- EC2 Image Builder: Build your golden VM images on AWS - Wed, Jan 19 2022
- Configuring DFS Namespaces for Amazon FSx for Windows file servers - Fri, Jan 7 2022
- AWS Systems Manager Session Manager: Securely connect EC2 instances - Wed, Dec 22 2021
Amazon WorkSpaces has the following key features:
- Secure Cloud WorkSpace is accessible from any device using the WorkSpaces Client App
- Persistent secure cloud storage
- Integrates with existing identity and access management systems, such as Active Directory and RADIUS, to enable multifactor authentication (MFA)
- Control access to WorkSpaces using Security Groups and host-based firewalls, and restrict access from certain IPs or devices
- Bring your own licenses for Windows 10 machines
- Data encryption at rest
The prerequisites are as follows:
- Create a dedicated VPC for WorkSpaces with at least two subnets.
- Create an AWS-managed Microsoft AD, Simple AD, or AD Connector for the on-premises AD on the VPC mentioned in the previous point.
- If you want the workspaces to be accessible via the public Internet, create public subnets. If you want the workspaces to be accessed privately, create private subnets.
Create a WorkSpace
To create a workspace, navigate to the Amazon WorkSpaces Console.
Click Launch WorkSpace.
On the next screen, you are prompted to select a directory. If you haven't registered your AD yet, you can register it on this screen by selecting the subnets and enabling self-service permissions. Then, click Next Step.
In the Identify Users step, you can specify the AD users to whom you want to grant permissions to access this workspace. You can just search for the user in AD, then select it, click Add Selected, and then click Next Step. If you want to create a new user, specify the Username, First Name, Last Name, and Email attributes at the top of the screen, and click Create Users.
In this step, you need to select a bundle of compute, operating system, storage, and applications for each of the users you added in the previous step. Then, specify the Root Volume and User Volume size for the selected bundles, and click Next Step.
In the WorkSpaces Configuration step, specify Running Mode and Encryption.
For Running Mode, you can choose how you will run and pay for your WorkSpaces by selecting one of the following options:
- AlwaysOn: The WorkSpace is always up and running, giving you instant access to the WorkSpace. You are billed monthly for it.
- AutoStop: WorkSpaces starts automatically when you log in, and stops when no longer in use. When possible, AutoStop snapshots the desktop state to the root volume of the WorkSpace. When a user next logs in, their WorkSpace resumes its previous state, including the state of the programs and documents. You can specify idle time from 1–48 hours, after which the WorkSpaces are stopped.
For Encryption, you can specify whether you want to encrypt root volume, user volume, or both. If you would like to encrypt any of these volumes, you need to specify a KMS encryption key.
You can also specify tags to be assigned to the WorkSpaces you're trying to provision. Then, click Next Step.
The last step is to review the configurations you've specified so far and click Launch WorkSpaces.
Connect to the WorkSpace
Once the WorkSpace is provisioned, you will receive an email guiding you on how to log in to the WorkSpace.
When you click the link sent to your email to complete your user profile, you are redirected to a webpage where you can set your credentials.
Then, you are redirected to a page where you can download the client of your operating system.
Once the client is downloaded, you can install it in a Next > Next > Finish fashion.
Once installed, you can launch the WorkSpaces client, enter the registration code shared with you via email, and click Register.
Finally, you can enter your credentials to sign in to the WorkSpace.
Once signed in, you can start interacting with the WorkSpace Desktop.
In this article, we've gone through creating and connecting to Amazon WorkSpaces. If you have any further questions, please mention them in the comments.
Subscribe to 4sysops newsletter!
DISCLAIMER: This article represents my own viewpoints and not those of my employer, Amazon Web Services.