How can I access the internet from my Amazon WorkSpace?

Last updated: 2021-01-25

I want to enable internet access from my WorkSpace in Amazon WorkSpaces. How can I do that?

Resolution

The method to enable internet access from your WorkSpace differs depending on whether the WorkSpace is located in a private or public subnet. A public subnet sends outbound traffic directly to the internet using an internet gateway route. Instances in a private subnet access the internet using a network address translation (NAT) gateway that resides in the public subnet.

Important: The security group for your WorkSpaces must allow outbound traffic on ports 80 (HTTP) and 443 (HTTPS) to all destinations (0.0.0.0/0).

Enable internet access from WorkSpaces located in a public subnet

A WorkSpace located in a public subnet requires both a route to an internet gateway and public IP address assignment to enable internet access.

  1. Create an internet gateway.
  2. Update the route tables for your public subnets. The default route (Destination 0.0.0.0/0) must target the internet gateway.

You can assign public IP addresses to your WorkSpaces automatically or manually.

Automatically assign public IP addresses

You can automatically assign public IP addresses to your WorkSpaces by enabling Access to Internet on the WorkSpace directory. After you enable automatic assignment, each WorkSpace that you launch is assigned a public IP address. For instructions and more information, see Configure automatic IP addresses.

Note: WorkSpaces that already exist before you enable automatic assignment do not receive an Elastic IP address until you rebuild them.

Manually assign public IP addresses

You can manually assign a public Elastic IP address using the Amazon Elastic Compute Cloud (Amazon EC2) console. For instructions, see How do I associate an Elastic IP address with a WorkSpace?

Enable internet access from WorkSpaces located in a private subnet

If you use AWS Directory Service for Microsoft Active directory, configure the virtual private cloud (VPC) with one public subnet and two private subnets. You must configure your directory for the private subnets. To provide internet access to WorkSpaces in those private subnets, configure a NAT gateway in the public subnet.

  1. Create a NAT gateway.
  2. Update the route tables for the private subnets. The default route (Destination 0.0.0.0/0) must target the NAT gateway.

Did this article help?


Do you need billing or technical support?