AWS EUC @re:Invent: Building a secure end user computing environment for power users

Power users, like developers and data scientists, often need the latest and greatest hardware to help test their applications and to remain productive. At AWS re:Invent 2022, join me and my AWS team for our builder session, EUC311. We explore ways to use Amazon WorkSpaces to help keep your power-user employees on the most up-to-date systems without overspending, including high-end GPU configurations.

Builder sessions are engaging, hands-on two-hour sessions. To get the most out of the session, bring your laptop. My team will guide you through an exercise you will use AWS best practices to build a secure Amazon WorkSpaces environment for your power users.

You will start with a provisioned AWS Managed Microsoft AD where you will apply some best practices and security enhancements including forwarding Microsoft Windows security events to Amazon CloudWatch Logs and configuring our AWS Managed Microsoft AD to send alerts to Amazon Simple Notification Service (SNS) for directory changes. You will further secure your directory deployment by restricting access to your Amazon WorkSpaces via IP access groups, clients, and endpoints as well as disable administrator access.

Next, you will create a set of test users and a dedicated service account that you will use to create a golden image. Join the session to learn the value of this step.

Furthermore, you will then learn how to create a managed encryption key using Amazon Key Management Service (KMS) and apply permissions to the key that restrict and grant access to specific user groups.

You will tie this all together by installing the Amazon WorkSpaces client, connected to your golden image Amazon WorkSpaces, and verify that you can view the authentication logs in Amazon CloudWatch Logs. You will apply some local policies that will restrict access to allowed cipher suites as well as restrict the use of clipboard redirection.

You’ll finish this builders’ session by creating your golden image and provision two encrypted Amazon WorkSpaces for your test users.

To learn more and reserve your seat for this builders’ session please visit EUC 311. If reserved seating is full, do plan to join us as we always leave about 25% of the room for walk-ins. There’s more AWS End User Computing fun planned. Join us at AWS End User Computing Reception at AWS re:invent 2022 on Wednesday evening. At this reception you will have an opportunity to network with Amazon End User Computing leadership team and learn how AWS is reinventing End User Computing to help you enable your employees to be more productive and better serve your employees.

Robert Fountain is an AWS End User Computing consultant based out of Pennsylvania. Robert has been with AWS since August 2020 and currently holds six AWS Certifications. Outside of the office, Robert is a member of the National Ski Patrol and enjoys spending time with his wife, 2 boys, and his dog, Daisy.