Amazon SageMaker Service

2024/06/11 - Amazon SageMaker Service - 5 updated api methods

Changes  Introduced Scope and AuthenticationRequestExtraParams to SageMaker Workforce OIDC configuration; this allows customers to modify these options for their private Workforce IdP integration. Model Registry Cross-account model package groups are discoverable.

CreateWorkforce (updated) Link ¶
Changes (request)
{'OidcConfig': {'AuthenticationRequestExtraParams': {'string': 'string'},
                'Scope': 'string'}}

Use this operation to create a workforce. This operation will return an error if a workforce already exists in the Amazon Web Services Region that you specify. You can only create one workforce in each Amazon Web Services Region per Amazon Web Services account.

If you want to create a new workforce in an Amazon Web Services Region where a workforce already exists, use the DeleteWorkforce API operation to delete the existing workforce and then use CreateWorkforce to create a new workforce.

To create a private workforce using Amazon Cognito, you must specify a Cognito user pool in CognitoConfig. You can also create an Amazon Cognito workforce using the Amazon SageMaker console. For more information, see Create a Private Workforce (Amazon Cognito).

To create a private workforce using your own OIDC Identity Provider (IdP), specify your IdP configuration in OidcConfig. Your OIDC IdP must support groups because groups are used by Ground Truth and Amazon A2I to create work teams. For more information, see Create a Private Workforce (OIDC IdP).

See also: AWS API Documentation

Request Syntax

client.create_workforce(
    CognitoConfig={
        'UserPool': 'string',
        'ClientId': 'string'
    },
    OidcConfig={
        'ClientId': 'string',
        'ClientSecret': 'string',
        'Issuer': 'string',
        'AuthorizationEndpoint': 'string',
        'TokenEndpoint': 'string',
        'UserInfoEndpoint': 'string',
        'LogoutEndpoint': 'string',
        'JwksUri': 'string',
        'Scope': 'string',
        'AuthenticationRequestExtraParams': {
            'string': 'string'
        }
    },
    SourceIpConfig={
        'Cidrs': [
            'string',
        ]
    },
    WorkforceName='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    WorkforceVpcConfig={
        'VpcId': 'string',
        'SecurityGroupIds': [
            'string',
        ],
        'Subnets': [
            'string',
        ]
    }
)
type CognitoConfig:

dict

param CognitoConfig:

Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool.

Do not use OidcConfig if you specify values for CognitoConfig.

  • UserPool (string) -- [REQUIRED]

    A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. Your users can also sign in through social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers.

  • ClientId (string) -- [REQUIRED]

    The client ID for your Amazon Cognito user pool.

type OidcConfig:

dict

param OidcConfig:

Use this parameter to configure a private workforce using your own OIDC Identity Provider.

Do not use CognitoConfig if you specify values for OidcConfig.

  • ClientId (string) -- [REQUIRED]

    The OIDC IdP client ID used to configure your private workforce.

  • ClientSecret (string) -- [REQUIRED]

    The OIDC IdP client secret used to configure your private workforce.

  • Issuer (string) -- [REQUIRED]

    The OIDC IdP issuer used to configure your private workforce.

  • AuthorizationEndpoint (string) -- [REQUIRED]

    The OIDC IdP authorization endpoint used to configure your private workforce.

  • TokenEndpoint (string) -- [REQUIRED]

    The OIDC IdP token endpoint used to configure your private workforce.

  • UserInfoEndpoint (string) -- [REQUIRED]

    The OIDC IdP user information endpoint used to configure your private workforce.

  • LogoutEndpoint (string) -- [REQUIRED]

    The OIDC IdP logout endpoint used to configure your private workforce.

  • JwksUri (string) -- [REQUIRED]

    The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.

  • Scope (string) --

    An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.

  • AuthenticationRequestExtraParams (dict) --

    A string to string map of identifiers specific to the custom identity provider (IdP) being used.

