By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Setup aws Workspace Web | Provide Internet Access to browser

0

Hello everyone,

i started my first experience with the aws workspaces web service.

Unfortunately i got on stuck by providing public internet access for the web browser for my users.

The following setup is used for the aws workspace web:

Region:us-east

VPC

Default-VPC | IPv4-CIDR: 10.0.0.0/16

Subnets

Subnet: Projekt-subnet-public1-us-east-1a | 10.0.0.0/20

Subnet: Projekt-subnet-public2-us-east-1b | 10.0.16.0/20

Routing Tabelle

Route 1: 0.0.0.0/0 Taget: Internet-gateway (igw-01e90550984c1ee69)

Route 2: 0.0.0.0/16 Target: Local

For the Setup of the Workspace Web i didn't used any filter for allowed or blocked url´s also the traffic in the security group is allowed * inbound and outbound.

As an secondary test i used the same subnets separate for a EC2 instance of a windows server machine and everything works fine?

Does someone have an idea why the access over the internet inside the aws workspace web could not work?

If i need to provide more information please tell me.

Please be kind its the first time i am using aws and also aws workspace web.

thanks in advance for any help!

5 Answers
1

In order for your instances to access the internet based on how you've set this up, they would require public IPv4 addresses to be assigned to them. Workstations or desktops for everyday users should not be exposed to the internet directly like this.

What you should do instead in this case is this:

  • Setup a NAT gateway in the public subnet.
  • Setup a private subnet and put your instances in it
  • Then configure the private subnet route table 0.0.0.0/0 to the NAT gateway.
AWS
answered a year ago
profile picture
EXPERT
reviewed a year ago
0

Your WorkSpaces must have access to the internet so that you can install updates to the operating system and deploy applications. You can use one of the following options to allow your WorkSpaces in a virtual private cloud (VPC) to access the internet.

Options

  • Launch your WorkSpaces in private subnets and configure a NAT gateway in a public subnet in your VPC.
  • Launch your WorkSpaces in public subnets and automatically or manually assign public IP addresses to your WorkSpaces.

For more information about these options, see the corresponding sections in Configure a VPC for WorkSpaces.

With any of these options, you must ensure that the security group for your WorkSpaces allows outbound traffic on ports 80 (HTTP) and 443 (HTTPS) to all destinations (0.0.0.0/0).

You can also use this link https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-internet-access.html

profile picture
EXPERT
answered a year ago
0

Hi, interesting post here, thank you all for participating

I am experiencing the same issue as the original poster. It appears your links are referencing Workspaces and not Workspaces Web. Maybe I am misunderstanding but these two services are different in the fact that Workspaces needs instances for full virtual desktops and Workspaces Web do not require instances, it is a simple web browser offered and no other functionality.

I understand Workspaces have been around for a while while Workspaces Web is a newer service offering. Can someone kindly clarify if they are different in setup and how they fundamentally work?

This webinar says its for cases when you need access to internal resources but it stands to reason that you can simply get to external websites if you have your VPC configured with a public IPv4 address in a NAT gateway

https://www.youtube.com/watch?v=lIQJd_heHtw

answered a year ago
0

Hi, i was facing the similar issue of No public internet access in workspace web. Now i got it resolved using two steps.

Step 1 - (Thanks Gary from Above post).

    1. Setup a NAT gateway in the public subnet.
    1. Setup a private subnet and put your instances in it
    1. Then configure the private subnet route table 0.0.0.0/0 to the NAT gateway.

Step 2:

DHCP Options to enable the DNS services with accessible DNS servers. (this was the one i got trouble for some as i had two DHCP option set and wrong one was assigned VPC during problem time).

Now All good , URL filter is used to manage the required public web sites.

answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions