:doc:`SageMaker <../../sagemaker>` / Client / create_workteam

***************
create_workteam
***************



.. py:method:: SageMaker.Client.create_workteam(**kwargs)

  

  Creates a new work team for labeling your data. A work team is defined by one or more Amazon Cognito user pools. You must first create the user pools before you can create a work team.

   

  You cannot create more than 25 work teams in an account and region.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/sagemaker-2017-07-24/CreateWorkteam>`_  


  **Request Syntax**
  ::

    response = client.create_workteam(
        WorkteamName='string',
        WorkforceName='string',
        MemberDefinitions=[
            {
                'CognitoMemberDefinition': {
                    'UserPool': 'string',
                    'UserGroup': 'string',
                    'ClientId': 'string'
                },
                'OidcMemberDefinition': {
                    'Groups': [
                        'string',
                    ]
                }
            },
        ],
        Description='string',
        NotificationConfiguration={
            'NotificationTopicArn': 'string'
        },
        WorkerAccessConfiguration={
            'S3Presign': {
                'IamPolicyConstraints': {
                    'SourceIp': 'Enabled'|'Disabled',
                    'VpcSourceIp': 'Enabled'|'Disabled'
                }
            }
        },
        Tags=[
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    )
    
  :type WorkteamName: string
  :param WorkteamName: **[REQUIRED]** 

    The name of the work team. Use this name to identify the work team.

    

  
  :type WorkforceName: string
  :param WorkforceName: 

    The name of the workforce.

    

  
  :type MemberDefinitions: list
  :param MemberDefinitions: **[REQUIRED]** 

    A list of ``MemberDefinition`` objects that contains objects that identify the workers that make up the work team.

     

    Workforces can be created using Amazon Cognito or your own OIDC Identity Provider (IdP). For private workforces created using Amazon Cognito use ``CognitoMemberDefinition``. For workforces created using your own OIDC identity provider (IdP) use ``OidcMemberDefinition``. Do not provide input for both of these parameters in a single request.

     

    For workforces created using Amazon Cognito, private work teams correspond to Amazon Cognito *user groups* within the user pool used to create a workforce. All of the ``CognitoMemberDefinition`` objects that make up the member definition must have the same ``ClientId`` and ``UserPool`` values. To add a Amazon Cognito user group to an existing worker pool, see `Adding groups to a User Pool. For more information about user pools, see `Amazon Cognito User Pools <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html>`__.

     

    For workforces created using your own OIDC IdP, specify the user groups that you want to include in your private work team in ``OidcMemberDefinition`` by listing those groups in ``Groups``.

    

  
    - *(dict) --* 

      Defines an Amazon Cognito or your own OIDC IdP user group that is part of a work team.

      

    
      - **CognitoMemberDefinition** *(dict) --* 

        The Amazon Cognito user group that is part of the work team.

        

      
        - **UserPool** *(string) --* **[REQUIRED]** 

          An identifier for a user pool. The user pool must be in the same region as the service that you are calling.

          

        
        - **UserGroup** *(string) --* **[REQUIRED]** 

          An identifier for a user group.

          

        
        - **ClientId** *(string) --* **[REQUIRED]** 

          An identifier for an application client. You must create the app client ID using Amazon Cognito.

          

        
      
      - **OidcMemberDefinition** *(dict) --* 

        A list user groups that exist in your OIDC Identity Provider (IdP). One to ten groups can be used to create a single private work team. When you add a user group to the list of ``Groups``, you can add that user group to one or more private work teams. If you add a user group to a private work team, all workers in that user group are added to the work team.

        

      
        - **Groups** *(list) --* 

          A list of comma seperated strings that identifies user groups in your OIDC IdP. Each user group is made up of a group of private workers.

          

        
          - *(string) --* 

          
      
      
    

  :type Description: string
  :param Description: **[REQUIRED]** 

    A description of the work team.

    

  
  :type NotificationConfiguration: dict
  :param NotificationConfiguration: 

    Configures notification of workers regarding available or expiring work items.

    

  
    - **NotificationTopicArn** *(string) --* 

      The ARN for the Amazon SNS topic to which notifications should be published.

      

    
  
  :type WorkerAccessConfiguration: dict
  :param WorkerAccessConfiguration: 

    Use this optional parameter to constrain access to an Amazon S3 resource based on the IP address using supported IAM global condition keys. The Amazon S3 resource is accessed in the worker portal using a Amazon S3 presigned URL.

    

  
    - **S3Presign** *(dict) --* 

      Defines any Amazon S3 resource constraints.

      

    
      - **IamPolicyConstraints** *(dict) --* 

        Use this parameter to specify the allowed request source. Possible sources are either ``SourceIp`` or ``VpcSourceIp``.

        

      
        - **SourceIp** *(string) --* 

          When ``SourceIp`` is ``Enabled`` the worker's IP address when a task is rendered in the worker portal is added to the IAM policy as a ``Condition`` used to generate the Amazon S3 presigned URL. This IP address is checked by Amazon S3 and must match in order for the Amazon S3 resource to be rendered in the worker portal.

          

        
        - **VpcSourceIp** *(string) --* 

          When ``VpcSourceIp`` is ``Enabled`` the worker's IP address when a task is rendered in private worker portal inside the VPC is added to the IAM policy as a ``Condition`` used to generate the Amazon S3 presigned URL. To render the task successfully Amazon S3 checks that the presigned URL is being accessed over an Amazon S3 VPC Endpoint, and that the worker's IP address matches the IP address in the IAM policy. To learn more about configuring private worker portal, see `Use Amazon VPC mode from a private worker portal <https://docs.aws.amazon.com/sagemaker/latest/dg/samurai-vpc-worker-portal.html>`__.

          

        
      
    
  
  :type Tags: list
  :param Tags: 

    An array of key-value pairs.

     

    For more information, see `Resource Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`__ and `Using Cost Allocation Tags <https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html#allocation-what>`__ in the *Amazon Web Services Billing and Cost Management User Guide*.

    

  
    - *(dict) --* 

      A tag object that consists of a key and an optional value, used to manage metadata for SageMaker Amazon Web Services resources.

       

      You can add tags to notebook instances, training jobs, hyperparameter tuning jobs, batch transform jobs, models, labeling jobs, work teams, endpoint configurations, and endpoints. For more information on adding tags to SageMaker resources, see `AddTags <https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_AddTags.html>`__.

       

      For more information on adding metadata to your Amazon Web Services resources with tagging, see `Tagging Amazon Web Services resources <https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html>`__. For advice on best practices for managing Amazon Web Services resources with tagging, see `Tagging Best Practices\: Implement an Effective Amazon Web Services Resource Tagging Strategy <https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf>`__.

      

    
      - **Key** *(string) --* **[REQUIRED]** 

        The tag key. Tag keys must be unique per resource.

        

      
      - **Value** *(string) --* **[REQUIRED]** 

        The tag value.

        

      
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'WorkteamArn': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **WorkteamArn** *(string) --* 

        The Amazon Resource Name (ARN) of the work team. You can use this ARN to identify the work team.

        
  
  **Exceptions**
  
  *   :py:class:`SageMaker.Client.exceptions.ResourceInUse`

  
  *   :py:class:`SageMaker.Client.exceptions.ResourceLimitExceeded`

  