Amazon WorkSpaces FAQs
General
Q: What is the difference between Amazon WorkSpaces Personal and Amazon WorkSpaces Pools?
A: WorkSpaces Personal is a fully managed virtual desktop service that allows seamless access to applications and resources for knowledge workers, developers, engineers, and other users who need a persistent virtual desktop between sessions.. With WorkSpaces Personal, each virtual desktop is assigned to a specific user. WorkSpaces Pools provides non-persistent virtual desktops for task workers, contact centers, training labs, and other shared-environment use cases. With WorkSpaces Pools, users access a new virtual desktop each time they sign in.
Q: Can I use Amazon WorkSpaces Thin Client with WorkSpaces Personal and WorkSpaces Pools?
A: Yes. WorkSpaces Thin Client currently supports both, WorkSpaces Personal and WorkSpaces Pools.
Q: Do WorkSpaces Personal and WorkSpaces Pools use the same client application?
A: Yes. You can download it for free on the client download website.
Q: How can I determine the best region to run Amazon WorkSpaces?
A: The Connection Health Check page tests your latency to each Amazon WorkSpaces region and recommends the fastest one.
Q: Does WorkSpaces pricing include bandwidth costs?
A: Amazon WorkSpaces pricing includes network traffic between the user’s client and their WorkSpace. Web traffic from WorkSpaces (for example, accessing the public Internet, or downloading files) will be charged separately based on current AWS EC2 data transfer rates listed here.
Q: How do I get support with Amazon WorkSpaces?
A: You can get help from AWS Support, and you can also post on AWS re:Post.
Q: Which languages are supported by Amazon WorkSpaces?
A: Amazon WorkSpaces bundles that provide the Windows desktop experience currently support English (US), French (Canadian), Korean, and Japanese. You can also download and install language packs for Windows directly from Microsoft. For more information, visit this page. Amazon WorkSpaces client applications currently support English (US), German, Chinese (Simplified), Japanese, French (Canadian), Korean, and Portuguese.
Q: Which operating systems are supported by the Amazon WorkSpaces client?
A: Refer to the WorkSpaces Clients documentation.
Q: Which mobile devices are supported by the Amazon WorkSpaces client application?
A: Amazon WorkSpaces clients are available for the following devices:
- Apple iPadOS based iPad, iPad Pro, iPad Mini, iPad Air
- Android-compatible ChromeOS devices
- Android phones and tablets
While we expect other popular Android tablets running Android version 8.1+ to work correctly with the Amazon WorkSpaces client, there may be some that are not compatible.
Q: Can I create custom images for Amazon WorkSpaces?
A: Yes, as an administrator you can create a custom image from a running WorkSpace. Once you have customized your WorkSpace with your applications and settings, select the WorkSpace in the console and select “Create Image.” This creates an image with your applications and settings. Most WorkSpace images are available within 45 minutes.
To launch an Amazon WorkSpace Personal from a custom image, you will first need to pair the custom image with a hardware type you want that WorkSpace to use, which results in a bundle. You can then select this bundle when launching new WorkSpaces. You can also use custom images to create a WorkSpaces Pool configuration. For important details on the process, see our documentation on creating custom images and custom bundles.
Q: How many custom images can I create?
A: As an administrator, you can create as many custom images as you need. Amazon WorkSpaces sets default limits, but you can request an increase in these limits here. To see the default limits for Amazon WorkSpaces, visit our documentation.
Q: Can I copy my Amazon WorkSpaces images to other AWS Regions?
A: Yes, you can use the WorkSpaces console, APIs, or CLI to copy your WorkSpaces Images to other AWS Regions where WorkSpaces is available. See our documentation for more information.
Q: How do I get started with sharing my images?
A: Log on to the Amazon WorkSpaces console and navigate to the “Images” section from the left hand navigation menu. Simply select the image you would like to share, click on the “Actions” button and select the “View details” option to get started. See our documentation on sharing images.
Q - Can I bring my Windows Desktop licenses to WorkSpaces Personal and WorkSpaces Pools?
A: You use your own Windows 10 or Windows 11 desktop licenses with WorkSpaces Personal and WorkSpaces Pools through a bring-your-own-license (BYOL) agreement if they meet Microsoft’s licensing requirements. To learn more about the licensing requirements for Windows Desktop on AWS, see the Windows Desktop section of the Microsoft on AWS FAQ. Desktop Windows requires dedicated hardware for compliance with Microsoft licensing. See the Requirements section of the Amazon WorkSpaces BYOL documentation for more information.
Q: What benefits are there in bringing my own Windows desktop licenses to Amazon WorkSpaces?
A: By bringing your own Windows Desktop licenses to Amazon WorkSpaces, you will save $4 per user per month for WorkSpaces Personal when being billed monthly, and you will save money on the hourly usage fee when being billed hourly. For WorkSpaces Pools you will save $4.19 per user per month in RDS SAL fees (see the Amazon WorkSpaces pricing page for more information). If you have any applications which specifically require Windows Desktop, bringing your own Windows Desktop license will enable you to use those on WorkSpaces.
Q: How do I get started with bringing my Windows desktop licenses to Amazon WorkSpaces?
A: In order to ensure that you have adequate dedicated capacity allocated to your account, reach out to your AWS account manager or sales representative to enable your account for BYOL. alternatively, you can create a Technical Support case with Amazon WorkSpaces to get started with BYOL.
Q: Can I launch new Amazon WorkSpaces using one of the pre-configured public bundles in the same directory with custom Windows bundles I brought to WorkSpaces?
A: No. Your custom WorkSpaces or WorkSpaces Pools that support BYOL for Windows 10 or Windows 11 Desktops are launched on physically dedicated hardware to meet license compliance requirements with Microsoft. WorkSpaces launched in a directory marked for dedicated hardware can only be from the custom bundle you created that has your Windows 10 or Windows 11 Desktop image.
If you wish to launch WorkSpaces from public bundles to users in the same domain, you can create a new AWS AD Connector directory that points to the same Microsoft Active Directory as your Windows 10 or Windows 11 Desktop WorkSpaces or Pools, and launch WorkSpaces or Pools in that directory as you normally would through the AWS Management Console or the WorkSpaces SDK and CLI.
Q: What options do I have for using Microsoft Office or Microsoft 365 on WorkSpaces Personal and WorkSpaces Pools services?
A: On WorkSpaces Personal and WorkSpaces Pools, you can bring your own Microsoft 365 Apps for enterprise licenses to use on WorkSpaces services. On WorkSpaces Personal, you can purchase Office Pro Plus 2016, 2019, or 2021 from AWS as part of a WorkSpaces application bundle. See our Microsoft 365 BYOL Documentation for more information.
Q: What Microsoft 365 license plans can I run on WorkSpaces Personal and WorkSpaces Pools services?
A: The following Microsoft 365 license plans are permitted: E3 or E5, A3 or A5, G3 or G5, or Business Premium. For more information, see Microsoft’s Product Terms for Amazon WorkSpaces deployments.
Q. Do I need to bring in my own Windows Desktop licenses for Windows 10 and Windows 11 WorkSpaces when I am bringing my own Microsoft 365 licenses for Microsoft 365 applications?
A: Bringing your Microsoft 365 Apps for enterprise license does not require use of Windows Desktop, nor does it require dedicated infrastructure.
Q: How do I migrate WorkSpaces Personal from license-included Microsoft Office to Microsoft 365?
A. If you are running WorkSpaces Personal and are subscribed to a Microsoft Office license through AWS, you first need to unsubscribe from the Microsoft Office license provided by AWS before installing Microsoft 365 Apps for enterprise. For more information on migrating from Microsoft Office to Microsoft 365 Apps for enterprise, see this guide.
Q: How can I track my WorkSpaces configuration change requests?
A: You can use AWS CloudTrail to track the changes that you have requested.
Q: What is Multi-Factor Authentication (MFA)?
A: Multi-Factor Authentication adds an additional layer of security during the authentication process. Users must validate their identity by providing something they know (e.g. password), as well as something they have (e.g. hardware or software generated one-time password (OTP).
Q: What delivery methods are supported for MFA?
A: WorkSpaces Pools and WorkSpaces Personal both support SAML 2.0 identity providers for additional security. For non-SAML setups, WorkSpaces Personal supports RADIUS with one time passwords that are delivered via hardware and software tokens. Out of band tokens, such as SMS tokens are not currently supported.
Q: Which Amazon WorkSpaces client applications support Multi-Factor Authentication (MFA)?
A: MFA is available for Amazon WorkSpaces client applications on the following platforms - Windows, Mac, Linux, Chromebooks, iOS, Fire, Android, and PCoIP Zero Clients. MFA is also supported when using Web Access to access Amazon WorkSpaces.
Q: Does Amazon WorkSpaces support conditional access restrictions?
A: Amazon WorkSpaces supports SAML 2.0 authentication. Many SAML 2.0 identity providers (IdPs) support conditional access policies as well as multi-factor authentication. If your IdP is compatible with WorkSpaces and supports these features, we recommend enabling SAML 2.0 authentication for your WorkSpaces directory. For more information, see WorkSpaces Integration with SAML 2.0.
Q: Can I select the Organizational Unit (OU) where computer accounts for my WorkSpaces will be created in my directory?
A: Yes. You can set the Organizational Unit (OU) in which computer objects for your WorkSpaces are created in your directory. This OU can be part of the domain to which your users belong, part of a domain that has a trust relationship with the domain to which your users belong, or part of a child domain in your directory. See Select an organizational unit for more details.
Q: Can I use Amazon VPC Security groups to limit access to resources (applications, databases) in my network or on the Internet from my WorkSpaces?
A: Yes. You can use Amazon VPC Security groups to limit access to resources in your network or the Internet from your WorkSpaces. You can select a default Amazon VPC Security Group for the WorkSpaces network interfaces in your VPC as part of the directory details on the WorkSpaces console. See our documentation for more details.
Q: What compliance certifications do Amazon WorkSpaces have?
A: For information on WorkSpaces and compliance programs, see Compliance validation for Amazon WorkSpaces.
Q: Can I use any other client (e.g., an RDP client) with Amazon WorkSpaces?
A: You can use any of the free clients provided by AWS, which includes client applications for Windows, macOS, iPadOS, Android tablets, and Android-compatible ChromeOS devices, or Chrome or Firefox web browsers, to access WorkSpaces. If required, RDP or SSH can be configured for troubleshooting or administration of the WorkSpaces. This is not the default configuration, nor is it the supported way to access WorkSpaces. Multi Factor Authentication, connecting to AutoStop WorkSpaces Personal, and connecting to On-Demand Pools all require the WorkSpaces client.
Q: Which client peripherals can be used with the Amazon WorkSpaces?
A: WorkSpaces clients support:
- Keyboard, mouse, and touch input (touch input is only supported on tablet clients). Amazon WorkSpaces do not currently support 3D mice.
- Audio output to client device
- Analog and USB headsets
WorkSpaces using the Amazon DCV also support Common Access Card (CAC) and Personal Identity Verification (PIV) smart cards and webcams. WSP Linux WorkSpaces in the AWS GovCloud (US-West) Region only support input, display, audio out, and smart cards. PCoIP Windows WorkSpaces support in-session USB redirection of locally attached YubiKey for Universal 2nd Factor (U2F) authentication from the WorkSpaces Windows client.
Q: Can I access WorkSpaces using SmartCard instead of username/password?
A: Yes - WSP WorkSpaces Personal can be accessed with SmartCard instead of username/password. You can access WorkSpaces Personal using smartcard if you use an Active Directory Connector and set the directory API to smartcard enabled. PCoIP WorkSpaces cannot support SmartCard features. See our smart card documentation for more information.
Q: What types of SmartCards are officially supported?
A: WorkSpaces officially Supports CAC and PIV SmartCards.
Q: How many SmartCards can be used in a session at the same time?
A: WorkSpaces can only handle one SmartCard in-session at the same time.
Q: Is SmartCard Support available in all Regions?
A: In-session SmartCard support for use inside WorkSpaces is available in all regions in which WSP is supported. Pre-session SmartCard for authentication to WorkSpaces is only available for WSP WorkSpaces in AWS GovCloud (US-West) Region.
Q: What kind of headsets does WorkSpaces support?
A: Most analog and USB headsets will work for audio conversations through WorkSpaces running Windows. For USB headsets, you should ensure they show up as a playback device locally on your client computer.
Q: Can I use the built-in microphone and speakers with WorkSpaces?
A: Yes. For the best experience, we recommend using a headset for audio calls. However, you may experience an echo when using the built-in microphone and speakers with certain communication applications.
Q: Does audio-in work with mobile clients like Android, iPadOS, and Android-compatible ChromeOS devices?
A: Audio-in is supported on the Windows, macOS, Android and iPadOS clients.
Q: How do I enable audio-in for my WorkSpaces?
A: Audio-in is enabled for all new WorkSpaces. For WorkSpaces with Windows, enabling the WorkSpaces Audio-in capability requires local logon access inside your WorkSpace. If you have a Group Policy restricting user local logon in your WorkSpace, we will detect it and not apply the Audio-in update to the WorkSpace. You can remove the Group Policy and the Audio-in capability will be enabled after the next reboot.
Q: Does WorkSpaces support devices with high DPI screens?
A: Yes. The Amazon WorkSpaces desktop client application will automatically scale the in-session display to match the DPI settings of the local device.
Q: Will my bandwidth usage be higher when I use four monitors, or I use 4k Ultra HD resolution?
A: Yes. The bandwidth requirements for WorkSpaces depends on multiple factors:
- The number of screens it has to stream to.
- The amount of pixel changes taking place in each screen.
- The resolution of each monitor being used.
Q: Does WorkSpaces remember monitor settings between sessions?
A: The full-screen mode setting will be preserved. If you quit a WorkSpaces session in the full-screen mode, you will be able to log into the full-screen mode next time. However, display configurations will not be saved. Every time you initiate a WorkSpaces session, the client application extracts the EDID of uses your local setup configuration and sends that to the WorkSpaces host to deliver an optimal display experience.
Q: What happens to display settings when I connect to my WorkSpace from a different desktop?
A: When you connect from a different desktop computer, the display settings of that computer will take precedence to deliver an optimal display experience.
Q: Will the iPad and Android applications support keyboard and mouse input?
A: The Android client supports both keyboard and mouse input. The iPad client supports keyboard and Bluetooth mouse inputs. While we expect most popular keyboard and mouse devices to work correctly, there may be devices that may not be compatible. If you are interested in support for a particular device, let us know via the AWS re:Post.
Q: Can I access WorkSpaces through a web browser?
A: Yes, you can use WorkSpaces Web Access to log in to your WorkSpace with Windows through Chrome or Firefox web browsers with PCoIP WorkSpaces, and through any Chromium-based web browser with WSP WorkSpaces. You do not need to install any software, and you can connect from any network that can access the public Internet. To get started, your WorkSpaces admin needs to enable Web Access from the AWS Console in the WorkSpaces Directory Details – Access Control Options section. Once these steps are complete, to access your WorkSpace through a browser, simply visit the Amazon WorkSpaces Web Access page using a supported browser and enter your WorkSpaces registration code and then login to the WorkSpace with your username and password.
See our documentation on Web Access for more information.
Q: How does billing work for Amazon WorkSpaces?
A: You can pay for WorkSpaces either by the hour, or by the month. You only pay for the WorkSpaces you launch, and there are no upfront fees and no term commitments. The fees for using WorkSpaces include use of both the infrastructure (compute, storage, and bandwidth for streaming the desktop experience to the user) and the software applications listed in the bundle.
Q: How much does an Amazon WorkSpace cost?
A: See our pricing page for the latest information.
Q: Can I pay for my Amazon WorkSpaces by the hour?
A: Yes, you can pay for your Amazon WorkSpaces by the hour. Hourly pricing is available for all WorkSpaces bundles, and in all AWS regions where Amazon WorkSpaces is offered.
Q: How does hourly pricing work for Amazon WorkSpaces?
A: Hourly pricing has two components: an hourly usage fee, and a low monthly fee for fixed infrastructure costs.
Q: Can I use tags to obtain usage and cost details for Amazon WorkSpaces on my AWS monthly billing report?
A: Yes. By setting tags to appear on your monthly Cost Allocation Report, your AWS monthly bill will also include those tags. You can then easily track costs according to your needs. To do this, first assign tags to your Amazon WorkSpaces by following the steps listed on this web page: Tagging WorkSpaces. Next, select the tag keys to include in your cost allocation report by following the steps listed on this web page: Setting Up Your Monthly Cost Allocation Report.
Q: Are there any costs associated with tagging Amazon WorkSpaces?
A: There are no additional costs when using tags with your Amazon WorkSpaces.
Q: What are the requirements for schools, universities, and public institutions to reduce their WorkSpaces licensing?
A: Schools, universities, and public institutions may qualify for reduced WorkSpaces licensing fees. Reference Microsoft Licensing Documents for qualification requirements. If you think you may qualify, create a case with the AWS support center here. Select Regarding: , Service: , Category: , and enter the required info. We will review your information and work with you to reduce your fees and costs.
Q: What do I need to provide to qualify as a school, university, or public institution?
A: You will need to provide AWS your institution's full legal name, principle office address, and public website URL. AWS will use this information to qualify you for reduced user fees for qualified educational institutions with your WorkSpaces. Note that the use of Microsoft software is subject to Microsoft’s terms. You are responsible for complying with Microsoft licensing. If you have questions about your licensing or rights to Microsoft software, consult your legal team, Microsoft, or your Microsoft reseller. You agree that we may provide the information to Microsoft in order to apply educational pricing to your Amazon WorkSpaces usage.
Q: Does qualification for Amazon WorkSpaces reduced user fees affect other AWS cloud services?
A: No, your user fees are specific to Amazon WorkSpaces, and do not affect any other AWS cloud services or licenses you have.
Q: What is the network bandwidth that I need to use my Amazon WorkSpace?
A: The bandwidth needed to use your WorkSpace depends on what you're doing on your WorkSpace. For general office productivity use, we recommend that a bandwidth download speed of between 300Kbps up and 1Mbps. For graphics intensive work we recommend bandwidth download speeds of 3Mbps.
Q: What is the maximum network latency recommended while accessing a WorkSpace?
A: For PCoIP, the maximum round trip latency recommendation is 250 ms, but the best user experience will be achieved at less than 100 ms. When the RTT exceeds 375ms, the WorkSpaces client connection is terminated. For Amazon DCV, the best user experience will be achieved with round trip latency below 250ms. If the RTT is between 250ms and 400ms, the user can access the WorkSpace, but performance is degraded.
Q: Can I use an HTTPS proxy to connect to my Amazon WorkSpaces?
A: Yes, you can configure a WorkSpaces Client app to use an HTTPS proxy. See our documentation for more information.
Q: Can I connect Amazon WorkSpaces to my VPC?
A: Yes. The first time you connect to the WorkSpaces Management Console, you can choose an easy ‘getting started’ link that will create a new VPC and two associated subnets for you as well as an Internet Gateway and a directory to contain your users. If you choose to access the console directly, you can choose which of your VPCs your WorkSpaces will connect to. If you have a VPC with a VPN connection back to your on-premises network, then your WorkSpaces will be able to communicate with your on-premises network (you retain the usual control you have over network access within your VPC using all of the normal configuration options such as security groups, network ACLS, and routing tables).
Q: Will my Amazon WorkSpaces be able to connect to the Internet to browse websites and download applications?
A: Yes. You have full control over how your Amazon WorkSpaces connect to the Internet based on regular VPC configuration. Depending on what your requirements are you can either deploy a NAT instance for Internet access, assign an Elastic IP Address (EIP) to the Elastic Network Interface (ENI) associated with the WorkSpace, or your WorkSpaces can access the Internet by utilizing the connection back to your on-premises network.
Q: Can I use IPv6 addresses for my Amazon WorkSpaces bundles?
A: Yes. You can use IPv6 addresses for Value, Standard, Performance, Power, PowerPro, GraphicsPro, Graphics.g4dn, and GraphicsPro.g4dn bundles.
Q: Can my Amazon WorkSpaces connect to my applications that are running in Amazon EC2 such as a file server?
A: Yes. Your WorkSpaces can connect to applications such as a fileserver running in Amazon EC2. All you need to do is ensure appropriate route table entries, security groups and network ACLs are configured so that the WorkSpaces can reach the EC2 resources you would like them to be able to connect to.
Q: Am I eligible to take advantage of the Amazon WorkSpaces Free Tier offer?
A: The Amazon WorkSpaces Free Tier offer is available to new or existing AWS customers that have not previously used WorkSpaces. Customers must be a new Amazon customer for WorkSpaces and have an account that is not under an AWS Partner account.
Q: What is included with the Amazon WorkSpaces Free Tier?
A: Refer to the WorkSpaces pricing page for the latest information.
Q: What is the duration of the Amazon WorkSpaces Free Tier?
A: The Free Tier offer starts when you launch your first Amazon WorkSpace, and expires after three billing cycles. For example, if you launched your first WorkSpace on the 15th of the month, the Free Tier offer extends to the end of the month after next. Limited-time promotion offers might be offered via the Free Tier, refer to the WorkSpaces pricing page for the latest information.
Q: If I use less than 40 hours in my first month of Free Tier use, do the remaining hours roll over to the next month?
A: The Amazon WorkSpaces Free Tier allows you to use a combined total of 40 hours per month. Unused hours expire when the new calendar month starts. Limited-time promotion offers might be offered via the Free Tier, refer to the WorkSpaces pricing page for the latest information.
Q: What happens if I use my WorkSpaces for more than 40 hours in a calendar month during the Free Tier period?
A: In the event you exceed 40 hours of use in a month during the Free Tier period, you are billed at the current hourly rate for Amazon WorkSpaces. Limited-time promotion offers might be offered via the Free Tier, refer to the WorkSpaces pricing page for the latest information.
Q: What happens if I convert my Amazon WorkSpaces from AutoStop (hourly billing) to AlwaysOn (monthly billing) before my Free Tier period expires?
A: To qualify for the Free Tier, your Amazon WorkSpaces need to run in the AutoStop running mode. You can change the running mode of your WorkSpaces to AlwaysOn, but this action converts your WorkSpaces to monthly billing, and your Free Tier period will end.
Q: Hourly billing for Amazon WorkSpaces includes a fee for hours used, and a monthly infrastructure cost. Is the monthly infrastructure cost waived during the Amazon WorkSpaces Free Tier?
A: The monthly infrastructure fee for Amazon WorkSpaces is waived for Free Tier use.
Q: What happens when my Amazon WorkSpaces Free Tier period ends?
A: When your Free Tier period ends, your Amazon WorkSpaces will be billed at the current hourly rate. In addition, the monthly infrastructure fee will start to apply. For current rates, see Amazon WorkSpaces Pricing.
Q: How can I track my Amazon WorkSpaces Free Tier usage?
A: To track your Amazon WorkSpaces usage, go to the My Account page in the AWS management console and see your current and past activity by service, and region. You can also download usage reports. For more information, see Understanding Your Usage with Billing Reports.
Q: Can I print from my Amazon WorkSpaces?
A: Yes, Amazon WorkSpaces with Windows, Ubuntu, and Red Hat Enterprise Linux support local printers, network printers, and cloud printing services. Amazon WorkSpaces with Amazon Linux 2 support network printers, and cloud printing services. For more information, reference our documentation on printing from the client.
Q: Can I copy and paste between my Amazon WorkSpaces and my client computer?
You can copy and paste text, but not files, between Amazon WorkSpaces and your client computer.
Q: How do I manage printer and clipboard redirection for my Amazon WorkSpaces?
A: By default, local printer auto-redirection and clipboard redirection are enabled. If you would like to disable one or both of them, the steps vary depending on which type of WorkSpaces you have.
- Windows WorkSpaces Personal: Use Group Policy. Refer to our documentation on Managing Windows WorkSpaces for more information.
- Amazon Linux 2 WorkSpaces Personal: Modify the configuration files on your WorkSpaces. Refer to our documentation on Managing Amazon Linux WorkSpaces for more information.
- Ubuntu WorkSpaces Personal: Modify the configuration files on your WorkSpaces. Refer to our documentation on Managing Ubuntu WorkSpaces for more information.
- Red Hat Enterprise Linux WorkSpaces Personal: Modify the configuration files on your WorkSpaces. Refer to our documentation on Managing Red Hat Enterprise Linux WorkSpaces for more information.
- WorkSpaces Pool: Change the settings on your WorkSpaces Pool Directory, which will alter the settings for the entire pool at once. Refer to our documentation on WorkSpaces Pools Directory configurations for more information.
Q: Can I use my Amazon WorkSpace with a cloud printing service?
A: You can use cloud printing services with your WorkSpace including, but not limited to, Cortado ThinPrint®.
Q: Can I print from my tablet or Chromebook?
A: The Amazon WorkSpaces clients for tablets and Android-compatible ChromeOS devices support cloud printing services including, but not limited to, Cortado ThinPrint®. Local and network printing are not currently supported.
Q: What is a remote display protocol and why is it important for WorkSpaces?
A: The remote display protocol is one of the technologies that enables WorkSpaces to deliver a fully managed, high-performance virtual desktops experience. The display protocol host agent runs on the hosted desktops. Based on factors such as desktop contents, CPU/GPU characteristics, and network performance, the display protocol selects the optimal combination of compression/decompression algorithms (codecs) to encode a rendering of the desktop and transmit it as a pixel stream to the WorkSpaces client application running on the user's device. In addition to delivering a high-quality pixel stream, the remote display protocol is key in supporting the various operating systems offered for WorkSpaces, as well as enabling all in-session features, such as copy/paste, printing, and smart-card redirection.
WorkSpaces Personal
Q: What operating systems does WorkSpaces Personal support?
A: WorkSpaces Personal supports the following operating systems:
- Provided by AWS: Windows Server 2016, Windows Server 2019, Windows Server 2022, Amazon Linux 2, Ubuntu 22.04, and Red Hat Enterprise Linux 8
- Bring Your Own License: Windows 10 and Windows 11. See our BYOL documentation to see the current supported versions information.
Q: How is WorkSpaces Personal billed?
A: WorkSpaces Personal offers two pricing options, which can be changed at any time. AlwaysOn virtual desktops are billed at a predictable, flat monthly rate for unlimited usage and provide instant access for users who use the service as their primary desktop. AutoStop hourly metering stops billing when a virtual desktop is not in use, preserving the state of apps and data, and resumes automatically when users sign on. Billing for AutoStop virtual desktops includes a low monthly base fee and an hourly fee when the instance is in use. See the WorkSpaces Pricing page for more detail.
Q: What hardware options does Amazon WorkSpaces Personal offer?
A: Amazon WorkSpaces Personal offers a variety of hardware options, including GPU options. For more information on the options and the workloads they are appropriate for, see our bundle documentation.
Q: Can I change the hardware type of WorkSpaces Personal after deployment?
A: Yes, you can alter the compute type configuration of a WorkSpace after it is deployed. See our Modify a WorkSpace documentation for more information.
Q: Can I increase the size of my Amazon WorkSpaces Personal storage volumes?
A: Yes. You can increase the size of the root and user volumes attached to your WorkSpaces Personal at any time. For more information, see our documentation on Modifying WorkSpaces.
Q: Can I decrease the size of the storage volumes?
A: No. To ensure that your data is preserved, the volume sizes of either volume cannot be reduced after a WorkSpace is launched.
Q: How do I get charged if I change storage size or hardware bundle during a month?
A: For either change, you get charged the monthly price for AlwaysOn or the monthly fee for AutoStop WorkSpaces prorated on a per-day basis.
For example, if you increase the volume on the 10th of a month on an AlwaysOn Power WorkSpace with 175 GB, and 100 GB for root and user volumes respectively, you are charged $78.00 for the Power WorkSpace and $11.60 for 20 days of additional 175 GB at $0.10/GB-month (in us-east-1). Similarly, switching a bundle—for example, from Value to Standard—on the 15th of a month results in 15 days of Value WorkSpaces charge ($12.50 in US-East-1) and 15 days of Standard WorkSpaces charge ($17.50 in US-East-1).
Q: How often can I increase volume sizes or change hardware bundles with WorkSpaces Personal?
A: You can increase volume sizes or change a WorkSpace to a larger hardware bundle once in a 6-hour period. You can also change to a smaller hardware bundle once in a 30-day period. For a newly launched WorkSpace, you must wait 6 hours before requesting a larger bundle.
For example, if you increase the root and user volume of a Standard WorkSpace on 5th Dec at 11:00 AM and change it to Performance WorkSpace at the same time, on 5th Dec at 4:00 PM, you can again increase the root and user volume, and change the hardware bundle. If you change the Performance WorkSpace to a Standard WorkSpace on 6th Dec at 12:00 and want to go to a further smaller bundle (Value), you would be able to make this change on 6th Jan at 12:00.
Q: What is WorkSpaces Migration?
A: WorkSpaces Migration allows you to move WorkSpaces Personal end users to a new operating system or baseline custom image without losing user profile data. For more information, see our documentation on migration.
Q: What data can I retain after a WorkSpaces migration?
A: All data in the latest snapshot of the original user volume will be retained. For a Windows WorkSpace, the D drive data captured by the latest snapshot will be retained after migration and the C drive will be newly created from the target bundle image. In addition, migrate attempts to move data from the old user profile to the new one. Data that cannot be moved to the new profile will be preserved in a .notMigrated folder. For more information, refer to the documentation.
Q: Can I move an existing WorkSpaces Personal instance from a public bundle to a custom bundle?
A: Yes. The WorkSpaces migrate function allows you to replace your WorkSpaces instance root volume with a base image from another bundle. Migrate will recreate the WorkSpace using a new root volume from the target bundle image, and the user volume from the latest original user volume snapshot. For detailed information about migrate, refer to the documentation.
Q: What happens if I rebuild my WorkSpace after migrate?
A: Migrate associates your WorkSpace with a new bundle. A rebuild after migration will use the newly associated bundle to generate the root volume.
Q: What is the difference between a bundle and an image?
A: An image contains only the OS, software and settings. A bundle is a combination of both that image and the hardware from which a WorkSpace can be launched. See our documentation for more an overview on images and bundles. Bundles are only used with WorkSpaces Personal and do not apply to WorkSpaces Pools.
Q: Can I update the image in an existing bundle?
A: Yes. You can update an existing bundle with a new image that contains the same tier of software (for example, containing the Plus software) as the original image. See our documentation for more information.
Q: Does the Amazon WorkSpaces Personal service have maintenance windows?
A: Yes. Amazon WorkSpaces enables maintenance windows for both AlwaysOn and AutoStop WorkSpaces by default. For AlwaysOn (monthly) WorkSpaces, the maintenance schedule is controlled by the OS settings on the WorkSpace. The default maintenance window is a four-hour period from 00h00 – 04h00 (this time window is based on the time zone settings you have set for your Amazon WorkSpaces) each Sunday morning. During this time your WorkSpaces may not be available. For AutoStop (hourly) WorkSpaces, the default maintenance window is typically from 00h00 to 05h00 everyday starting on the 3rd Monday of the month in the time zone of the WorkSpaces AWS region. The Maintenance window might take up to two weeks. WorkSpaces can be maintained on any day in the maintenance window. You can set the Maintenance mode for AutoStop WorkSpaces in the WorkSpaces management console. For more information see Manage the WorkSpace Running Mode. The maintenance window for AutoStop WorkSpaces is currently not configurable.
Q: Can I opt out of maintenance windows for my WorkSpaces Personal?
A: It is highly recommended to keep your WorkSpaces maintained regularly. If you want to run your own WorkSpaces maintenance schedule, it is possible to opt out of the service default maintenance windows for Windows WorkSpaces. For AutoStop (hourly) WorkSpaces, you can disable the Maintenance mode on the console. For AlwaysOn Windows WorkSpaces, the maintenance window is controlled by the system settings and can be configured via Automatic Updates GPO settings. Currently, you cannot opt out of the maintenance windows for AlwaysOn Amazon Linux Ubuntu , and Red Hat Enterprise Linux WorkSpaces.
Q: Does WorkSpaces Personal require software updates?
A: WorkSpaces Personal provides users with Linux and Windows cloud desktops. The underlying OS, and any applications installed in the WorkSpace may need updates.
Q: How will Amazon WorkSpaces Personal be patched with software updates?
A: By default, your Amazon WorkSpaces are configured to install software updates. Amazon Linux and Ubuntu WorkSpaces will be updated to install the latest security and software patches, and Amazon WorkSpaces with Windows have Windows Updates turned on. Updates to Applications installed via Manage applications are included as part of your regular Windows Updates. You can customize these settings, or use an alternative patch management approach. Updates are installed at 2am each Sunday. You are responsible to update any 3rd party application that you have installed on your WorkSpaces.
Q: What action is needed to receive updates for WorkSpaces Personal?
A: No action is needed on your part. Updates are delivered automatically to your WorkSpaces during the maintenance window. During the maintenance window, your WorkSpaces may not be available.
Q: Can I turn off the software updates for WorkSpaces Personal?
A: No. The Amazon WorkSpaces service requires these updates to be provided to ensure normal operation of your users’ WorkSpaces.
Q: I don’t want to have Windows automatically update WorkSpaces Personal. How can I control updates and ensure they are tested in advance?
A: You have full control over the Windows update configuration in your WorkSpaces, and can use Active Directory Group Policy to configure this to meet your exact requirements. If you would like to have advance notice of patches so you can plan appropriately we recommend you refer to Microsoft Security Bulletin Advance Notification for more information.
Q: How are updates for applications on WorkSpaces Personal provided?
A: Amazon WorkSpaces running Amazon Linux 2, Ubuntu, and Red Hat Enterprise Linux are updated via pre-configured software repositories repositories hosted in each WorkSpaces region. Updates are automatically installed. Patches and updates requiring a reboot are installed during our weekly maintenance window. For all other applications, updates can be delivered via the automatic update service for each application if one is available. For applications without an automatic update service, you will need to evaluate the software vendor’s recommended updating approach and follow that if necessary.
Q: How do I manage WorkSpaces Personal?
A: The AWS Console lets you provision, restart, rebuild, restore, and delete WorkSpaces. To manage the underlying OS for the WorkSpaces, you can use standard Microsoft Active Directory tools such as Group Policy or your choice of Linux orchestration tools to manage the WorkSpaces. In the case when you have integrated WorkSpaces with an existing Active Directory domain, you can manage your WorkSpaces using the same tools and techniques you are using for your existing on-premises desktops. If you have not integrated with an existing Active Directory, you can set up a Directory Administration WorkSpace to perform management tasks. See the documentation for more information. You can also give WorkSpaces users the ability to perform common tasks on their own by enabling self-service management. Once enabled, WorkSpaces users can do things like restart, rebuild, restore, increase volume size, change compute type, and change running mode directly from the WorkSpaces client with no IT or helpdesk intervention.
