Questions tagged with Amazon WorkSpaces
Content language: English
Sort by most recent
Our Workspaces users are located in a different timezone than our main office. Whenever Workspaces does its "Snapshots - A rebuild and restore snapshot is taken every 12 hours." the VM slows to a crawl and will stay that way for hours. Is there anyway to change when this task starts?
We are developing a small application specifically for Amazon Workspace with the WPS protocol. Is there any way we can know if the application is running in Amazon Workspace (with WPS protocol)?
Is it possible to know through the registry/config specifically for this environment?
Hello,
I have successfully installed and logged in to amazon workdocs drive on my virtual pc workspace using my workplace registration code, but when I try and install workdocs on my mac and it prompts me to log in, the option to log in using workspace registration code does not appear in the window. Only the option to log in with the workdocs URL which I do not have. Does anyone know where I am going wrong?
I am looking for a way to determine if a user should be on the all month plan or the hourly plan for their workspace. I think the break even point is 80 hours per month and then would make sense to convert them to the full month plan. The problem is that the reports I've gotten with the great script below don't display this information.
https://github.com/aws-samples/automate-reporting-on-amazon-workspaces-using-powershell/blob/master/New-WKSWorkSpacesReport.ps1
I need to know the hours per month a user's workspace is not in Stopped status. It could even be by the machine name or the workspace ID instead of the username. Any ideas?
Hello,
From the new interface how do we attach a cluster to an existing Workspace? In the old UI we could do this by clicking on the workspace but now clicking on it tries to start it. Thanks in advance
Hi,
I am looking to turn of the notifications to upgrade/update any software installed on my workspace. However this works on my workspace, but when I create an image out of it and launch a workspace for different user, this notification is ON again and I will be prompted to upgrade the apps installed in my workspace. Please help to resolve this. And let me know if you need any other details for the same
The Amazon workspace getting slow on a LAN connection and at the same time its working fine on a WiFi connection. What is the issue? Connection Health Check in that region was ACCEPTABLE 160ms.
A static website hosted in S3, served via CloudFront. Now, the website URL of dev environment is accessible over the internet by anyone, which seem to be a security risk. For that, am planning to enable Users authentication with Okta/ Cognito in the next phase.
In the meantime, have tried some workarounds like (1) restricting the application access with IP address/range, which is impossible because our users are accessing from AWS Workspace (dynamic IP range), (2) restricting with IAM user/role, which is also impossible because we do not have privileges to manage the IAM.
Apart from above, what are the possible alternatives to protect the application from anonymous access?
Also, I am not sure whether it is a severe application security issue. By any chance, leaving the website open to public access prone to Cross-Site Scripting (XSS) attacks or any other security threats?
There is no option for inviting the user again from the workspace console.
According to the Amazon Workspace Document, there will be a "send invite" option in invite user page.
For reference
https://docs.aws.amazon.com/workspaces/latest/adminguide/manage-workspaces-users.html
Thank you in advance
I have been having issues with the latest version of workspaces running on MS Windows 10. In some cases the Teradici PCOIP driver attempts to bind a UDP port to an interface which fails due to a permission denied error. The machine I was having issues with has several physical and virtual interfaces including OpenVPN TAP adapters and HyperV interfaces as well as VMWare virtual NICs, Ethernet and Wifi. The permission denied error occurred when attempting to bind to Wifi. The Teradici driver didn't attempt to use a different interface - instead the connection fails.
The target Workspace is running Amazon Linux 2 in the us-east-1 region. Disabling UDP transport didn't make any difference.
I was able to workaround the issue by disabling NICs when using Workspaces so that a usable NIC was always selected. I am not entirely sure how Teradici selects the NIC to bind to.
Is this a known issue and is there any chance of getting the problem resolved?
Hi,
I am currently working on a college project for a company along with my batchmates. Our team has been provided client access to AWS workspace but has been given only one user id. How can we ensure that each member of the team can work on the code simultaneously while ensuring that this doesn't affect the work of the other individual? Is there any way to duplicate the contents of this workspace and add users? Or can I add different users to the same workspace? Right now the issue is that since there is only 1 login credential, only 1 person can access the workspace at a time. Please suggest alternatives. Can we do something about this ourselves or do we need to talk to the company which has admin credentials?
I'm working on preventing DNS exfiltration in an environment that makes use of AWS Workspaces + Simple AD. The WorkSpaces don't need to resolve anything via private hosted zones. They do connect to services hosted on an EKS cluster in the same VPC, however they have public domain names.
The [Simple AD documentation](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/simple_ad_dns.html) reads to me that Simple AD would use our VPC's configured DNS Resolver:
> Simple AD forwards DNS requests to the IP address of the Amazon-provided DNS servers for your VPC.
I have AWS Network Firewall and AWS Domain Firewall configured - the EKS clusters DNS queries are correctly being filtered. However the AWS WorkSpaces can initiate a DNS request and the request bypasses the AWS DNS Firewall entirely (a DNS server outside the environment receives the request).
Some assumptions of mine:
> AWS Workspaces instances use Simple AD for configuration, and by default they use the Active Directory Domain Controller as their default DNS server. The Active Directory Controller isn't a machine we directly control, it is part of the managed simple active directory service from AWS.
What I think is happening is the Simple AD directory controller doesn't use our VPC configured resolver - and is recursively resolving the DNS query from the WorkSpace member instance. I'm assuming it isn't feasible to change the workspace instances to not use the domain controller's DNS server as they won't be able to join the domain? Is there any way of configuring the directory controller's behavior in this respect?
I tried creating an outbound DNS Resolver and associating it with the VPC via a DHCP option set, but that didn't impose our restrictions on the DNS queries coming from the Workspace instance.
The other thing I'm considering as a potential solution is upgrading from Simple AD to Microsoft AD. I understand this would provision two domain controllers within our VPC - which may be protected behind our network and dns firewall? I don't see why this would be different for Simple AD though? In any case, this AWS security blog certainly reads like MS AD can be make to work with the AWS DNS firewall - https://aws.amazon.com/blogs/security/protect-your-remote-workforce-by-using-a-managed-dns-firewall-and-network-firewall/
Appreciate any pointers!