AppStream 2.0 images cannot be based on private AMIs. Due to the specialized nature of application streaming, AppStream 2.0 Fleets must be based on AppStream 2.0 Images. It is possible to start an Image Builder from a publicly available AppStream 2.0 base Image, apply the security settings required by company security policy, and then create a private AppStream 2.0 Image to use as the base for future Image Builders. Keep in mind that the private AppStream 2.0 Image will need to be maintained periodically to ensure adherence to patching standards outlined by the company security policy.
Thanks for your prompt response. I have suggested Appstream 2.0 to an enterprise client.
1.Is there a security deck or an AWS presentation (security focused) that I can use ? I have been asked my a large enterprise client about the security of using Appstream 2.0. This client uses its private Windows 2012 and 2016 images as EC2 Instances.
- Can I connect to my Appstream 2.0 server as an Admin and apply regular patches/settings etc that the security department Admin would - Business As Usual?
Edited by: SJ on Aug 28, 2019 9:43 AM
I do not have any prepared presentations around security. The AppStream 2.0 networking, access, and security documentation can be found here:
AppStream 2.0 fleet instances are designed to be single use, so changes made directly to the instances would be lost after a user ends the session. To make changes to AppStream 2.0 fleet instances, such as patching, you would create a new private image, either from an existing image builder, or from an image builder created from an existing image, that contains the updates required. That image is then applied to a fleet, at which point new fleet instances will be created from that image. Unused fleet instances are replaced periodically, while in use fleet instances terminated and replace, based on scaling policies, when the active user session ends.
Hopefully that helps,
Correction, the AppStream 2.0 networking, access, and security documentation can be found here:
I will go over the docs.
Does Image Builder supports creating an image from a Marketplace AMI?asked 8 months ago
Is there a way to force load earlier versions of Office Apps in AppStream Image BuilderAccepted Answerasked 5 months ago
How can I get the Image ID after importing a disk image?asked a year ago
Does Image Builder support build and test an image in a private VPC subnet without internet access?Accepted Answerasked 7 months ago
AppStream 2.0 - Access Control for different users and monitoringAccepted Answerasked 3 years ago
In Appstream, Windows server 2019 base image is available with Office 365 ?Accepted Answerasked 4 months ago
Windows Server image migration in appstream from Windows Server 2012 R2 to 2016 or 2019.Accepted Answerasked 5 months ago
Do Windows WorkSpaces and AppStream qualify for FSLogix by default?Accepted Answerasked 2 years ago
Certificate private key is not available in the snapshot image in AppStreamasked 5 months ago
Can I use Private AMI to create a base image for Appstream application ?asked 3 years ago