I want to turn on internet access from my Amazon WorkSpaces Personal WorkSpace.
Resolution
Prerequisites: The security group for your WorkSpaces Personal must allow outbound traffic on all ports to all destinations (0.0.0.0/0). The network access control list (network ACL) must allow all outbound traffic (0.0.0.0/0) and allow inbound traffic on the ephemeral ports. Make sure that your security, networking, firewall, antivirus software, and group policies don't block outbound traffic to the internet.
Turn on internet access from a WorkSpace located in a public subnet
A public subnet uses an internet gateway to send outbound traffic directly to the internet. The WorkSpace must have a route to an internet gateway and a public IP address. To set up a route to an internet gateway, complete the following steps:
- Create an internet gateway.
- Update the route tables for your public subnets. The default route (destination 0.0.0.0/0) must use the internet gateway as a target.
You can assign public IP addresses to your WorkSpace automatically or manually:
Turn on internet access from a WorkSpace located in a private subnet
WorkSpaces in a private subnet use a network address translation (NAT) gateway that's in the public subnet to access the internet.
To provide internet access to WorkSpaces in the private subnets, configure a NAT gateway in the public subnet:
- Create a NAT gateway in a public subnet.
Or, to create a single internet exit point for multiple virtual private cloud (VPCs), use AWS Transit Gateway instead.
- Update the route tables for the private subnets. The default route (Destination 0.0.0.0/0) must target the NAT gateway.
Related information
Provide internet access for WorkSpaces Personal
Configure a VPC for WorkSpaces Personal
Networking and access for WorkSpaces Personal