Docs Home
AWS v6.74.0 published on Wednesday, Mar 26, 2025 by Pulumi
aws.sagemaker.Workforce
Explore with Pulumi AI
Provides a SageMaker AI Workforce resource.
Example Usage
Cognito Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleUserPool = new aws.cognito.UserPool("example", {name: "example"});
const exampleUserPoolClient = new aws.cognito.UserPoolClient("example", {
name: "example",
generateSecret: true,
userPoolId: exampleUserPool.id,
});
const exampleUserPoolDomain = new aws.cognito.UserPoolDomain("example", {
domain: "example",
userPoolId: exampleUserPool.id,
});
const example = new aws.sagemaker.Workforce("example", {
workforceName: "example",
cognitoConfig: {
clientId: exampleUserPoolClient.id,
userPool: exampleUserPoolDomain.userPoolId,
},
});
import pulumi
import pulumi_aws as aws
example_user_pool = aws.cognito.UserPool("example", name="example")
example_user_pool_client = aws.cognito.UserPoolClient("example",
name="example",
generate_secret=True,
user_pool_id=example_user_pool.id)
example_user_pool_domain = aws.cognito.UserPoolDomain("example",
domain="example",
user_pool_id=example_user_pool.id)
example = aws.sagemaker.Workforce("example",
workforce_name="example",
cognito_config={
"client_id": example_user_pool_client.id,
"user_pool": example_user_pool_domain.user_pool_id,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sagemaker"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleUserPool, err := cognito.NewUserPool(ctx, "example", &cognito.UserPoolArgs{
Name: pulumi.String("example"),
})
if err != nil {
return err
}
exampleUserPoolClient, err := cognito.NewUserPoolClient(ctx, "example", &cognito.UserPoolClientArgs{
Name: pulumi.String("example"),
GenerateSecret: pulumi.Bool(true),
UserPoolId: exampleUserPool.ID(),
})
if err != nil {
return err
}
exampleUserPoolDomain, err := cognito.NewUserPoolDomain(ctx, "example", &cognito.UserPoolDomainArgs{
Domain: pulumi.String("example"),
UserPoolId: exampleUserPool.ID(),
})
if err != nil {
return err
}
_, err = sagemaker.NewWorkforce(ctx, "example", &sagemaker.WorkforceArgs{
WorkforceName: pulumi.String("example"),
CognitoConfig: &sagemaker.WorkforceCognitoConfigArgs{
ClientId: exampleUserPoolClient.ID(),
UserPool: exampleUserPoolDomain.UserPoolId,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleUserPool = new Aws.Cognito.UserPool("example", new()
{
Name = "example",
});
var exampleUserPoolClient = new Aws.Cognito.UserPoolClient("example", new()
{
Name = "example",
GenerateSecret = true,
UserPoolId = exampleUserPool.Id,
});
var exampleUserPoolDomain = new Aws.Cognito.UserPoolDomain("example", new()
{
Domain = "example",
UserPoolId = exampleUserPool.Id,
});
var example = new Aws.Sagemaker.Workforce("example", new()
{
WorkforceName = "example",
CognitoConfig = new Aws.Sagemaker.Inputs.WorkforceCognitoConfigArgs
{
ClientId = exampleUserPoolClient.Id,
UserPool = exampleUserPoolDomain.UserPoolId,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import com.pulumi.aws.cognito.UserPoolDomain;
import com.pulumi.aws.cognito.UserPoolDomainArgs;
import com.pulumi.aws.sagemaker.Workforce;
import com.pulumi.aws.sagemaker.WorkforceArgs;
import com.pulumi.aws.sagemaker.inputs.WorkforceCognitoConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleUserPool = new UserPool("exampleUserPool", UserPoolArgs.builder()
.name("example")
.build());
var exampleUserPoolClient = new UserPoolClient("exampleUserPoolClient", UserPoolClientArgs.builder()
.name("example")
.generateSecret(true)
.userPoolId(exampleUserPool.id())
.build());
var exampleUserPoolDomain = new UserPoolDomain("exampleUserPoolDomain", UserPoolDomainArgs.builder()
.domain("example")
.userPoolId(exampleUserPool.id())
.build());
var example = new Workforce("example", WorkforceArgs.builder()
.workforceName("example")
.cognitoConfig(WorkforceCognitoConfigArgs.builder()
.clientId(exampleUserPoolClient.id())
.userPool(exampleUserPoolDomain.userPoolId())
.build())
.build());
}
}
resources:
example:
type: aws:sagemaker:Workforce
properties:
workforceName: example
cognitoConfig:
clientId: ${exampleUserPoolClient.id}
userPool: ${exampleUserPoolDomain.userPoolId}
exampleUserPool:
type: aws:cognito:UserPool
name: example
properties:
name: example
exampleUserPoolClient:
type: aws:cognito:UserPoolClient
name: example
properties:
name: example
generateSecret: true
userPoolId: ${exampleUserPool.id}
exampleUserPoolDomain:
type: aws:cognito:UserPoolDomain
name: example
properties:
domain: example
userPoolId: ${exampleUserPool.id}
Oidc Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.sagemaker.Workforce("example", {
workforceName: "example",
oidcConfig: {
authorizationEndpoint: "https://example.com",
clientId: "example",
clientSecret: "example",
issuer: "https://example.com",
jwksUri: "https://example.com",
logoutEndpoint: "https://example.com",
tokenEndpoint: "https://example.com",
userInfoEndpoint: "https://example.com",
},
});
import pulumi
import pulumi_aws as aws
example = aws.sagemaker.Workforce("example",
workforce_name="example",
oidc_config={
"authorization_endpoint": "https://example.com",
"client_id": "example",
"client_secret": "example",
"issuer": "https://example.com",
"jwks_uri": "https://example.com",
"logout_endpoint": "https://example.com",
"token_endpoint": "https://example.com",
"user_info_endpoint": "https://example.com",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sagemaker"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sagemaker.NewWorkforce(ctx, "example", &sagemaker.WorkforceArgs{
WorkforceName: pulumi.String("example"),
OidcConfig: &sagemaker.WorkforceOidcConfigArgs{
AuthorizationEndpoint: pulumi.String("https://example.com"),
ClientId: pulumi.String("example"),
ClientSecret: pulumi.String("example"),
Issuer: pulumi.String("https://example.com"),
JwksUri: pulumi.String("https://example.com"),
LogoutEndpoint: pulumi.String("https://example.com"),
TokenEndpoint: pulumi.String("https://example.com"),
UserInfoEndpoint: pulumi.String("https://example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Sagemaker.Workforce("example", new()
{
WorkforceName = "example",
OidcConfig = new Aws.Sagemaker.Inputs.WorkforceOidcConfigArgs
{
AuthorizationEndpoint = "https://example.com",
ClientId = "example",
ClientSecret = "example",
Issuer = "https://example.com",
JwksUri = "https://example.com",
LogoutEndpoint = "https://example.com",
TokenEndpoint = "https://example.com",
UserInfoEndpoint = "https://example.com",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.sagemaker.Workforce;
import com.pulumi.aws.sagemaker.WorkforceArgs;
import com.pulumi.aws.sagemaker.inputs.WorkforceOidcConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Workforce("example", WorkforceArgs.builder()
.workforceName("example")
.oidcConfig(WorkforceOidcConfigArgs.builder()
.authorizationEndpoint("https://example.com")
.clientId("example")
.clientSecret("example")
.issuer("https://example.com")
.jwksUri("https://example.com")
.logoutEndpoint("https://example.com")
.tokenEndpoint("https://example.com")
.userInfoEndpoint("https://example.com")
.build())
.build());
}
}
resources:
example:
type: aws:sagemaker:Workforce
properties:
workforceName: example
oidcConfig:
authorizationEndpoint: https://example.com
clientId: example
clientSecret: example
issuer: https://example.com
jwksUri: https://example.com
logoutEndpoint: https://example.com
tokenEndpoint: https://example.com
userInfoEndpoint: https://example.com
Create Workforce Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Workforce(name: string, args: WorkforceArgs, opts?: CustomResourceOptions);@overload
def Workforce(resource_name: str,
args: WorkforceArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Workforce(resource_name: str,
opts: Optional[ResourceOptions] = None,
workforce_name: Optional[str] = None,
cognito_config: Optional[WorkforceCognitoConfigArgs] = None,
oidc_config: Optional[WorkforceOidcConfigArgs] = None,
source_ip_config: Optional[WorkforceSourceIpConfigArgs] = None,
workforce_vpc_config: Optional[WorkforceWorkforceVpcConfigArgs] = None)func NewWorkforce(ctx *Context, name string, args WorkforceArgs, opts ...ResourceOption) (*Workforce, error)public Workforce(string name, WorkforceArgs args, CustomResourceOptions? opts = null)
