You are viewing the documentation for an older major version of the AWS CLI (version 1).

AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.

[ aws . wellarchitected ]



Create a new workload.

The owner of a workload can share the workload with other Amazon Web Services accounts, users, an organization, and organizational units (OUs) in the same Amazon Web Services Region. Only the owner of a workload can delete it.

For more information, see Defining a Workload in the Well-Architected Tool User Guide .


Either AwsRegions , NonAwsRegions , or both must be specified when creating a workload.

You also must specify ReviewOwner , even though the parameter is listed as not being required in the following section.

When creating a workload using a review template, you must have the following IAM permissions:

  • wellarchitected:GetReviewTemplate
  • wellarchitected:GetReviewTemplateAnswer
  • wellarchitected:ListReviewTemplateAnswers
  • wellarchitected:GetReviewTemplateLensReview

See also: AWS API Documentation


--workload-name <value>
--description <value>
--environment <value>
[--account-ids <value>]
[--aws-regions <value>]
[--non-aws-regions <value>]
[--pillar-priorities <value>]
[--architectural-design <value>]
[--review-owner <value>]
[--industry-type <value>]
[--industry <value>]
--lenses <value>
[--notes <value>]
[--client-request-token <value>]
[--tags <value>]
[--discovery-config <value>]
[--applications <value>]
[--profile-arns <value>]
[--review-template-arns <value>]
[--jira-configuration <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
[--endpoint-url <value>]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]


--workload-name (string)

The name of the workload.

The name must be unique within an account within an Amazon Web Services Region. Spaces and capitalization are ignored when checking for uniqueness.

--description (string)

The description for the workload.

--environment (string)

The environment for the workload.

Possible values:


--account-ids (list)

The list of Amazon Web Services account IDs associated with the workload.


An Amazon Web Services account ID.


"string" "string" ...

--aws-regions (list)

The list of Amazon Web Services Regions associated with the workload, for example, us-east-2 , or ca-central-1 .


An Amazon Web Services Region, for example, us-west-2 or ap-northeast-1 .


"string" "string" ...

--non-aws-regions (list)

The list of non-Amazon Web Services Regions associated with the workload.



"string" "string" ...

--pillar-priorities (list)

The priorities of the pillars, which are used to order items in the improvement plan. Each pillar is represented by its PillarReviewSummary$PillarId .


The ID used to identify a pillar, for example, security .

A pillar is identified by its PillarReviewSummary$PillarId .


"string" "string" ...

--architectural-design (string)

The URL of the architectural design for the workload.

--review-owner (string)

The review owner of the workload. The name, email address, or identifier for the primary group or individual that owns the workload review process.

--industry-type (string)

The industry type for the workload.

If specified, must be one of the following:

  • Agriculture
  • Automobile
  • Defense
  • Design and Engineering
  • Digital Advertising
  • Education
  • Environmental Protection
  • Financial Services
  • Gaming
  • General Public Services
  • Healthcare
  • Hospitality
  • InfoTech
  • Justice and Public Safety
  • Life Sciences
  • Manufacturing
  • Media & Entertainment
  • Mining & Resources
  • Oil & Gas
  • Power & Utilities
  • Professional Services
  • Real Estate & Construction
  • Retail & Wholesale
  • Social Protection
  • Telecommunications
  • Travel, Transportation & Logistics
  • Other

--industry (string)

The industry for the workload.

--lenses (list)

The list of lenses associated with the workload. Each lens is identified by its LensSummary$LensAlias .

If a review template that specifies lenses is applied to the workload, those lenses are applied to the workload in addition to these lenses.


The alias of the lens.

For Amazon Web Services official lenses, this is either the lens alias, such as serverless , or the lens ARN, such as arn:aws:wellarchitected:us-east-1::lens/serverless . Note that some operations (such as ExportLens and CreateLensShare) are not permitted on Amazon Web Services official lenses.

For custom lenses, this is the lens ARN, such as arn:aws:wellarchitected:us-west-2:123456789012:lens/0123456789abcdef01234567890abcdef .

Each lens is identified by its LensSummary$LensAlias .


"string" "string" ...

--notes (string)

The notes associated with the workload.

For a review template, these are the notes that will be associated with the workload when the template is applied.

--client-request-token (string)

A unique case-sensitive string used to ensure that this request is idempotent (executes only once).

You should not reuse the same token for other requests. If you retry a request with the same client request token and the same parameters after the original request has completed successfully, the result of the original request is returned.


This token is listed as required, however, if you do not specify it, the Amazon Web Services SDKs automatically generate one for you. If you are not using the Amazon Web Services SDK or the CLI, you must provide this token or the request will fail.

--tags (map)

The tags to be associated with the workload.

key -> (string)

value -> (string)

Shorthand Syntax:


JSON Syntax:

{"string": "string"

--discovery-config (structure)

Well-Architected discovery configuration settings associated to the workload.

TrustedAdvisorIntegrationStatus -> (string)

Discovery integration status in respect to Trusted Advisor for the workload.

WorkloadResourceDefinition -> (list)

The mode to use for identifying resources associated with the workload.

You can specify WORKLOAD_METADATA , APP_REGISTRY , or both.


Shorthand Syntax:


JSON Syntax:

  "TrustedAdvisorIntegrationStatus": "ENABLED"|"DISABLED",
  "WorkloadResourceDefinition": ["WORKLOAD_METADATA"|"APP_REGISTRY", ...]

--applications (list)

List of AppRegistry application ARNs associated to the workload.



"string" "string" ...

--profile-arns (list)

The list of profile ARNs associated with the workload.



"string" "string" ...

--review-template-arns (list)

The list of review template ARNs to associate with the workload.



"string" "string" ...

--jira-configuration (structure)

Jira configuration settings when creating a workload.

IssueManagementStatus -> (string)

Workload-level: Jira issue management status.

IssueManagementType -> (string)

Workload-level: Jira issue management type.

JiraProjectKey -> (string)

Workload-level: Jira project key to sync workloads to.

Shorthand Syntax:


JSON Syntax:

  "IssueManagementStatus": "ENABLED"|"DISABLED"|"INHERIT",
  "IssueManagementType": "AUTO"|"MANUAL",
  "JiraProjectKey": "string"

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

Global Options

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command's default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination.

--output (string)

The formatting style for command output.

  • json
  • text
  • table

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

  • on
  • off
  • auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.


WorkloadId -> (string)

The ID assigned to the workload. This ID is unique within an Amazon Web Services Region.

WorkloadArn -> (string)

The ARN for the workload.