In this post we are going to discuss about Amazon Workspaces and how you can automate the deployment.
But first let's have a brief introduction about that service.
Amazon WorkSpaces is a cloud-based virtual desktop service that allows you to provision virtual desktops in the cloud and access them from anywhere. It provides a fully managed, secure, and scalable desktop computing environment without the need for you to manage any hardware or software and you can access the desktop from any supported device.
WorkSpaces requirements
In order to deploy Amazon Workspaces a few things need to be in place.
- Active Directory to authenticate users and provide access to their WorkSpace. This can be AWS Managed Microsoft AD or On-premises AD. Or you can use an AWS AD Connector that will act as a proxy service for an existing Active Directory. If you're using AWS Managed Microsoft AD or Simple AD, your directory can be in a dedicated private subnet, as long as the directory has access to the VPC where the WorkSpaces are located. (To allow WorkSpaces to use an existing AWS Directory Service, you must first register it with WorkSpaces. After you register a directory, you can start launching WorkSpaces.)
- VPC You’ll need a minimum of two subnets for an Amazon WorkSpaces deployment because each AWS Directory Service construct requires two subnets in a multi-AZ deployment.
For more details about the requirements and deployments scenarios, you may refer to this link:
Assumptions
In this guide we are going to focus on Automating the Workspaces deployment and AD configuration is out of scope. We are going to consider that AD and users are already configured.
Directory Registration
The first step is to register the Directory in Amazon Workspaces.
In the AWS Console click on Workspaces and then Directories, on the left.
Select your Directory, Click on Actions and then Register
Now, you have to select 2 subnets in your Workspaces VPC and click on Register again.
The Directory Registration process has begun and few minutes later the Registered status will be shown as True.
Service Catalog Configuration
Clone the following Github repo to your PC.
Amazon Workspaces.
It contains 2 files:
- workspaces.yaml
- sc-workspaces.yaml
- Update the required values in workspaces.yaml (pDirectory, pUsername, pEncryptionKey, pWorkstationType) and then upload it, in your artefacts bucket (or a S3 bucket of your choice)
- Update sc-workspaces.yaml with the S3 URL for that file
- In AWS console, navigate to Cloudformation and deploy sc-workspaces.yaml
When deployment is complete, you are going to have a new Portfolio and Product in the Service Catalog.
Workspaces Deployment
Now you are ready to deploy your first Workspace by using SC.
Under Products, select Workspaces and lick on Launch Product
Select your product version (There will be just one. More will be visible if you update the CF template in the future)
Fill any required values and click Launch Product
(In WorkSpace User field enter the AD username of the Workspace owner. That user must exist in AD)
In the next screen you can now see that Service catalog has started provisioning your Workspace.
You can also check the progress in Cloudformation
Wait for a few minutes and then in AWS Console, click on Workspaces. Your newly provisioned workspace will now be visible
Click on the workspace to view it's details and take a note of the Registration Code, as you are going to need it at the next step
Connect to your Workspace
- Download the Amazon Workspaces Client
- Run the client, enter the Registration Code and click Continue
Now enter the AD Username and Password and click on Sign In
You have now successfully logged in your Amazon Workspace
Terminate your Workspace
- In Service Catalog click on Provisioned Products.
- Select the Workspace that you want to Terminate
- Click on Actions and select Terminate
Top comments (2)
really great post
Data governance involves the management and control of an organization's data assets, ensuring their quality, security, compliance, and effective use across the organization and use papersessays.com/ site for quality work. Amazon DataZone is a service offered by AWS that helps organizations establish and enforce data governance policies, monitor data usage, and maintain data quality.
Some comments have been hidden by the post's author - find out more