    • (string) --

      • (string) --

type SourceIpConfig:

dict

param SourceIpConfig:

A list of IP address ranges ( CIDRs). Used to create an allow list of IP addresses for a private workforce. Workers will only be able to login to their worker portal from an IP address within this range. By default, a workforce isn't restricted to specific IP addresses.

  • Cidrs (list) -- [REQUIRED]

    A list of one to ten Classless Inter-Domain Routing (CIDR) values.

    Maximum: Ten CIDR values

    • (string) --

type WorkforceName:

string

param WorkforceName:

[REQUIRED]

The name of the private workforce.

type Tags:

list

param Tags:

An array of key-value pairs that contain metadata to help you categorize and organize our workforce. Each tag consists of a key and a value, both of which you define.

  • (dict) --

    A tag object that consists of a key and an optional value, used to manage metadata for SageMaker Amazon Web Services resources.

    You can add tags to notebook instances, training jobs, hyperparameter tuning jobs, batch transform jobs, models, labeling jobs, work teams, endpoint configurations, and endpoints. For more information on adding tags to SageMaker resources, see AddTags.

    For more information on adding metadata to your Amazon Web Services resources with tagging, see Tagging Amazon Web Services resources. For advice on best practices for managing Amazon Web Services resources with tagging, see Tagging Best Practices: Implement an Effective Amazon Web Services Resource Tagging Strategy.

    • Key (string) -- [REQUIRED]

      The tag key. Tag keys must be unique per resource.

    • Value (string) -- [REQUIRED]

      The tag value.

type WorkforceVpcConfig:

dict

param WorkforceVpcConfig:

Use this parameter to configure a workforce using VPC.

  • VpcId (string) --

    The ID of the VPC that the workforce uses for communication.

  • SecurityGroupIds (list) --

    The VPC security group IDs, in the form sg-xxxxxxxx. The security groups must be for the same VPC as specified in the subnet.

    • (string) --

  • Subnets (list) --

    The ID of the subnets in the VPC that you want to connect.

    • (string) --

rtype:

dict

returns:

Response Syntax

{
    'WorkforceArn': 'string'
}

Response Structure

  • (dict) --

    • WorkforceArn (string) --

      The Amazon Resource Name (ARN) of the workforce.

DescribeWorkforce (updated) Link ¶
Changes (response)
{'Workforce': {'OidcConfig': {'AuthenticationRequestExtraParams': {'string': 'string'},
                              'Scope': 'string'}}}

Lists private workforce information, including workforce name, Amazon Resource Name (ARN), and, if applicable, allowed IP address ranges ( CIDRs). Allowable IP address ranges are the IP addresses that workers can use to access tasks.

See also: AWS API Documentation

Request Syntax

client.describe_workforce(
    WorkforceName='string'
)
type WorkforceName:

string

param WorkforceName:

[REQUIRED]

The name of the private workforce whose access you want to restrict. WorkforceName is automatically set to default when a workforce is created and cannot be modified.

rtype:

dict

returns:

Response Syntax

{
    'Workforce': {
        'WorkforceName': 'string',
        'WorkforceArn': 'string',
        'LastUpdatedDate': datetime(2015, 1, 1),
        'SourceIpConfig': {
            'Cidrs': [
                'string',
            ]
        },
        'SubDomain': 'string',
        'CognitoConfig': {
            'UserPool': 'string',
            'ClientId': 'string'
        },
        'OidcConfig': {
            'ClientId': 'string',
            'Issuer': 'string',
            'AuthorizationEndpoint': 'string',
            'TokenEndpoint': 'string',
            'UserInfoEndpoint': 'string',
            'LogoutEndpoint': 'string',
            'JwksUri': 'string',
            'Scope': 'string',
            'AuthenticationRequestExtraParams': {
                'string': 'string'
            }
        },
        'CreateDate': datetime(2015, 1, 1),
        'WorkforceVpcConfig': {
            'VpcId': 'string',
            'SecurityGroupIds': [
                'string',
            ],
            'Subnets': [
                'string',
            ],
            'VpcEndpointId': 'string'
        },
        'Status': 'Initializing'|'Updating'|'Deleting'|'Failed'|'Active',
        'FailureReason': 'string'
    }
}

Response Structure

  • (dict) --

    • Workforce (dict) --

      A single private workforce, which is automatically created when you create your first private work team. You can create one private work force in each Amazon Web Services Region. By default, any workforce-related API operation used in a specific region will apply to the workforce created in that region. To learn how to create a private workforce, see Create a Private Workforce.

      • WorkforceName (string) --

        The name of the private workforce.

      • WorkforceArn (string) --

        The Amazon Resource Name (ARN) of the private workforce.

      • LastUpdatedDate (datetime) --

        The most recent date that UpdateWorkforce was used to successfully add one or more IP address ranges ( CIDRs) to a private workforce's allow list.

      • SourceIpConfig (dict) --

        A list of one to ten IP address ranges ( CIDRs) to be added to the workforce allow list. By default, a workforce isn't restricted to specific IP addresses.

        • Cidrs (list) --

          A list of one to ten Classless Inter-Domain Routing (CIDR) values.

          Maximum: Ten CIDR values

          • (string) --

      • SubDomain (string) --

        The subdomain for your OIDC Identity Provider.

      • CognitoConfig (dict) --

        The configuration of an Amazon Cognito workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool.

        • UserPool (string) --

          A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. Your users can also sign in through social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers.

        • ClientId (string) --

          The client ID for your Amazon Cognito user pool.

      • OidcConfig (dict) --

        The configuration of an OIDC Identity Provider (IdP) private workforce.

        • ClientId (string) --

          The OIDC IdP client ID used to configure your private workforce.

        • Issuer (string) --

          The OIDC IdP issuer used to configure your private workforce.

        • AuthorizationEndpoint (string) --

          The OIDC IdP authorization endpoint used to configure your private workforce.

        • TokenEndpoint (string) --

          The OIDC IdP token endpoint used to configure your private workforce.

        • UserInfoEndpoint (string) --

          The OIDC IdP user information endpoint used to configure your private workforce.

        • LogoutEndpoint (string) --

          The OIDC IdP logout endpoint used to configure your private workforce.

        • JwksUri (string) --

          The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.

        • Scope (string) --

          An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.

        • AuthenticationRequestExtraParams (dict) --

          A string to string map of identifiers specific to the custom identity provider (IdP) being used.

          • (string) --

            • (string) --

      • CreateDate (datetime) --

        The date that the workforce is created.

      • WorkforceVpcConfig (dict) --

        The configuration of a VPC workforce.

        • VpcId (string) --

          The ID of the VPC that the workforce uses for communication.

        • SecurityGroupIds (list) --

          The VPC security group IDs, in the form sg-xxxxxxxx. The security groups must be for the same VPC as specified in the subnet.

          • (string) --

        • Subnets (list) --

          The ID of the subnets in the VPC that you want to connect.

          • (string) --

        • VpcEndpointId (string) --

          The IDs for the VPC service endpoints of your VPC workforce when it is created and updated.

      • Status (string) --

        The status of your workforce.

      • FailureReason (string) --

        The reason your workforce failed.

ListModelPackageGroups (updated) Link ¶
Changes (request)
{'CrossAccountFilterOption': 'SameAccount | CrossAccount'}

Gets a list of the model groups in your Amazon Web Services account.

See also: AWS API Documentation

Request Syntax

client.list_model_package_groups(
    CreationTimeAfter=datetime(2015, 1, 1),
    CreationTimeBefore=datetime(2015, 1, 1),
    MaxResults=123,
    NameContains='string',
    NextToken='string',
    SortBy='Name'|'CreationTime',
    SortOrder='Ascending'|'Descending',
    CrossAccountFilterOption='SameAccount'|'CrossAccount'
)
type CreationTimeAfter:

datetime

param CreationTimeAfter:

A filter that returns only model groups created after the specified time.

type CreationTimeBefore:

datetime

param CreationTimeBefore:

A filter that returns only model groups created before the specified time.

type MaxResults:

integer

param MaxResults:

The maximum number of results to return in the response.

type NameContains:

string

param NameContains:

A string in the model group name. This filter returns only model groups whose name contains the specified string.

type NextToken:

string

param NextToken:

If the result of the previous ListModelPackageGroups request was truncated, the response includes a NextToken. To retrieve the next set of model groups, use the token in the next request.

type SortBy:

string

param SortBy:

The field to sort results by. The default is CreationTime.

type SortOrder:

string

param SortOrder:

The sort order for results. The default is Ascending.

type CrossAccountFilterOption:

string

param CrossAccountFilterOption:

A filter that returns either model groups shared with you or model groups in your own account. When the value is CrossAccount, the results show the resources made discoverable to you from other accounts. When the value is SameAccount or null, the results show resources from your account. The default is SameAccount.

rtype:

dict

returns:

Response Syntax

{
    'ModelPackageGroupSummaryList': [
        {
            'ModelPackageGroupName': 'string',
            'ModelPackageGroupArn': 'string',
            'ModelPackageGroupDescription': 'string',
            'CreationTime': datetime(2015, 1, 1),
            'ModelPackageGroupStatus': 'Pending'|'InProgress'|'Completed'|'Failed'|'Deleting'|'DeleteFailed'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • ModelPackageGroupSummaryList (list) --

      A list of summaries of the model groups in your Amazon Web Services account.

      • (dict) --

        Summary information about a model group.

        • ModelPackageGroupName (string) --

          The name of the model group.

        • ModelPackageGroupArn (string) --

          The Amazon Resource Name (ARN) of the model group.

        • ModelPackageGroupDescription (string) --

          A description of the model group.

        • CreationTime (datetime) --

          The time that the model group was created.

        • ModelPackageGroupStatus (string) --

          The status of the model group.

    • NextToken (string) --

      If the response is truncated, SageMaker returns this token. To retrieve the next set of model groups, use it in the subsequent request.

ListWorkforces (updated) Link ¶
Changes (response)
{'Workforces': {'OidcConfig': {'AuthenticationRequestExtraParams': {'string': 'string'},
                               'Scope': 'string'}}}

Use this operation to list all private and vendor workforces in an Amazon Web Services Region. Note that you can only have one private workforce per Amazon Web Services Region.

See also: AWS API Documentation

Request Syntax

client.list_workforces(
    SortBy='Name'|'CreateDate',
    SortOrder='Ascending'|'Descending',
    NameContains='string',
    NextToken='string',
    MaxResults=123
)
type SortBy:

string

param SortBy:

Sort workforces using the workforce name or creation date.

type SortOrder:

string

param SortOrder:

Sort workforces in ascending or descending order.

type NameContains:

string

param NameContains:

A filter you can use to search for workforces using part of the workforce name.

type NextToken:

string

param NextToken:

A token to resume pagination.

type MaxResults:

integer

param MaxResults:

The maximum number of workforces returned in the response.

rtype:

dict

returns:

Response Syntax

{
    'Workforces': [
        {
            'WorkforceName': 'string',
            'WorkforceArn': 'string',
            'LastUpdatedDate': datetime(2015, 1, 1),
            'SourceIpConfig': {
                'Cidrs': [
                    'string',
                ]
            },
            'SubDomain': 'string',
            'CognitoConfig': {
                'UserPool': 'string',
                'ClientId': 'string'
            },
            'OidcConfig': {
                'ClientId': 'string',
                'Issuer': 'string',
                'AuthorizationEndpoint': 'string',
                'TokenEndpoint': 'string',
                'UserInfoEndpoint': 'string',
                'LogoutEndpoint': 'string',
                'JwksUri': 'string',
                'Scope': 'string',
                'AuthenticationRequestExtraParams': {
                    'string': 'string'
                }
            },
            'CreateDate': datetime(2015, 1, 1),
            'WorkforceVpcConfig': {
                'VpcId': 'string',
                'SecurityGroupIds': [
                    'string',
                ],
                'Subnets': [
                    'string',
                ],
                'VpcEndpointId': 'string'
            },
            'Status': 'Initializing'|'Updating'|'Deleting'|'Failed'|'Active',
            'FailureReason': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Workforces (list) --

      A list containing information about your workforce.

