpdateInstruction' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` role'
+      `Prelude.hashWithSalt` users
+
+instance Prelude.NFData UpdateInstruction where
+  rnf UpdateInstruction' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf role'
+      `Prelude.seq` Prelude.rnf users
+
+instance Data.ToJSON UpdateInstruction where
+  toJSON UpdateInstruction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("action" Data..= action),
+            Prelude.Just ("role" Data..= role'),
+            Prelude.Just ("users" Data..= users)
+          ]
+      )
diff --git a/gen/Amazonka/Grafana/Types/User.hs b/gen/Amazonka/Grafana/Types/User.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/User.hs
@@ -0,0 +1,103 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.User
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.User where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types.UserType
+import qualified Amazonka.Prelude as Prelude
+
+-- | A structure that specifies one user or group in the workspace.
+--
+-- /See:/ 'newUser' smart constructor.
+data User = User'
+  { -- | The ID of the user or group.
+    --
+    -- Pattern:
+    -- @^([0-9a-fA-F]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$@
+    id :: Prelude.Text,
+    -- | Specifies whether this is a single user or a group.
+    type' :: UserType
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'User' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'id', 'user_id' - The ID of the user or group.
+--
+-- Pattern:
+-- @^([0-9a-fA-F]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$@
+--
+-- 'type'', 'user_type' - Specifies whether this is a single user or a group.
+newUser ::
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'type''
+  UserType ->
+  User
+newUser pId_ pType_ =
+  User' {id = pId_, type' = pType_}
+
+-- | The ID of the user or group.
+--
+-- Pattern:
+-- @^([0-9a-fA-F]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$@
+user_id :: Lens.Lens' User Prelude.Text
+user_id = Lens.lens (\User' {id} -> id) (\s@User' {} a -> s {id = a} :: User)
+
+-- | Specifies whether this is a single user or a group.
+user_type :: Lens.Lens' User UserType
+user_type = Lens.lens (\User' {type'} -> type') (\s@User' {} a -> s {type' = a} :: User)
+
+instance Data.FromJSON User where
+  parseJSON =
+    Data.withObject
+      "User"
+      ( \x ->
+          User'
+            Prelude.<$> (x Data..: "id")
+            Prelude.<*> (x Data..: "type")
+      )
+
+instance Prelude.Hashable User where
+  hashWithSalt _salt User' {..} =
+    _salt
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData User where
+  rnf User' {..} =
+    Prelude.rnf id `Prelude.seq` Prelude.rnf type'
+
+instance Data.ToJSON User where
+  toJSON User' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("id" Data..= id),
+            Prelude.Just ("type" Data..= type')
+          ]
+      )
diff --git a/gen/Amazonka/Grafana/Types/UserType.hs b/gen/Amazonka/Grafana/Types/UserType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/UserType.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.UserType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.UserType
+  ( UserType
+      ( ..,
+        UserType_SSO_GROUP,
+        UserType_SSO_USER
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype UserType = UserType'
+  { fromUserType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern UserType_SSO_GROUP :: UserType
+pattern UserType_SSO_GROUP = UserType' "SSO_GROUP"
+
+pattern UserType_SSO_USER :: UserType
+pattern UserType_SSO_USER = UserType' "SSO_USER"
+
+{-# COMPLETE
+  UserType_SSO_GROUP,
+  UserType_SSO_USER,
+  UserType'
+  #-}
diff --git a/gen/Amazonka/Grafana/Types/VpcConfiguration.hs b/gen/Amazonka/Grafana/Types/VpcConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/VpcConfiguration.hs
@@ -0,0 +1,106 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.VpcConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.VpcConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The configuration settings for an Amazon VPC that contains data sources
+-- for your Grafana workspace to connect to.
+--
+-- /See:/ 'newVpcConfiguration' smart constructor.
+data VpcConfiguration = VpcConfiguration'
+  { -- | The list of Amazon EC2 security group IDs attached to the Amazon VPC for
+    -- your Grafana workspace to connect.
+    securityGroupIds :: Prelude.NonEmpty Prelude.Text,
+    -- | The list of Amazon EC2 subnet IDs created in the Amazon VPC for your
+    -- Grafana workspace to connect.
+    subnetIds :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'VpcConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'securityGroupIds', 'vpcConfiguration_securityGroupIds' - The list of Amazon EC2 security group IDs attached to the Amazon VPC for
+-- your Grafana workspace to connect.
+--
+-- 'subnetIds', 'vpcConfiguration_subnetIds' - The list of Amazon EC2 subnet IDs created in the Amazon VPC for your
+-- Grafana workspace to connect.
+newVpcConfiguration ::
+  -- | 'securityGroupIds'
+  Prelude.NonEmpty Prelude.Text ->
+  -- | 'subnetIds'
+  Prelude.NonEmpty Prelude.Text ->
+  VpcConfiguration
+newVpcConfiguration pSecurityGroupIds_ pSubnetIds_ =
+  VpcConfiguration'
+    { securityGroupIds =
+        Lens.coerced Lens.# pSecurityGroupIds_,
+      subnetIds = Lens.coerced Lens.# pSubnetIds_
+    }
+
+-- | The list of Amazon EC2 security group IDs attached to the Amazon VPC for
+-- your Grafana workspace to connect.
+vpcConfiguration_securityGroupIds :: Lens.Lens' VpcConfiguration (Prelude.NonEmpty Prelude.Text)
+vpcConfiguration_securityGroupIds = Lens.lens (\VpcConfiguration' {securityGroupIds} -> securityGroupIds) (\s@VpcConfiguration' {} a -> s {securityGroupIds = a} :: VpcConfiguration) Prelude.. Lens.coerced
+
+-- | The list of Amazon EC2 subnet IDs created in the Amazon VPC for your
+-- Grafana workspace to connect.
+vpcConfiguration_subnetIds :: Lens.Lens' VpcConfiguration (Prelude.NonEmpty Prelude.Text)
+vpcConfiguration_subnetIds = Lens.lens (\VpcConfiguration' {subnetIds} -> subnetIds) (\s@VpcConfiguration' {} a -> s {subnetIds = a} :: VpcConfiguration) Prelude.. Lens.coerced
+
+instance Data.FromJSON VpcConfiguration where
+  parseJSON =
+    Data.withObject
+      "VpcConfiguration"
+      ( \x ->
+          VpcConfiguration'
+            Prelude.<$> (x Data..: "securityGroupIds")
+            Prelude.<*> (x Data..: "subnetIds")
+      )
+
+instance Prelude.Hashable VpcConfiguration where
+  hashWithSalt _salt VpcConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` securityGroupIds
+      `Prelude.hashWithSalt` subnetIds
+
+instance Prelude.NFData VpcConfiguration where
+  rnf VpcConfiguration' {..} =
+    Prelude.rnf securityGroupIds
+      `Prelude.seq` Prelude.rnf subnetIds
+
+instance Data.ToJSON VpcConfiguration where
+  toJSON VpcConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("securityGroupIds" Data..= securityGroupIds),
+            Prelude.Just ("subnetIds" Data..= subnetIds)
+          ]
+      )
diff --git a/gen/Amazonka/Grafana/Types/WorkspaceDescription.hs b/gen/Amazonka/Grafana/Types/WorkspaceDescription.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/WorkspaceDescription.hs
@@ -0,0 +1,475 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.WorkspaceDescription
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.WorkspaceDescription where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types.AccountAccessType
+import Amazonka.Grafana.Types.AuthenticationSummary
+import Amazonka.Grafana.Types.DataSourceType
+import Amazonka.Grafana.Types.LicenseType
+import Amazonka.Grafana.Types.NotificationDestinationType
+import Amazonka.Grafana.Types.PermissionType
+import Amazonka.Grafana.Types.VpcConfiguration
+import Amazonka.Grafana.Types.WorkspaceStatus
+import qualified Amazonka.Prelude as Prelude
+
+-- | A structure containing information about an Amazon Managed Grafana
+-- workspace in your account.
+--
+-- /See:/ 'newWorkspaceDescription' smart constructor.
+data WorkspaceDescription = WorkspaceDescription'
+  { -- | Specifies whether the workspace can access Amazon Web Services resources
+    -- in this Amazon Web Services account only, or whether it can also access
+    -- Amazon Web Services resources in other accounts in the same
+    -- organization. If this is @ORGANIZATION@, the
+    -- @workspaceOrganizationalUnits@ parameter specifies which organizational
+    -- units the workspace can access.
+    accountAccessType :: Prelude.Maybe AccountAccessType,
+    -- | The user-defined description of the workspace.
+    description :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | Specifies whether this workspace has already fully used its free trial
+    -- for Grafana Enterprise.
+    freeTrialConsumed :: Prelude.Maybe Prelude.Bool,
+    -- | If this workspace is currently in the free trial period for Grafana
+    -- Enterprise, this value specifies when that free trial ends.
+    freeTrialExpiration :: Prelude.Maybe Data.POSIX,
+    -- | If this workspace has a full Grafana Enterprise license, this specifies
+    -- when the license ends and will need to be renewed.
+    licenseExpiration :: Prelude.Maybe Data.POSIX,
+    -- | Specifies whether this workspace has a full Grafana Enterprise license
+    -- or a free trial license.
+    licenseType :: Prelude.Maybe LicenseType,
+    -- | The name of the workspace.
+    name :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | The Amazon Web Services notification channels that Amazon Managed
+    -- Grafana can automatically create IAM roles and permissions for, to allow
+    -- Amazon Managed Grafana to use these channels.
+    notificationDestinations :: Prelude.Maybe [NotificationDestinationType],
+    -- | The name of the IAM role that is used to access resources through
+    -- Organizations.
+    organizationRoleName :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | Specifies the organizational units that this workspace is allowed to use
+    -- data sources from, if this workspace is in an account that is part of an
+    -- organization.
+    organizationalUnits :: Prelude.Maybe (Data.Sensitive [Prelude.Text]),
+    -- | If this is @Service Managed@, Amazon Managed Grafana automatically
+    -- creates the IAM roles and provisions the permissions that the workspace
+    -- needs to use Amazon Web Services data sources and notification channels.
+    --
+    -- If this is @CUSTOMER_MANAGED@, you manage those roles and permissions
+    -- yourself. If you are creating this workspace in a member account of an
+    -- organization and that account is not a delegated administrator account,
+    -- and you want the workspace to access data sources in other Amazon Web
+    -- Services accounts in the organization, you must choose
+    -- @CUSTOMER_MANAGED@.
+    --
+    -- For more information, see
+    -- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels>
+    permissionType :: Prelude.Maybe PermissionType,
+    -- | The name of the CloudFormation stack set that is used to generate IAM
+    -- roles to be used for this workspace.
+    stackSetName :: Prelude.Maybe Prelude.Text,
+    -- | The list of tags associated with the workspace.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The configuration for connecting to data sources in a private VPC
+    -- (Amazon Virtual Private Cloud).
+    vpcConfiguration :: Prelude.Maybe VpcConfiguration,
+    -- | The IAM role that grants permissions to the Amazon Web Services
+    -- resources that the workspace will view data from. This role must already
+    -- exist.
+    workspaceRoleArn :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | A structure that describes whether the workspace uses SAML, IAM Identity
+    -- Center, or both methods for user authentication.
+    authentication :: AuthenticationSummary,
+    -- | The date that the workspace was created.
+    created :: Data.POSIX,
+    -- | Specifies the Amazon Web Services data sources that have been configured
+    -- to have IAM roles and permissions created to allow Amazon Managed
+    -- Grafana to read data from these sources.
+    dataSources :: [DataSourceType],
+    -- | The URL that users can use to access the Grafana console in the
+    -- workspace.
+    endpoint :: Prelude.Text,
+    -- | The version of Grafana supported in this workspace.
+    grafanaVersion :: Prelude.Text,
+    -- | The unique ID of this workspace.
+    id :: Prelude.Text,
+    -- | The most recent date that the workspace was modified.
+    modified :: Data.POSIX,
+    -- | The current status of the workspace.
+    status :: WorkspaceStatus
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'WorkspaceDescription' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountAccessType', 'workspaceDescription_accountAccessType' - Specifies whether the workspace can access Amazon Web Services resources
+-- in this Amazon Web Services account only, or whether it can also access
+-- Amazon Web Services resources in other accounts in the same
+-- organization. If this is @ORGANIZATION@, the
+-- @workspaceOrganizationalUnits@ parameter specifies which organizational
+-- units the workspace can access.
+--
+-- 'description', 'workspaceDescription_description' - The user-defined description of the workspace.
+--
+-- 'freeTrialConsumed', 'workspaceDescription_freeTrialConsumed' - Specifies whether this workspace has already fully used its free trial
+-- for Grafana Enterprise.
+--
+-- 'freeTrialExpiration', 'workspaceDescription_freeTrialExpiration' - If this workspace is currently in the free trial period for Grafana
+-- Enterprise, this value specifies when that free trial ends.
+--
+-- 'licenseExpiration', 'workspaceDescription_licenseExpiration' - If this workspace has a full Grafana Enterprise license, this specifies
+-- when the license ends and will need to be renewed.
+--
+-- 'licenseType', 'workspaceDescription_licenseType' - Specifies whether this workspace has a full Grafana Enterprise license
+-- or a free trial license.
+--
+-- 'name', 'workspaceDescription_name' - The name of the workspace.
+--
+-- 'notificationDestinations', 'workspaceDescription_notificationDestinations' - The Amazon Web Services notification channels that Amazon Managed
+-- Grafana can automatically create IAM roles and permissions for, to allow
+-- Amazon Managed Grafana to use these channels.
+--
+-- 'organizationRoleName', 'workspaceDescription_organizationRoleName' - The name of the IAM role that is used to access resources through
+-- Organizations.
+--
+-- 'organizationalUnits', 'workspaceDescription_organizationalUnits' - Specifies the organizational units that this workspace is allowed to use
+-- data sources from, if this workspace is in an account that is part of an
+-- organization.
+--
+-- 'permissionType', 'workspaceDescription_permissionType' - If this is @Service Managed@, Amazon Managed Grafana automatically
+-- creates the IAM roles and provisions the permissions that the workspace
+-- needs to use Amazon Web Services data sources and notification channels.
+--
+-- If this is @CUSTOMER_MANAGED@, you manage those roles and permissions
+-- yourself. If you are creating this workspace in a member account of an
+-- organization and that account is not a delegated administrator account,
+-- and you want the workspace to access data sources in other Amazon Web
+-- Services accounts in the organization, you must choose
+-- @CUSTOMER_MANAGED@.
+--
+-- For more information, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels>
+--
+-- 'stackSetName', 'workspaceDescription_stackSetName' - The name of the CloudFormation stack set that is used to generate IAM
+-- roles to be used for this workspace.
+--
+-- 'tags', 'workspaceDescription_tags' - The list of tags associated with the workspace.
+--
+-- 'vpcConfiguration', 'workspaceDescription_vpcConfiguration' - The configuration for connecting to data sources in a private VPC
+-- (Amazon Virtual Private Cloud).
+--
+-- 'workspaceRoleArn', 'workspaceDescription_workspaceRoleArn' - The IAM role that grants permissions to the Amazon Web Services
+-- resources that the workspace will view data from. This role must already
+-- exist.
+--
+-- 'authentication', 'workspaceDescription_authentication' - A structure that describes whether the workspace uses SAML, IAM Identity
+-- Center, or both methods for user authentication.
+--
+-- 'created', 'workspaceDescription_created' - The date that the workspace was created.
+--
+-- 'dataSources', 'workspaceDescription_dataSources' - Specifies the Amazon Web Services data sources that have been configured
+-- to have IAM roles and permissions created to allow Amazon Managed
+-- Grafana to read data from these sources.
+--
+-- 'endpoint', 'workspaceDescription_endpoint' - The URL that users can use to access the Grafana console in the
+-- workspace.
+--
+-- 'grafanaVersion', 'workspaceDescription_grafanaVersion' - The version of Grafana supported in this workspace.
+--
+-- 'id', 'workspaceDescription_id' - The unique ID of this workspace.
+--
+-- 'modified', 'workspaceDescription_modified' - The most recent date that the workspace was modified.
+--
+-- 'status', 'workspaceDescription_status' - The current status of the workspace.
+newWorkspaceDescription ::
+  -- | 'authentication'
+  AuthenticationSummary ->
+  -- | 'created'
+  Prelude.UTCTime ->
+  -- | 'endpoint'
+  Prelude.Text ->
+  -- | 'grafanaVersion'
+  Prelude.Text ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'modified'
+  Prelude.UTCTime ->
+  -- | 'status'
+  WorkspaceStatus ->
+  WorkspaceDescription
+newWorkspaceDescription
+  pAuthentication_
+  pCreated_
+  pEndpoint_
+  pGrafanaVersion_
+  pId_
+  pModified_
+  pStatus_ =
+    WorkspaceDescription'
+      { accountAccessType =
+          Prelude.Nothing,
+        description = Prelude.Nothing,
+        freeTrialConsumed = Prelude.Nothing,
+        freeTrialExpiration = Prelude.Nothing,
+        licenseExpiration = Prelude.Nothing,
+        licenseType = Prelude.Nothing,
+        name = Prelude.Nothing,
+        notificationDestinations = Prelude.Nothing,
+        organizationRoleName = Prelude.Nothing,
+        organizationalUnits = Prelude.Nothing,
+        permissionType = Prelude.Nothing,
+        stackSetName = Prelude.Nothing,
+        tags = Prelude.Nothing,
+        vpcConfiguration = Prelude.Nothing,
+        workspaceRoleArn = Prelude.Nothing,
+        authentication = pAuthentication_,
+        created = Data._Time Lens.# pCreated_,
+        dataSources = Prelude.mempty,
+        endpoint = pEndpoint_,
+        grafanaVersion = pGrafanaVersion_,
+        id = pId_,
+        modified = Data._Time Lens.# pModified_,
+        status = pStatus_
+      }
+
+-- | Specifies whether the workspace can access Amazon Web Services resources
+-- in this Amazon Web Services account only, or whether it can also access
+-- Amazon Web Services resources in other accounts in the same
+-- organization. If this is @ORGANIZATION@, the
+-- @workspaceOrganizationalUnits@ parameter specifies which organizational
+-- units the workspace can access.
+workspaceDescription_accountAccessType :: Lens.Lens' WorkspaceDescription (Prelude.Maybe AccountAccessType)
+workspaceDescription_accountAccessType = Lens.lens (\WorkspaceDescription' {accountAccessType} -> accountAccessType) (\s@WorkspaceDescription' {} a -> s {accountAccessType = a} :: WorkspaceDescription)
+
+-- | The user-defined description of the workspace.
+workspaceDescription_description :: Lens.Lens' WorkspaceDescription (Prelude.Maybe Prelude.Text)
+workspaceDescription_description = Lens.lens (\WorkspaceDescription' {description} -> description) (\s@WorkspaceDescription' {} a -> s {description = a} :: WorkspaceDescription) Prelude.. Lens.mapping Data._Sensitive
+
+-- | Specifies whether this workspace has already fully used its free trial
+-- for Grafana Enterprise.
+workspaceDescription_freeTrialConsumed :: Lens.Lens' WorkspaceDescription (Prelude.Maybe Prelude.Bool)
+workspaceDescription_freeTrialConsumed = Lens.lens (\WorkspaceDescription' {freeTrialConsumed} -> freeTrialConsumed) (\s@WorkspaceDescription' {} a -> s {freeTrialConsumed = a} :: WorkspaceDescription)
+
+-- | If this workspace is currently in the free trial period for Grafana
+-- Enterprise, this value specifies when that free trial ends.
+workspaceDescription_freeTrialExpiration :: Lens.Lens' WorkspaceDescription (Prelude.Maybe Prelude.UTCTime)
+workspaceDescription_freeTrialExpiration = Lens.lens (\WorkspaceDescription' {freeTrialExpiration} -> freeTrialExpiration) (\s@WorkspaceDescription' {} a -> s {freeTrialExpiration = a} :: WorkspaceDescription) Prelude.. Lens.mapping Data._Time
+
+-- | If this workspace has a full Grafana Enterprise license, this specifies
+-- when the license ends and will need to be renewed.
+workspaceDescription_licenseExpiration :: Lens.Lens' WorkspaceDescription (Prelude.Maybe Prelude.UTCTime)
+workspaceDescription_licenseExpiration = Lens.lens (\WorkspaceDescription' {licenseExpiration} -> licenseExpiration) (\s@WorkspaceDescription' {} a -> s {licenseExpiration = a} :: WorkspaceDescription) Prelude.. Lens.mapping Data._Time
+
+-- | Specifies whether this workspace has a full Grafana Enterprise license
+-- or a free trial license.
+workspaceDescription_licenseType :: Lens.Lens' WorkspaceDescription (Prelude.Maybe LicenseType)
+workspaceDescription_licenseType = Lens.lens (\WorkspaceDescription' {licenseType} -> licenseType) (\s@WorkspaceDescription' {} a -> s {licenseType = a} :: WorkspaceDescription)
+
+-- | The name of the workspace.
+workspaceDescription_name :: Lens.Lens' WorkspaceDescription (Prelude.Maybe Prelude.Text)
+workspaceDescription_name = Lens.lens (\WorkspaceDescription' {name} -> name) (\s@WorkspaceDescription' {} a -> s {name = a} :: WorkspaceDescription) Prelude.. Lens.mapping Data._Sensitive
+
+-- | The Amazon Web Services notification channels that Amazon Managed
+-- Grafana can automatically create IAM roles and permissions for, to allow
+-- Amazon Managed Grafana to use these channels.
+workspaceDescription_notificationDestinations :: Lens.Lens' WorkspaceDescription (Prelude.Maybe [NotificationDestinationType])
+workspaceDescription_notificationDestinations = Lens.lens (\WorkspaceDescription' {notificationDestinations} -> notificationDestinations) (\s@WorkspaceDescription' {} a -> s {notificationDestinations = a} :: WorkspaceDescription) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the IAM role that is used to access resources through
+-- Organizations.
+workspaceDescription_organizationRoleName :: Lens.Lens' WorkspaceDescription (Prelude.Maybe Prelude.Text)
+workspaceDescription_organizationRoleName = Lens.lens (\WorkspaceDescription' {organizationRoleName} -> organizationRoleName) (\s@WorkspaceDescription' {} a -> s {organizationRoleName = a} :: WorkspaceDescription) Prelude.. Lens.mapping Data._Sensitive
+
+-- | Specifies the organizational units that this workspace is allowed to use
+-- data sources from, if this workspace is in an account that is part of an
+-- organization.
+workspaceDescription_organizationalUnits :: Lens.Lens' WorkspaceDescription (Prelude.Maybe [Prelude.Text])
+workspaceDescription_organizationalUnits = Lens.lens (\WorkspaceDescription' {organizationalUnits} -> organizationalUnits) (\s@WorkspaceDescription' {} a -> s {organizationalUnits = a} :: WorkspaceDescription) Prelude.. Lens.mapping (Data._Sensitive Prelude.. Lens.coerced)
+
+-- | If this is @Service Managed@, Amazon Managed Grafana automatically
+-- creates the IAM roles and provisions the permissions that the workspace
+-- needs to use Amazon Web Services data sources and notification channels.
+--
+-- If this is @CUSTOMER_MANAGED@, you manage those roles and permissions
+-- yourself. If you are creating this workspace in a member account of an
+-- organization and that account is not a delegated administrator account,
+-- and you want the workspace to access data sources in other Amazon Web
+-- Services accounts in the organization, you must choose
+-- @CUSTOMER_MANAGED@.
+--
+-- For more information, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels>
+workspaceDescription_permissionType :: Lens.Lens' WorkspaceDescription (Prelude.Maybe PermissionType)
+workspaceDescription_permissionType = Lens.lens (\WorkspaceDescription' {permissionType} -> permissionType) (\s@WorkspaceDescription' {} a -> s {permissionType = a} :: WorkspaceDescription)
+
+-- | The name of the CloudFormation stack set that is used to generate IAM
+-- roles to be used for this workspace.
+workspaceDescription_stackSetName :: Lens.Lens' WorkspaceDescription (Prelude.Maybe Prelude.Text)
+workspaceDescription_stackSetName = Lens.lens (\WorkspaceDescription' {stackSetName} -> stackSetName) (\s@WorkspaceDescription' {} a -> s {stackSetName = a} :: WorkspaceDescription)
+
+-- | The list of tags associated with the workspace.
+workspaceDescription_tags :: Lens.Lens' WorkspaceDescription (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+workspaceDescription_tags = Lens.lens (\WorkspaceDescription' {tags} -> tags) (\s@WorkspaceDescription' {} a -> s {tags = a} :: WorkspaceDescription) Prelude.. Lens.mapping Lens.coerced
+
+-- | The configuration for connecting to data sources in a private VPC
+-- (Amazon Virtual Private Cloud).
+workspaceDescription_vpcConfiguration :: Lens.Lens' WorkspaceDescription (Prelude.Maybe VpcConfiguration)
+workspaceDescription_vpcConfiguration = Lens.lens (\WorkspaceDescription' {vpcConfiguration} -> vpcConfiguration) (\s@WorkspaceDescription' {} a -> s {vpcConfiguration = a} :: WorkspaceDescription)
+
+-- | The IAM role that grants permissions to the Amazon Web Services
+-- resources that the workspace will view data from. This role must already
+-- exist.
+workspaceDescription_workspaceRoleArn :: Lens.Lens' WorkspaceDescription (Prelude.Maybe Prelude.Text)
+workspaceDescription_workspaceRoleArn = Lens.lens (\WorkspaceDescription' {workspaceRoleArn} -> workspaceRoleArn) (\s@WorkspaceDescription' {} a -> s {workspaceRoleArn = a} :: WorkspaceDescription) Prelude.. Lens.mapping Data._Sensitive
+
+-- | A structure that describes whether the workspace uses SAML, IAM Identity
+-- Center, or both methods for user authentication.
+workspaceDescription_authentication :: Lens.Lens' WorkspaceDescription AuthenticationSummary
+workspaceDescription_authentication = Lens.lens (\WorkspaceDescription' {authentication} -> authentication) (\s@WorkspaceDescription' {} a -> s {authentication = a} :: WorkspaceDescription)
+
+-- | The date that the workspace was created.
+workspaceDescription_created :: Lens.Lens' WorkspaceDescription Prelude.UTCTime
+workspaceDescription_created = Lens.lens (\WorkspaceDescription' {created} -> created) (\s@WorkspaceDescription' {} a -> s {created = a} :: WorkspaceDescription) Prelude.. Data._Time
+
+-- | Specifies the Amazon Web Services data sources that have been configured
+-- to have IAM roles and permissions created to allow Amazon Managed
+-- Grafana to read data from these sources.
