Amazon AppStream 2.0 is now generally available

Try Amazon AppStream 2.0 for Free

The Amazon AppStream 2.0 Free Tier provides a free admin experience for getting started, and includes usage of stream.standard.large image builder instance for 40 hours per month up to two months.

View AWS Free Tier Details »


Q: What is Amazon AppStream 2.0?

Amazon AppStream 2.0 is a fully managed application streaming service that provides users instant access to their desktop applications from anywhere, on any connected device. Amazon AppStream 2.0 simplifies application management, improves security, and reduces costs by moving a company’s applications from their users’ physical devices to the AWS Cloud. The Amazon AppStream 2.0 streaming protocol provides users a responsive, fluid performance that is almost indistinguishable from a natively installed application. With Amazon AppStream 2.0, organizations can realize increased flexibility, improved scalability, and the agility to support a broad range of compute and storage requirements for their applications.

Q: What's the difference between the original Amazon AppStream and Amazon AppStream 2.0?

Amazon AppStream 2.0 is the next generation desktop application streaming service from AWS. Amazon AppStream was an SDK-base service that customers could use to set up their own streaming service with DIY engineering. Amazon AppStream 2.0 provides a fully managed streaming service with no DIY effort. Amazon AppStream 2.0 offers a greater range of instance types, streams desktop applications to HTML5 browsers with no plugins required, simplifies application lifecycle management, and allows your apps to access services in your VPC.

Q: What is happening to the original Amazon AppStream service?

Amazon AppStream 2.0 is the next generation application streaming service from AWS. If you are currently using Amazon AppStream and you’d like to migrate to Amazon AppStream 2.0, please contact AWS Support.

Q: Can I continue to use the original Amazon AppStream service?

Yes. You can continue using the original Amazon AppStream service. However, we recommend using Amazon AppStream 2.0, the next generation desktop application streaming service from AWS. 

Q: Where can I find more information about Amazon AppStream?

You can learn more about the service at Amazon AppStream

Q: What are the benefits of streaming over rendering content locally?

Interactively streaming your application from the cloud provides several benefits: 

Instant-on: Streaming your application with Amazon AppStream 2.0 lets your users start using your application immediately, when using an image builder or Always-On fleet, without the delays associated with large file downloads and time-consuming installations.

Remove device constraints: You can leverage the compute power of AWS to deliver experiences that wouldn’t normally be possible due to the GPU, CPU, memory, or physical storage constraints of local devices.

Multi-platform support: You can take your existing applications and start streaming them to browsers on any device without any modifications.

Easy updates: Because your application is centrally managed by Amazon AppStream 2.0, updating your application is as simple as providing a new version of your application to Amazon AppStream 2.0. That's all you need to do to immediately upgrade all your users, without any action on their part.

Improved security: Unlike traditional boxed software and digital downloads, where your application is available for theft or reverse engineering, Amazon AppStream 2.0 stores and executes your application securely in AWS data centers, and only provides an interactive pixel stream to users.

Q: Do some applications work better with Amazon AppStream 2.0 than others?

Many types of applications work well as streaming applications, including CAD, CAM, CAE, 3D modeling, simulation, games, video and photo-editing software, medical imaging, and life sciences applications. These applications benefit most from streaming because the application runs on the vast computational resources of AWS, yet your users can interact with the application using low-powered devices, with very little noticeable change in application performance.

Q: Does Amazon AppStream 2.0 support microphones?

Yes. Amazon AppStream 2.0 supports most analog and USB microphones, including built-in microphones.

Q: How do users enable audio input in an Amazon AppStream 2.0 streaming session?

Users enable audio input from the Amazon AppStream 2.0 toolbar by selecting the Settings icon and selecting Enable Microphone.

Q: What browser support audio-input in an Amazon AppStream 2.0 session?

Most popular HTML5 compliant browsers support audio-input in Amazon AppStream 2.0 session, including Chrome, Edge, and Firefox. Microsoft Internet Explorer 11 (IE11) does not support audio-input, and the microphone option will not appear on the Amazon AppStream 2.0 toolbar in streaming sessions running in IE11.

Q: Does Amazon AppStream 2.0 support a 3D mouse?

Amazon AppStream 2.0 does not currently support 3D mouse.

Q: What does a user need to access applications streamed from Amazon AppStream 2.0?

A user needs to have applications set up by an administrator, a modern web browser that can support HTML5, a broadband Internet connection with at least 1 Mbps capability, and outbound access to the Internet via HTTPS (443).

Q: Can my Amazon AppStream 2.0 applications run offline?

No. Amazon AppStream 2.0 requires a sustained Internet connection to access your applications.

Q: What does Amazon AppStream 2.0 manage on my behalf?

Streaming resources: Amazon AppStream 2.0 launches and manages AWS resources to host your application, deploys your application on those resources, and scales your application to meet client demand.

Simplified app management: Amazon AppStream 2.0 delivers the latest version of an application instantly to users, and eliminates the pain of patching and updating applications on every end-user device. Because your application is centrally managed by Amazon AppStream 2.0, updating your application is as simple as providing a new version of your application to Amazon AppStream 2.0. Applications can be assigned to users dynamically and removed instantly at any time, improving business flexibility and reducing costs.


Q: What is Amazon AppStream 2.0 Try It Now?

Amazon AppStream 2.0 Try It Now is a low-friction, setup-free trial experience for the Amazon AppStream 2.0 service. Try It Now allows any AWS customer to instantly launch and interact with popular desktop applications from their browser.

Q: What do I need to start using Try It Now?

You need an AWS account and a broadband Internet connection with at least 1 Mbps bandwidth to use Try It Now. You also need a browser capable of supporting HTML5.

Q: Will I be charged for using Try It Now?

You won’t be charged any AWS fees for using Try It Now. However, you may incur other fees such as Internet or broadband charges to connect to the Try It Now experience.

Q: What applications can I use with Try It Now?

Try It Now includes popular productivity, design, engineering, and software development applications running on Amazon AppStream 2.0 for you to try. To see the full list of available applications, go to the Try It Now catalog page after signing in with your AWS account.

Q: How long can I stream applications via Try It Now?

You can stream the applications included in Try It Now for up to 30 minutes. At the end of 30 minutes, your streaming session is automatically terminated and any unsaved data will be deleted.

Q: Can I save files within Try It Now?

You can save files to your Amazon AppStream 2.0 session storage and download them to your client device before your streaming session ends. Your files are not saved when you disconnect from your Try It Now session, or when your session ends, and any unsaved data will be deleted.

Q: Can I submit an application to be included in Try It Now?

Yes. You can submit a request to include your application in Try It Now. After your request is received, AWS usually reviews the request and responds within 10 business days.


Q: How do I get started with Amazon AppStream 2.0?

You can begin using Amazon AppStream 2.0 by visiting the AWS Management Console, or by using the AWS SDK. You can access the Getting Started guide here

Q: What resources do I need to set up to stream my applications using Amazon AppStream 2.0?

You need to create an Amazon AppStream 2.0 stack in your AWS account to start streaming applications to your users. A stack includes a fleet of Amazon AppStream 2.0 instances that executes and streams applications to end users. Each instance is launched using an Amazon AppStream 2.0 image containing your applications, and uses an instance type that you select for your fleet. To learn more about Amazon AppStream 2.0 resources, please visit this page.

Q: How do I create an Amazon AppStream 2.0 image to import my applications?

You can create an Amazon AppStream 2.0 image using Image Builder via the AWS Management Console. Image Builder allows you to install and test your applications just as you would with any Windows desktop, and then create an image. You can complete all the install, test, and creation steps for the image without leaving the console.

Q: What instance types are available to use with my Amazon AppStream 2.0 fleet?

Amazon AppStream 2.0 provides a menu of instance types for configuring a fleet or an image builder. You can select the instance type that best matches your applications and end-user requirements. You can choose from General Purpose, Compute Optimized, Memory Optimized, Graphics Design, Graphics Desktop, or Graphics Pro instance families.

Q: Can I change an instance type after creating a fleet?

Yes. You can change your instance type after you have created a fleet. To change the instance type, you will need to stop the fleet, edit the instance type, and then start the fleet again. For more information, see Set up AppStream 2.0 Stacks and Fleets.

Q: Can I connect Amazon AppStream 2.0 instances to my VPC?

Yes. You can choose the VPCs to which your Amazon AppStream 2.0 instances (fleet and image builders) connect. When you create your fleet, or launch Image Builder, you can specify one or more subnets in your VPC. If you have a VPC with a VPN connection to your on-premises network, then Amazon AppStream 2.0 instances in your fleet can communicate with your on-premises network. You retain the usual control you have over network access within your VPC, using all the normal configuration options such as security groups, network access control lists, and routing tables. For more information about creating a VPC and working with subnets, see Working with VPCs and Subnets.


Q: How can I create images with my own applications?

You can use Amazon AppStream 2.0 Image Builder to create images with your own applications. To learn more, please visit the tutorial found on this page.

Q: With which operating system do my apps need to be compatible?

Amazon AppStream 2.0 streams applications that can run on Windows Server 2012 R2 64-bit. You can add support for 32-bit applications by using the WoW64 extensions. If your application has other dependencies, such as the .NET framework, include those dependencies in your application installer.

Q: Can I install anti-virus software on my Amazon AppStream 2.0 image to secure my applications?

You can install any tools, including anti-virus programs on your AppStream 2.0 image. However, you need to ensure that these applications do not block access to the AppStream 2.0 service. We recommend testing your applications before publishing them to your users.

Q: Can I customize the operating system using group policies?

Any changes that are made to the image using Image Builder through local group policies will be reflected in your AppStream 2.0 images. Any customizations outside of local group policies are not currently supported.

Q: How will my Amazon AppStream 2.0 images be updated with updates from the AppStream 2.0 service?

AppStream 2.0 regularly releases base images that include Microsoft Windows operating system updates and AppStream 2.0 agent updates. The AppStream 2.0 agent software runs on your streaming instances and enables your users to stream applications. When you create a new image, the Always use latest agent version option is selected by default. When this option is selected, any new image builder or fleet instance that is launched from your image will always use the latest AppStream 2.0 agent version. If you deselect this option, your image will use the agent version you selected when you launched the image builder. Windows operating system updates are released only through base images. To keep your operating system updated in your images, you need to rebuild your images using the latest AWS base image.

Q: How will my Amazon AppStream 2.0 images be updated with Windows updates from Microsoft?

You will need to create new AppStream 2.0 images to apply Windows updates. To do this, you can create a new image builder instance from an existing image, apply Microsoft updates, and create a new image. Existing streaming instances will be replaced with instances launched from the new image within 16 hours or immediately after users have disconnected from them, whichever is earlier. You can immediately replace all the instances in the fleet with instances launched from the latest image by stopping the fleet, changing the image used, and starting it again.

Q: How do I update my applications in an existing image?

To update applications on the image, or to add new applications, launch Image Builder using an existing image, update your applications and create a new image. Existing streaming instances will be replaced with instances launched from the new image within 16 hours or immediately after users have disconnected from them, whichever is earlier. You can immediately replace all the instances in the fleet with instances launched from the latest image by stopping the fleet, changing the image used, and starting it again.

Q: Can I connect my Amazon AppStream 2.0 applications to my existing resources, such as a licensing server?

Yes. Amazon AppStream 2.0 allows you to launch streaming instances (fleets and image builders) in your VPC, which means you can control access to your existing resources from your AppStream 2.0 applications. For more information, see Network Settings for Fleet and Image Builder Instances.


Q: Does Amazon AppStream 2.0 offer GPU-accelerated instances?

Yes. Amazon AppStream 2.0 offers Graphics Design, Graphics Desktop and Graphics Pro instance families.

Graphics Design instances are ideal for delivering applications such as Adobe Premiere Pro, Autodesk Revit, and Siemens NX that rely on hardware acceleration of DirectX, OpenGL, or OpenCL. Powered by AMD FirePro S7150x2 Server GPUs and equipped with AMD Multiuser GPU technology, instances start from 2 vCPU, 7.5 GiB system memory, and 1 GiB graphics memory, to 16 vCPUs, 61 GiB system memory, and 8 GiB graphics memory.

The Graphics Desktop instance family offers a single instance type with an NVIDIA GPU based on K520 with 1,536 CUDA cores, 8 vCPUs, 15 GiB system memory, and 4 GiB graphics memory. This instance type is ideal for running desktop graphics applications such as Siemens NX, SolidWorks, ESRI ArcGIS, and other applications that use DirectX, OpenGL, OpenCL, and CUDA. The Graphics Desktop family is a powerful yet economical choice, with pricing that starts at tens-of-cents per hour.

The Graphics Pro instance family offers three different instance types to support the most demanding graphics applications. Powered by NVIDIA Tesla M60 GPUs with 2048 parallel processing cores, there are three Graphics Pro instances types starting from 16 vCPUs, 122 GiB system memory, and 8 GiB graphics memory, to 64 vCPUs, 488 GiB system memory, and 32 GiB graphics memory. These instance types are ideal for graphic workloads that need a massive amount of parallel processing power for 3D rendering, visualization, and video encoding, including applications such as Petrel from Schlumberger Software, Landmark's DecisionSpace, or MotionDSP's Ikena. For more information on available instance types and pricing, see Amazon AppStream 2.0 Pricing

Q: What is the maximum screen resolution for Amazon AppStream 2.0 Graphics Desktop and Graphics Pro instances?

Amazon AppStream 2.0 Graphics Design, Graphics Pro and Graphics Desktop instances support a maximum resolution of 2560x1440.

Q: How many monitors can I use with my Amazon AppStream 2.0 Graphics Desktop and Graphics Pro instances?

Currently you can only use a single monitor with your Amazon AppStream 2.0 Graphics Desktop and Graphics Pro instances.


Q: What types of fleets are available with Amazon AppStream 2.0?

Amazon AppStream 2.0 offers two fleet types: Always-On and On-Demand. Always-On fleet instances are in a running state, even if no users are connected. This is best when your users need high availability and instant access to their applications. On-Demand fleets instances don’t start until a user connects to an instance within the fleet. This fleet type is best when your users can wait up to 2 minutes to start their applications, and for streaming applications that have sporadic use.

Q: Can I switch my Amazon AppStream 2.0 Always-On fleet to On-Demand or vice versa?

You can only specify the fleet type when you create a new fleet, and you cannot change the fleet type once the fleet has been created.  

Q: What are the benefits to Always-On and On-Demand fleets for Amazon AppStream 2.0?

Always-On fleets are best for when your users need high availability and instant access to their applications. On-Demand fleets instances don’t start until a user connects to an instance within the fleet, and is best for when your users can wait up to 2 minutes to start their applications, and for streaming applications that have sporadic use.

  On-Demand Always-On
Available instances Stopped Running
User session start Up to 2 minutes Instant on
Optimized for Cost optimization Instant availability of applications
Use cases Use cases where cost savings are critical such as education Businesses that need instant availability of applications

Q: What client operating systems are supported?

Amazon AppStream 2.0 can stream your applications to HTML5-capable browsers, including the latest versions of Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, and Microsoft Edge, on desktop devices, including Windows, Mac, Chromebooks, and Linux PCs.

Q: What server operating system is supported?

Amazon AppStream 2.0 supports streaming applications that can execute on the Windows Server 2012 R2, a 64-bit operating system. You can add support for 32-bit applications by using the WoW64 extensions. If your application has other dependencies, such as the .NET framework, include those dependencies in your application installer.

Q: Which AWS regions does Amazon AppStream 2.0 support?

Please refer to the AWS Regional Products and Services page for details of Amazon AppStream 2.0 service availability by region

Q: What instance types are available to use with my Amazon AppStream 2.0 fleet?

Amazon AppStream 2.0 provides a menu of instance types for configuring a fleet. You can select the instance type that best matches your applications and end-user requirements. You can choose from General Purpose, Compute Optimized, Memory Optimized, Graphics Design, Graphics Desktop, or Graphics Pro instance families.


Q: How does Amazon AppStream 2.0 scale?

Amazon AppStream 2.0 uses Fleet Auto Scaling to launch Amazon AppStream 2.0 instances running your application and to adjust the number of servers to match the demand for end-user sessions. Each end-user session runs on a separate instance, and all the apps that are streamed within a session run on the same instance. An instance is used to stream applications for only one user, and is replaced with a new instance at the end of the session.

Q: What scaling policy does Amazon AppStream 2.0 support?

Amazon AppStream 2.0 supports fixed and dynamic scaling policies. Use a fixed scaling policy to keep a constant number of Amazon AppStream 2.0 instances and users who can start a streaming session. Use a dynamic scaling policy to scale based on the use of Amazon AppStream 2.0 instances in your environment.

Q: What is an Amazon AppStream 2.0 Fleet Auto Scaling policy?

A Fleet Auto Scaling policy is a dynamic scaling policy that allows you to scale the size of your fleet to match the supply of available instances to user demand. You can define scaling policies that adjust the size of your fleet automatically based on a variety of utilization metrics, and optimize the number of running instances to match user demand.

Q: How can I create auto scaling policies for my Amazon AppStream 2.0 fleet?

You can create automatic scaling policies from the Fleets tab in the AppStream 2.0 console, or by using the AWS SDK.

Q: Which Amazon AppStream 2.0 CloudWatch metrics can I use to build Fleet Auto Scaling polices?

You can use the following metrics to build your Fleet Auto Scaling policies:

• Capacity utilization: you can scale your fleet based on the percentage of instances in your fleet that are being used
• Available capacity: you can scale your fleet based on the number of available instances in your fleet
• Insufficient capacity error: you can provision new instances when users can’t start streaming sessions due to lack of capacity

For more information, please see Fleet Auto Scaling for Amazon AppStream 2.0.

Q: Can my Amazon AppStream 2.0 fleet have more than one associated Fleet Auto Scaling policy?

Yes. You can have up to 50 Fleet Auto Scaling policies associated with a single fleet. Each policy allows you to set a single criteria and action for resizing your fleet. 

Q: What is the minimum size I can set for my Amazon AppStream 2.0 fleet when using Fleet Auto Scaling policies?

You can set your Fleet Auto Scaling policies to scale in to zero instances. Scaling policies associated with your fleet decrease fleet capacity until it reaches your defined minimum, or the default setting of one if you haven’t set a minimum. For more information, please see Fleet Auto Scaling for Amazon AppStream 2.0.

Q: What is the maximum size I can set for my Amazon AppStream 2.0 fleet when using Fleet Auto Scaling policies?

Fleet Auto Scaling policies increase fleet capacity until it reaches your defined maximum size or until service limits apply. For more information, please see Fleet Auto Scaling for Amazon AppStream 2.0. For service limit information, please see Amazon AppStream 2.0 Service Limits.

Q: Are there additional costs for using Fleet Auto Scaling policies with Amazon AppStream 2.0 fleets?

There are no charges for using Fleet Auto Scaling policies. However, each CloudWatch alarm that you create and use to trigger scaling policies for your AppStream 2.0 fleets may incur additional CloudWatch charges. For more information, see Amazon CloudWatch Pricing.  


Q: Does Amazon AppStream 2.0 offer persistent storage so that I can save and access files between sessions?

Yes. Users can store and retrieve their files between their application streaming sessions using persistent storage, backed by Amazon S3. Users can access a home folder on their streaming instance, and save content in this folder for use between streaming sessions. Users can also download and upload files in the home folder directly from their web browser, when connected to a streaming session. All files are stored in an S3 bucket which is automatically created in your AWS account.

Q: How do users access persistent storage from their Amazon AppStream 2.0 sessions?

Users can access a home folder during their application streaming session. Any file they save to their home folder will be available for use in the future.

Q: How are files in the home folder persisted?

A home folder is created for a user the first time a user launches a streaming session. When connected to the streaming session, each file that is saved by the user to his home folder is synced to Amazon S3. Files are stored as S3 objects within the S3 bucket that is created for your AWS account in the same region. When a user connects to a new session, the home folder, along with all the files saved previously, will be available to open from any application on the streaming instance.

Q: What are the charges for enabling home folders storage for my AppStream 2.0 stacks?

There are no additional AppStream 2.0 charges to use this feature. However standard S3 data storage charges will apply when your users save files in their home folder. For more information, see Amazon S3 Pricing.

Q: How much data can I store in the bucket created for Home Folders?

The total volume of data that can be stored within an S3 bucket is unlimited. The largest recommended file size to save in a home folder is 5 gigabytes.

Q: What kind of data can users store in Home Folder?

Your users can store any documents, spreadsheets, or other project files they would usually create using a desktop application. However, since the files are individually synced to Amazon S3 on a frequent basis, we recommend not saving large database files or email archive files to your Home Folder.

Q: What are the pre-requisites for using home folders?

Before enabling home folders for a stack, you need to create an image from an AppStream 2.0 image published by AWS on or after May 18th 2017. You will also need to enable Internet access from the fleet associated with a stack or configure your Amazon VPC S3 endpoint for AppStream 2.0 access. For more details, please see Before Enabling Home Folders.

Q: Can users access their home folder files when they are not connected to an application streaming sessions?

No. Users cannot access their files when they are not connected to an application streaming session.

Q: Do administrators have access to user content stored in Home Folders?

Administrators who can access the Amazon S3 bucket created by Amazon AppStream 2.0 can view and modify content that is part of users’ Home Folders. To restrict administrator access to the S3 bucket containing users’ files, we recommend applying an S3 bucket access policy based on the policy template, please see Restricting Administrator Access to the Amazon S3 Bucket for Home Folders for more information.


Q: How do I monitor usage of my Amazon AppStream 2.0 fleet resources?

There are two ways you can monitor your Amazon AppStream 2.0 fleet. First, the AppStream 2.0 console provides a lightweight, real-time view of the state of your AppStream 2.0 fleet, and offers up to two weeks of historical usage data. Metrics are displayed automatically, and don’t require any setup.

Second, you can access AppStream 2.0 metrics using CloudWatch. The CloudWatch console allows you to specify reporting intervals, create custom dashboards and graphs, and set alarms.

To learn more, see Monitoring Amazon AppStream 2.0 Resources.

Q: What information can I get from the Amazon AppStream 2.0 usage metrics?

You can see the size of your Amazon AppStream 2.0 fleet, the number of running instances, the number of instances available to accept new connections, and the utilization of your fleet. You can track these metrics over time so that you can optimize your fleet settings to suit your needs.

Using Amazon CloudWatch, you can also set alarms to notify you of changes to your fleet, or when there is insufficient capacity to support your users.

