When I turn on internet access for Amazon WorkSpaces using the AWS Management Console, I get an internet gateway error.
In addition to attaching the internet gateway to the WorkSpace VPC, the route tables of all WorkSpace subnets must route to the internet gateway. If any of the WorkSpace subnets aren’t public, then you receive the “Internet Gateway not attached to your Amazon VPC” error.
Identify WorkSpaces subnets
The Amazon WorkSpaces console displays only the subnets that are used to create the WorkSpaces directory. You can use the AWS Command Line Interface (AWS CLI) to view the subnets that are used to create WorkSpaces. If necessary, install and configure the AWS CLI.
Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.
Run the following command to retrieve the WorkSpaces SubnetIds. Replace REGIONCODE and d-directoryID with your environment details.
aws workspaces describe-workspace-directories --region REGIONCODE --directory-ids d-directoryID
Verify subnet route tables
For each SubnetId, verify the subnet route table. The subnets must be public. This means that the route table that's used by both subnets must have an entry for 0.0.0.0/0 traffic using an internet gateway.
Note: If both subnets use different route tables, then verify that both route tables have the entry for 0.0.0.0/0 traffic using an internet gateway.
For more information, see Add and remove routes from a route table.
Note: If both subnets use a NAT gateway in their route table configuration, then don't turn on the Access to Internet setting. Instead, the WorkSpace accesses the internet using the configured NAT gateway.
If the WorkSpace already existed before turning on Access to Internet, you must rebuild the WorkSpace before an Elastic IP address is automatically assigned.
Access the internet from a subnet in your VPC
Connect to the internet using an internet gateway
Provide internet access from your WorkSpace