public Workforce(String name, WorkforceArgs args)
public Workforce(String name, WorkforceArgs args, CustomResourceOptions options)
type: aws:sagemaker:Workforce
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WorkforceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WorkforceArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WorkforceArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WorkforceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WorkforceArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var workforceResource = new Aws.Sagemaker.Workforce("workforceResource", new()
{
WorkforceName = "string",
CognitoConfig = new Aws.Sagemaker.Inputs.WorkforceCognitoConfigArgs
{
ClientId = "string",
UserPool = "string",
},
OidcConfig = new Aws.Sagemaker.Inputs.WorkforceOidcConfigArgs
{
AuthorizationEndpoint = "string",
ClientId = "string",
ClientSecret = "string",
Issuer = "string",
JwksUri = "string",
LogoutEndpoint = "string",
TokenEndpoint = "string",
UserInfoEndpoint = "string",
AuthenticationRequestExtraParams =
{
{ "string", "string" },
},
Scope = "string",
},
SourceIpConfig = new Aws.Sagemaker.Inputs.WorkforceSourceIpConfigArgs
{
Cidrs = new[]
{
"string",
},
},
WorkforceVpcConfig = new Aws.Sagemaker.Inputs.WorkforceWorkforceVpcConfigArgs
{
SecurityGroupIds = new[]
{
"string",
},
Subnets = new[]
{
"string",
},
VpcEndpointId = "string",
VpcId = "string",
},
});
example, err := sagemaker.NewWorkforce(ctx, "workforceResource", &sagemaker.WorkforceArgs{
WorkforceName: pulumi.String("string"),
CognitoConfig: &sagemaker.WorkforceCognitoConfigArgs{
ClientId: pulumi.String("string"),
UserPool: pulumi.String("string"),
},
OidcConfig: &sagemaker.WorkforceOidcConfigArgs{
AuthorizationEndpoint: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
Issuer: pulumi.String("string"),
JwksUri: pulumi.String("string"),
LogoutEndpoint: pulumi.String("string"),
TokenEndpoint: pulumi.String("string"),
UserInfoEndpoint: pulumi.String("string"),
AuthenticationRequestExtraParams: pulumi.StringMap{
"string": pulumi.String("string"),
},
Scope: pulumi.String("string"),
},
SourceIpConfig: &sagemaker.WorkforceSourceIpConfigArgs{
Cidrs: pulumi.StringArray{
pulumi.String("string"),
},
},
WorkforceVpcConfig: &sagemaker.WorkforceWorkforceVpcConfigArgs{
SecurityGroupIds: pulumi.StringArray{
pulumi.String("string"),
},
Subnets: pulumi.StringArray{
pulumi.String("string"),
},
VpcEndpointId: pulumi.String("string"),
VpcId: pulumi.String("string"),
},
})
var workforceResource = new Workforce("workforceResource", WorkforceArgs.builder()
.workforceName("string")
.cognitoConfig(WorkforceCognitoConfigArgs.builder()
.clientId("string")
.userPool("string")
.build())
.oidcConfig(WorkforceOidcConfigArgs.builder()
.authorizationEndpoint("string")
.clientId("string")
.clientSecret("string")
.issuer("string")
.jwksUri("string")
.logoutEndpoint("string")
.tokenEndpoint("string")
.userInfoEndpoint("string")
.authenticationRequestExtraParams(Map.of("string", "string"))
.scope("string")
.build())
.sourceIpConfig(WorkforceSourceIpConfigArgs.builder()
.cidrs("string")
.build())
.workforceVpcConfig(WorkforceWorkforceVpcConfigArgs.builder()
.securityGroupIds("string")
.subnets("string")
.vpcEndpointId("string")
.vpcId("string")
.build())
.build());
workforce_resource = aws.sagemaker.Workforce("workforceResource",
workforce_name="string",
cognito_config={
"client_id": "string",
"user_pool": "string",
},
oidc_config={
"authorization_endpoint": "string",
"client_id": "string",
"client_secret": "string",
"issuer": "string",
"jwks_uri": "string",
"logout_endpoint": "string",
"token_endpoint": "string",
"user_info_endpoint": "string",
"authentication_request_extra_params": {
"string": "string",
},
"scope": "string",
},
source_ip_config={
"cidrs": ["string"],
},
workforce_vpc_config={
"security_group_ids": ["string"],
"subnets": ["string"],
"vpc_endpoint_id": "string",
"vpc_id": "string",
})
const workforceResource = new aws.sagemaker.Workforce("workforceResource", {
workforceName: "string",
cognitoConfig: {
clientId: "string",
userPool: "string",
},
oidcConfig: {
authorizationEndpoint: "string",
clientId: "string",
clientSecret: "string",
issuer: "string",
jwksUri: "string",
logoutEndpoint: "string",
tokenEndpoint: "string",
userInfoEndpoint: "string",
authenticationRequestExtraParams: {
string: "string",
},
scope: "string",
},
sourceIpConfig: {
cidrs: ["string"],
},
workforceVpcConfig: {
securityGroupIds: ["string"],
subnets: ["string"],
vpcEndpointId: "string",
vpcId: "string",
},
});
type: aws:sagemaker:Workforce
properties:
cognitoConfig:
clientId: string
userPool: string
oidcConfig:
authenticationRequestExtraParams:
string: string
authorizationEndpoint: string
clientId: string
clientSecret: string
issuer: string
jwksUri: string
logoutEndpoint: string
scope: string
tokenEndpoint: string
userInfoEndpoint: string
sourceIpConfig:
cidrs:
- string
workforceName: string
workforceVpcConfig:
securityGroupIds:
- string
subnets:
- string
vpcEndpointId: string
vpcId: string
Workforce Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Workforce resource accepts the following input properties:
- Workforce
Name string - The name of the Workforce (must be unique).
- Cognito
Config WorkforceCognito Config - Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with
oidc_config. see Cognito Config details below. - Oidc
Config WorkforceOidc Config - Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with
cognito_config. see OIDC Config details below. - Source
Ip WorkforceConfig Source Ip Config - A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.
- Workforce
Vpc WorkforceConfig Workforce Vpc Config - configure a workforce using VPC. see Workforce VPC Config details below.
- Workforce
Name string - The name of the Workforce (must be unique).
- Cognito
Config WorkforceCognito Config Args - Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with
oidc_config. see Cognito Config details below. - Oidc
Config WorkforceOidc Config Args - Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with
cognito_config. see OIDC Config details below. - Source
Ip WorkforceConfig Source Ip Config Args - A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.
- Workforce
Vpc WorkforceConfig Workforce Vpc Config Args - configure a workforce using VPC. see Workforce VPC Config details below.
- workforce
Name String - The name of the Workforce (must be unique).
- cognito
Config WorkforceCognito Config - Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with
oidc_config. see Cognito Config details below. - oidc
Config WorkforceOidc Config - Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with
cognito_config. see OIDC Config details below. - source
Ip WorkforceConfig Source Ip Config - A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.
- workforce
Vpc WorkforceConfig Workforce Vpc Config - configure a workforce using VPC. see Workforce VPC Config details below.
- workforce
Name string - The name of the Workforce (must be unique).
- cognito
Config WorkforceCognito Config - Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with
oidc_config. see Cognito Config details below. - oidc
Config WorkforceOidc Config - Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with
cognito_config. see OIDC Config details below. - source
Ip WorkforceConfig Source Ip Config - A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.
- workforce
Vpc WorkforceConfig Workforce Vpc Config - configure a workforce using VPC. see Workforce VPC Config details below.
- workforce_
name str - The name of the Workforce (must be unique).
- cognito_
config WorkforceCognito Config Args - Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with
oidc_config. see Cognito Config details below. - oidc_
config WorkforceOidc Config Args - Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with
cognito_config. see OIDC Config details below. - source_
ip_ Workforceconfig Source Ip Config Args - A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.
- workforce_
vpc_ Workforceconfig Workforce Vpc Config Args - configure a workforce using VPC. see Workforce VPC Config details below.
- workforce
Name String - The name of the Workforce (must be unique).
- cognito
Config Property Map - Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with
oidc_config. see Cognito Config details below. - oidc
Config Property Map - Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with
cognito_config. see OIDC Config details below. - source
Ip Property MapConfig - A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.
- workforce
Vpc Property MapConfig - configure a workforce using VPC. see Workforce VPC Config details below.
Outputs
All input properties are implicitly available as output properties. Additionally, the Workforce resource produces the following output properties:
Look up Existing Workforce Resource
Get an existing Workforce resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WorkforceState, opts?: CustomResourceOptions): Workforce@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
cognito_config: Optional[WorkforceCognitoConfigArgs] = None,
oidc_config: Optional[WorkforceOidcConfigArgs] = None,
source_ip_config: Optional[WorkforceSourceIpConfigArgs] = None,
subdomain: Optional[str] = None,
workforce_name: Optional[str] = None,
workforce_vpc_config: Optional[WorkforceWorkforceVpcConfigArgs] = None) -> Workforcefunc GetWorkforce(ctx *Context, name string, id IDInput, state *WorkforceState, opts ...ResourceOption) (*Workforce, error)public static Workforce Get(string name, Input<string> id, WorkforceState? state, CustomResourceOptions? opts = null)public static Workforce get(String name, Output<String> id, WorkforceState state, CustomResourceOptions options)resources: _: type: aws:sagemaker:Workforce get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- The Amazon Resource Name (ARN) assigned by AWS to this Workforce.
- Cognito
Config WorkforceCognito Config - Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with
oidc_config. see Cognito Config details below. - Oidc
Config WorkforceOidc Config - Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with
cognito_config. see OIDC Config details below. - Source
Ip WorkforceConfig Source Ip Config - A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.
- Subdomain string
- The subdomain for your OIDC Identity Provider.
- Workforce
Name string - The name of the Workforce (must be unique).
- Workforce
Vpc WorkforceConfig Workforce Vpc Config - configure a workforce using VPC. see Workforce VPC Config details below.
- Arn string
- The Amazon Resource Name (ARN) assigned by AWS to this Workforce.
- Cognito
Config WorkforceCognito Config Args - Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with
oidc_config. see Cognito Config details below. - Oidc
Config WorkforceOidc Config Args - Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with
cognito_config. see OIDC Config details below. - Source
Ip WorkforceConfig Source Ip Config Args - A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.
- Subdomain string
- The subdomain for your OIDC Identity Provider.
- Workforce
Name string - The name of the Workforce (must be unique).
- Workforce
Vpc WorkforceConfig Workforce Vpc Config Args - configure a workforce using VPC. see Workforce VPC Config details below.
- arn String
- The Amazon Resource Name (ARN) assigned by AWS to this Workforce.
- cognito
Config WorkforceCognito Config - Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with
oidc_config. see Cognito Config details below. - oidc
Config WorkforceOidc Config - Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with
cognito_config. see OIDC Config details below. - source
Ip WorkforceConfig Source Ip Config - A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.
- subdomain String
- The subdomain for your OIDC Identity Provider.
- workforce
Name String - The name of the Workforce (must be unique).
- workforce
Vpc WorkforceConfig Workforce Vpc Config - configure a workforce using VPC. see Workforce VPC Config details below.
- arn string
- The Amazon Resource Name (ARN) assigned by AWS to this Workforce.
- cognito
Config WorkforceCognito Config - Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with
oidc_config. see Cognito Config details below. - oidc
Config WorkforceOidc Config - Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with
cognito_config. see OIDC Config details below. - source
Ip WorkforceConfig Source Ip Config - A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.
- subdomain string
- The subdomain for your OIDC Identity Provider.
- workforce
Name string - The name of the Workforce (must be unique).
- workforce
Vpc WorkforceConfig Workforce Vpc Config - configure a workforce using VPC. see Workforce VPC Config details below.
- arn str
- The Amazon Resource Name (ARN) assigned by AWS to this Workforce.
- cognito_
config WorkforceCognito Config Args - Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with
oidc_config. see Cognito Config details below. - oidc_
config WorkforceOidc Config Args - Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with
cognito_config. see OIDC Config details below. - source_
ip_ Workforceconfig Source Ip Config Args - A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.
- subdomain str
- The subdomain for your OIDC Identity Provider.
- workforce_
name str - The name of the Workforce (must be unique).
- workforce_
vpc_ Workforceconfig Workforce Vpc Config Args - configure a workforce using VPC. see Workforce VPC Config details below.
- arn String
- The Amazon Resource Name (ARN) assigned by AWS to this Workforce.
- cognito
Config Property Map - Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with
oidc_config. see Cognito Config details below. - oidc
Config Property Map - Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with
cognito_config. see OIDC Config details below. - source
Ip Property MapConfig - A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.
- subdomain String
- The subdomain for your OIDC Identity Provider.
- workforce
Name String - The name of the Workforce (must be unique).
- workforce
Vpc Property MapConfig - configure a workforce using VPC. see Workforce VPC Config details below.
Supporting Types
WorkforceCognitoConfig, WorkforceCognitoConfigArgs
WorkforceOidcConfig, WorkforceOidcConfigArgs
- string
- The OIDC IdP authorization endpoint used to configure your private workforce.
- Client
Id string - The OIDC IdP client ID used to configure your private workforce.
- Client
Secret string - The OIDC IdP client secret used to configure your private workforce.
- Issuer string
- The OIDC IdP issuer used to configure your private workforce.
- Jwks
Uri string - The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.
- Logout
Endpoint string - The OIDC IdP logout endpoint used to configure your private workforce.
- Token
Endpoint string - The OIDC IdP token endpoint used to configure your private workforce.
- User
Info stringEndpoint - The OIDC IdP user information endpoint used to configure your private workforce.
- Authentication
Request Dictionary<string, string>Extra Params - A string to string map of identifiers specific to the custom identity provider (IdP) being used.
- Scope string
- An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.
- string
- The OIDC IdP authorization endpoint used to configure your private workforce.
- Client
Id string - The OIDC IdP client ID used to configure your private workforce.
- Client
Secret string - The OIDC IdP client secret used to configure your private workforce.
- Issuer string
- The OIDC IdP issuer used to configure your private workforce.
- Jwks
Uri string - The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.
- Logout
Endpoint string - The OIDC IdP logout endpoint used to configure your private workforce.
- Token
Endpoint string - The OIDC IdP token endpoint used to configure your private workforce.
- User
Info stringEndpoint - The OIDC IdP user information endpoint used to configure your private workforce.
- Authentication
Request map[string]stringExtra Params - A string to string map of identifiers specific to the custom identity provider (IdP) being used.
- Scope string
- An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.
- String
- The OIDC IdP authorization endpoint used to configure your private workforce.
- client
Id String - The OIDC IdP client ID used to configure your private workforce.
- client
Secret String - The OIDC IdP client secret used to configure your private workforce.
- issuer String
- The OIDC IdP issuer used to configure your private workforce.
- jwks
Uri String - The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.
- logout
Endpoint String - The OIDC IdP logout endpoint used to configure your private workforce.
- token
Endpoint String - The OIDC IdP token endpoint used to configure your private workforce.
- user
Info StringEndpoint - The OIDC IdP user information endpoint used to configure your private workforce.
- authentication
Request Map<String,String>Extra Params - A string to string map of identifiers specific to the custom identity provider (IdP) being used.
- scope String
- An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.
- string
- The OIDC IdP authorization endpoint used to configure your private workforce.
- client
Id string - The OIDC IdP client ID used to configure your private workforce.
- client
Secret string - The OIDC IdP client secret used to configure your private workforce.
- issuer string
- The OIDC IdP issuer used to configure your private workforce.
- jwks
Uri string - The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.
- logout
Endpoint string - The OIDC IdP logout endpoint used to configure your private workforce.
- token
Endpoint string - The OIDC IdP token endpoint used to configure your private workforce.
- user
Info stringEndpoint - The OIDC IdP user information endpoint used to configure your private workforce.
- authentication
Request {[key: string]: string}Extra Params - A string to string map of identifiers specific to the custom identity provider (IdP) being used.
- scope string
- An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.
- str
- The OIDC IdP authorization endpoint used to configure your private workforce.
- client_
id str - The OIDC IdP client ID used to configure your private workforce.
- client_
secret str - The OIDC IdP client secret used to configure your private workforce.
- issuer str
- The OIDC IdP issuer used to configure your private workforce.
- jwks_
uri str - The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.
- logout_
endpoint str - The OIDC IdP logout endpoint used to configure your private workforce.
- token_
endpoint str - The OIDC IdP token endpoint used to configure your private workforce.
- user_
info_ strendpoint - The OIDC IdP user information endpoint used to configure your private workforce.
- authentication_
request_ Mapping[str, str]extra_ params - A string to string map of identifiers specific to the custom identity provider (IdP) being used.
- scope str
- An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.
- String
- The OIDC IdP authorization endpoint used to configure your private workforce.
- client
Id String - The OIDC IdP client ID used to configure your private workforce.
- client
Secret String - The OIDC IdP client secret used to configure your private workforce.
- issuer String
- The OIDC IdP issuer used to configure your private workforce.
- jwks
Uri String - The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.
- logout
Endpoint String - The OIDC IdP logout endpoint used to configure your private workforce.
- token
Endpoint String - The OIDC IdP token endpoint used to configure your private workforce.
- user
Info StringEndpoint - The OIDC IdP user information endpoint used to configure your private workforce.
- authentication
Request Map<String>Extra Params - A string to string map of identifiers specific to the custom identity provider (IdP) being used.
- scope String
- An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.
WorkforceSourceIpConfig, WorkforceSourceIpConfigArgs
- Cidrs List<string>
- A list of up to 10 CIDR values.
- Cidrs []string
- A list of up to 10 CIDR values.
- cidrs List<String>
- A list of up to 10 CIDR values.
- cidrs string[]
- A list of up to 10 CIDR values.
- cidrs Sequence[str]
- A list of up to 10 CIDR values.
- cidrs List<String>
- A list of up to 10 CIDR values.
WorkforceWorkforceVpcConfig, WorkforceWorkforceVpcConfigArgs
- Security
Group List<string>Ids - The VPC security group IDs. The security groups must be for the same VPC as specified in the subnet.
- Subnets List<string>
- The ID of the subnets in the VPC that you want to connect.
- Vpc
Endpoint stringId - The IDs for the VPC service endpoints of your VPC workforce.
- Vpc
Id string - The ID of the VPC that the workforce uses for communication.
- Security
Group []stringIds - The VPC security group IDs. The security groups must be for the same VPC as specified in the subnet.
- Subnets []string
- The ID of the subnets in the VPC that you want to connect.
- Vpc
Endpoint stringId - The IDs for the VPC service endpoints of your VPC workforce.
- Vpc
Id string - The ID of the VPC that the workforce uses for communication.
- security
Group List<String>Ids - The VPC security group IDs. The security groups must be for the same VPC as specified in the subnet.
- subnets List<String>
- The ID of the subnets in the VPC that you want to connect.
- vpc
Endpoint StringId - The IDs for the VPC service endpoints of your VPC workforce.
- vpc
Id String - The ID of the VPC that the workforce uses for communication.
- security
Group string[]Ids - The VPC security group IDs. The security groups must be for the same VPC as specified in the subnet.
- subnets string[]
- The ID of the subnets in the VPC that you want to connect.
- vpc
Endpoint stringId - The IDs for the VPC service endpoints of your VPC workforce.
- vpc
Id string - The ID of the VPC that the workforce uses for communication.
- security_
group_ Sequence[str]ids - The VPC security group IDs. The security groups must be for the same VPC as specified in the subnet.
- subnets Sequence[str]
- The ID of the subnets in the VPC that you want to connect.
- vpc_
endpoint_ strid - The IDs for the VPC service endpoints of your VPC workforce.
- vpc_
id str - The ID of the VPC that the workforce uses for communication.
- security
Group List<String>Ids - The VPC security group IDs. The security groups must be for the same VPC as specified in the subnet.
- subnets List<String>
- The ID of the subnets in the VPC that you want to connect.
- vpc
Endpoint StringId - The IDs for the VPC service endpoints of your VPC workforce.
- vpc
Id String - The ID of the VPC that the workforce uses for communication.
Import
Using pulumi import, import SageMaker AI Workforces using the workforce_name. For example:
$ pulumi import aws:sagemaker/workforce:Workforce example example
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.