Build a workflow that lets your application teams onboard their applications to AppStream 2.0. With this workflow, your application teams don’t require access to the AWS Management Console or cloud-based computing experience.
- Set up and verify an email address identity by using Amazon Simple Email Service (SES). Amazon SES sends email to users who sign up for enterprise application onboarding.
- Create a policy and role by using AWS Identity and Access Management (IAM).
- Create six functions by using AWS Lambda. The functions handle provisioning for all AppStream 2.0 resources and access.
- Create an AWS Step Functions state machine. The state machine is started from a web page POST command sent through Amazon API Gateway. The State machine starts each Lambda function and ensures that the function completes successfully before starting the next one.
- Set up API Gateway to handle incoming web requests and pass the information to AWS Step Functions.
- Enable website hosting for the Example Corp. Enterprise Application Onboarding Portal by using Amazon Simple Storage Service (Amazon S3).
The application architecture uses Amazon S3, Amazon API Gateway, AWS Lambda, Amazon AppStream 2.0, AWS Step Functions, and Amazon SES, as shown in the following diagram.

This project includes six modules. You must complete each module before proceeding to the next.
- Customize the FROM address used for email communications with your users
- Build a serverless back end
- Create a state machine
- Deploy a RESTful API
- Host a static website
- Test your setup
AWS Experience: We recommend familiarity with AppStream 2.0 and other AWS services. If you are new to AppStream 2.0, see the AppStream 2.0 Getting Started Guide. This guide describes how to:
- Install and configure two applications.
- Perform foundational administrative tasks by using the AppStream 2.0 console.
- Provision a virtual network in Amazon Virtual Private Cloud (Amazon VPC) by using a provided AWS CloudFormation template.
Time to complete: 1.5 hours for modules 1 to 5. In module 6, the time it takes for your AppStream 2.0 resources to be provisioned will vary depending on your configuration.
- An AWS account: This lets you begin using AppStream 2.0 and other AWS services. For more information, see How do I create and activate a new Amazon Web Services account?
- A VPC: The VPC must have two private subnets, one public subnet, and a security group. To ensure that you have the required configuration, do one of the following:
- Use the default VPC and security group provided by AWS for the applicable AWS Region. For more information, see Default VPC and Subnets in the Amazon Virtual Private Cloud User Guide.
- Use a CloudFormation template to create and configure the required VPC. For more information, see Step 2. Create network resources, in the AppStream 2.0 Getting Started Guide.
- Use an existing VPC and security group that meets these requirements
- Create and configure a new VPC and security group. For more information, see Creating a VPC, Creating a Subnet in Your VPC, and Creating a Security Group in the Amazon Virtual Private Cloud User Guide.
- Email accounts: Have access to at least one test user email address to complete the configuration described in this project.