For the complete list of available metrics, see Monitoring Amazon AppStream 2.0 Resources

Q: Can I create custom Amazon CloudWatch metrics for Amazon AppStream 2.0?

Yes, you can create custom metrics for Amazon AppStream 2.0. For more information, see Publish Custom Metrics.

Q: How frequently are Amazon AppStream 2.0 metrics published to Amazon CloudWatch?

Amazon AppStream 2.0 sends metrics to Amazon CloudWatch every 1 minute. The metrics are stored in CloudWatch using the standard retention policy. For more information, see Amazon CloudWatch FAQs.

Q: How do I create CloudWatch alarms for Amazon AppStream 2.0?

You can create Amazon CloudWatch alarms for Amazon AppStream 2.0 using the CloudWatch console or the CloudWatch APIs.

Q: Are there additional costs for using CloudWatch metrics with Amazon AppStream 2.0?

There is no additional charge for viewing CloudWatch metrics for AppStream 2.0. You may incur additional charges for setting up CloudWatch alarms and retrieving metrics via the CloudWatch APIs. For more information, see Amazon CloudWatch Pricing.

Q: Does Amazon AppStream 2.0 offer a set of public APIs?

Yes, Amazon AppStream 2.0 includes APIs that you can use to easily integrate and extend the service. The APIs enable you to create, update, and delete Amazon AppStream 2.0 resources, and provide detailed information about resource states. You can create URLs for administrators to connect to their image builders to install applications, and create URLs for users to access their AppStream 2.0 applications. See our API reference for more information

 


Q: What streaming protocol does Amazon AppStream 2.0 use?

Amazon AppStream 2.0 uses NICE DCV to stream your applications to your users. NICE DCV is a proprietary protocol used to stream high-quality, application video over varying network conditions. It streams video and audio encoded using standard H.264 over HTTPS. The protocol also captures user input and sends it over HTTPS back to the applications being streamed from the cloud. Network conditions are constantly measured during this process and information is sent back to the encoder on the server. The server dynamically responds by altering the video and audio encoding in real time to produce a high-quality stream for a wide variety of applications and network conditions.

Q: What is the maximum network latency recommended while accessing Amazon AppStream 2.0?

While the remoting protocol has a maximum round-trip latency recommendation of 250 ms, the best user experience is achieved at less than 100 ms. If you are located more than 2000 miles from the AWS Regions where Amazon AppStream 2.0 is currently available, you can still use the service, but your experience may be less responsive. The easiest way to check performance is to use the Amazon AppStream 2.0 Try It Now experience.


Q: How do I restrict network access from fleets and image builders launched in my VPC?

Security groups enable you to specify network traffic that is allowed between your streaming instances and resources in your VPC. You can restrict network access by assigning an image builder or fleet to the security groups in your VPC. For more information, refer to Security Group for Your VPC.

Q: Can I use existing VPC security groups to secure AppStream 2.0 fleets and image builders?

Yes. You can assign an image builder or fleet to existing security groups in your VPC.

Q: How many security groups can I apply to a fleet or image builder?

You can assign an image builder or fleet to up to five security groups.

Q: Can I change the security groups to which my fleets are assigned after they have been created?

Yes. You can change the security groups to which your fleets are assigned, so long as they are in the stopped status.

You can also change the rules of a security group in your VPC at any time using the Amazon EC2 console. Note that the new rules will apply to all resources assigned to that security group. For more information, refer to Security Groups for your VPC.

Q: Can I change the security groups to which my image builders are assigned after they have been created?

No. You cannot change the security groups to which your fleets are assigned after they have been created. To assign an image builder to a different security groups, you will need to create a new image builder. 

You can also change the rules of a security group in your VPC at any time using the Amazon EC2 console. Note that the new rules will apply to all resources assigned to that security group. For more information, refer to Security Groups for your VPC.

Q: How is the data from my streamed application encrypted to the client?

The streamed video and user inputs are sent over HTTPS and are SSL-encrypted between the Amazon AppStream 2.0 instance executing your applications, and your end users.


Q: How do I authenticate users with Amazon AppStream 2.0 applications?

There are three options to authenticate users with Amazon AppStream 2.0: you can use built-in user management, you can build a custom identity, or you can set up federated access using SAML 2.0.

When using built-in user management, you can set up and manage your users in the AppStream 2.0 management console from the User Pool tab. To add a new user, all you need is their first and last name, and an e-mail address. To learn more about user management within AppStream 2.0, see Using the AppStream 2.0 User Pool.

When using federated sign-in to authenticate users, you will set up identity federation using SAML 2.0, which allows you to use your existing user directory to control access to applications available via AppStream 2.0. For details on setting up SAML integration, see the steps outlined here.