+workspaceDescription_dataSources :: Lens.Lens' WorkspaceDescription [DataSourceType]
+workspaceDescription_dataSources = Lens.lens (\WorkspaceDescription' {dataSources} -> dataSources) (\s@WorkspaceDescription' {} a -> s {dataSources = a} :: WorkspaceDescription) Prelude.. Lens.coerced
+
+-- | The URL that users can use to access the Grafana console in the
+-- workspace.
+workspaceDescription_endpoint :: Lens.Lens' WorkspaceDescription Prelude.Text
+workspaceDescription_endpoint = Lens.lens (\WorkspaceDescription' {endpoint} -> endpoint) (\s@WorkspaceDescription' {} a -> s {endpoint = a} :: WorkspaceDescription)
+
+-- | The version of Grafana supported in this workspace.
+workspaceDescription_grafanaVersion :: Lens.Lens' WorkspaceDescription Prelude.Text
+workspaceDescription_grafanaVersion = Lens.lens (\WorkspaceDescription' {grafanaVersion} -> grafanaVersion) (\s@WorkspaceDescription' {} a -> s {grafanaVersion = a} :: WorkspaceDescription)
+
+-- | The unique ID of this workspace.
+workspaceDescription_id :: Lens.Lens' WorkspaceDescription Prelude.Text
+workspaceDescription_id = Lens.lens (\WorkspaceDescription' {id} -> id) (\s@WorkspaceDescription' {} a -> s {id = a} :: WorkspaceDescription)
+
+-- | The most recent date that the workspace was modified.
+workspaceDescription_modified :: Lens.Lens' WorkspaceDescription Prelude.UTCTime
+workspaceDescription_modified = Lens.lens (\WorkspaceDescription' {modified} -> modified) (\s@WorkspaceDescription' {} a -> s {modified = a} :: WorkspaceDescription) Prelude.. Data._Time
+
+-- | The current status of the workspace.
+workspaceDescription_status :: Lens.Lens' WorkspaceDescription WorkspaceStatus
+workspaceDescription_status = Lens.lens (\WorkspaceDescription' {status} -> status) (\s@WorkspaceDescription' {} a -> s {status = a} :: WorkspaceDescription)
+
+instance Data.FromJSON WorkspaceDescription where
+  parseJSON =
+    Data.withObject
+      "WorkspaceDescription"
+      ( \x ->
+          WorkspaceDescription'
+            Prelude.<$> (x Data..:? "accountAccessType")
+            Prelude.<*> (x Data..:? "description")
+            Prelude.<*> (x Data..:? "freeTrialConsumed")
+            Prelude.<*> (x Data..:? "freeTrialExpiration")
+            Prelude.<*> (x Data..:? "licenseExpiration")
+            Prelude.<*> (x Data..:? "licenseType")
+            Prelude.<*> (x Data..:? "name")
+            Prelude.<*> ( x
+                            Data..:? "notificationDestinations"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "organizationRoleName")
+            Prelude.<*> ( x
+                            Data..:? "organizationalUnits"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "permissionType")
+            Prelude.<*> (x Data..:? "stackSetName")
+            Prelude.<*> (x Data..:? "tags" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "vpcConfiguration")
+            Prelude.<*> (x Data..:? "workspaceRoleArn")
+            Prelude.<*> (x Data..: "authentication")
+            Prelude.<*> (x Data..: "created")
+            Prelude.<*> (x Data..:? "dataSources" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "endpoint")
+            Prelude.<*> (x Data..: "grafanaVersion")
+            Prelude.<*> (x Data..: "id")
+            Prelude.<*> (x Data..: "modified")
+            Prelude.<*> (x Data..: "status")
+      )
+
+instance Prelude.Hashable WorkspaceDescription where
+  hashWithSalt _salt WorkspaceDescription' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountAccessType
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` freeTrialConsumed
+      `Prelude.hashWithSalt` freeTrialExpiration
+      `Prelude.hashWithSalt` licenseExpiration
+      `Prelude.hashWithSalt` licenseType
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` notificationDestinations
+      `Prelude.hashWithSalt` organizationRoleName
+      `Prelude.hashWithSalt` organizationalUnits
+      `Prelude.hashWithSalt` permissionType
+      `Prelude.hashWithSalt` stackSetName
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` vpcConfiguration
+      `Prelude.hashWithSalt` workspaceRoleArn
+      `Prelude.hashWithSalt` authentication
+      `Prelude.hashWithSalt` created
+      `Prelude.hashWithSalt` dataSources
+      `Prelude.hashWithSalt` endpoint
+      `Prelude.hashWithSalt` grafanaVersion
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` modified
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData WorkspaceDescription where
+  rnf WorkspaceDescription' {..} =
+    Prelude.rnf accountAccessType
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf freeTrialConsumed
+      `Prelude.seq` Prelude.rnf freeTrialExpiration
+      `Prelude.seq` Prelude.rnf licenseExpiration
+      `Prelude.seq` Prelude.rnf licenseType
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf notificationDestinations
+      `Prelude.seq` Prelude.rnf organizationRoleName
+      `Prelude.seq` Prelude.rnf organizationalUnits
+      `Prelude.seq` Prelude.rnf permissionType
+      `Prelude.seq` Prelude.rnf stackSetName
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf vpcConfiguration
+      `Prelude.seq` Prelude.rnf workspaceRoleArn
+      `Prelude.seq` Prelude.rnf authentication
+      `Prelude.seq` Prelude.rnf created
+      `Prelude.seq` Prelude.rnf dataSources
+      `Prelude.seq` Prelude.rnf endpoint
+      `Prelude.seq` Prelude.rnf grafanaVersion
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf modified
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/Grafana/Types/WorkspaceStatus.hs b/gen/Amazonka/Grafana/Types/WorkspaceStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/WorkspaceStatus.hs
@@ -0,0 +1,116 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.WorkspaceStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.WorkspaceStatus
+  ( WorkspaceStatus
+      ( ..,
+        WorkspaceStatus_ACTIVE,
+        WorkspaceStatus_CREATING,
+        WorkspaceStatus_CREATION_FAILED,
+        WorkspaceStatus_DELETING,
+        WorkspaceStatus_DELETION_FAILED,
+        WorkspaceStatus_FAILED,
+        WorkspaceStatus_LICENSE_REMOVAL_FAILED,
+        WorkspaceStatus_UPDATE_FAILED,
+        WorkspaceStatus_UPDATING,
+        WorkspaceStatus_UPGRADE_FAILED,
+        WorkspaceStatus_UPGRADING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype WorkspaceStatus = WorkspaceStatus'
+  { fromWorkspaceStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern WorkspaceStatus_ACTIVE :: WorkspaceStatus
+pattern WorkspaceStatus_ACTIVE = WorkspaceStatus' "ACTIVE"
+
+pattern WorkspaceStatus_CREATING :: WorkspaceStatus
+pattern WorkspaceStatus_CREATING = WorkspaceStatus' "CREATING"
+
+pattern WorkspaceStatus_CREATION_FAILED :: WorkspaceStatus
+pattern WorkspaceStatus_CREATION_FAILED = WorkspaceStatus' "CREATION_FAILED"
+
+pattern WorkspaceStatus_DELETING :: WorkspaceStatus
+pattern WorkspaceStatus_DELETING = WorkspaceStatus' "DELETING"
+
+pattern WorkspaceStatus_DELETION_FAILED :: WorkspaceStatus
+pattern WorkspaceStatus_DELETION_FAILED = WorkspaceStatus' "DELETION_FAILED"
+
+pattern WorkspaceStatus_FAILED :: WorkspaceStatus
+pattern WorkspaceStatus_FAILED = WorkspaceStatus' "FAILED"
+
+pattern WorkspaceStatus_LICENSE_REMOVAL_FAILED :: WorkspaceStatus
+pattern WorkspaceStatus_LICENSE_REMOVAL_FAILED = WorkspaceStatus' "LICENSE_REMOVAL_FAILED"
+
+pattern WorkspaceStatus_UPDATE_FAILED :: WorkspaceStatus
+pattern WorkspaceStatus_UPDATE_FAILED = WorkspaceStatus' "UPDATE_FAILED"
+
+pattern WorkspaceStatus_UPDATING :: WorkspaceStatus
+pattern WorkspaceStatus_UPDATING = WorkspaceStatus' "UPDATING"
+
+pattern WorkspaceStatus_UPGRADE_FAILED :: WorkspaceStatus
+pattern WorkspaceStatus_UPGRADE_FAILED = WorkspaceStatus' "UPGRADE_FAILED"
+
+pattern WorkspaceStatus_UPGRADING :: WorkspaceStatus
+pattern WorkspaceStatus_UPGRADING = WorkspaceStatus' "UPGRADING"
+
+{-# COMPLETE
+  WorkspaceStatus_ACTIVE,
+  WorkspaceStatus_CREATING,
+  WorkspaceStatus_CREATION_FAILED,
+  WorkspaceStatus_DELETING,
+  WorkspaceStatus_DELETION_FAILED,
+  WorkspaceStatus_FAILED,
+  WorkspaceStatus_LICENSE_REMOVAL_FAILED,
+  WorkspaceStatus_UPDATE_FAILED,
+  WorkspaceStatus_UPDATING,
+  WorkspaceStatus_UPGRADE_FAILED,
+  WorkspaceStatus_UPGRADING,
+  WorkspaceStatus'
+  #-}
diff --git a/gen/Amazonka/Grafana/Types/WorkspaceSummary.hs b/gen/Amazonka/Grafana/Types/WorkspaceSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Types/WorkspaceSummary.hs
@@ -0,0 +1,229 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Types.WorkspaceSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Types.WorkspaceSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types.AuthenticationSummary
+import Amazonka.Grafana.Types.NotificationDestinationType
+import Amazonka.Grafana.Types.WorkspaceStatus
+import qualified Amazonka.Prelude as Prelude
+
+-- | A structure that contains some information about one workspace in the
+-- account.
+--
+-- /See:/ 'newWorkspaceSummary' smart constructor.
+data WorkspaceSummary = WorkspaceSummary'
+  { -- | The customer-entered description of the workspace.
+    description :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | The name of the workspace.
+    name :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | The Amazon Web Services notification channels that Amazon Managed
+    -- Grafana can automatically create IAM roles and permissions for, which
+    -- allows Amazon Managed Grafana to use these channels.
+    notificationDestinations :: Prelude.Maybe [NotificationDestinationType],
+    -- | The list of tags associated with the workspace.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | A structure containing information about the authentication methods used
+    -- in the workspace.
+    authentication :: AuthenticationSummary,
+    -- | The date that the workspace was created.
+    created :: Data.POSIX,
+    -- | The URL endpoint to use to access the Grafana console in the workspace.
+    endpoint :: Prelude.Text,
+    -- | The Grafana version that the workspace is running.
+    grafanaVersion :: Prelude.Text,
+    -- | The unique ID of the workspace.
+    id :: Prelude.Text,
+    -- | The most recent date that the workspace was modified.
+    modified :: Data.POSIX,
+    -- | The current status of the workspace.
+    status :: WorkspaceStatus
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'WorkspaceSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'workspaceSummary_description' - The customer-entered description of the workspace.
+--
+-- 'name', 'workspaceSummary_name' - The name of the workspace.
+--
+-- 'notificationDestinations', 'workspaceSummary_notificationDestinations' - The Amazon Web Services notification channels that Amazon Managed
+-- Grafana can automatically create IAM roles and permissions for, which
+-- allows Amazon Managed Grafana to use these channels.
+--
+-- 'tags', 'workspaceSummary_tags' - The list of tags associated with the workspace.
+--
+-- 'authentication', 'workspaceSummary_authentication' - A structure containing information about the authentication methods used
+-- in the workspace.
+--
+-- 'created', 'workspaceSummary_created' - The date that the workspace was created.
+--
+-- 'endpoint', 'workspaceSummary_endpoint' - The URL endpoint to use to access the Grafana console in the workspace.
+--
+-- 'grafanaVersion', 'workspaceSummary_grafanaVersion' - The Grafana version that the workspace is running.
+--
+-- 'id', 'workspaceSummary_id' - The unique ID of the workspace.
+--
+-- 'modified', 'workspaceSummary_modified' - The most recent date that the workspace was modified.
+--
+-- 'status', 'workspaceSummary_status' - The current status of the workspace.
+newWorkspaceSummary ::
+  -- | 'authentication'
+  AuthenticationSummary ->
+  -- | 'created'
+  Prelude.UTCTime ->
+  -- | 'endpoint'
+  Prelude.Text ->
+  -- | 'grafanaVersion'
+  Prelude.Text ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'modified'
+  Prelude.UTCTime ->
+  -- | 'status'
+  WorkspaceStatus ->
+  WorkspaceSummary
+newWorkspaceSummary
+  pAuthentication_
+  pCreated_
+  pEndpoint_
+  pGrafanaVersion_
+  pId_
+  pModified_
+  pStatus_ =
+    WorkspaceSummary'
+      { description = Prelude.Nothing,
+        name = Prelude.Nothing,
+        notificationDestinations = Prelude.Nothing,
+        tags = Prelude.Nothing,
+        authentication = pAuthentication_,
+        created = Data._Time Lens.# pCreated_,
+        endpoint = pEndpoint_,
+        grafanaVersion = pGrafanaVersion_,
+        id = pId_,
+        modified = Data._Time Lens.# pModified_,
+        status = pStatus_
+      }
+
+-- | The customer-entered description of the workspace.
+workspaceSummary_description :: Lens.Lens' WorkspaceSummary (Prelude.Maybe Prelude.Text)
+workspaceSummary_description = Lens.lens (\WorkspaceSummary' {description} -> description) (\s@WorkspaceSummary' {} a -> s {description = a} :: WorkspaceSummary) Prelude.. Lens.mapping Data._Sensitive
+
+-- | The name of the workspace.
+workspaceSummary_name :: Lens.Lens' WorkspaceSummary (Prelude.Maybe Prelude.Text)
+workspaceSummary_name = Lens.lens (\WorkspaceSummary' {name} -> name) (\s@WorkspaceSummary' {} a -> s {name = a} :: WorkspaceSummary) Prelude.. Lens.mapping Data._Sensitive
+
+-- | The Amazon Web Services notification channels that Amazon Managed
+-- Grafana can automatically create IAM roles and permissions for, which
+-- allows Amazon Managed Grafana to use these channels.
+workspaceSummary_notificationDestinations :: Lens.Lens' WorkspaceSummary (Prelude.Maybe [NotificationDestinationType])
+workspaceSummary_notificationDestinations = Lens.lens (\WorkspaceSummary' {notificationDestinations} -> notificationDestinations) (\s@WorkspaceSummary' {} a -> s {notificationDestinations = a} :: WorkspaceSummary) Prelude.. Lens.mapping Lens.coerced
+
+-- | The list of tags associated with the workspace.
+workspaceSummary_tags :: Lens.Lens' WorkspaceSummary (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+workspaceSummary_tags = Lens.lens (\WorkspaceSummary' {tags} -> tags) (\s@WorkspaceSummary' {} a -> s {tags = a} :: WorkspaceSummary) Prelude.. Lens.mapping Lens.coerced
+
+-- | A structure containing information about the authentication methods used
+-- in the workspace.
+workspaceSummary_authentication :: Lens.Lens' WorkspaceSummary AuthenticationSummary
+workspaceSummary_authentication = Lens.lens (\WorkspaceSummary' {authentication} -> authentication) (\s@WorkspaceSummary' {} a -> s {authentication = a} :: WorkspaceSummary)
+
+-- | The date that the workspace was created.
+workspaceSummary_created :: Lens.Lens' WorkspaceSummary Prelude.UTCTime
+workspaceSummary_created = Lens.lens (\WorkspaceSummary' {created} -> created) (\s@WorkspaceSummary' {} a -> s {created = a} :: WorkspaceSummary) Prelude.. Data._Time
+
+-- | The URL endpoint to use to access the Grafana console in the workspace.
+workspaceSummary_endpoint :: Lens.Lens' WorkspaceSummary Prelude.Text
+workspaceSummary_endpoint = Lens.lens (\WorkspaceSummary' {endpoint} -> endpoint) (\s@WorkspaceSummary' {} a -> s {endpoint = a} :: WorkspaceSummary)
+
+-- | The Grafana version that the workspace is running.
+workspaceSummary_grafanaVersion :: Lens.Lens' WorkspaceSummary Prelude.Text
+workspaceSummary_grafanaVersion = Lens.lens (\WorkspaceSummary' {grafanaVersion} -> grafanaVersion) (\s@WorkspaceSummary' {} a -> s {grafanaVersion = a} :: WorkspaceSummary)
+
+-- | The unique ID of the workspace.
+workspaceSummary_id :: Lens.Lens' WorkspaceSummary Prelude.Text
+workspaceSummary_id = Lens.lens (\WorkspaceSummary' {id} -> id) (\s@WorkspaceSummary' {} a -> s {id = a} :: WorkspaceSummary)
+
+-- | The most recent date that the workspace was modified.
+workspaceSummary_modified :: Lens.Lens' WorkspaceSummary Prelude.UTCTime
+workspaceSummary_modified = Lens.lens (\WorkspaceSummary' {modified} -> modified) (\s@WorkspaceSummary' {} a -> s {modified = a} :: WorkspaceSummary) Prelude.. Data._Time
+
+-- | The current status of the workspace.
+workspaceSummary_status :: Lens.Lens' WorkspaceSummary WorkspaceStatus
+workspaceSummary_status = Lens.lens (\WorkspaceSummary' {status} -> status) (\s@WorkspaceSummary' {} a -> s {status = a} :: WorkspaceSummary)
+
+instance Data.FromJSON WorkspaceSummary where
+  parseJSON =
+    Data.withObject
+      "WorkspaceSummary"
+      ( \x ->
+          WorkspaceSummary'
+            Prelude.<$> (x Data..:? "description")
+            Prelude.<*> (x Data..:? "name")
+            Prelude.<*> ( x
+                            Data..:? "notificationDestinations"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "tags" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "authentication")
+            Prelude.<*> (x Data..: "created")
+            Prelude.<*> (x Data..: "endpoint")
+            Prelude.<*> (x Data..: "grafanaVersion")
+            Prelude.<*> (x Data..: "id")
+            Prelude.<*> (x Data..: "modified")
+            Prelude.<*> (x Data..: "status")
+      )
+
+instance Prelude.Hashable WorkspaceSummary where
+  hashWithSalt _salt WorkspaceSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` notificationDestinations
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` authentication
+      `Prelude.hashWithSalt` created
+      `Prelude.hashWithSalt` endpoint
+      `Prelude.hashWithSalt` grafanaVersion
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` modified
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData WorkspaceSummary where
+  rnf WorkspaceSummary' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf notificationDestinations
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf authentication
+      `Prelude.seq` Prelude.rnf created
+      `Prelude.seq` Prelude.rnf endpoint
+      `Prelude.seq` Prelude.rnf grafanaVersion
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf modified
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/Grafana/UntagResource.hs b/gen/Amazonka/Grafana/UntagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/UntagResource.hs
@@ -0,0 +1,162 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.UntagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- The @UntagResource@ operation removes the association of the tag with
+-- the Amazon Managed Grafana resource.
+module Amazonka.Grafana.UntagResource
+  ( -- * Creating a Request
+    UntagResource (..),
+    newUntagResource,
+
+    -- * Request Lenses
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+
+    -- * Destructuring the Response
+    UntagResourceResponse (..),
+    newUntagResourceResponse,
+
+    -- * Response Lenses
+    untagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUntagResource' smart constructor.
+data UntagResource = UntagResource'
+  { -- | The ARN of the resource the tag association is removed from.
+    resourceArn :: Prelude.Text,
+    -- | The key values of the tag to be removed from the resource.
+    tagKeys :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'untagResource_resourceArn' - The ARN of the resource the tag association is removed from.
+--
+-- 'tagKeys', 'untagResource_tagKeys' - The key values of the tag to be removed from the resource.
+newUntagResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  UntagResource
+newUntagResource pResourceArn_ =
+  UntagResource'
+    { resourceArn = pResourceArn_,
+      tagKeys = Prelude.mempty
+    }
+
+-- | The ARN of the resource the tag association is removed from.
+untagResource_resourceArn :: Lens.Lens' UntagResource Prelude.Text
+untagResource_resourceArn = Lens.lens (\UntagResource' {resourceArn} -> resourceArn) (\s@UntagResource' {} a -> s {resourceArn = a} :: UntagResource)
+
+-- | The key values of the tag to be removed from the resource.
+untagResource_tagKeys :: Lens.Lens' UntagResource [Prelude.Text]
+untagResource_tagKeys = Lens.lens (\UntagResource' {tagKeys} -> tagKeys) (\s@UntagResource' {} a -> s {tagKeys = a} :: UntagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest UntagResource where
+  type
+    AWSResponse UntagResource =
+      UntagResourceResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UntagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UntagResource where
+  hashWithSalt _salt UntagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tagKeys
+
+instance Prelude.NFData UntagResource where
+  rnf UntagResource' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tagKeys
+
+instance Data.ToHeaders UntagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath UntagResource where
+  toPath UntagResource' {..} =
+    Prelude.mconcat ["/tags/", Data.toBS resourceArn]
+
+instance Data.ToQuery UntagResource where
+  toQuery UntagResource' {..} =
+    Prelude.mconcat
+      ["tagKeys" Data.=: Data.toQueryList "member" tagKeys]
+
+-- | /See:/ 'newUntagResourceResponse' smart constructor.
+data UntagResourceResponse = UntagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'untagResourceResponse_httpStatus' - The response's http status code.
+newUntagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UntagResourceResponse
+newUntagResourceResponse pHttpStatus_ =
+  UntagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+untagResourceResponse_httpStatus :: Lens.Lens' UntagResourceResponse Prelude.Int
+untagResourceResponse_httpStatus = Lens.lens (\UntagResourceResponse' {httpStatus} -> httpStatus) (\s@UntagResourceResponse' {} a -> s {httpStatus = a} :: UntagResourceResponse)
+
+instance Prelude.NFData UntagResourceResponse where
+  rnf UntagResourceResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Grafana/UpdatePermissions.hs b/gen/Amazonka/Grafana/UpdatePermissions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/UpdatePermissions.hs
@@ -0,0 +1,194 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.UpdatePermissions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates which users in a workspace have the Grafana @Admin@ or @Editor@
+-- roles.
+module Amazonka.Grafana.UpdatePermissions
+  ( -- * Creating a Request
+    UpdatePermissions (..),
+    newUpdatePermissions,
+
+    -- * Request Lenses
+    updatePermissions_updateInstructionBatch,
+    updatePermissions_workspaceId,
+
+    -- * Destructuring the Response
+    UpdatePermissionsResponse (..),
+    newUpdatePermissionsResponse,
+
+    -- * Response Lenses
+    updatePermissionsResponse_httpStatus,
+    updatePermissionsResponse_errors,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUpdatePermissions' smart constructor.
+data UpdatePermissions = UpdatePermissions'
+  { -- | An array of structures that contain the permission updates to make.
+    updateInstructionBatch :: [UpdateInstruction],
+    -- | The ID of the workspace to update.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdatePermissions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'updateInstructionBatch', 'updatePermissions_updateInstructionBatch' - An array of structures that contain the permission updates to make.
+--
+-- 'workspaceId', 'updatePermissions_workspaceId' - The ID of the workspace to update.
+newUpdatePermissions ::
+  -- | 'workspaceId'
+  Prelude.Text ->
+  UpdatePermissions
+newUpdatePermissions pWorkspaceId_ =
+  UpdatePermissions'
+    { updateInstructionBatch =
+        Prelude.mempty,
+      workspaceId = pWorkspaceId_
+    }
+
+-- | An array of structures that contain the permission updates to make.
+updatePermissions_updateInstructionBatch :: Lens.Lens' UpdatePermissions [UpdateInstruction]
+updatePermissions_updateInstructionBatch = Lens.lens (\UpdatePermissions' {updateInstructionBatch} -> updateInstructionBatch) (\s@UpdatePermissions' {} a -> s {updateInstructionBatch = a} :: UpdatePermissions) Prelude.. Lens.coerced
+
+-- | The ID of the workspace to update.
+updatePermissions_workspaceId :: Lens.Lens' UpdatePermissions Prelude.Text
+updatePermissions_workspaceId = Lens.lens (\UpdatePermissions' {workspaceId} -> workspaceId) (\s@UpdatePermissions' {} a -> s {workspaceId = a} :: UpdatePermissions)
+
+instance Core.AWSRequest UpdatePermissions where
+  type
+    AWSResponse UpdatePermissions =
+      UpdatePermissionsResponse
+  request overrides =
+    Request.patchJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdatePermissionsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "errors" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable UpdatePermissions where
+  hashWithSalt _salt UpdatePermissions' {..} =
+    _salt
+      `Prelude.hashWithSalt` updateInstructionBatch
+      `Prelude.hashWithSalt` workspaceId
+
+instance Prelude.NFData UpdatePermissions where
+  rnf UpdatePermissions' {..} =
+    Prelude.rnf updateInstructionBatch
+      `Prelude.seq` Prelude.rnf workspaceId
+
+instance Data.ToHeaders UpdatePermissions where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdatePermissions where
+  toJSON UpdatePermissions' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "updateInstructionBatch"
+                  Data..= updateInstructionBatch
+              )
+          ]
+      )
+
+instance Data.ToPath UpdatePermissions where
+  toPath UpdatePermissions' {..} =
+    Prelude.mconcat
+      [ "/workspaces/",
+        Data.toBS workspaceId,
+        "/permissions"
+      ]
+
+instance Data.ToQuery UpdatePermissions where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdatePermissionsResponse' smart constructor.
+data UpdatePermissionsResponse = UpdatePermissionsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | An array of structures that contain the errors from the operation, if
+    -- any.
+    errors :: [UpdateError]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdatePermissionsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updatePermissionsResponse_httpStatus' - The response's http status code.
+--
+-- 'errors', 'updatePermissionsResponse_errors' - An array of structures that contain the errors from the operation, if
+-- any.
+newUpdatePermissionsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdatePermissionsResponse
+newUpdatePermissionsResponse pHttpStatus_ =
+  UpdatePermissionsResponse'
+    { httpStatus =
+        pHttpStatus_,
+      errors = Prelude.mempty
+    }
+
+-- | The response's http status code.
