CreateWorkforce - Amazon SageMaker
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

CreateWorkforce

Use this operation to create a workforce. This operation will return an error if a workforce already exists in the Amazon Region that you specify. You can only create one workforce in each Amazon Region per Amazon account.

If you want to create a new workforce in an Amazon Region where a workforce already exists, use the DeleteWorkforce API operation to delete the existing workforce and then use CreateWorkforce to create a new workforce.

To create a private workforce using Amazon Cognito, you must specify a Cognito user pool in CognitoConfig. You can also create an Amazon Cognito workforce using the Amazon SageMaker console. For more information, see Create a Private Workforce (Amazon Cognito).

To create a private workforce using your own OIDC Identity Provider (IdP), specify your IdP configuration in OidcConfig. Your OIDC IdP must support groups because groups are used by Ground Truth and Amazon A2I to create work teams. For more information, see Create a Private Workforce (OIDC IdP).

Request Syntax

{ "CognitoConfig": { "ClientId": "string", "UserPool": "string" }, "OidcConfig": { "AuthenticationRequestExtraParams": { "string" : "string" }, "AuthorizationEndpoint": "string", "ClientId": "string", "ClientSecret": "string", "Issuer": "string", "JwksUri": "string", "LogoutEndpoint": "string", "Scope": "string", "TokenEndpoint": "string", "UserInfoEndpoint": "string" }, "SourceIpConfig": { "Cidrs": [ "string" ] }, "Tags": [ { "Key": "string", "Value": "string" } ], "WorkforceName": "string", "WorkforceVpcConfig": { "SecurityGroupIds": [ "string" ], "Subnets": [ "string" ], "VpcId": "string" } }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

CognitoConfig

Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool.

Do not use OidcConfig if you specify values for CognitoConfig.

Type: CognitoConfig object

Required: No

OidcConfig

Use this parameter to configure a private workforce using your own OIDC Identity Provider.

Do not use CognitoConfig if you specify values for OidcConfig.

Type: OidcConfig object

Required: No

SourceIpConfig

A list of IP address ranges (CIDRs). Used to create an allow list of IP addresses for a private workforce. Workers will only be able to log in to their worker portal from an IP address within this range. By default, a workforce isn't restricted to specific IP addresses.

Type: SourceIpConfig object

Required: No

Tags

An array of key-value pairs that contain metadata to help you categorize and organize our workforce. Each tag consists of a key and a value, both of which you define.

Type: Array of Tag objects

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Required: No

WorkforceName

The name of the private workforce.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 63.

Pattern: ^[a-zA-Z0-9]([a-zA-Z0-9\-]){0,62}$

Required: Yes

WorkforceVpcConfig

Use this parameter to configure a workforce using VPC.

Type: WorkforceVpcConfigRequest object

Required: No

Response Syntax

{ "WorkforceArn": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

WorkforceArn

The Amazon Resource Name (ARN) of the workforce.

Type: String

Length Constraints: Maximum length of 256.

Pattern: arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:workforce/.*

Errors

For information about the errors that are common to all actions, see Common Errors.

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: