By using AWS re:Post, you agree to the Terms of Use

Can I use Private AMI to create a base image for Appstream application ?

0

Can I use Private Windows server image (AWS AMI) for creating a base image for an Appstream application? Due to company security policy I do not want to use 'standard' AWS Windows server images available in Appstream 2.0 to build the Appstream application but would like to use secure Windows server images (AMI).

Thanks
SJ

Edited by: SJ on Aug 28, 2019 4:40 AM

asked 3 years ago120 views
5 Answers
0

SJ,

AppStream 2.0 images cannot be based on private AMIs. Due to the specialized nature of application streaming, AppStream 2.0 Fleets must be based on AppStream 2.0 Images. It is possible to start an Image Builder from a publicly available AppStream 2.0 base Image, apply the security settings required by company security policy, and then create a private AppStream 2.0 Image to use as the base for future Image Builders. Keep in mind that the private AppStream 2.0 Image will need to be maintained periodically to ensure adherence to patching standards outlined by the company security policy.

Thank you,

Kellie (AWS)

answered 3 years ago
0

Kellie,
Thanks for your prompt response. I have suggested Appstream 2.0 to an enterprise client.

1.Is there a security deck or an AWS presentation (security focused) that I can use ? I have been asked my a large enterprise client about the security of using Appstream 2.0. This client uses its private Windows 2012 and 2016 images as EC2 Instances.

  1. Can I connect to my Appstream 2.0 server as an Admin and apply regular patches/settings etc that the security department Admin would - Business As Usual?

Thanks Again
SJ

Edited by: SJ on Aug 28, 2019 9:43 AM

answered 3 years ago
0

SJ,

I do not have any prepared presentations around security. The AppStream 2.0 networking, access, and security documentation can be found here:
https://docs.aws.amazon.com/appstream2/latest/developerguide/update-fleets-new-image.html

AppStream 2.0 fleet instances are designed to be single use, so changes made directly to the instances would be lost after a user ends the session. To make changes to AppStream 2.0 fleet instances, such as patching, you would create a new private image, either from an existing image builder, or from an image builder created from an existing image, that contains the updates required. That image is then applied to a fleet, at which point new fleet instances will be created from that image. Unused fleet instances are replaced periodically, while in use fleet instances terminated and replace, based on scaling policies, when the active user session ends.
https://docs.aws.amazon.com/appstream2/latest/developerguide/update-fleets-new-image.html

Hopefully that helps,
Kellie (AWS)

answered 3 years ago
0

Correction, the AppStream 2.0 networking, access, and security documentation can be found here:
https://docs.aws.amazon.com/appstream2/latest/developerguide/managing-network.html

Kellie (AWS)

answered 3 years ago
0

Thanks, Kellie

I will go over the docs.

Regards
SJ

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions