How do I launch Amazon WorkSpaces with a directory that is currently running in another Region from the same account?

Last updated: 2020-10-29

I want to use Amazon WorkSpaces, but the service isn’t yet available in the AWS Region that I currently use for other AWS services. In the Region I normally use, I have an AWS Directory Service for Microsoft Active Directory with a trust relationship to my internal Active Directory. How can I use my Microsoft AD setup in one Region to use Amazon WorkSpaces in a different Region where the service is available?

Resolution

To launch Amazon WorkSpaces using a directory in another Region of the same AWS account, follow these steps:

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.

Create virtual private cloud (VPC) peering with another VPC in your account

  1. Create a VPC peering connection with a VPC in a different Region.
  2. Accept the VPC peering connection.
  3. The VPC peering connection is activated. You can view your VPC peering connections using the Amazon VPC console, the AWS CLI, or an API.

Update route tables for VPC peering in both Regions

Update your route tables to enable communication with the peer VPC over IPv4 or IPv6.

You now have two VPCs in your account that are in different Regions, but that are talking to each other.

Create an AD Connector and register Amazon WorkSpaces

  1. Review the AD Connector prerequisites.
  2. Connect your existing directory with AD Connector.
  3. When the AD Connector status changes to Active, open the AWS Directory Service console, and choose the hyperlink for your Directory ID.
  4. For AWS apps & services, choose Amazon WorkSpaces to enable access for Amazon WorkSpaces on this directory.
  5. Register the directory with Amazon WorkSpaces.

When the value of Registered changes to Yes, you can launch a WorkSpace.


Did this article help?


Do you need billing or technical support?