AWS Amazon SageMaker Workforce

This page shows how to write Terraform for Amazon SageMaker Workforce and write them securely.

aws_sagemaker_workforce (Terraform)

The Workforce in Amazon SageMaker can be configured in Terraform with the resource name aws_sagemaker_workforce. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • workforce_name - (Required) The name of the Workforce (must be unique).
  • cognito_config - (Required) Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with oidc_config. see Cognito Config details below.
  • oidc_config - (Required) Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with cognito_config. see OIDC Config details below.
  • source_ip_config - (Required) A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.

Cognito Config

  • client_id - (Required) The client ID for your Amazon Cognito user pool.
  • user_pool - (Required) The id for your Amazon Cognito user pool.

Oidc Config

  • authorization_endpoint - (Required) The OIDC IdP authorization endpoint used to configure your private workforce.
  • client_id - (Required) The OIDC IdP client ID used to configure your private workforce.
  • client_secret - (Required) The OIDC IdP client secret used to configure your private workforce.
  • issuer - (Required) The OIDC IdP issuer used to configure your private workforce.
  • jwks_uri - (Required) The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.
  • logout_endpoint - (Required) The OIDC IdP logout endpoint used to configure your private workforce.
  • token_endpoint - (Required) The OIDC IdP token endpoint used to configure your private workforce.
  • user_info_endpoint - (Required) The OIDC IdP user information endpoint used to configure your private workforce.

Source Ip Config

  • cidrs - (Required) A list of up to 10 CIDR values.

In addition to all arguments above, the following attributes are exported:

  • arn - The Amazon Resource Name (ARN) assigned by AWS to this Workforce.
  • id - The name of the Workforce.
  • subdomain - The subdomain for your OIDC Identity Provider.

Explanation in Terraform Registry

Provides a Sagemaker Workforce resource.

CloudFormation Example

CloudFormation code does not have the related resource.

Frequently asked questions

What is AWS Amazon SageMaker Workforce?

AWS Amazon SageMaker Workforce is a resource for Amazon SageMaker of Amazon Web Service. Settings can be wrote in Terraform.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.