CreateWorkforce
Use this operation to create a workforce. This operation will return an error if a workforce already exists in the AWS Region that you specify. You can only create one workforce in each AWS Region per AWS account.
If you want to create a new workforce in an AWS Region where
a workforce already exists, use the DeleteWorkforce API
operation to delete the existing workforce and then use CreateWorkforce
to create a new workforce.
To create a private workforce using Amazon Cognito, you must specify a Cognito user pool
in CognitoConfig.
You can also create an Amazon Cognito workforce using the Amazon SageMaker console.
For more information, see
Create a Private Workforce (Amazon Cognito).
To create a private workforce using your own OIDC Identity Provider (IdP), specify your IdP
configuration in OidcConfig. Your OIDC IdP must support groups
because groups are used by Ground Truth and Amazon A2I to create work teams.
For more information, see
Create a Private Workforce (OIDC IdP).
Request Syntax
{
"CognitoConfig": {
"ClientId": "string",
"UserPool": "string"
},
"OidcConfig": {
"AuthenticationRequestExtraParams": {
"string" : "string"
},
"AuthorizationEndpoint": "string",
"ClientId": "string",
"ClientSecret": "string",
"Issuer": "string",
"JwksUri": "string",
"LogoutEndpoint": "string",
"Scope": "string",
"TokenEndpoint": "string",
"UserInfoEndpoint": "string"
},
"SourceIpConfig": {
"Cidrs": [ "string" ]
},
"Tags": [
{
"Key": "string",
"Value": "string"
}
],
"WorkforceName": "string",
"WorkforceVpcConfig": {
"SecurityGroupIds": [ "string" ],
"Subnets": [ "string" ],
"VpcId": "string"
}
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- CognitoConfig
-
Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool.
Do not use
OidcConfigif you specify values forCognitoConfig.Type: CognitoConfig object
Required: No
- OidcConfig
-
Use this parameter to configure a private workforce using your own OIDC Identity Provider.
Do not use
CognitoConfigif you specify values forOidcConfig.Type: OidcConfig object
Required: No
- SourceIpConfig
-
A list of IP address ranges (CIDRs). Used to create an allow list of IP addresses for a private workforce. Workers will only be able to log in to their worker portal from an IP address within this range. By default, a workforce isn't restricted to specific IP addresses.
Type: SourceIpConfig object
Required: No
- Tags
-
An array of key-value pairs that contain metadata to help you categorize and organize our workforce. Each tag consists of a key and a value, both of which you define.
Type: Array of Tag objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Required: No
- WorkforceName
-
The name of the private workforce.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 63.
Pattern:
^[a-zA-Z0-9]([a-zA-Z0-9\-]){0,62}$Required: Yes
- WorkforceVpcConfig
-
Use this parameter to configure a workforce using VPC.
Type: WorkforceVpcConfigRequest object
Required: No
Response Syntax
{
"WorkforceArn": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- WorkforceArn
-
The Amazon Resource Name (ARN) of the workforce.
Type: String
Length Constraints: Maximum length of 256.
Pattern:
arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:workforce/.*
Errors
For information about the errors that are common to all actions, see Common Errors.
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
