Install Amazon WorkSpaces: Virtual Linux or Windows desktop in AWS

• Author
• Recent Posts

Mohamed Wali

Mohamed is a cloud infrastructure expert with experience in engineering and implementation in AWS and Azure. He currently works as a Cloud Infrastructure Architect at Amazon Web Services.

Latest posts by Mohamed Wali (see all)

• EC2 Image Builder: Build your golden VM images on AWS - Wed, Jan 19 2022
• Configuring DFS Namespaces for Amazon FSx for Windows file servers - Fri, Jan 7 2022
• AWS Systems Manager Session Manager: Securely connect EC2 instances - Wed, Dec 22 2021

Amazon WorkSpaces has the following key features:

• Secure Cloud WorkSpace is accessible from any device using the WorkSpaces Client App
• Persistent secure cloud storage
• Integrates with existing identity and access management systems, such as Active Directory and RADIUS, to enable multifactor authentication (MFA)
• Control access to WorkSpaces using Security Groups and host-based firewalls, and restrict access from certain IPs or devices
• Bring your own licenses for Windows 10 machines
• Data encryption at rest

The prerequisites are as follows:

• Create a dedicated VPC for WorkSpaces with at least two subnets.
• Create an AWS-managed Microsoft AD, Simple AD, or AD Connector for the on-premises AD on the VPC mentioned in the previous point.
• If you want the workspaces to be accessible via the public Internet, create public subnets. If you want the workspaces to be accessed privately, create private subnets.

Create a WorkSpace

To create a workspace, navigate to the Amazon WorkSpaces Console.

Click Launch WorkSpace.

Amazon WorkSpaces Console

On the next screen, you are prompted to select a directory. If you haven't registered your AD yet, you can register it on this screen by selecting the subnets and enabling self-service permissions. Then, click Next Step.

Select a directory for the WorkSpace

In the Identify Users step, you can specify the AD users to whom you want to grant permissions to access this workspace. You can just search for the user in AD, then select it, click Add Selected, and then click Next Step. If you want to create a new user, specify the Username, First Name, Last Name, and Email attributes at the top of the screen, and click Create Users.

Identify users

In this step, you need to select a bundle of compute, operating system, storage, and applications for each of the users you added in the previous step. Then, specify the Root Volume and User Volume size for the selected bundles, and click Next Step.

Selecting a Windows 10 bundle

In the WorkSpaces Configuration step, specify Running Mode and Encryption.

For Running Mode, you can choose how you will run and pay for your WorkSpaces by selecting one of the following options:

• AlwaysOn: The WorkSpace is always up and running, giving you instant access to the WorkSpace. You are billed monthly for it.
• AutoStop: WorkSpaces starts automatically when you log in, and stops when no longer in use. When possible, AutoStop snapshots the desktop state to the root volume of the WorkSpace. When a user next logs in, their WorkSpace resumes its previous state, including the state of the programs and documents. You can specify idle time from 1–48 hours, after which the WorkSpaces are stopped.

For Encryption, you can specify whether you want to encrypt root volume, user volume, or both. If you would like to encrypt any of these volumes, you need to specify a KMS encryption key.

You can also specify tags to be assigned to the WorkSpaces you're trying to provision. Then, click Next Step.

WorkSpaces configuration

The last step is to review the configurations you've specified so far and click Launch WorkSpaces.

Review and launch WorkSpaces

Connect to the WorkSpace

Once the WorkSpace is provisioned, you will receive an email guiding you on how to log in to the WorkSpace.

WorkSpace Get Started email

When you click the link sent to your email to complete your user profile, you are redirected to a webpage where you can set your credentials.

Set WorkSpace credentials

Then, you are redirected to a page where you can download the client of your operating system.

Download MacOS client

Once the client is downloaded, you can install it in a Next > Next > Finish fashion.

Once installed, you can launch the WorkSpaces client, enter the registration code shared with you via email, and click Register.

Enter registration code

Finally, you can enter your credentials to sign in to the WorkSpace.

Log in to WorkSpaces

Once signed in, you can start interacting with the WorkSpace Desktop.

WorkSpace Desktop

Conclusion

In this article, we've gone through creating and connecting to Amazon WorkSpaces. If you have any further questions, please mention them in the comments.

DISCLAIMER: This article represents my own viewpoints and not those of my employer, Amazon Web Services.