CreateWorkforce
Use this operation to create a workforce. This operation will return an error if a workforce already exists in the Amazon Region that you specify. You can only create one workforce in each Amazon Region per Amazon account.
If you want to create a new workforce in an Amazon Region where
a workforce already exists, use the DeleteWorkforce API
operation to delete the existing workforce and then use CreateWorkforce
to create a new workforce.
To create a private workforce using Amazon Cognito, you must specify a Cognito user pool
in CognitoConfig
.
You can also create an Amazon Cognito workforce using the Amazon SageMaker console.
For more information, see
Create a Private Workforce (Amazon Cognito).
To create a private workforce using your own OIDC Identity Provider (IdP), specify your IdP
configuration in OidcConfig
. Your OIDC IdP must support groups
because groups are used by Ground Truth and Amazon A2I to create work teams.
For more information, see
Create a Private Workforce (OIDC IdP).
Request Syntax
{
"CognitoConfig": {
"ClientId": "string
",
"UserPool": "string
"
},
"OidcConfig": {
"AuthenticationRequestExtraParams": {
"string
" : "string
"
},
"AuthorizationEndpoint": "string
",
"ClientId": "string
",
"ClientSecret": "string
",
"Issuer": "string
",
"JwksUri": "string
",
"LogoutEndpoint": "string
",
"Scope": "string
",
"TokenEndpoint": "string
",
"UserInfoEndpoint": "string
"
},
"SourceIpConfig": {
"Cidrs": [ "string
" ]
},
"Tags": [
{
"Key": "string
",
"Value": "string
"
}
],
"WorkforceName": "string
",
"WorkforceVpcConfig": {
"SecurityGroupIds": [ "string
" ],
"Subnets": [ "string
" ],
"VpcId": "string
"
}
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- CognitoConfig
-
Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool
. Do not use
OidcConfig
if you specify values forCognitoConfig
.Type: CognitoConfig object
Required: No
- OidcConfig
-
Use this parameter to configure a private workforce using your own OIDC Identity Provider.
Do not use
CognitoConfig
if you specify values forOidcConfig
.Type: OidcConfig object
Required: No
- SourceIpConfig
-
A list of IP address ranges (CIDRs). Used to create an allow list of IP addresses for a private workforce. Workers will only be able to log in to their worker portal from an IP address within this range. By default, a workforce isn't restricted to specific IP addresses.
Type: SourceIpConfig object
Required: No
- Tags
-
An array of key-value pairs that contain metadata to help you categorize and organize our workforce. Each tag consists of a key and a value, both of which you define.
Type: Array of Tag objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Required: No
- WorkforceName
-
The name of the private workforce.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 63.
Pattern:
^[a-zA-Z0-9]([a-zA-Z0-9\-]){0,62}$
Required: Yes
- WorkforceVpcConfig
-
Use this parameter to configure a workforce using VPC.
Type: WorkforceVpcConfigRequest object
Required: No
Response Syntax
{
"WorkforceArn": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- WorkforceArn
-
The Amazon Resource Name (ARN) of the workforce.
Type: String
Length Constraints: Maximum length of 256.
Pattern:
arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:workforce/.*
Errors
For information about the errors that are common to all actions, see Common Errors.
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: