Amazon WorkSpaces PCoIP Gateway IP Ranges
Amazon WorkSpaces now uses a smaller range of EC2 public IP addresses for its PCoIP gateway servers that will enable customers to set more finely grained firewall policies for devices accessing WorkSpaces. The Amazon WorkSpaces service uses the PCoIP gateway to stream the desktop session to its client applications over port 4172.
Please find below the public IP ranges for the WorkSpaces PCoIP gateway servers in each region.
US East (N. Virginia): 52.23.61.0 - 52.23.62.255
US West (Oregon): 54.244.46.0 - 54.244.47.255
EU (Ireland): 52.19.124.0 - 52.19.125.255
Asia Pacific (Singapore): 52.76.127.0 - 52.76.127.255
Asia Pacific (Sydney): 54.153.254.0 - 54.153.254.255
Asia Pacific (Tokyo): 54.250.251.0 - 54.250.251.255
Please note, that the Amazon WorkSpaces client applications also performs a network health check over port 4172 to validate if TCP/UDP traffic will traverse from the client application to the WorkSpaces production servers. To enable a successful network health check on the WorkSpaces client application, the firewall policies will have to take into account the regional network health check servers below.
US East (N. Virginia): drp-iad.amazonworkspaces.com
US West (Oregon): drp-pdx.amazonworkspaces.com
EU (Ireland): drp-dub.amazonworkspaces.com
Asia Pacific (Singapore): drp-sin.amazonworkspaces.com
Asia Pacific (Sydney): drp-syd.amazonworkspaces.com
Asia Pacific (Tokyo): drp-nrt.amazonworkspaces.com
For details on system architecture please review the Amazon WorkSpaces Administrative Guide.