CreateLensShare - AWS Well-Architected Tool


Create a lens share.

The owner of a lens can share it with other AWS accounts, users, an organization, and organizational units (OUs) in the same AWS Region. Lenses provided by AWS (AWS Official Content) cannot be shared.

Shared access to a lens is not removed until the lens invitation is deleted.

If you share a lens with an organization or OU, all accounts in the organization or OU are granted access to the lens.

For more information, see Sharing a custom lens in the AWS Well-Architected Tool User Guide.



By sharing your custom lenses with other AWS accounts, you acknowledge that AWS will make your custom lenses available to those other accounts. Those other accounts may continue to access and use your shared custom lenses even if you delete the custom lenses from your own AWS account or terminate your AWS account.

Request Syntax

POST /lenses/LensAlias/shares HTTP/1.1 Content-type: application/json { "ClientRequestToken": "string", "SharedWith": "string" }

URI Request Parameters

The request uses the following URI parameters.


The alias of the lens.

For AWS official lenses, this is either the lens alias, such as serverless, or the lens ARN, such as arn:aws:wellarchitected:us-east-1::lens/serverless. Note that some operations (such as ExportLens and CreateLensShare) are not permitted on AWS official lenses.

For custom lenses, this is the lens ARN, such as arn:aws:wellarchitected:us-west-2:123456789012:lens/0123456789abcdef01234567890abcdef.

Each lens is identified by its LensSummary:LensAlias.

Length Constraints: Minimum length of 1. Maximum length of 128.

Required: Yes

Request Body

The request accepts the following data in JSON format.


A unique case-sensitive string used to ensure that this request is idempotent (executes only once).

You should not reuse the same token for other requests. If you retry a request with the same client request token and the same parameters after the original request has completed successfully, the result of the original request is returned.


This token is listed as required, however, if you do not specify it, the AWS SDKs automatically generate one for you. If you are not using the AWS SDK or the AWS CLI, you must provide this token or the request will fail.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: Yes


The AWS account ID, organization ID, or organizational unit (OU) ID with which the workload, lens, profile, or review template is shared.

Type: String

Length Constraints: Minimum length of 12. Maximum length of 2048.

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "ShareId": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The ID associated with the share.

Type: String

Pattern: [0-9a-f]{32}


For information about the errors that are common to all actions, see Common Errors.


User does not have sufficient access to perform this action.

HTTP Status Code: 403


The resource has already been processed, was deleted, or is too large.

HTTP Status Code: 409


There is a problem with the AWS Well-Architected Tool API service.

HTTP Status Code: 500


The requested resource was not found.

HTTP Status Code: 404


The user has reached their resource quota.

HTTP Status Code: 402


Request was denied due to request throttling.

HTTP Status Code: 429


The user input is not valid.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: