Workspaces - IP Restriction and Access via Corporate VPN

0

We have few AWS Workspaces instances and we have enabled IP restrictions so that they can only be accessed from our office network, however now there is a need for for some remote users to accesss these instances, we obviously can not whitelist their ip address as their home broadband ip will change, so we wanted them to login via the company vpn to access these resources, in order for us to route the aws traffic through the corporate vpn we need to know what ip or urls we need to route to our corporate vpn so that all aws traffic will be routed through our corporate IP for these users.

asked 17 days ago25 views
2 Answers
0

Havent you already done this? Or are you using Split Tunnels?

All the information is here and requires "Internet" access https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port-requirements.html

What you can do however is to PROXY the client to an internal proxy server and then you have already restricted the Workspace to your corporate network

profile picture
EXPERT
answered 17 days ago
0

If split tunnelling is enabled, forward all Amazon WorkSpaces client traffic (from the link Gary provided) via the VPN to the gateway that is allow listed on the Amazon WorkSpaces Directory. Proxying rather than routing the traffic may not work and is likely cause performance issues. The issue with split tunnelling without rules is the source IP address will be your users local internet IP. Another option is to use SAML 2.0 based authentication and configure your IdPs risk based policies to allow/deny login based on policy.

AWS
answered 17 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions