How can I access the internet from my Amazon WorkSpace?
Last updated: 2021-01-25
I want to enable internet access from my WorkSpace in Amazon WorkSpaces. How can I do that?
Important: The security group for your WorkSpaces must allow outbound traffic on ports 80 (HTTP) and 443 (HTTPS) to all destinations (0.0.0.0/0).
Enable internet access from WorkSpaces located in a public subnet
A WorkSpace located in a public subnet requires both a route to an internet gateway and public IP address assignment to enable internet access.
- Create an internet gateway.
- Update the route tables for your public subnets. The default route (Destination 0.0.0.0/0) must target the internet gateway.
You can assign public IP addresses to your WorkSpaces automatically or manually.
Automatically assign public IP addresses
You can automatically assign public IP addresses to your WorkSpaces by enabling Access to Internet on the WorkSpace directory. After you enable automatic assignment, each WorkSpace that you launch is assigned a public IP address. For instructions and more information, see Configure automatic IP addresses.
Note: WorkSpaces that already exist before you enable automatic assignment do not receive an Elastic IP address until you rebuild them.
Manually assign public IP addresses
You can manually assign a public Elastic IP address using the Amazon Elastic Compute Cloud (Amazon EC2) console. For instructions, see How do I associate an Elastic IP address with a WorkSpace?
Enable internet access from WorkSpaces located in a private subnet
If you use AWS Directory Service for Microsoft Active directory, configure the virtual private cloud (VPC) with one public subnet and two private subnets. You must configure your directory for the private subnets. To provide internet access to WorkSpaces in those private subnets, configure a NAT gateway in the public subnet.