Category: Security, Identity, & Compliance

In this post, we explain how the AWS Private CA Connector for Active Directory simplifies and accelerates the configuration of certificate-based authentication (CBA) for Amazon AppStream 2.0 and Amazon WorkSpaces. We provide an overview of AWS Private Certificate Authority and Active Directory Certificate Services in this context. We discuss the benefits of using the AWS […]

Amazon WorkSpaces Personal provides a secure, persistent desktop computing environment in the cloud. Customers often ask if there is a method to configure WorkSpaces to use AWS Identity and Access Management (IAM) Roles to issue temporary credentials. In this blog, we explain how you can configure WorkSpaces to use AWS IAM Roles Anywhere and enable […]

Managing passwords is a hassle, similar to how people misplace their keys. In the world of on-premises Active Directory (AD) environments, passwords represent a potential security risk and are a complicated issue to tackle. This is especially true for remote users that utilize Amazon WorkSpaces. They may encounter difficulties when it comes to password management—particularly […]

HHMI’s Janelia Research Campus in Ashburn, Virginia has an integrated team of lab scientists and tool-builders who pursue a small number of scientific questions with potential for transformative impact. To drive science forward, we share our methods, results, and tools with the scientific community. Introduction To study how the brain works, researchers often begin with […]

Today, organizations employ agents who utilize applications running in a Virtual Desktop Environment (VDI) such as Amazon WorkSpaces that allows agents to use multiple applications in the cloud without incurring high costs of hardware procurement. In a VDI environment the Amazon Connect CCP (Contact Control Panel) can cause impact to audio quality, and is required […]

Increasingly organizations are standardizing on SAML 2.0 Identity Providers such as AWS IAM Identity Center and OKTA as their identity solution to access end user computing (EUC) services in AWS. With Certificate-based authentication (CBA), organizations can provide seamless authentication for our EUC services. Traditionally, the logon experience to a virtual desktop works by using the […]

The AS2TrustedDomains DNS TXT record can only enable the same domain (or subdomains) in which the DNS TXT record is created. In a scenario where you do not own the domain where your IdP resolves, an alternative architecture is required. In this blog, I outline the process to create an AS2TrustedDomains DNS TXT record for […]

Customers with strict compliance requirements such as financial industries, healthcare, and government sectors use End User Compute (EUC) solutions to regulate access and centralize tooling. For these organizations, users are often required to connect to a Virtual Private Network (VPN) to access the private corporate network. In this blog, I explain how users with such […]

In this blog, I discuss the benefits of using certificate-based authentication (CBA) for Amazon AppStream 2.0. I give an overview of the short-lived certificate mode offered by AWS Private Certificate Authority and why it is important to this use mode. Also, I walk you through the steps to configure CBA for Amazon AppStream 2.0. Amazon […]

In this blog, we discuss the benefits of using certificate-based authentication (CBA) for Amazon WorkSpaces. we give an overview of the short-lived CA mode offered by AWS Private Certificate Authority and why it is important to this use case. Also, we walk you through the steps to configure CBA for Amazon WorkSpaces. Amazon WorkSpaces certificate-based […]