Deploy Amazon Workspaces using Service Catalog

In this post we are going to discuss about Amazon Workspaces and how you can automate the deployment.

But first let's have a brief introduction about that service.

Amazon WorkSpaces is a cloud-based virtual desktop service that allows you to provision virtual desktops in the cloud and access them from anywhere. It provides a fully managed, secure, and scalable desktop computing environment without the need for you to manage any hardware or software and you can access the desktop from any supported device.

WorkSpaces requirements

In order to deploy Amazon Workspaces a few things need to be in place.

• Active Directory to authenticate users and provide access to their WorkSpace. This can be AWS Managed Microsoft AD or On-premises AD. Or you can use an AWS AD Connector that will act as a proxy service for an existing Active Directory. If you're using AWS Managed Microsoft AD or Simple AD, your directory can be in a dedicated private subnet, as long as the directory has access to the VPC where the WorkSpaces are located. (To allow WorkSpaces to use an existing AWS Directory Service, you must first register it with WorkSpaces. After you register a directory, you can start launching WorkSpaces.)
• VPC You’ll need a minimum of two subnets for an Amazon WorkSpaces deployment because each AWS Directory Service construct requires two subnets in a multi-AZ deployment.

For more details about the requirements and deployments scenarios, you may refer to this link:

Best Practices for Deploying Amazon WorkSpaces

Assumptions

In this guide we are going to focus on Automating the Workspaces deployment and AD configuration is out of scope. We are going to consider that AD and users are already configured.

Directory Registration

The first step is to register the Directory in Amazon Workspaces.
In the AWS Console click on Workspaces and then Directories, on the left.
Select your Directory, Click on Actions and then Register

Now, you have to select 2 subnets in your Workspaces VPC and click on Register again.

The Directory Registration process has begun and few minutes later the Registered status will be shown as True.

Service Catalog Configuration

Clone the following Github repo to your PC.
Amazon Workspaces.
It contains 2 files:

1. workspaces.yaml
2. sc-workspaces.yaml

• Update the required values in workspaces.yaml (pDirectory, pUsername, pEncryptionKey, pWorkstationType) and then upload it, in your artefacts bucket (or a S3 bucket of your choice)
• Update sc-workspaces.yaml with the S3 URL for that file
• In AWS console, navigate to Cloudformation and deploy sc-workspaces.yaml

When deployment is complete, you are going to have a new Portfolio and Product in the Service Catalog.

Workspaces Deployment

Now you are ready to deploy your first Workspace by using SC.
Under Products, select Workspaces and lick on Launch Product

Select your product version (There will be just one. More will be visible if you update the CF template in the future)

Fill any required values and click Launch Product
(In WorkSpace User field enter the AD username of the Workspace owner. That user must exist in AD)

In the next screen you can now see that Service catalog has started provisioning your Workspace.

You can also check the progress in Cloudformation

Wait for a few minutes and then in AWS Console, click on Workspaces. Your newly provisioned workspace will now be visible

Click on the workspace to view it's details and take a note of the Registration Code, as you are going to need it at the next step

Connect to your Workspace

• Download the Amazon Workspaces Client
• Run the client, enter the Registration Code and click Continue

Now enter the AD Username and Password and click on Sign In

You have now successfully logged in your Amazon Workspace

Terminate your Workspace

• In Service Catalog click on Provisioned Products.
• Select the Workspace that you want to Terminate
• Click on Actions and select Terminate