AWS WorkSpaces – Modern Desktop

AWS WorkSpaces

Amazon WorkSpaces is a fully managed desktop computing service in the cloud that allows its customers to provide cloud-based desktops to their end-users. In other word, WorkSpaces is a cloud-based virtual desktop that can act as a replacement for a traditional desktop.

End users can access the documents, applications, and resources that are hosted in AWS WorkSpaces using devices of their choice such as laptops, iPad, Kindle Fire, or Android tablets. This service was launched to meet its customers rising demand for Cloud based ‘Desktop as a Service’ (DaaS).

Working Principle of AWS WorkSpaces

  • Each WorkSpace is a persistent Windows Server 2008 R2 instance that looks like Windows 7, hosted on the AWS cloud.
  • Desktops are streamed to users via PCoIP and the data backed up will be taken on every 12 hours by default.
  • WorkSpaces client application needs supported client device (PC, Mac, iPad, Kindle Fire, or Android tablet), and an Internet connection with TCP ports 443 & 4172, and UDP port 4172 open
  • They have to download a free Amazon WorkSpaces client application for their device.


  • Users can login into their WorkSpace using their own credentials set when the instances are provisioned.
  • WorkSpaces service integrates with existing Active Directory domain, users will sign in with their regular Active Directory credentials.
  • WorkSpaces also integrates with existing RADIUS server to enable multi-factor authentication (MFA).
  • VPC Security groups to limit access to resources in the network or the Internet from the WorkSpaces.
  • Access Amazon WorkSpaces can be restricted based on the client OS type, and using digital certificates.
  • IP Access Control Group enables configuration of trusted IP addresses that are permitted to access the WorkSpaces.
  • WorkSpaces supports root volume and user volume encryption.
  • WorkSpaces uses EBS volumes that can be encrypted on WorkSpace creation, providing encryption for data stored at rest, disk I/O to the volume, and snapshots created from the volume.
  • WorkSpaces integrates with the AWS KMS service to allow you to specify the keys you want to use to encrypt the volumes.


  • User volume is backed up every 12 hours and if the WorkSpace fails, AWS can restore the volume from the backup

AWS WorkSpaces Application Manager

  • WAM offers a fast, flexible, and secure way for you to deploy and manage applications for Amazon WorkSpaces.
  • WAM accelerates software deployment, upgrades, patching, and retirement by packaging Microsoft Windows desktop applications into virtualized application containers that run as though they are natively installed.

Best practices

  • WorkSpaces launches the WorkSpaces in a VPC. If using AWS Directory Service to create an AWS Managed Microsoft or a Simple AD, it is recommended configure the VPC with one public subnet and two private subnets.
  • To provide internet access to WorkSpaces in a private subnet, configure a NAT gateway in the public subnet. Configure the directory to launch the WorkSpaces in the private subnets.

AWS Certification Examination & Practice Questions

The questions are collected from the Internet. The answers are based on my experience. Please apply your idea before you select the answers.

Your company is planning on testing out AWS WorkSpaces for their account. They are going to allocate a set of workstations with static IP addresses for this purpose. They need to ensure that only these IP addresses have access to Amazon WorkSpaces. How can you achieve this?

A. Specify the IP addresses in the Security Group
B. Create an IP access control group
C. Place a WAF in front of AWS WorkSpaces
D. Specify the IP addresses in the NACL

Reading reference for AWS Certifications

AWS WorkSpaces Documentation and Guide

If you find this article useful, feel free to share and give a like. Your comment is my inspiration. To read more such articles, please click here.

Amazon Kinesis AMI Automation AWS AWS AppStream 2.0 AWS Backup aws certifications aws certifications catalog AWS EBS AWS Elastic Transcoder AWS IAM AWS Sagemaker aws services AWS SES aws support aws swf AWS WorkSpaces AWS X-Ray Azure Cost Management Best Practices chage command Linux Cloud Computing Cloud Migration Data Science DNS Edge Computing Fog Computing Interview Preparation Jenkins Kubernetes Linux Linux User Management Microsoft Azure OSI Model Python R sample questions Server Hardening Supercomputer WordPress