Resource: awsSagemakerWorkforce
Provides a SageMaker Workforce resource.
Example Usage
Cognito Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsCognitoUserPoolExample = new aws.cognitoUserPool.CognitoUserPool(
this,
"example",
{
name: "example",
}
);
const awsCognitoUserPoolClientExample =
new aws.cognitoUserPoolClient.CognitoUserPoolClient(this, "example_1", {
generateSecret: true,
name: "example",
userPoolId: awsCognitoUserPoolExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCognitoUserPoolClientExample.overrideLogicalId("example");
const awsCognitoUserPoolDomainExample =
new aws.cognitoUserPoolDomain.CognitoUserPoolDomain(this, "example_2", {
domain: "example",
userPoolId: awsCognitoUserPoolExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCognitoUserPoolDomainExample.overrideLogicalId("example");
const awsSagemakerWorkforceExample =
new aws.sagemakerWorkforce.SagemakerWorkforce(this, "example_3", {
cognitoConfig: {
clientId: awsCognitoUserPoolClientExample.id,
userPool: awsCognitoUserPoolDomainExample.userPoolId,
},
workforceName: "example",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSagemakerWorkforceExample.overrideLogicalId("example");
Oidc Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.sagemakerWorkforce.SagemakerWorkforce(this, "example", {
oidcConfig: {
authorizationEndpoint: "https://example.com",
clientId: "example",
clientSecret: "example",
issuer: "https://example.com",
jwksUri: "https://example.com",
logoutEndpoint: "https://example.com",
tokenEndpoint: "https://example.com",
userInfoEndpoint: "https://example.com",
},
workforceName: "example",
});
Argument Reference
The following arguments are supported:
workforceName
- (Required) The name of the Workforce (must be unique).cognitoConfig
- (Optional) Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts withoidcConfig
. see Cognito Config details below.oidcConfig
- (Optional) Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts withcognitoConfig
. see OIDC Config details below.sourceIpConfig
- (Optional) A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.workforceVpcConfig
- (Optional) configure a workforce using VPC. see Workforce VPC Config details below.
Cognito Config
clientId
- (Required) The client ID for your Amazon Cognito user pool.userPool
- (Required) ID for your Amazon Cognito user pool.
Oidc Config
authorizationEndpoint
- (Required) The OIDC IdP authorization endpoint used to configure your private workforce.clientId
- (Required) The OIDC IdP client ID used to configure your private workforce.clientSecret
- (Required) The OIDC IdP client secret used to configure your private workforce.issuer
- (Required) The OIDC IdP issuer used to configure your private workforce.jwksUri
- (Required) The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.logoutEndpoint
- (Required) The OIDC IdP logout endpoint used to configure your private workforce.tokenEndpoint
- (Required) The OIDC IdP token endpoint used to configure your private workforce.userInfoEndpoint
- (Required) The OIDC IdP user information endpoint used to configure your private workforce.
Source Ip Config
cidrs
- (Required) A list of up to 10 CIDR values.
Workforce VPC Config
securityGroupIds
- (Optional) The VPC security group IDs. The security groups must be for the same VPC as specified in the subnet.subnets
- (Optional) The ID of the subnets in the VPC that you want to connect.vpcId
- (Optional) The ID of the VPC that the workforce uses for communication.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn
- The Amazon Resource Name (ARN) assigned by AWS to this Workforce.id
- The name of the Workforce.subdomain
- The subdomain for your OIDC Identity Provider.workforceVpcConfig0VpcEndpointId
- The IDs for the VPC service endpoints of your VPC workforce.
Import
SageMaker Workforces can be imported using the workforceName
, e.g.,