      • (dict) --

        A single private workforce, which is automatically created when you create your first private work team. You can create one private work force in each Amazon Web Services Region. By default, any workforce-related API operation used in a specific region will apply to the workforce created in that region. To learn how to create a private workforce, see Create a Private Workforce.

        • WorkforceName (string) --

          The name of the private workforce.

        • WorkforceArn (string) --

          The Amazon Resource Name (ARN) of the private workforce.

        • LastUpdatedDate (datetime) --

          The most recent date that UpdateWorkforce was used to successfully add one or more IP address ranges ( CIDRs) to a private workforce's allow list.

        • SourceIpConfig (dict) --

          A list of one to ten IP address ranges ( CIDRs) to be added to the workforce allow list. By default, a workforce isn't restricted to specific IP addresses.

          • Cidrs (list) --

            A list of one to ten Classless Inter-Domain Routing (CIDR) values.

            Maximum: Ten CIDR values

            • (string) --

        • SubDomain (string) --

          The subdomain for your OIDC Identity Provider.

        • CognitoConfig (dict) --

          The configuration of an Amazon Cognito workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool.

          • UserPool (string) --

            A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. Your users can also sign in through social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers.

          • ClientId (string) --

            The client ID for your Amazon Cognito user pool.

        • OidcConfig (dict) --

          The configuration of an OIDC Identity Provider (IdP) private workforce.

          • ClientId (string) --

            The OIDC IdP client ID used to configure your private workforce.

          • Issuer (string) --

            The OIDC IdP issuer used to configure your private workforce.

          • AuthorizationEndpoint (string) --

            The OIDC IdP authorization endpoint used to configure your private workforce.

          • TokenEndpoint (string) --

            The OIDC IdP token endpoint used to configure your private workforce.

          • UserInfoEndpoint (string) --

            The OIDC IdP user information endpoint used to configure your private workforce.

          • LogoutEndpoint (string) --

            The OIDC IdP logout endpoint used to configure your private workforce.

          • JwksUri (string) --

            The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.

          • Scope (string) --

            An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.

          • AuthenticationRequestExtraParams (dict) --

            A string to string map of identifiers specific to the custom identity provider (IdP) being used.

            • (string) --

              • (string) --

        • CreateDate (datetime) --

          The date that the workforce is created.

        • WorkforceVpcConfig (dict) --

          The configuration of a VPC workforce.

          • VpcId (string) --

            The ID of the VPC that the workforce uses for communication.

          • SecurityGroupIds (list) --

            The VPC security group IDs, in the form sg-xxxxxxxx. The security groups must be for the same VPC as specified in the subnet.

            • (string) --

          • Subnets (list) --

            The ID of the subnets in the VPC that you want to connect.

            • (string) --

          • VpcEndpointId (string) --

            The IDs for the VPC service endpoints of your VPC workforce when it is created and updated.

        • Status (string) --

          The status of your workforce.

        • FailureReason (string) --

          The reason your workforce failed.

    • NextToken (string) --

      A token to resume pagination.

UpdateWorkforce (updated) Link ¶
Changes (request, response)
Request
{'OidcConfig': {'AuthenticationRequestExtraParams': {'string': 'string'},
                'Scope': 'string'}}
Response
{'Workforce': {'OidcConfig': {'AuthenticationRequestExtraParams': {'string': 'string'},
                              'Scope': 'string'}}}

Use this operation to update your workforce. You can use this operation to require that workers use specific IP addresses to work on tasks and to update your OpenID Connect (OIDC) Identity Provider (IdP) workforce configuration.

The worker portal is now supported in VPC and public internet.

Use SourceIpConfig to restrict worker access to tasks to a specific range of IP addresses. You specify allowed IP addresses by creating a list of up to ten CIDRs. By default, a workforce isn't restricted to specific IP addresses. If you specify a range of IP addresses, workers who attempt to access tasks using any IP address outside the specified range are denied and get a Not Found error message on the worker portal.

To restrict access to all the workers in public internet, add the SourceIpConfig CIDR value as "10.0.0.0/16".

Use OidcConfig to update the configuration of a workforce created using your own OIDC IdP.

After restricting access to a range of IP addresses or updating your OIDC IdP configuration with this operation, you can view details about your update workforce using the DescribeWorkforce operation.

See also: AWS API Documentation

Request Syntax

client.update_workforce(
    WorkforceName='string',
    SourceIpConfig={
        'Cidrs': [
            'string',
        ]
    },
    OidcConfig={
        'ClientId': 'string',
        'ClientSecret': 'string',
        'Issuer': 'string',
        'AuthorizationEndpoint': 'string',
        'TokenEndpoint': 'string',
        'UserInfoEndpoint': 'string',
        'LogoutEndpoint': 'string',
        'JwksUri': 'string',
        'Scope': 'string',
        'AuthenticationRequestExtraParams': {
            'string': 'string'
        }
    },
    WorkforceVpcConfig={
        'VpcId': 'string',
        'SecurityGroupIds': [
            'string',
        ],
        'Subnets': [
            'string',
        ]
    }
)
type WorkforceName:

string

param WorkforceName:

[REQUIRED]

The name of the private workforce that you want to update. You can find your workforce name by using the ListWorkforces operation.

type SourceIpConfig:

dict

param SourceIpConfig:

A list of one to ten worker IP address ranges ( CIDRs) that can be used to access tasks assigned to this workforce.

Maximum: Ten CIDR values

  • Cidrs (list) -- [REQUIRED]

    A list of one to ten Classless Inter-Domain Routing (CIDR) values.

    Maximum: Ten CIDR values

    • (string) --

type OidcConfig:

dict

param OidcConfig:

Use this parameter to update your OIDC Identity Provider (IdP) configuration for a workforce made using your own IdP.

  • ClientId (string) -- [REQUIRED]

    The OIDC IdP client ID used to configure your private workforce.

  • ClientSecret (string) -- [REQUIRED]

    The OIDC IdP client secret used to configure your private workforce.

  • Issuer (string) -- [REQUIRED]

    The OIDC IdP issuer used to configure your private workforce.

  • AuthorizationEndpoint (string) -- [REQUIRED]

    The OIDC IdP authorization endpoint used to configure your private workforce.

  • TokenEndpoint (string) -- [REQUIRED]

    The OIDC IdP token endpoint used to configure your private workforce.

  • UserInfoEndpoint (string) -- [REQUIRED]

    The OIDC IdP user information endpoint used to configure your private workforce.

  • LogoutEndpoint (string) -- [REQUIRED]

    The OIDC IdP logout endpoint used to configure your private workforce.

  • JwksUri (string) -- [REQUIRED]

    The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.

  • Scope (string) --

    An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.

  • AuthenticationRequestExtraParams (dict) --

    A string to string map of identifiers specific to the custom identity provider (IdP) being used.

    • (string) --

      • (string) --

type WorkforceVpcConfig:

dict

param WorkforceVpcConfig:

Use this parameter to update your VPC configuration for a workforce.

  • VpcId (string) --

    The ID of the VPC that the workforce uses for communication.

  • SecurityGroupIds (list) --

    The VPC security group IDs, in the form sg-xxxxxxxx. The security groups must be for the same VPC as specified in the subnet.

    • (string) --

  • Subnets (list) --

    The ID of the subnets in the VPC that you want to connect.

