UPDATEWORKFORCE()`¶

About UpdateWorkforce¶

Use this operation to update your workforce. You can use this operation to require that workers use specific IP addresses to work on tasks and to update your OpenID Connect (OIDC) Identity Provider (IdP) workforce configuration.

The worker portal is now supported in VPC and public internet.

Use SourceIpConfig to restrict worker access to tasks to a specific range of IP addresses. You specify allowed IP addresses by creating a list of up to ten CIDRs. By default, a workforce isn't restricted to specific IP addresses. If you specify a range of IP addresses, workers who attempt to access tasks using any IP address outside the specified range are denied and get a Not Found error message on the worker portal.

To restrict public internet access for all workers, configure the SourceIpConfig CIDR value. For example, when using SourceIpConfig with an IpAddressType of IPv4, you can restrict access to the IPv4 CIDR block "10.0.0.0/16". When using an IpAddressType of dualstack, you can specify both the IPv4 and IPv6 CIDR blocks, such as "10.0.0.0/16" for IPv4 only, "2001:db8:1234:1a00::/56" for IPv6 only, or "10.0.0.0/16" and "2001:db8:1234:1a00::/56" for dual stack.

Amazon SageMaker does not support Source Ip restriction for worker portals in VPC.

Use OidcConfig to update the configuration of a workforce created using your own OIDC IdP.

You can only update your OIDC IdP configuration when there are no work teams associated with your workforce. You can delete work teams using the DeleteWorkteam operation.

After restricting access to a range of IP addresses or updating your OIDC IdP configuration with this operation, you can view details about your update workforce using the DescribeWorkforce operation.

This operation only applies to private workforces.

Method Signature¶

IMPORTING¶

Required arguments:¶

`iv_workforcename` `TYPE /AWS1/SGMWORKFORCENAME` `/AWS1/SGMWORKFORCENAME`¶

The name of the private workforce that you want to update. You can find your workforce name by using the ListWorkforces operation.

Optional arguments:¶

`io_sourceipconfig` `TYPE REF TO /AWS1/CL_SGMSOURCEIPCONFIG` `/AWS1/CL_SGMSOURCEIPCONFIG`¶

A list of one to ten worker IP address ranges (CIDRs) that can be used to access tasks assigned to this workforce.

Maximum: Ten CIDR values

`io_oidcconfig` `TYPE REF TO /AWS1/CL_SGMOIDCCONFIG` `/AWS1/CL_SGMOIDCCONFIG`¶

Use this parameter to update your OIDC Identity Provider (IdP) configuration for a workforce made using your own IdP.

`io_workforcevpcconfig` `TYPE REF TO /AWS1/CL_SGMWORKFORCEVPCCFGREQ` `/AWS1/CL_SGMWORKFORCEVPCCFGREQ`¶

Use this parameter to update your VPC configuration for a workforce.

`iv_ipaddresstype` `TYPE /AWS1/SGMWORKFORCEIPADDRESST00` `/AWS1/SGMWORKFORCEIPADDRESST00`¶

Use this parameter to specify whether you want IPv4 only or dualstack (IPv4 and IPv6) to support your labeling workforce.

RETURNING¶

`oo_output` `TYPE REF TO /aws1/cl_sgmupdateworkforcersp` `/AWS1/CL_SGMUPDATEWORKFORCERSP`¶