+updatePermissionsResponse_httpStatus :: Lens.Lens' UpdatePermissionsResponse Prelude.Int
+updatePermissionsResponse_httpStatus = Lens.lens (\UpdatePermissionsResponse' {httpStatus} -> httpStatus) (\s@UpdatePermissionsResponse' {} a -> s {httpStatus = a} :: UpdatePermissionsResponse)
+
+-- | An array of structures that contain the errors from the operation, if
+-- any.
+updatePermissionsResponse_errors :: Lens.Lens' UpdatePermissionsResponse [UpdateError]
+updatePermissionsResponse_errors = Lens.lens (\UpdatePermissionsResponse' {errors} -> errors) (\s@UpdatePermissionsResponse' {} a -> s {errors = a} :: UpdatePermissionsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData UpdatePermissionsResponse where
+  rnf UpdatePermissionsResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf errors
diff --git a/gen/Amazonka/Grafana/UpdateWorkspace.hs b/gen/Amazonka/Grafana/UpdateWorkspace.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/UpdateWorkspace.hs
@@ -0,0 +1,474 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.UpdateWorkspace
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Modifies an existing Amazon Managed Grafana workspace. If you use this
+-- operation and omit any optional parameters, the existing values of those
+-- parameters are not changed.
+--
+-- To modify the user authentication methods that the workspace uses, such
+-- as SAML or IAM Identity Center, use
+-- <https://docs.aws.amazon.com/grafana/latest/APIReference/API_UpdateWorkspaceAuthentication.html UpdateWorkspaceAuthentication>.
+--
+-- To modify which users in the workspace have the @Admin@ and @Editor@
+-- Grafana roles, use
+-- <https://docs.aws.amazon.com/grafana/latest/APIReference/API_UpdatePermissions.html UpdatePermissions>.
+module Amazonka.Grafana.UpdateWorkspace
+  ( -- * Creating a Request
+    UpdateWorkspace (..),
+    newUpdateWorkspace,
+
+    -- * Request Lenses
+    updateWorkspace_accountAccessType,
+    updateWorkspace_organizationRoleName,
+    updateWorkspace_permissionType,
+    updateWorkspace_removeVpcConfiguration,
+    updateWorkspace_stackSetName,
+    updateWorkspace_vpcConfiguration,
+    updateWorkspace_workspaceDataSources,
+    updateWorkspace_workspaceDescription,
+    updateWorkspace_workspaceName,
+    updateWorkspace_workspaceNotificationDestinations,
+    updateWorkspace_workspaceOrganizationalUnits,
+    updateWorkspace_workspaceRoleArn,
+    updateWorkspace_workspaceId,
+
+    -- * Destructuring the Response
+    UpdateWorkspaceResponse (..),
+    newUpdateWorkspaceResponse,
+
+    -- * Response Lenses
+    updateWorkspaceResponse_httpStatus,
+    updateWorkspaceResponse_workspace,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUpdateWorkspace' smart constructor.
+data UpdateWorkspace = UpdateWorkspace'
+  { -- | Specifies whether the workspace can access Amazon Web Services resources
+    -- in this Amazon Web Services account only, or whether it can also access
+    -- Amazon Web Services resources in other accounts in the same
+    -- organization. If you specify @ORGANIZATION@, you must specify which
+    -- organizational units the workspace can access in the
+    -- @workspaceOrganizationalUnits@ parameter.
+    accountAccessType :: Prelude.Maybe AccountAccessType,
+    -- | The name of an IAM role that already exists to use to access resources
+    -- through Organizations.
+    organizationRoleName :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | If you specify @Service Managed@, Amazon Managed Grafana automatically
+    -- creates the IAM roles and provisions the permissions that the workspace
+    -- needs to use Amazon Web Services data sources and notification channels.
+    --
+    -- If you specify @CUSTOMER_MANAGED@, you will manage those roles and
+    -- permissions yourself. If you are creating this workspace in a member
+    -- account of an organization and that account is not a delegated
+    -- administrator account, and you want the workspace to access data sources
+    -- in other Amazon Web Services accounts in the organization, you must
+    -- choose @CUSTOMER_MANAGED@.
+    --
+    -- For more information, see
+    -- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels>
+    permissionType :: Prelude.Maybe PermissionType,
+    -- | Whether to remove the VPC configuration from the workspace.
+    --
+    -- Setting this to @true@ and providing a @vpcConfiguration@ to set will
+    -- return an error.
+    removeVpcConfiguration :: Prelude.Maybe Prelude.Bool,
+    -- | The name of the CloudFormation stack set to use to generate IAM roles to
+    -- be used for this workspace.
+    stackSetName :: Prelude.Maybe Prelude.Text,
+    -- | The configuration settings for an Amazon VPC that contains data sources
+    -- for your Grafana workspace to connect to.
+    vpcConfiguration :: Prelude.Maybe VpcConfiguration,
+    -- | Specify the Amazon Web Services data sources that you want to be queried
+    -- in this workspace. Specifying these data sources here enables Amazon
+    -- Managed Grafana to create IAM roles and permissions that allow Amazon
+    -- Managed Grafana to read data from these sources. You must still add them
+    -- as data sources in the Grafana console in the workspace.
+    --
+    -- If you don\'t specify a data source here, you can still add it as a data
+    -- source later in the workspace console. However, you will then have to
+    -- manually configure permissions for it.
+    workspaceDataSources :: Prelude.Maybe [DataSourceType],
+    -- | A description for the workspace. This is used only to help you identify
+    -- this workspace.
+    workspaceDescription :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | A new name for the workspace to update.
+    workspaceName :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | Specify the Amazon Web Services notification channels that you plan to
+    -- use in this workspace. Specifying these data sources here enables Amazon
+    -- Managed Grafana to create IAM roles and permissions that allow Amazon
+    -- Managed Grafana to use these channels.
+    workspaceNotificationDestinations :: Prelude.Maybe [NotificationDestinationType],
+    -- | Specifies the organizational units that this workspace is allowed to use
+    -- data sources from, if this workspace is in an account that is part of an
+    -- organization.
+    workspaceOrganizationalUnits :: Prelude.Maybe (Data.Sensitive [Prelude.Text]),
+    -- | The workspace needs an IAM role that grants permissions to the Amazon
+    -- Web Services resources that the workspace will view data from. If you
+    -- already have a role that you want to use, specify it here. If you omit
+    -- this field and you specify some Amazon Web Services resources in
+    -- @workspaceDataSources@ or @workspaceNotificationDestinations@, a new IAM
+    -- role with the necessary permissions is automatically created.
+    workspaceRoleArn :: Prelude.Maybe (Data.Sensitive Prelude.Text),
+    -- | The ID of the workspace to update.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateWorkspace' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountAccessType', 'updateWorkspace_accountAccessType' - Specifies whether the workspace can access Amazon Web Services resources
+-- in this Amazon Web Services account only, or whether it can also access
+-- Amazon Web Services resources in other accounts in the same
+-- organization. If you specify @ORGANIZATION@, you must specify which
+-- organizational units the workspace can access in the
+-- @workspaceOrganizationalUnits@ parameter.
+--
+-- 'organizationRoleName', 'updateWorkspace_organizationRoleName' - The name of an IAM role that already exists to use to access resources
+-- through Organizations.
+--
+-- 'permissionType', 'updateWorkspace_permissionType' - If you specify @Service Managed@, Amazon Managed Grafana automatically
+-- creates the IAM roles and provisions the permissions that the workspace
+-- needs to use Amazon Web Services data sources and notification channels.
+--
+-- If you specify @CUSTOMER_MANAGED@, you will manage those roles and
+-- permissions yourself. If you are creating this workspace in a member
+-- account of an organization and that account is not a delegated
+-- administrator account, and you want the workspace to access data sources
+-- in other Amazon Web Services accounts in the organization, you must
+-- choose @CUSTOMER_MANAGED@.
+--
+-- For more information, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels>
+--
+-- 'removeVpcConfiguration', 'updateWorkspace_removeVpcConfiguration' - Whether to remove the VPC configuration from the workspace.
+--
+-- Setting this to @true@ and providing a @vpcConfiguration@ to set will
+-- return an error.
+--
+-- 'stackSetName', 'updateWorkspace_stackSetName' - The name of the CloudFormation stack set to use to generate IAM roles to
+-- be used for this workspace.
+--
+-- 'vpcConfiguration', 'updateWorkspace_vpcConfiguration' - The configuration settings for an Amazon VPC that contains data sources
+-- for your Grafana workspace to connect to.
+--
+-- 'workspaceDataSources', 'updateWorkspace_workspaceDataSources' - Specify the Amazon Web Services data sources that you want to be queried
+-- in this workspace. Specifying these data sources here enables Amazon
+-- Managed Grafana to create IAM roles and permissions that allow Amazon
+-- Managed Grafana to read data from these sources. You must still add them
+-- as data sources in the Grafana console in the workspace.
+--
+-- If you don\'t specify a data source here, you can still add it as a data
+-- source later in the workspace console. However, you will then have to
+-- manually configure permissions for it.
+--
+-- 'workspaceDescription', 'updateWorkspace_workspaceDescription' - A description for the workspace. This is used only to help you identify
+-- this workspace.
+--
+-- 'workspaceName', 'updateWorkspace_workspaceName' - A new name for the workspace to update.
+--
+-- 'workspaceNotificationDestinations', 'updateWorkspace_workspaceNotificationDestinations' - Specify the Amazon Web Services notification channels that you plan to
+-- use in this workspace. Specifying these data sources here enables Amazon
+-- Managed Grafana to create IAM roles and permissions that allow Amazon
+-- Managed Grafana to use these channels.
+--
+-- 'workspaceOrganizationalUnits', 'updateWorkspace_workspaceOrganizationalUnits' - Specifies the organizational units that this workspace is allowed to use
+-- data sources from, if this workspace is in an account that is part of an
+-- organization.
+--
+-- 'workspaceRoleArn', 'updateWorkspace_workspaceRoleArn' - The workspace needs an IAM role that grants permissions to the Amazon
+-- Web Services resources that the workspace will view data from. If you
+-- already have a role that you want to use, specify it here. If you omit
+-- this field and you specify some Amazon Web Services resources in
+-- @workspaceDataSources@ or @workspaceNotificationDestinations@, a new IAM
+-- role with the necessary permissions is automatically created.
+--
+-- 'workspaceId', 'updateWorkspace_workspaceId' - The ID of the workspace to update.
+newUpdateWorkspace ::
+  -- | 'workspaceId'
+  Prelude.Text ->
+  UpdateWorkspace
+newUpdateWorkspace pWorkspaceId_ =
+  UpdateWorkspace'
+    { accountAccessType =
+        Prelude.Nothing,
+      organizationRoleName = Prelude.Nothing,
+      permissionType = Prelude.Nothing,
+      removeVpcConfiguration = Prelude.Nothing,
+      stackSetName = Prelude.Nothing,
+      vpcConfiguration = Prelude.Nothing,
+      workspaceDataSources = Prelude.Nothing,
+      workspaceDescription = Prelude.Nothing,
+      workspaceName = Prelude.Nothing,
+      workspaceNotificationDestinations = Prelude.Nothing,
+      workspaceOrganizationalUnits = Prelude.Nothing,
+      workspaceRoleArn = Prelude.Nothing,
+      workspaceId = pWorkspaceId_
+    }
+
+-- | Specifies whether the workspace can access Amazon Web Services resources
+-- in this Amazon Web Services account only, or whether it can also access
+-- Amazon Web Services resources in other accounts in the same
+-- organization. If you specify @ORGANIZATION@, you must specify which
+-- organizational units the workspace can access in the
+-- @workspaceOrganizationalUnits@ parameter.
+updateWorkspace_accountAccessType :: Lens.Lens' UpdateWorkspace (Prelude.Maybe AccountAccessType)
+updateWorkspace_accountAccessType = Lens.lens (\UpdateWorkspace' {accountAccessType} -> accountAccessType) (\s@UpdateWorkspace' {} a -> s {accountAccessType = a} :: UpdateWorkspace)
+
+-- | The name of an IAM role that already exists to use to access resources
+-- through Organizations.
+updateWorkspace_organizationRoleName :: Lens.Lens' UpdateWorkspace (Prelude.Maybe Prelude.Text)
+updateWorkspace_organizationRoleName = Lens.lens (\UpdateWorkspace' {organizationRoleName} -> organizationRoleName) (\s@UpdateWorkspace' {} a -> s {organizationRoleName = a} :: UpdateWorkspace) Prelude.. Lens.mapping Data._Sensitive
+
+-- | If you specify @Service Managed@, Amazon Managed Grafana automatically
+-- creates the IAM roles and provisions the permissions that the workspace
+-- needs to use Amazon Web Services data sources and notification channels.
+--
+-- If you specify @CUSTOMER_MANAGED@, you will manage those roles and
+-- permissions yourself. If you are creating this workspace in a member
+-- account of an organization and that account is not a delegated
+-- administrator account, and you want the workspace to access data sources
+-- in other Amazon Web Services accounts in the organization, you must
+-- choose @CUSTOMER_MANAGED@.
+--
+-- For more information, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels>
+updateWorkspace_permissionType :: Lens.Lens' UpdateWorkspace (Prelude.Maybe PermissionType)
+updateWorkspace_permissionType = Lens.lens (\UpdateWorkspace' {permissionType} -> permissionType) (\s@UpdateWorkspace' {} a -> s {permissionType = a} :: UpdateWorkspace)
+
+-- | Whether to remove the VPC configuration from the workspace.