    • (string) --

rtype:

dict

returns:

Response Syntax

{
    'Workforce': {
        'WorkforceName': 'string',
        'WorkforceArn': 'string',
        'LastUpdatedDate': datetime(2015, 1, 1),
        'SourceIpConfig': {
            'Cidrs': [
                'string',
            ]
        },
        'SubDomain': 'string',
        'CognitoConfig': {
            'UserPool': 'string',
            'ClientId': 'string'
        },
        'OidcConfig': {
            'ClientId': 'string',
            'Issuer': 'string',
            'AuthorizationEndpoint': 'string',
            'TokenEndpoint': 'string',
            'UserInfoEndpoint': 'string',
            'LogoutEndpoint': 'string',
            'JwksUri': 'string',
            'Scope': 'string',
            'AuthenticationRequestExtraParams': {
                'string': 'string'
            }
        },
        'CreateDate': datetime(2015, 1, 1),
        'WorkforceVpcConfig': {
            'VpcId': 'string',
            'SecurityGroupIds': [
                'string',
            ],
            'Subnets': [
                'string',
            ],
            'VpcEndpointId': 'string'
        },
        'Status': 'Initializing'|'Updating'|'Deleting'|'Failed'|'Active',
        'FailureReason': 'string'
    }
}

Response Structure

  • (dict) --

    • Workforce (dict) --

      A single private workforce. You can create one private work force in each Amazon Web Services Region. By default, any workforce-related API operation used in a specific region will apply to the workforce created in that region. To learn how to create a private workforce, see Create a Private Workforce.

      • WorkforceName (string) --

        The name of the private workforce.

      • WorkforceArn (string) --

        The Amazon Resource Name (ARN) of the private workforce.

      • LastUpdatedDate (datetime) --

        The most recent date that UpdateWorkforce was used to successfully add one or more IP address ranges ( CIDRs) to a private workforce's allow list.

      • SourceIpConfig (dict) --

        A list of one to ten IP address ranges ( CIDRs) to be added to the workforce allow list. By default, a workforce isn't restricted to specific IP addresses.

        • Cidrs (list) --

          A list of one to ten Classless Inter-Domain Routing (CIDR) values.

          Maximum: Ten CIDR values

          • (string) --

      • SubDomain (string) --

        The subdomain for your OIDC Identity Provider.

      • CognitoConfig (dict) --

        The configuration of an Amazon Cognito workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool.

        • UserPool (string) --

          A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. Your users can also sign in through social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers.

        • ClientId (string) --

          The client ID for your Amazon Cognito user pool.

      • OidcConfig (dict) --

        The configuration of an OIDC Identity Provider (IdP) private workforce.

        • ClientId (string) --

          The OIDC IdP client ID used to configure your private workforce.

        • Issuer (string) --

          The OIDC IdP issuer used to configure your private workforce.

        • AuthorizationEndpoint (string) --

          The OIDC IdP authorization endpoint used to configure your private workforce.

        • TokenEndpoint (string) --

          The OIDC IdP token endpoint used to configure your private workforce.

        • UserInfoEndpoint (string) --

          The OIDC IdP user information endpoint used to configure your private workforce.

        • LogoutEndpoint (string) --

          The OIDC IdP logout endpoint used to configure your private workforce.

        • JwksUri (string) --

          The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.

        • Scope (string) --

          An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.

        • AuthenticationRequestExtraParams (dict) --

          A string to string map of identifiers specific to the custom identity provider (IdP) being used.

          • (string) --

            • (string) --

      • CreateDate (datetime) --

        The date that the workforce is created.

      • WorkforceVpcConfig (dict) --

        The configuration of a VPC workforce.

        • VpcId (string) --

          The ID of the VPC that the workforce uses for communication.

        • SecurityGroupIds (list) --

          The VPC security group IDs, in the form sg-xxxxxxxx. The security groups must be for the same VPC as specified in the subnet.

          • (string) --

        • Subnets (list) --

          The ID of the subnets in the VPC that you want to connect.

          • (string) --

        • VpcEndpointId (string) --

          The IDs for the VPC service endpoints of your VPC workforce when it is created and updated.

      • Status (string) --

        The status of your workforce.

      • FailureReason (string) --

        The reason your workforce failed.