When building an entitlement service, you should authenticate users either with a custom identity or by using a service such as Login with Amazon. After your custom identity has authenticated a user, it should call into Amazon AppStream 2.0 to create a new streaming URL. AppStream 2.0 returns a URL for the session that can be opened in a browser to start the streaming session.

Q: Can I use Amazon AppStream 2.0 with my existing user directory, including Microsoft Active Directory?

Yes. Amazon AppStream 2.0 supports identity federation using SAML 2.0, which allows you to use your existing user directory to manage end user access to your AppStream 2.0 apps. For details on setting up SAML integration, see the steps outlined here.

Q: What type of identity federation does Amazon AppStream 2.0 support?

Amazon AppStream 2.0 supports federation using SAML 2.0 (Identity Provider initiated). This type of federated access allows a user to sign in by first authenticating with an identity federation provider, after which they can access their AppStream 2.0 apps.

Q: What are the requirements for setting up identity federation with Amazon AppStream 2.0?

To configure identity federation with Amazon AppStream 2.0, you need a SAML 2.0 Identity Provider that links to an existing LDAP-compatible directory, such as Microsoft Active Directory. Microsoft Active Directory Federation Services (ADFS), Ping Identity, Okta, and Shibboleth, are all examples of SAML 2.0 Identity Providers that will work with AppStream 2.0.

Q: Can I control which users access my Amazon AppStream 2.0?

Yes. When using built-in user management, you can control which users have access to your Amazon AppStream 2.0 stacks in the User Pool tab of the AppStream 2.0 management console. To learn more about user management within AppStream 2.0, see Using the AppStream 2.0 User Pool

When you use SAML 2.0, you can control which users have access to your Amazon AppStream 2.0 stacks by mapping the users in your federation service to the IAM role that has access permissions to the stack. Please refer to the AppStream 2.0 documentation for detailed information and step-by-step guidelines for popular federation services.

Q: Can I enable multi-factor authentication for my users?

Yes. You can enable Multi-Factor Authentication when using federation with SAML 2.0 or when using your own entitlement service.

Q: Can users choose which Amazon AppStream 2.0 stack they want to access during signing-in?

Yes. You can setup every Amazon AppStream 2.0 stack as an entity or a package in your federation service. This allows your users to select which stack they want to access while signing in from your application portal.  

Q: Who can access the management console for my Amazon AppStream 2.0 application?

You can use AWS Identity and Access Management (IAM) to add users to your AWS account and grant them access to view and manage your Amazon AppStream 2.0 application. For more information, see “What is IAM?” in the IAM User Guide.


Q: Can I join Amazon AppStream 2.0 image builders to Microsoft Active Directory domains?

Yes, Amazon AppStream 2.0 images can be joined to your Microsoft Active Directory domains. This allows you to apply your existing AD policies to your streaming instances, and provides your users with single sign on access to Intranet sites, file shares, and network printers from within their applications. Your users are authenticated using a SAML 2.0 provider of your choice, and can access applications that require a connection to your AD domain.

Q: What Microsoft Active Directory versions are supported?

Microsoft Active Directory Domain Functional Level Windows Server 2008 R2 and newer are supported by Amazon AppStream 2.0.

Q: Which AWS Directory Services directory options are supported by Amazon AppStream 2.0?

Amazon AppStream 2.0 supports AWS Directory Services Microsoft AD. Other options such as AD Connector and Simple AD are not supported. To learn more about AWS Microsoft AD see What Is AWS Directory Service.

Q: How do I join my Amazon AppStream 2.0 instances to my Microsoft Active Directory domain?

To get started you will need a Microsoft Active Directory domain that is accessible from an Amazon VPC, the credentials of a user with authority to join the domain, and the domain Organizational Unit (OU) you want to join to your fleet. For more information, see Using Active Directory Domains with AppStream 2.0

Q: Can I use my existing Organization Units (OU) structure with Amazon AppStream 2.0?

Yes, you can use your existing Organizational Unit (OU) structure with Amazon AppStream 2.0. To learn more, see Using Active Directory Domains with AppStream 2.0.

Q: What gets joined to my Microsoft Active Directory domain by Amazon AppStream 2.0?

Amazon AppStream 2.0 will automatically create a unique computer object for every image builder and fleet instance you configure to be joined to your Microsoft Active Directory domain.

Q: How can I identify Amazon AppStream 2.0 computer objects in my Microsoft Active Directory domain?