Q: Can I use tags to categorize WorkSpaces Personal resources?
A: Yes, you can assign tags to existing WorkSpaces resources including WorkSpaces, directories registered with WorkSpaces, images, custom bundles, and IP Access Control Groups. You can also assign tags during the creation of new WorkSpaces and new IP Access Control Groups. You can assign up to 50 tags (key/value pairs) to each WorkSpaces resource using the AWS Management Console, the AWS Command Line Interface, or the Amazon WorkSpaces API. To learn more about assigning tags to your Amazon WorkSpaces resources, follow the steps listed on this web page: Tag WorkSpaces Resources.
Q: Can I control whether my users can access Amazon WorkSpaces Personal Web Access?
A: Yes. You can use the AWS Console to control whether Amazon WorkSpaces in your directory can be accessed using Web Access, by visit the directory details page. Note: this setting can only be applied to all WorkSpaces in a directory, not at an individual Amazon WorkSpace level.
Q: What is the difference between restarting and rebuilding a WorkSpace?
A: A restart is just the same as a regular operating system (OS) reboot. A rebuild will retain the user volume on the WorkSpace but will return the WorkSpace to its original state (any changes made to the system drive will not be retained).
Q: What is the difference between WorkSpaces Rebuild and Restore?
A: A rebuild will retain the user volume on the WorkSpace but will return the WorkSpace to its original state (any changes made to the system drive will not be retained). A restore will retain both the root and user volumes on the WorkSpace but will return the WorkSpace to the last healthy state as detected by the service.
Q: How do I remove an WorkSpace I no longer require?
A: To remove a WorkSpace you no longer require, you can “delete” the Workspace. This will remove the underlying instance supporting the WorkSpace and it will no longer exist. Deleting a WorkSpace will also remove any data stored on the volumes attached to the WorkSpace, so confirm you have saved any data you must keep prior to deleting a WorkSpace.
Q: Can I provide more than one WorkSpace per user?
A: No. You can currently only provide one WorkSpace for each user.
Q: How many WorkSpaces can I launch?
A: You can launch as many WorkSpaces as you need. WorkSpaces sets default limits, but you can request an increase in these limits here. To see the default limits for WorkSpaces, visit our documentation.
Q: What happens if a user forgets the password to access WorkSpace?
A: If either AD Connector or AWS Microsoft AD is used to integrate with an existing Active Directory domain, the user would follow your existing lost password process for your domain, such as contacting an internal helpdesk. If the user is using credentials stored in a directory managed by the WorkSpaces service, they can reset their password by clicking on the “Forgot Password” link in the Amazon WorkSpaces client application.
Q: How do I remove a user’s access to their WorkSpace?
A: To remove a user’s access to their WorkSpace, you can disable their account either in the directory managed by the WorkSpaces service, or in an existing Active Directory that you have integrated the WorkSpaces service with.
Q: How do I remove a user’s access to their WorkSpace?
A: To remove a user’s access to their WorkSpace, you can disable their account either in the directory managed by the WorkSpaces service, or in an existing Active Directory that you have integrated the WorkSpaces service with.
Q: Does WorkSpaces Personal support Microsoft Entra ID and Intune?
A: Yes. WorkSpaces Personal supports AD and non-AD domain joined virtual desktops. To use Entra ID for identity management, AWS IAM Identity Center (IdC) acts as an identity broker to ensure user identity data automatically remains synchronized between AWS and cloud-based identity providers like Entra ID. WorkSpaces Personal also natively supports Intune. Leveraging Windows Autopilot, Windows 10 and 11 virtual desktops are automatically enrolled to Intune during provisioning and later joined to Entra ID.
Q: What is an IP Access Control Group?
A: An IP Access Control Group is a feature that lets you specify trusted IP addresses that are permitted to access your WorkSpaces. An Access Control group is made up of a set of rules, each rule specifies a specific permitted IP address or range of addresses. you can create up to 25 IP Access Control groups with up to 10 rules per group specifying the IP addresses or IP ranges accessible to your Amazon WorkSpaces.
Q: Can I implement IP address-based access controls for WorkSpaces?
A: Yes. With this feature you can create up to 25 IP Access Control groups with up to 10 rules per group specifying the IP addresses or IP ranges accessible to your Amazon WorkSpaces.
Q: How can I implement IP address-based access controls?
A: See IP Access Control Groups for details.
Q: Can IP address-based access controls be used with all WorkSpaces clients?
A: Yes. This feature can be used with the macOS, iPad, Windows desktop, Android tablet, and Web Access. This feature also supports zero clients using MFA.
Q: Are there any scenarios where IP address not on the allowed-list could access a WorkSpace?
A: Yes. The initial connection would require an IP address on the allowed list. If Web Access is enabled when accessing WorkSpaces through the Web Access client, if the approved IP address changes to an unapproved IP address, after the user’s credentials are validated and before the WorkSpaces session begins to launch, that unapproved IP address would be able to access a WorkSpace.
Q: Which Zero Client configurations are compatible with the IP Based Access Controls feature?
A: Zero Clients using MFA can be used with IP Based Access Controls, along with any compatible Zero Clients which do not use PCoIP Connection Manager to connect to WorkSpaces. Any connections through PCoIP Connection Manager will not be able to access WorkSpaces if IP Based Access Controls are enabled.
Q: Can I customize the login workflow for my end users' login experience?
A: WorkSpaces supports the use of the URI (uniform resource identifier) WorkSpaces:// to open the WorkSpaces client and optionally enter the registration code, user name, and/or multi-factor authentication (MFA) code (if MFA is used by your organization).
Q: How do I enable URI?
A: You can create your unique URI links by following the WorkSpaces URI formatting documented in Customize How Users Log in to their WorkSpaces in the Amazon WorkSpaces Administration Guide. By providing these links to users, you enable them to use the URI on any device that has the WorkSpaces client installed. URI links can contain human-readable sensitive information if you choose to include the registration code, user name, and/or MFA information, so take precautions with how and whom you share URI information.