+--
+-- Setting this to @true@ and providing a @vpcConfiguration@ to set will
+-- return an error.
+updateWorkspace_removeVpcConfiguration :: Lens.Lens' UpdateWorkspace (Prelude.Maybe Prelude.Bool)
+updateWorkspace_removeVpcConfiguration = Lens.lens (\UpdateWorkspace' {removeVpcConfiguration} -> removeVpcConfiguration) (\s@UpdateWorkspace' {} a -> s {removeVpcConfiguration = a} :: UpdateWorkspace)
+
+-- | The name of the CloudFormation stack set to use to generate IAM roles to
+-- be used for this workspace.
+updateWorkspace_stackSetName :: Lens.Lens' UpdateWorkspace (Prelude.Maybe Prelude.Text)
+updateWorkspace_stackSetName = Lens.lens (\UpdateWorkspace' {stackSetName} -> stackSetName) (\s@UpdateWorkspace' {} a -> s {stackSetName = a} :: UpdateWorkspace)
+
+-- | The configuration settings for an Amazon VPC that contains data sources
+-- for your Grafana workspace to connect to.
+updateWorkspace_vpcConfiguration :: Lens.Lens' UpdateWorkspace (Prelude.Maybe VpcConfiguration)
+updateWorkspace_vpcConfiguration = Lens.lens (\UpdateWorkspace' {vpcConfiguration} -> vpcConfiguration) (\s@UpdateWorkspace' {} a -> s {vpcConfiguration = a} :: UpdateWorkspace)
+
+-- | Specify the Amazon Web Services data sources that you want to be queried
+-- in this workspace. Specifying these data sources here enables Amazon
+-- Managed Grafana to create IAM roles and permissions that allow Amazon
+-- Managed Grafana to read data from these sources. You must still add them
+-- as data sources in the Grafana console in the workspace.
+--
+-- If you don\'t specify a data source here, you can still add it as a data
+-- source later in the workspace console. However, you will then have to
+-- manually configure permissions for it.
+updateWorkspace_workspaceDataSources :: Lens.Lens' UpdateWorkspace (Prelude.Maybe [DataSourceType])
+updateWorkspace_workspaceDataSources = Lens.lens (\UpdateWorkspace' {workspaceDataSources} -> workspaceDataSources) (\s@UpdateWorkspace' {} a -> s {workspaceDataSources = a} :: UpdateWorkspace) Prelude.. Lens.mapping Lens.coerced
+
+-- | A description for the workspace. This is used only to help you identify
+-- this workspace.
+updateWorkspace_workspaceDescription :: Lens.Lens' UpdateWorkspace (Prelude.Maybe Prelude.Text)
+updateWorkspace_workspaceDescription = Lens.lens (\UpdateWorkspace' {workspaceDescription} -> workspaceDescription) (\s@UpdateWorkspace' {} a -> s {workspaceDescription = a} :: UpdateWorkspace) Prelude.. Lens.mapping Data._Sensitive
+
+-- | A new name for the workspace to update.
+updateWorkspace_workspaceName :: Lens.Lens' UpdateWorkspace (Prelude.Maybe Prelude.Text)
+updateWorkspace_workspaceName = Lens.lens (\UpdateWorkspace' {workspaceName} -> workspaceName) (\s@UpdateWorkspace' {} a -> s {workspaceName = a} :: UpdateWorkspace) Prelude.. Lens.mapping Data._Sensitive
+
+-- | Specify the Amazon Web Services notification channels that you plan to
+-- use in this workspace. Specifying these data sources here enables Amazon
+-- Managed Grafana to create IAM roles and permissions that allow Amazon
+-- Managed Grafana to use these channels.
+updateWorkspace_workspaceNotificationDestinations :: Lens.Lens' UpdateWorkspace (Prelude.Maybe [NotificationDestinationType])
+updateWorkspace_workspaceNotificationDestinations = Lens.lens (\UpdateWorkspace' {workspaceNotificationDestinations} -> workspaceNotificationDestinations) (\s@UpdateWorkspace' {} a -> s {workspaceNotificationDestinations = a} :: UpdateWorkspace) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies the organizational units that this workspace is allowed to use
+-- data sources from, if this workspace is in an account that is part of an
+-- organization.
+updateWorkspace_workspaceOrganizationalUnits :: Lens.Lens' UpdateWorkspace (Prelude.Maybe [Prelude.Text])
+updateWorkspace_workspaceOrganizationalUnits = Lens.lens (\UpdateWorkspace' {workspaceOrganizationalUnits} -> workspaceOrganizationalUnits) (\s@UpdateWorkspace' {} a -> s {workspaceOrganizationalUnits = a} :: UpdateWorkspace) Prelude.. Lens.mapping (Data._Sensitive Prelude.. Lens.coerced)
+
+-- | The workspace needs an IAM role that grants permissions to the Amazon
+-- Web Services resources that the workspace will view data from. If you
+-- already have a role that you want to use, specify it here. If you omit
+-- this field and you specify some Amazon Web Services resources in
+-- @workspaceDataSources@ or @workspaceNotificationDestinations@, a new IAM
+-- role with the necessary permissions is automatically created.
+updateWorkspace_workspaceRoleArn :: Lens.Lens' UpdateWorkspace (Prelude.Maybe Prelude.Text)
+updateWorkspace_workspaceRoleArn = Lens.lens (\UpdateWorkspace' {workspaceRoleArn} -> workspaceRoleArn) (\s@UpdateWorkspace' {} a -> s {workspaceRoleArn = a} :: UpdateWorkspace) Prelude.. Lens.mapping Data._Sensitive
+
+-- | The ID of the workspace to update.
+updateWorkspace_workspaceId :: Lens.Lens' UpdateWorkspace Prelude.Text
+updateWorkspace_workspaceId = Lens.lens (\UpdateWorkspace' {workspaceId} -> workspaceId) (\s@UpdateWorkspace' {} a -> s {workspaceId = a} :: UpdateWorkspace)
+
+instance Core.AWSRequest UpdateWorkspace where
+  type
+    AWSResponse UpdateWorkspace =
+      UpdateWorkspaceResponse
+  request overrides =
+    Request.putJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateWorkspaceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "workspace")
+      )
+
+instance Prelude.Hashable UpdateWorkspace where
+  hashWithSalt _salt UpdateWorkspace' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountAccessType
+      `Prelude.hashWithSalt` organizationRoleName
+      `Prelude.hashWithSalt` permissionType
+      `Prelude.hashWithSalt` removeVpcConfiguration
+      `Prelude.hashWithSalt` stackSetName
+      `Prelude.hashWithSalt` vpcConfiguration
+      `Prelude.hashWithSalt` workspaceDataSources
+      `Prelude.hashWithSalt` workspaceDescription
+      `Prelude.hashWithSalt` workspaceName
+      `Prelude.hashWithSalt` workspaceNotificationDestinations
+      `Prelude.hashWithSalt` workspaceOrganizationalUnits
+      `Prelude.hashWithSalt` workspaceRoleArn
+      `Prelude.hashWithSalt` workspaceId
+
+instance Prelude.NFData UpdateWorkspace where
+  rnf UpdateWorkspace' {..} =
+    Prelude.rnf accountAccessType
+      `Prelude.seq` Prelude.rnf organizationRoleName
+      `Prelude.seq` Prelude.rnf permissionType
+      `Prelude.seq` Prelude.rnf removeVpcConfiguration
+      `Prelude.seq` Prelude.rnf stackSetName
+      `Prelude.seq` Prelude.rnf vpcConfiguration
+      `Prelude.seq` Prelude.rnf workspaceDataSources
+      `Prelude.seq` Prelude.rnf workspaceDescription
+      `Prelude.seq` Prelude.rnf workspaceName
+      `Prelude.seq` Prelude.rnf workspaceNotificationDestinations
+      `Prelude.seq` Prelude.rnf workspaceOrganizationalUnits
+      `Prelude.seq` Prelude.rnf workspaceRoleArn
+      `Prelude.seq` Prelude.rnf workspaceId
+
+instance Data.ToHeaders UpdateWorkspace where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateWorkspace where
+  toJSON UpdateWorkspace' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("accountAccessType" Data..=)
+              Prelude.<$> accountAccessType,
+            ("organizationRoleName" Data..=)
+              Prelude.<$> organizationRoleName,
+            ("permissionType" Data..=)
+              Prelude.<$> permissionType,
+            ("removeVpcConfiguration" Data..=)
+              Prelude.<$> removeVpcConfiguration,
+            ("stackSetName" Data..=) Prelude.<$> stackSetName,
+            ("vpcConfiguration" Data..=)
+              Prelude.<$> vpcConfiguration,
+            ("workspaceDataSources" Data..=)
+              Prelude.<$> workspaceDataSources,
+            ("workspaceDescription" Data..=)
+              Prelude.<$> workspaceDescription,
+            ("workspaceName" Data..=) Prelude.<$> workspaceName,
+            ("workspaceNotificationDestinations" Data..=)
+              Prelude.<$> workspaceNotificationDestinations,
+            ("workspaceOrganizationalUnits" Data..=)
+              Prelude.<$> workspaceOrganizationalUnits,
+            ("workspaceRoleArn" Data..=)
+              Prelude.<$> workspaceRoleArn
+          ]
+      )
+
+instance Data.ToPath UpdateWorkspace where
+  toPath UpdateWorkspace' {..} =
+    Prelude.mconcat
+      ["/workspaces/", Data.toBS workspaceId]
+
+instance Data.ToQuery UpdateWorkspace where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateWorkspaceResponse' smart constructor.
+data UpdateWorkspaceResponse = UpdateWorkspaceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A structure containing data about the workspace that was created.
+    workspace :: WorkspaceDescription
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateWorkspaceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateWorkspaceResponse_httpStatus' - The response's http status code.
+--
+-- 'workspace', 'updateWorkspaceResponse_workspace' - A structure containing data about the workspace that was created.
+newUpdateWorkspaceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'workspace'
+  WorkspaceDescription ->
+  UpdateWorkspaceResponse
+newUpdateWorkspaceResponse pHttpStatus_ pWorkspace_ =
+  UpdateWorkspaceResponse'
+    { httpStatus = pHttpStatus_,
+      workspace = pWorkspace_
+    }
+
+-- | The response's http status code.
+updateWorkspaceResponse_httpStatus :: Lens.Lens' UpdateWorkspaceResponse Prelude.Int
+updateWorkspaceResponse_httpStatus = Lens.lens (\UpdateWorkspaceResponse' {httpStatus} -> httpStatus) (\s@UpdateWorkspaceResponse' {} a -> s {httpStatus = a} :: UpdateWorkspaceResponse)
+
+-- | A structure containing data about the workspace that was created.
+updateWorkspaceResponse_workspace :: Lens.Lens' UpdateWorkspaceResponse WorkspaceDescription
+updateWorkspaceResponse_workspace = Lens.lens (\UpdateWorkspaceResponse' {workspace} -> workspace) (\s@UpdateWorkspaceResponse' {} a -> s {workspace = a} :: UpdateWorkspaceResponse)
+
+instance Prelude.NFData UpdateWorkspaceResponse where
+  rnf UpdateWorkspaceResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf workspace
diff --git a/gen/Amazonka/Grafana/UpdateWorkspaceAuthentication.hs b/gen/Amazonka/Grafana/UpdateWorkspaceAuthentication.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/UpdateWorkspaceAuthentication.hs
@@ -0,0 +1,242 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.UpdateWorkspaceAuthentication
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Use this operation to define the identity provider (IdP) that this
+-- workspace authenticates users from, using SAML. You can also map SAML
+-- assertion attributes to workspace user information and define which
+-- groups in the assertion attribute are to have the @Admin@ and @Editor@
+-- roles in the workspace.
+module Amazonka.Grafana.UpdateWorkspaceAuthentication
+  ( -- * Creating a Request
+    UpdateWorkspaceAuthentication (..),
+    newUpdateWorkspaceAuthentication,
+
+    -- * Request Lenses
+    updateWorkspaceAuthentication_samlConfiguration,
+    updateWorkspaceAuthentication_authenticationProviders,
+    updateWorkspaceAuthentication_workspaceId,
+
+    -- * Destructuring the Response
+    UpdateWorkspaceAuthenticationResponse (..),
+    newUpdateWorkspaceAuthenticationResponse,
+
+    -- * Response Lenses
+    updateWorkspaceAuthenticationResponse_httpStatus,
+    updateWorkspaceAuthenticationResponse_authentication,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUpdateWorkspaceAuthentication' smart constructor.
+data UpdateWorkspaceAuthentication = UpdateWorkspaceAuthentication'
+  { -- | If the workspace uses SAML, use this structure to map SAML assertion
+    -- attributes to workspace user information and define which groups in the
+    -- assertion attribute are to have the @Admin@ and @Editor@ roles in the
+    -- workspace.
+    samlConfiguration :: Prelude.Maybe SamlConfiguration,
+    -- | Specifies whether this workspace uses SAML 2.0, IAM Identity Center
+    -- (successor to Single Sign-On), or both to authenticate users for using
+    -- the Grafana console within a workspace. For more information, see
+    -- <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html User authentication in Amazon Managed Grafana>.