Amazon AppStream 2.0 computer objects are only be created in the Microsoft Active Directory Organization Unit (OU) you specify. The description field indicates that the object is an AppStream 2.0 instance, and to which fleet the object belongs. To learn more, see Using Active Directory Domains with AppStream 2.0.

Q: How are computer objects that are created by Amazon AppStream 2.0 deleted from my Microsoft Active Directory domain?

Computer objects created by Amazon AppStream 2.0 that are no longer used will remain in your Active Directory (AD) if the AppStream 2.0 fleet or image builder is deleted, you update a fleet or image builder to a new OU, or select a different AD. To remove unused objects you will have to delete them manually from your AD domain. To learn more, see Using Active Directory Domains with AppStream 2.0.

Q: How do I provide users with access to Amazon AppStream 2.0 streaming instances that are joined to a Microsoft Active Directory domain?

To enable user access, you will need to set up federated access using a SAML 2.0 provider of your choice. This allows you to use your existing user directory to control access to streaming applications available via Amazon AppStream 2.0. For details on setting up SAML 2.0 integration, see the steps outlined at Setting Up SAML.

Q: Can I connect my users that are managed through User Pools to my Active Directory domain?

No. At this time we do not support User Pools users connecting to domain joined resources. To learn more about User Pools see, Using the AppStream 2.0 User Pool.


Q: How much does Amazon AppStream 2.0 cost?

You are charged for the streaming resources in your Amazon AppStream 2.0 environment, and monthly user fees per unique authorized user accessing applications via Amazon AppStream 2.0. You pay for these on-demand, and never have to make any long-term commitments.

The streaming resources consist of Amazon AppStream 2.0 instances in your Amazon AppStream 2.0 fleet as well as image builder instances. You have the option to have Always-On and On-Demand fleets. For Always-On fleets you pay for instances in your fleet that are running, even if users are not connected. These instances are billed per hour, and the price per hour is based on the instance type you select. For On-Demand fleets you pay for the instances in your fleet that are running only when a user is connected. These instances are billed per hour, and the price per hour is based on the instance type you select. In an On-Demand fleet If an instance is running but not connected to a user, you pay a nominal hourly On-Demand Stopped Instance fee, which is the same for all instance types within a region. Image builder instances are only available as always on, and you pay for instances that are running, even if users are not connected. The charge for Always-On and On-Demand fleet instances as well as image builder instances includes the cost of the storage volumes used by the Amazon AppStream 2.0 image, and outbound bandwidth used by the streaming protocol.

You can control the number of running instances using fixed or dynamic scaling policies.

The monthly user fee is used to pay for the Microsoft Remote Desktop Services Subscriber Access License (RDS SAL). This fee is charged per unique authorized user, and is charged in full (not pro-rated), regardless of when a user first accesses Amazon AppStream 2.0 in that month. Schools, universities, and public institutions may qualify for reduced user fees. Please reference the Microsoft Licensing Terms and Documents for qualification requirements. If you think you may qualify, please contact us. We will review your information and work with you to reduce your Microsoft RDS SAL fee. There is no user fee incurred when using image builder instances. For more details, view the Amazon AppStream 2.0 pricing page.

Q: Can I bring my own licenses and waive the user fees?

Yes. If you have Microsoft License Mobility, you may be eligible to bring your own Microsoft RDS CAL licenses and use them with Amazon AppStream 2.0. For users covered with your own licenses, you won’t incur the monthly user fees. For more information about using your existing Microsoft RDS SAL licenses with Amazon AppStream 2.0, please visit this page, or consult with your Microsoft representative.

Q: What are the requirements for schools, universities, and public institutions to reduce their user fee?

Schools, universities, and public institutions may qualify for reduced user fees. Please reference the Microsoft Licensing Terms and Documents for qualification requirements. If you think you may qualify, please contact us. We will review your information and work with you to reduce your Microsoft RDS SAL fee. There is no user fee incurred when using image builder instances. 

Q: What do I need to provide to qualify as a school, university, or public institution?

You will need to provide AWS your institution's full legal name, principal office address, and public website URL. AWS will use this information to qualify you for AppStream 2.0's reduced user fees for qualified educational institutions. Please note: The use of Microsoft software is subject to Microsoft’s terms. You are responsible for complying with Microsoft licensing. If you have questions about your licensing or rights to Microsoft software, please consult your legal team, Microsoft, or your Microsoft reseller. You agree that we may provide the information to Microsoft in order to apply educational pricing to your Amazon AppStream 2.0 usage.

Q. Does qualification for Amazon AppStream 2.0's reduced RDS SAL user fees affect other AWS cloud services? 

No, your user fees are specific to Amazon AppStream 2.0, and do not affect any other AWS cloud services or licenses you have.