Amazon WorkSpaces Web Documentation

Amazon WorkSpaces Web is a managed service that provides your employees and contractors access to your internal websites and software-as-a-service (SaaS) applications, without the administrative burden of appliances or specialized client software.  Your end users may connect to WorkSpaces Web from desktop or tablet web browsers.

Amazon WorkSpaces Web can be set up from your AWS Management Console. To get started, after signing in, search for WorkSpaces Web and select the AWS Region that will serve as your home Region (this is where your WorkSpaces Web portal will be created and your websites will be rendered). Select WorkSpaces Web from the left-hand menu in the WorkSpaces console. Then federate your existing SAML-based identity provider with WorkSpaces Web. Next, select an Amazon Virtual Private Cloud (VPC), subnets, a security group with connectivity to the internet, and any internal content you would like to connect with WorkSpaces Web. Then apply browser policies and session-level controls to your web portal. Once your WorkSpaces Web portal is created, you can sign in and browse connected websites.

Once you have completed setup in the AWS Management Console, you can distribute the WorkSpaces Web portal endpoint URL to your users. You can add this URL to your SAML (Security Assertion Markup Language) providers’ application gateway, email it to users, re-direct from a domain you own, or push the URL as a bookmark to a device you manage. Your end users can simply log in with their SAML identity and start accessing websites using their existing browser.

WorkSpaces Web is designed to work with your existing systems and not add extra layers of user management. WorkSpaces Web supports user authentication and federated sign-in using any SAML 2.0-compliant identity providers, such as AWS IAM Identity Center (successor to AWS SSO), OneLogin, Okta, or Ping Identity.

WorkSpaces Web pixel streams an up-to-date version of the Chrome browser, so if content works in Chrome, it will work in WorkSpaces Web. Chrome does not have support for sites that require Flash or Java, so by extension WorkSpaces Web would not be compatible with those sites.

WorkSpaces Web can also connect to internal or public SaaS web applications. WorkSpaces Web can work with any SaaS web application that works in an up-to-date Chrome browser.

WorkSpaces Web supports web interfaces to email as well. However, WorkSpaces Web does not support email in native email clients.

During a WorkSpaces Web session, web content is ephemerally streamed from WorkSpaces Web to the user in their local browser. Streaming prevents data from residing on remote devices and provides an effective barrier to attacks packaged in web content. At the end of the session, the instance is wiped, ensuring sensitive corporate data is protected. Throughout this process, data in transit is protected by enterprise-grade encryption. You can choose to create a WorkSpaces Web portal with AWS Key Management Service (KMS), which makes it easy to create and manage cryptographic keys and control their use across a range of AWS services.

WorkSpaces Web provides usage metrics such as the number of WorkSpaces Web session attempts and the number of failed WorkSpaces Web session starts. To receive a history of WorkSpaces Web API calls made to your account, you can turn on CloudTrail in your AWS Management Console.

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.