+    authenticationProviders :: [AuthenticationProviderTypes],
+    -- | The ID of the workspace to update the authentication for.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateWorkspaceAuthentication' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'samlConfiguration', 'updateWorkspaceAuthentication_samlConfiguration' - If the workspace uses SAML, use this structure to map SAML assertion
+-- attributes to workspace user information and define which groups in the
+-- assertion attribute are to have the @Admin@ and @Editor@ roles in the
+-- workspace.
+--
+-- 'authenticationProviders', 'updateWorkspaceAuthentication_authenticationProviders' - Specifies whether this workspace uses SAML 2.0, IAM Identity Center
+-- (successor to Single Sign-On), or both to authenticate users for using
+-- the Grafana console within a workspace. For more information, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html User authentication in Amazon Managed Grafana>.
+--
+-- 'workspaceId', 'updateWorkspaceAuthentication_workspaceId' - The ID of the workspace to update the authentication for.
+newUpdateWorkspaceAuthentication ::
+  -- | 'workspaceId'
+  Prelude.Text ->
+  UpdateWorkspaceAuthentication
+newUpdateWorkspaceAuthentication pWorkspaceId_ =
+  UpdateWorkspaceAuthentication'
+    { samlConfiguration =
+        Prelude.Nothing,
+      authenticationProviders = Prelude.mempty,
+      workspaceId = pWorkspaceId_
+    }
+
+-- | If the workspace uses SAML, use this structure to map SAML assertion
+-- attributes to workspace user information and define which groups in the
+-- assertion attribute are to have the @Admin@ and @Editor@ roles in the
+-- workspace.
+updateWorkspaceAuthentication_samlConfiguration :: Lens.Lens' UpdateWorkspaceAuthentication (Prelude.Maybe SamlConfiguration)
+updateWorkspaceAuthentication_samlConfiguration = Lens.lens (\UpdateWorkspaceAuthentication' {samlConfiguration} -> samlConfiguration) (\s@UpdateWorkspaceAuthentication' {} a -> s {samlConfiguration = a} :: UpdateWorkspaceAuthentication)
+
+-- | Specifies whether this workspace uses SAML 2.0, IAM Identity Center
+-- (successor to Single Sign-On), or both to authenticate users for using
+-- the Grafana console within a workspace. For more information, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html User authentication in Amazon Managed Grafana>.
+updateWorkspaceAuthentication_authenticationProviders :: Lens.Lens' UpdateWorkspaceAuthentication [AuthenticationProviderTypes]
+updateWorkspaceAuthentication_authenticationProviders = Lens.lens (\UpdateWorkspaceAuthentication' {authenticationProviders} -> authenticationProviders) (\s@UpdateWorkspaceAuthentication' {} a -> s {authenticationProviders = a} :: UpdateWorkspaceAuthentication) Prelude.. Lens.coerced
+
+-- | The ID of the workspace to update the authentication for.
+updateWorkspaceAuthentication_workspaceId :: Lens.Lens' UpdateWorkspaceAuthentication Prelude.Text
+updateWorkspaceAuthentication_workspaceId = Lens.lens (\UpdateWorkspaceAuthentication' {workspaceId} -> workspaceId) (\s@UpdateWorkspaceAuthentication' {} a -> s {workspaceId = a} :: UpdateWorkspaceAuthentication)
+
+instance
+  Core.AWSRequest
+    UpdateWorkspaceAuthentication
+  where
+  type
+    AWSResponse UpdateWorkspaceAuthentication =
+      UpdateWorkspaceAuthenticationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateWorkspaceAuthenticationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "authentication")
+      )
+
+instance
+  Prelude.Hashable
+    UpdateWorkspaceAuthentication
+  where
+  hashWithSalt _salt UpdateWorkspaceAuthentication' {..} =
+    _salt
+      `Prelude.hashWithSalt` samlConfiguration
+      `Prelude.hashWithSalt` authenticationProviders
+      `Prelude.hashWithSalt` workspaceId
+
+instance Prelude.NFData UpdateWorkspaceAuthentication where
+  rnf UpdateWorkspaceAuthentication' {..} =
+    Prelude.rnf samlConfiguration
+      `Prelude.seq` Prelude.rnf authenticationProviders
+      `Prelude.seq` Prelude.rnf workspaceId
+
+instance Data.ToHeaders UpdateWorkspaceAuthentication where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateWorkspaceAuthentication where
+  toJSON UpdateWorkspaceAuthentication' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("samlConfiguration" Data..=)
+              Prelude.<$> samlConfiguration,
+            Prelude.Just
+              ( "authenticationProviders"
+                  Data..= authenticationProviders
+              )
+          ]
+      )
+
+instance Data.ToPath UpdateWorkspaceAuthentication where
+  toPath UpdateWorkspaceAuthentication' {..} =
+    Prelude.mconcat
+      [ "/workspaces/",
+        Data.toBS workspaceId,
+        "/authentication"
+      ]
+
+instance Data.ToQuery UpdateWorkspaceAuthentication where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateWorkspaceAuthenticationResponse' smart constructor.
+data UpdateWorkspaceAuthenticationResponse = UpdateWorkspaceAuthenticationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A structure that describes the user authentication for this workspace
+    -- after the update is made.
+    authentication :: AuthenticationDescription
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateWorkspaceAuthenticationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateWorkspaceAuthenticationResponse_httpStatus' - The response's http status code.
+--
+-- 'authentication', 'updateWorkspaceAuthenticationResponse_authentication' - A structure that describes the user authentication for this workspace
+-- after the update is made.
+newUpdateWorkspaceAuthenticationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'authentication'
+  AuthenticationDescription ->
+  UpdateWorkspaceAuthenticationResponse
+newUpdateWorkspaceAuthenticationResponse
+  pHttpStatus_
+  pAuthentication_ =
+    UpdateWorkspaceAuthenticationResponse'
+      { httpStatus =
+          pHttpStatus_,
+        authentication = pAuthentication_
+      }
+
+-- | The response's http status code.
+updateWorkspaceAuthenticationResponse_httpStatus :: Lens.Lens' UpdateWorkspaceAuthenticationResponse Prelude.Int
+updateWorkspaceAuthenticationResponse_httpStatus = Lens.lens (\UpdateWorkspaceAuthenticationResponse' {httpStatus} -> httpStatus) (\s@UpdateWorkspaceAuthenticationResponse' {} a -> s {httpStatus = a} :: UpdateWorkspaceAuthenticationResponse)
+
+-- | A structure that describes the user authentication for this workspace
+-- after the update is made.
+updateWorkspaceAuthenticationResponse_authentication :: Lens.Lens' UpdateWorkspaceAuthenticationResponse AuthenticationDescription
+updateWorkspaceAuthenticationResponse_authentication = Lens.lens (\UpdateWorkspaceAuthenticationResponse' {authentication} -> authentication) (\s@UpdateWorkspaceAuthenticationResponse' {} a -> s {authentication = a} :: UpdateWorkspaceAuthenticationResponse)
+
+instance
+  Prelude.NFData
+    UpdateWorkspaceAuthenticationResponse
+  where
+  rnf UpdateWorkspaceAuthenticationResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf authentication
diff --git a/gen/Amazonka/Grafana/UpdateWorkspaceConfiguration.hs b/gen/Amazonka/Grafana/UpdateWorkspaceConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/UpdateWorkspaceConfiguration.hs
@@ -0,0 +1,192 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.UpdateWorkspaceConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the configuration string for the given workspace
+module Amazonka.Grafana.UpdateWorkspaceConfiguration
+  ( -- * Creating a Request
+    UpdateWorkspaceConfiguration (..),
+    newUpdateWorkspaceConfiguration,
+
+    -- * Request Lenses
+    updateWorkspaceConfiguration_configuration,
+    updateWorkspaceConfiguration_workspaceId,
+
+    -- * Destructuring the Response
+    UpdateWorkspaceConfigurationResponse (..),
+    newUpdateWorkspaceConfigurationResponse,
+
+    -- * Response Lenses
+    updateWorkspaceConfigurationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUpdateWorkspaceConfiguration' smart constructor.
+data UpdateWorkspaceConfiguration = UpdateWorkspaceConfiguration'
+  { -- | The new configuration string for the workspace. For more information
+    -- about the format and configuration options available, see
+    -- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html Working in your Grafana workspace>.
+    configuration :: Prelude.Text,
+    -- | The ID of the workspace to update.
+    workspaceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateWorkspaceConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'configuration', 'updateWorkspaceConfiguration_configuration' - The new configuration string for the workspace. For more information
+-- about the format and configuration options available, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html Working in your Grafana workspace>.
+--
+-- 'workspaceId', 'updateWorkspaceConfiguration_workspaceId' - The ID of the workspace to update.
+newUpdateWorkspaceConfiguration ::
+  -- | 'configuration'
+  Prelude.Text ->
+  -- | 'workspaceId'
+  Prelude.Text ->
+  UpdateWorkspaceConfiguration
+newUpdateWorkspaceConfiguration
+  pConfiguration_
+  pWorkspaceId_ =
+    UpdateWorkspaceConfiguration'
+      { configuration =
+          pConfiguration_,
+        workspaceId = pWorkspaceId_
+      }
+
+-- | The new configuration string for the workspace. For more information
+-- about the format and configuration options available, see
+-- <https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html Working in your Grafana workspace>.
+updateWorkspaceConfiguration_configuration :: Lens.Lens' UpdateWorkspaceConfiguration Prelude.Text
+updateWorkspaceConfiguration_configuration = Lens.lens (\UpdateWorkspaceConfiguration' {configuration} -> configuration) (\s@UpdateWorkspaceConfiguration' {} a -> s {configuration = a} :: UpdateWorkspaceConfiguration)
+
+-- | The ID of the workspace to update.
+updateWorkspaceConfiguration_workspaceId :: Lens.Lens' UpdateWorkspaceConfiguration Prelude.Text
+updateWorkspaceConfiguration_workspaceId = Lens.lens (\UpdateWorkspaceConfiguration' {workspaceId} -> workspaceId) (\s@UpdateWorkspaceConfiguration' {} a -> s {workspaceId = a} :: UpdateWorkspaceConfiguration)
+
+instance Core.AWSRequest UpdateWorkspaceConfiguration where
+  type
+    AWSResponse UpdateWorkspaceConfiguration =
+      UpdateWorkspaceConfigurationResponse
+  request overrides =
+    Request.putJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateWorkspaceConfigurationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    UpdateWorkspaceConfiguration
+  where
+  hashWithSalt _salt UpdateWorkspaceConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` configuration
+      `Prelude.hashWithSalt` workspaceId
+
+instance Prelude.NFData UpdateWorkspaceConfiguration where
+  rnf UpdateWorkspaceConfiguration' {..} =
+    Prelude.rnf configuration
+      `Prelude.seq` Prelude.rnf workspaceId
+
+instance Data.ToHeaders UpdateWorkspaceConfiguration where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateWorkspaceConfiguration where
+  toJSON UpdateWorkspaceConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("configuration" Data..= configuration)
+          ]
+      )
+
+instance Data.ToPath UpdateWorkspaceConfiguration where
+  toPath UpdateWorkspaceConfiguration' {..} =
+    Prelude.mconcat
+      [ "/workspaces/",
+        Data.toBS workspaceId,
+        "/configuration"
+      ]
+
+instance Data.ToQuery UpdateWorkspaceConfiguration where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateWorkspaceConfigurationResponse' smart constructor.
+data UpdateWorkspaceConfigurationResponse = UpdateWorkspaceConfigurationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateWorkspaceConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateWorkspaceConfigurationResponse_httpStatus' - The response's http status code.
+newUpdateWorkspaceConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateWorkspaceConfigurationResponse
+newUpdateWorkspaceConfigurationResponse pHttpStatus_ =
+  UpdateWorkspaceConfigurationResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+updateWorkspaceConfigurationResponse_httpStatus :: Lens.Lens' UpdateWorkspaceConfigurationResponse Prelude.Int
+updateWorkspaceConfigurationResponse_httpStatus = Lens.lens (\UpdateWorkspaceConfigurationResponse' {httpStatus} -> httpStatus) (\s@UpdateWorkspaceConfigurationResponse' {} a -> s {httpStatus = a} :: UpdateWorkspaceConfigurationResponse)
+
+instance
+  Prelude.NFData
+    UpdateWorkspaceConfigurationResponse
+  where
+  rnf UpdateWorkspaceConfigurationResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Grafana/Waiters.hs b/gen/Amazonka/Grafana/Waiters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Grafana/Waiters.hs
@@ -0,0 +1,24 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Grafana.Waiters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Grafana.Waiters where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.Grafana.Lens
+import Amazonka.Grafana.Types
+import qualified Amazonka.Prelude as Prelude
diff --git a/src/.gitkeep b/src/.gitkeep
new file mode 100644
--- /dev/null
+++ b/src/.gitkeep
diff --git a/test/Main.hs b/test/Main.hs
new file mode 100644
--- /dev/null
+++ b/test/Main.hs
@@ -0,0 +1,23 @@
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Main
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Main (main) where
+
+import Test.Amazonka.Grafana
+import Test.Amazonka.Grafana.Internal
+import Test.Tasty
+
+main :: IO ()
+main =
+  defaultMain $
+    testGroup
+      "Grafana"
+      [ testGroup "tests" tests,
+        testGroup "fixtures" fixtures
+      ]
diff --git a/test/Test/Amazonka/Gen/Grafana.hs b/test/Test/Amazonka/Gen/Grafana.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Gen/Grafana.hs
@@ -0,0 +1,398 @@
+{-# OPTIONS_GHC -fno-warn-orphans #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Test.Amazonka.Gen.Grafana
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Gen.Grafana where
+
+import Amazonka.Grafana
+import qualified Data.Proxy as Proxy
+import Test.Amazonka.Fixture
+import Test.Amazonka.Grafana.Internal
+import Test.Amazonka.Prelude
+import Test.Tasty
+
+-- Auto-generated: the actual test selection needs to be manually placed into
+-- the top-level so that real test data can be incrementally added.