Domain /AWS1/RT_ACCOUNT_ID

Primitive Type NUMC

Examples¶

Syntax Example¶

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->/aws1/if_sgm~updateworkforce(
  io_oidcconfig = new /aws1/cl_sgmoidcconfig(
    it_authntctnreqextraparams = VALUE /aws1/cl_sgmauthreqextraprms_w=>tt_authntctnrequestextraparams(
      (
        VALUE /aws1/cl_sgmauthreqextraprms_w=>ts_authnreqextraparams_maprow(
          key = |string|
          value = new /aws1/cl_sgmauthreqextraprms_w( |string| )
        )
      )
    )
    iv_authorizationendpoint = |string|
    iv_clientid = |string|
    iv_clientsecret = |string|
    iv_issuer = |string|
    iv_jwksuri = |string|
    iv_logoutendpoint = |string|
    iv_scope = |string|
    iv_tokenendpoint = |string|
    iv_userinfoendpoint = |string|
  )
  io_sourceipconfig = new /aws1/cl_sgmsourceipconfig(
    it_cidrs = VALUE /aws1/cl_sgmcidrs_w=>tt_cidrs(
      ( new /aws1/cl_sgmcidrs_w( |string| ) )
    )
  )
  io_workforcevpcconfig = new /aws1/cl_sgmworkforcevpccfgreq(
    it_securitygroupids = VALUE /aws1/cl_sgmworkforcesecgrid00=>tt_workforcesecuritygroupids(
      ( new /aws1/cl_sgmworkforcesecgrid00( |string| ) )
    )
    it_subnets = VALUE /aws1/cl_sgmworkforcesubnets_w=>tt_workforcesubnets(
      ( new /aws1/cl_sgmworkforcesubnets_w( |string| ) )
    )
    iv_vpcid = |string|
  )
  iv_ipaddresstype = |string|
  iv_workforcename = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lo_workforce = lo_result->get_workforce( ).
  IF lo_workforce IS NOT INITIAL.
    lv_workforcename = lo_workforce->get_workforcename( ).
    lv_workforcearn = lo_workforce->get_workforcearn( ).
    lv_timestamp = lo_workforce->get_lastupdateddate( ).
    lo_sourceipconfig = lo_workforce->get_sourceipconfig( ).
    IF lo_sourceipconfig IS NOT INITIAL.
      LOOP AT lo_sourceipconfig->get_cidrs( ) into lo_row.
        lo_row_1 = lo_row.
        IF lo_row_1 IS NOT INITIAL.
          lv_cidr = lo_row_1->get_value( ).
        ENDIF.
      ENDLOOP.
    ENDIF.
    lv_string = lo_workforce->get_subdomain( ).
    lo_cognitoconfig = lo_workforce->get_cognitoconfig( ).
    IF lo_cognitoconfig IS NOT INITIAL.
      lv_cognitouserpool = lo_cognitoconfig->get_userpool( ).
      lv_clientid = lo_cognitoconfig->get_clientid( ).
    ENDIF.
    lo_oidcconfigforresponse = lo_workforce->get_oidcconfig( ).
    IF lo_oidcconfigforresponse IS NOT INITIAL.
      lv_clientid = lo_oidcconfigforresponse->get_clientid( ).
      lv_oidcendpoint = lo_oidcconfigforresponse->get_issuer( ).
      lv_oidcendpoint = lo_oidcconfigforresponse->get_authorizationendpoint( ).
      lv_oidcendpoint = lo_oidcconfigforresponse->get_tokenendpoint( ).
      lv_oidcendpoint = lo_oidcconfigforresponse->get_userinfoendpoint( ).
      lv_oidcendpoint = lo_oidcconfigforresponse->get_logoutendpoint( ).
      lv_oidcendpoint = lo_oidcconfigforresponse->get_jwksuri( ).
      lv_scope = lo_oidcconfigforresponse->get_scope( ).
      LOOP AT lo_oidcconfigforresponse->get_authntctnreqextraparams( ) into ls_row_2.
        lv_key = ls_row_2-key.
        lo_value = ls_row_2-value.
        IF lo_value IS NOT INITIAL.
          lv_authenticationrequestex = lo_value->get_value( ).
        ENDIF.
      ENDLOOP.
    ENDIF.
    lv_timestamp = lo_workforce->get_createdate( ).
    lo_workforcevpcconfigrespo = lo_workforce->get_workforcevpcconfig( ).
    IF lo_workforcevpcconfigrespo IS NOT INITIAL.
      lv_workforcevpcid = lo_workforcevpcconfigrespo->get_vpcid( ).
      LOOP AT lo_workforcevpcconfigrespo->get_securitygroupids( ) into lo_row_3.
        lo_row_4 = lo_row_3.
        IF lo_row_4 IS NOT INITIAL.
          lv_workforcesecuritygroupi = lo_row_4->get_value( ).
        ENDIF.
      ENDLOOP.
      LOOP AT lo_workforcevpcconfigrespo->get_subnets( ) into lo_row_5.
        lo_row_6 = lo_row_5.
        IF lo_row_6 IS NOT INITIAL.
          lv_workforcesubnetid = lo_row_6->get_value( ).
        ENDIF.
      ENDLOOP.
      lv_workforcevpcendpointid = lo_workforcevpcconfigrespo->get_vpcendpointid( ).
    ENDIF.
    lv_workforcestatus = lo_workforce->get_status( ).
    lv_workforcefailurereason = lo_workforce->get_failurereason( ).
    lv_workforceipaddresstype = lo_workforce->get_ipaddresstype( ).
  ENDIF.
ENDIF.

/AWS1/CL_SGM=>UPDATEWORKFORCE()¶