# Create a Amazon Managed Service for Prometheus workspace Follow these steps to create a Amazon Managed Service for Prometheus workspace. You can choose to use the AWS CLI or the Amazon Managed Service for Prometheus console. **Note** If you are running an Amazon EKS cluster, you can also create a new workspace using [AWS Controllers for Kubernetes](integrating-ack.md). **To create a workspace using the AWS CLI** 1. Enter the following command to create the workspace. This example creates a workspace named `my-first-workspace`, but you can use a different alias (or none) if you want. Workspace aliases are friendly names that help you identify your workspaces. They do not have to be unique. Two workspaces can have the same alias, but all workspaces have unique workspace IDs, which are generated by Amazon Managed Service for Prometheus. (Optional) To use your own KMS key to encrypt data stored in your workspace, you can include the `kmsKeyArn` parameter with the AWS KMS key to use. While Amazon Managed Service for Prometheus does not charge you for using customer managed keys, there may be costs associated with keys from AWS Key Management Service. For more information about Amazon Managed Service for Prometheus encryption of data in the workspace, or how to create, manage, and use your own customer managed key, see [Encryption at rest](encryption-at-rest-Amazon-Service-Prometheus.md). Parameters in brackets (`[]`) are optional, do not include the brackets in your command. ``` aws amp create-workspace [--alias my-first-workspace] [--kmsKeyArn arn:aws:aps:us-west-2:111122223333:workspace/ws-sample-1234-abcd-56ef-7890abcd12ef] [--tags Status=Secret,Team=My-Team] ``` This command returns the following data: + `workspaceId` is the unique ID for this workspace. Make a note of this ID. + `arn` is the ARN for this workspace. + `status` is the current status of the workspace. Immediately after you create the workspace, this will probably be `CREATING`. + `kmsKeyArn` is the customer managed key used to encrypt the workspace data, if given. **Note** Workspaces created with customer managed keys cannot use [AWS managed collectors](AMP-collector.md) for ingestion. Choose whether to use customer managed keys or AWS owned keys carefully. Workspaces created with customer managed keys can't be converted to use AWS owned keys later (and vice versa). + `tags` lists the workspace's tags, if any. 1. If your `create-workspace` command returns a status of `CREATING`, you can then enter the following command to determine when the workspace is ready. Replace *my-workspace-id* with the value that the `create-workspace` command returned for `workspaceId`. ``` aws amp describe-workspace --workspace-id my-workspace-id ``` When the `describe-workspace` command returns `ACTIVE` for `status`, the workspace is ready to use. **To create a workspace using the Amazon Managed Service for Prometheus console** 1. Open the Amazon Managed Service for Prometheus console at [https://console.aws.amazon.com/prometheus/](https://console.aws.amazon.com/prometheus/home). 1. Choose **Create**. 1. For **Workspace alias**, enter an alias for the new workspace. Workspace aliases are friendly names that help you identify your workspaces. They do not have to be unique. Two workspaces can have the same alias, but all workspaces have unique workspace IDs, which are generated by Amazon Managed Service for Prometheus. 1. (Optional) To use your own KMS key to encrypt data stored in your workspace, you can select **Customize encryption settings**, and choose the AWS KMS key to use (or create a new one). You can choose a key in your account from the drop down list, or enter the ARN for any key that you have access to. While Amazon Managed Service for Prometheus does not charge you for using customer managed keys, there may be costs associated with keys from AWS Key Management Service. For more information about Amazon Managed Service for Prometheus encryption of data in the workspace, or how to create, manage, and use your own, customer managed key, see [Encryption at rest](encryption-at-rest-Amazon-Service-Prometheus.md). **Note** Workspaces created with customer managed keys cannot use [AWS managed collectors](AMP-collector.md) for ingestion. Choose whether to use customer managed keys or AWS owned keys carefully. Workspaces created with customer managed keys can't be converted to use AWS owned keys later (and vice versa). 1. (Optional) To add one or more tags to the workspace, choose **Add new tag**. Then, in **Key**, enter a name for the tag. You can add an optional value for the tag in **Value**. To add another tag, choose **Add new tag** again. 1. Choose **Create workspace**. The workspace details page appears. This displays information including the status, ARN, workspace ID, and endpoint URLs for this workspace for both remote write and queries. The status returns **CREATING** until the workspace is ready. Wait until the status is **ACTIVE** before you move on to setting up your metric ingestion. Make note of the URLs that are displayed for **Endpoint - remote write URL** and **Endpoint - query URL**. You'll need them when you configure your Prometheus server to remote write metrics to this workspace and when you query those metrics. For information about how to ingest metrics into the workspace, see [Ingest Prometheus metrics to the workspace](AMP-onboard-ingest-metrics.md).