+--
+-- This commented snippet is what the entire set should look like:
+
+-- fixtures :: TestTree
+-- fixtures =
+--     [ testGroup "request"
+--         [ requestAssociateLicense $
+--             newAssociateLicense
+--
+--         , requestCreateWorkspace $
+--             newCreateWorkspace
+--
+--         , requestCreateWorkspaceApiKey $
+--             newCreateWorkspaceApiKey
+--
+--         , requestDeleteWorkspace $
+--             newDeleteWorkspace
+--
+--         , requestDeleteWorkspaceApiKey $
+--             newDeleteWorkspaceApiKey
+--
+--         , requestDescribeWorkspace $
+--             newDescribeWorkspace
+--
+--         , requestDescribeWorkspaceAuthentication $
+--             newDescribeWorkspaceAuthentication
+--
+--         , requestDescribeWorkspaceConfiguration $
+--             newDescribeWorkspaceConfiguration
+--
+--         , requestDisassociateLicense $
+--             newDisassociateLicense
+--
+--         , requestListPermissions $
+--             newListPermissions
+--
+--         , requestListTagsForResource $
+--             newListTagsForResource
+--
+--         , requestListWorkspaces $
+--             newListWorkspaces
+--
+--         , requestTagResource $
+--             newTagResource
+--
+--         , requestUntagResource $
+--             newUntagResource
+--
+--         , requestUpdatePermissions $
+--             newUpdatePermissions
+--
+--         , requestUpdateWorkspace $
+--             newUpdateWorkspace
+--
+--         , requestUpdateWorkspaceAuthentication $
+--             newUpdateWorkspaceAuthentication
+--
+--         , requestUpdateWorkspaceConfiguration $
+--             newUpdateWorkspaceConfiguration
+--
+--           ]
+
+--     , testGroup "response"
+--         [ responseAssociateLicense $
+--             newAssociateLicenseResponse
+--
+--         , responseCreateWorkspace $
+--             newCreateWorkspaceResponse
+--
+--         , responseCreateWorkspaceApiKey $
+--             newCreateWorkspaceApiKeyResponse
+--
+--         , responseDeleteWorkspace $
+--             newDeleteWorkspaceResponse
+--
+--         , responseDeleteWorkspaceApiKey $
+--             newDeleteWorkspaceApiKeyResponse
+--
+--         , responseDescribeWorkspace $
+--             newDescribeWorkspaceResponse
+--
+--         , responseDescribeWorkspaceAuthentication $
+--             newDescribeWorkspaceAuthenticationResponse
+--
+--         , responseDescribeWorkspaceConfiguration $
+--             newDescribeWorkspaceConfigurationResponse
+--
+--         , responseDisassociateLicense $
+--             newDisassociateLicenseResponse
+--
+--         , responseListPermissions $
+--             newListPermissionsResponse
+--
+--         , responseListTagsForResource $
+--             newListTagsForResourceResponse
+--
+--         , responseListWorkspaces $
+--             newListWorkspacesResponse
+--
+--         , responseTagResource $
+--             newTagResourceResponse
+--
+--         , responseUntagResource $
+--             newUntagResourceResponse
+--
+--         , responseUpdatePermissions $
+--             newUpdatePermissionsResponse
+--
+--         , responseUpdateWorkspace $
+--             newUpdateWorkspaceResponse
+--
+--         , responseUpdateWorkspaceAuthentication $
+--             newUpdateWorkspaceAuthenticationResponse
+--
+--         , responseUpdateWorkspaceConfiguration $
+--             newUpdateWorkspaceConfigurationResponse
+--
+--           ]
+--     ]
+
+-- Requests
+
+requestAssociateLicense :: AssociateLicense -> TestTree
+requestAssociateLicense =
+  req
+    "AssociateLicense"
+    "fixture/AssociateLicense.yaml"
+
+requestCreateWorkspace :: CreateWorkspace -> TestTree
+requestCreateWorkspace =
+  req
+    "CreateWorkspace"
+    "fixture/CreateWorkspace.yaml"
+
+requestCreateWorkspaceApiKey :: CreateWorkspaceApiKey -> TestTree
+requestCreateWorkspaceApiKey =
+  req
+    "CreateWorkspaceApiKey"
+    "fixture/CreateWorkspaceApiKey.yaml"
+
+requestDeleteWorkspace :: DeleteWorkspace -> TestTree
+requestDeleteWorkspace =
+  req
+    "DeleteWorkspace"
+    "fixture/DeleteWorkspace.yaml"
+
+requestDeleteWorkspaceApiKey :: DeleteWorkspaceApiKey -> TestTree
+requestDeleteWorkspaceApiKey =
+  req
+    "DeleteWorkspaceApiKey"
+    "fixture/DeleteWorkspaceApiKey.yaml"
+
+requestDescribeWorkspace :: DescribeWorkspace -> TestTree
+requestDescribeWorkspace =
+  req
+    "DescribeWorkspace"
+    "fixture/DescribeWorkspace.yaml"
+
+requestDescribeWorkspaceAuthentication :: DescribeWorkspaceAuthentication -> TestTree
+requestDescribeWorkspaceAuthentication =
+  req
+    "DescribeWorkspaceAuthentication"
+    "fixture/DescribeWorkspaceAuthentication.yaml"
+
+requestDescribeWorkspaceConfiguration :: DescribeWorkspaceConfiguration -> TestTree
+requestDescribeWorkspaceConfiguration =
+  req
+    "DescribeWorkspaceConfiguration"
+    "fixture/DescribeWorkspaceConfiguration.yaml"
+
+requestDisassociateLicense :: DisassociateLicense -> TestTree
+requestDisassociateLicense =
+  req
+    "DisassociateLicense"
+    "fixture/DisassociateLicense.yaml"
+
+requestListPermissions :: ListPermissions -> TestTree
+requestListPermissions =
+  req
+    "ListPermissions"
+    "fixture/ListPermissions.yaml"
+
+requestListTagsForResource :: ListTagsForResource -> TestTree
+requestListTagsForResource =
+  req
+    "ListTagsForResource"
+    "fixture/ListTagsForResource.yaml"
+
+requestListWorkspaces :: ListWorkspaces -> TestTree
+requestListWorkspaces =
+  req
+    "ListWorkspaces"
+    "fixture/ListWorkspaces.yaml"
+
+requestTagResource :: TagResource -> TestTree
+requestTagResource =
+  req
+    "TagResource"
+    "fixture/TagResource.yaml"
+
+requestUntagResource :: UntagResource -> TestTree
+requestUntagResource =
+  req
+    "UntagResource"
+    "fixture/UntagResource.yaml"
+
+requestUpdatePermissions :: UpdatePermissions -> TestTree
+requestUpdatePermissions =
+  req
+    "UpdatePermissions"
+    "fixture/UpdatePermissions.yaml"
+
+requestUpdateWorkspace :: UpdateWorkspace -> TestTree
+requestUpdateWorkspace =
+  req
+    "UpdateWorkspace"
+    "fixture/UpdateWorkspace.yaml"
+
+requestUpdateWorkspaceAuthentication :: UpdateWorkspaceAuthentication -> TestTree
+requestUpdateWorkspaceAuthentication =
+  req
+    "UpdateWorkspaceAuthentication"
+    "fixture/UpdateWorkspaceAuthentication.yaml"
+
+requestUpdateWorkspaceConfiguration :: UpdateWorkspaceConfiguration -> TestTree
+requestUpdateWorkspaceConfiguration =
+  req
+    "UpdateWorkspaceConfiguration"
+    "fixture/UpdateWorkspaceConfiguration.yaml"
+
+-- Responses
+
+responseAssociateLicense :: AssociateLicenseResponse -> TestTree
+responseAssociateLicense =
+  res
+    "AssociateLicenseResponse"
+    "fixture/AssociateLicenseResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AssociateLicense)
+
+responseCreateWorkspace :: CreateWorkspaceResponse -> TestTree
+responseCreateWorkspace =
+  res
+    "CreateWorkspaceResponse"
+    "fixture/CreateWorkspaceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateWorkspace)
+
+responseCreateWorkspaceApiKey :: CreateWorkspaceApiKeyResponse -> TestTree
+responseCreateWorkspaceApiKey =
+  res
+    "CreateWorkspaceApiKeyResponse"
+    "fixture/CreateWorkspaceApiKeyResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateWorkspaceApiKey)
+
+responseDeleteWorkspace :: DeleteWorkspaceResponse -> TestTree
+responseDeleteWorkspace =
+  res
+    "DeleteWorkspaceResponse"
+    "fixture/DeleteWorkspaceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteWorkspace)
+
+responseDeleteWorkspaceApiKey :: DeleteWorkspaceApiKeyResponse -> TestTree
+responseDeleteWorkspaceApiKey =
+  res
+    "DeleteWorkspaceApiKeyResponse"
+    "fixture/DeleteWorkspaceApiKeyResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteWorkspaceApiKey)
+
+responseDescribeWorkspace :: DescribeWorkspaceResponse -> TestTree
+responseDescribeWorkspace =
+  res
+    "DescribeWorkspaceResponse"
+    "fixture/DescribeWorkspaceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeWorkspace)
+
+responseDescribeWorkspaceAuthentication :: DescribeWorkspaceAuthenticationResponse -> TestTree
+responseDescribeWorkspaceAuthentication =
+  res
+    "DescribeWorkspaceAuthenticationResponse"
+    "fixture/DescribeWorkspaceAuthenticationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeWorkspaceAuthentication)
+
+responseDescribeWorkspaceConfiguration :: DescribeWorkspaceConfigurationResponse -> TestTree
+responseDescribeWorkspaceConfiguration =
+  res
+    "DescribeWorkspaceConfigurationResponse"
+    "fixture/DescribeWorkspaceConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeWorkspaceConfiguration)
+
+responseDisassociateLicense :: DisassociateLicenseResponse -> TestTree
+responseDisassociateLicense =
+  res
+    "DisassociateLicenseResponse"
+    "fixture/DisassociateLicenseResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisassociateLicense)
+
+responseListPermissions :: ListPermissionsResponse -> TestTree
+responseListPermissions =
+  res
+    "ListPermissionsResponse"
+    "fixture/ListPermissionsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListPermissions)
+
+responseListTagsForResource :: ListTagsForResourceResponse -> TestTree
+responseListTagsForResource =
+  res
+    "ListTagsForResourceResponse"
+    "fixture/ListTagsForResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListTagsForResource)
+
+responseListWorkspaces :: ListWorkspacesResponse -> TestTree
+responseListWorkspaces =
+  res
+    "ListWorkspacesResponse"
+    "fixture/ListWorkspacesResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListWorkspaces)
+
+responseTagResource :: TagResourceResponse -> TestTree
+responseTagResource =
+  res
+    "TagResourceResponse"
+    "fixture/TagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy TagResource)
+
+responseUntagResource :: UntagResourceResponse -> TestTree
+responseUntagResource =
+  res
+    "UntagResourceResponse"
+    "fixture/UntagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UntagResource)
+
+responseUpdatePermissions :: UpdatePermissionsResponse -> TestTree
+responseUpdatePermissions =
+  res
+    "UpdatePermissionsResponse"
+    "fixture/UpdatePermissionsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdatePermissions)
+
+responseUpdateWorkspace :: UpdateWorkspaceResponse -> TestTree
+responseUpdateWorkspace =
+  res
+    "UpdateWorkspaceResponse"
+    "fixture/UpdateWorkspaceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateWorkspace)
+
+responseUpdateWorkspaceAuthentication :: UpdateWorkspaceAuthenticationResponse -> TestTree
+responseUpdateWorkspaceAuthentication =
+  res
+    "UpdateWorkspaceAuthenticationResponse"
+    "fixture/UpdateWorkspaceAuthenticationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateWorkspaceAuthentication)
+
+responseUpdateWorkspaceConfiguration :: UpdateWorkspaceConfigurationResponse -> TestTree
+responseUpdateWorkspaceConfiguration =
+  res
+    "UpdateWorkspaceConfigurationResponse"
+    "fixture/UpdateWorkspaceConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateWorkspaceConfiguration)
diff --git a/test/Test/Amazonka/Grafana.hs b/test/Test/Amazonka/Grafana.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Grafana.hs
@@ -0,0 +1,20 @@
+-- |
+-- Module      : Test.Amazonka.Grafana
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Grafana
+  ( tests,
+    fixtures,
+  )
+where
+
+import Test.Tasty (TestTree)
+
+tests :: [TestTree]
+tests = []
+
+fixtures :: [TestTree]
+fixtures = []
diff --git a/test/Test/Amazonka/Grafana/Internal.hs b/test/Test/Amazonka/Grafana/Internal.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Grafana/Internal.hs
@@ -0,0 +1,8 @@
+-- |
+-- Module      : Test.Amazonka.Grafana.Internal
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Grafana.Internal where
