- Newest
- Most votes
- Most comments
Havent you already done this? Or are you using Split Tunnels?
All the information is here and requires "Internet" access https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port-requirements.html
What you can do however is to PROXY the client to an internal proxy server and then you have already restricted the Workspace to your corporate network
If split tunnelling is enabled, forward all Amazon WorkSpaces client traffic (from the link Gary provided) via the VPN to the gateway that is allow listed on the Amazon WorkSpaces Directory. Proxying rather than routing the traffic may not work and is likely cause performance issues. The issue with split tunnelling without rules is the source IP address will be your users local internet IP. Another option is to use SAML 2.0 based authentication and configure your IdPs risk based policies to allow/deny login based on policy.
Relevant content
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago