I want to turn on internet access from my WorkSpace in Amazon WorkSpaces. How can I do that?
The method to turn on internet access from your WorkSpace differs depending on whether the WorkSpace is located in a private or public subnet. A public subnet sends outbound traffic directly to the internet using an internet gateway route. Instances in a private subnet access the internet using a network address translation (NAT) gateway that resides in the public subnet.
Important: The security group for your WorkSpaces must allow outbound traffic on ports 80 (HTTP) and 443 (HTTPS) to all destinations (0.0.0.0/0).
Turn on internet access from WorkSpaces located in a public subnet
A WorkSpace that's located in a public subnet must meet requirements to turn on internet access. The WorkSpace needs both a route to an internet gateway and a public IP address assignment.
- Create an internet gateway.
- Update the route tables for your public subnets. The default route (Destination 0.0.0.0/0) must target the internet gateway.
You can assign public IP addresses to your WorkSpaces automatically or manually.
Automatically assign public IP addresses
You can automatically assign public IP addresses to your WorkSpaces by turning on internet access on the WorkSpaces directory. After you turn on automatic assignment, each WorkSpace that you launch is assigned a public IP address. For instructions and more information, see Configure automatic IP addresses.
Note: WorkSpaces that already exist before you turn on automatic assignment don't receive an Elastic IP address until you rebuild them.
Manually assign public IP addresses
You can manually assign a public Elastic IP address using the Amazon Elastic Compute Cloud (Amazon EC2) console. For instructions, see How do I associate an Elastic IP address with a WorkSpace?
Turn on internet access from WorkSpaces located in a private subnet
If you use AWS Directory Service for Microsoft Active Directory, then configure the virtual private cloud (VPC) with one public subnet and two private subnets. You must configure your directory for the private subnets. To provide internet access to WorkSpaces in these private subnets, configure a NAT gateway in the public subnet.
- Create a NAT gateway.
- Update the route tables for the private subnets. The default route (Destination 0.0.0.0/0) must target the NAT gateway.
Provide internet access from your WorkSpace
Configure a VPC for WorkSpaces
Networking and access for WorkSpaces