Q: Can I control the client devices that access WorkSpaces Personal?
A: Yes. You can restrict access to WorkSpaces based on the client OS type, and using digital certificates. You can choose to block or allow macOS, Microsoft Windows, Linux, iPadOS, Android, ChromeOS, zero client, and the WorkSpaces Web Access client.
Q: Does WorkSpaces Personal support encryption?
A: Yes. WorkSpaces supports root volume and user volume encryption. WorkSpaces uses EBS volumes that can be encrypted on creation of a WorkSpace, providing encryption for data stored at rest, disk I/O to the volume, and snapshots created from the volume. WorkSpaces integrates with the AWS KMS service to allow you to specify the keys you want to use to encrypt the volumes. For more information, see our documentation on encrypted WorkSpaces.
Q: Is there a charge for encrypting volumes on WorkSpaces?
A: There is no additional charge for encrypting volumes on WorkSpaces, however you will have to pay standard AWS KMS charges for KMS API requests and any custom CMKs that are used to encrypt WorkSpaces. see AWS KMS pricing here. Note that the Amazon WorkSpaces services makes a maximum of five API calls to the KMS service upon launching, restarting or rebuilding a single WorkSpace.
Q: How will I be able to tell which WorkSpaces Personal instances are encrypted and which ones are not?
A: You will be able to see if a WorkSpace is encrypted or not from the AWS Management Console or using the Amazon WorkSpaces API. In addition to that, you will also be able to tell which volume(s) on the WorkSpace were encrypted, and the key ARN that was used to encrypt the WorkSpace. For example, the DescribeWorkSpaces API call will return information about which volumes (user and/or root) are encrypted and the key ARN that was used to encrypt the WorkSpace.
Q: Can I enable encryption of volumes running on WorkSpaces Personal?
A: Encryption of WorkSpaces is only supported during the creation and launch of a WorkSpace.
Q: Is it possible to disable encryption for a running WorkSpaces Personal instance?
A: WorkSpaces does not support disabling encryption for a running WorkSpace. Once a WorkSpace is launched with encryption enabled, it will always remain encrypted.
Q: What is a PCoIP Zero Client?
A: A PC-over-IP (PCoIP) Zero Client is a single-purpose hardware device that can enable access to WorkSpaces. Zero Clients include hardware optimization specifically for the PCoIP protocol, and are designed to require very little administration.
Q: Can I use PCoIP Zero Clients with WorkSpaces Personal?
A: You can use Amazon WorkSpaces Personal with PCoIP Zero Clients. PCoIP Zero Clients will only work with PCoIP WorkSpaces, they will not work with WSP WorkSpaces. For more information reference Teradici's website.
Q: What are the prerequisites for setting up a PCoIP Zero Client?
A: Zero Clients should be updated to firmware version 4.6.0 (or newer). The WorkSpace will need to be using the PCoIP protocol, WSP protocol does not support PCoIP Zero Clients. You will need to run the PCoIP Connection Manager to enable the clients to successfully connect to Amazon WorkSpaces. Consult the Amazon WorkSpaces documentation for a step by step guide on how to properly setup the PCoIP Connection Manager, and for help on how to find and install the necessary firmware required for your Zero Clients.
Q: Will WorkSpace Personal running in AutoStop mode preserve the state of applications and data when it stops?
A: WorkSpaces Personal preserves the data and state of your applications when stopped. On reconnect, your WorkSpace will resume with all open documents and running programs intact. AutoStop Graphics.g4dn, GraphicsPro.g4dn, Graphics, and GraphicsPro WorkSpaces do not preserve the state of data and programs when they stop. For these Autostop WorkSpaces, we recommend saving your work when you’re done using them each time.
Q: How do I resume my WorkSpace Personal session after it stops?
A: By logging into WorkSpaces from the Amazon WorkSpaces client application, the service will automatically restart your WorkSpace. When you first attempt to log in, the client application will notify you that your WorkSpace was previously stopped, and that your new session will start once your WorkSpace has resumed.
Q: How long does it take for my WorkSpace to be available once I attempt to log in?
A: If your WorkSpace has not yet stopped, your connection is almost instantaneous. If you WorkSpace has already stopped, in most cases it will be available within two minutes. For BYOL AutoStop WorkSpaces, a large number of concurrent logins could result in significantly increased time for a WorkSpace to be available. If you expect many users to log into your BYOL AutoStop WorkSpaces at the same time, please consult your account manager for advice.
Q: How do I optimize audio quality for Amazon Connect?
A: Audio optimization with Connect is available on the WorkSpaces directory level. The feature enables customers to offload the CCP (Contact Control Panel) audio traffic from WorkSpaces streaming to local endpoint processing, which addresses audio quality issues related to suboptimal network conditions.
Q: How do I get started with hourly billing for WorkSpaces Personal?
A: To launch a WorkSpace to be billed hourly, simply select a user, choose an WorkSpaces bundle (a configuration of compute resources and storage space), and specify the AutoStop running mode. When your Amazon WorkSpace is created, it will be billed hourly.
Q: What is the difference between monthly pricing and hourly pricing for WorkSpaces Personal?
A: With monthly billing, you pay a fixed monthly fee for unlimited usage and instant access to a running Amazon WorkSpace at all times. Hourly pricing allows you to pay for your Amazon WorkSpaces by the hour and save money on your AWS bill when your users only need part-time access to their Amazon WorkSpaces. When WorkSpaces being billed hourly are not being used, they automatically stop after a specified period of inactivity, and hourly usage metering is suspended.
Q: How do I select hourly billing or monthly billing for my Amazon WorkSpaces Personal?
A: Amazon WorkSpaces operates in two running modes – AutoStop and AlwaysOn. The AlwaysOn running mode is used when paying a fixed monthly fee for unlimited usage of your Amazon WorkSpaces. This is best when your users need high availability and instant access to their desktops, especially when many users need to log into WorkSpaces around the same time. The AutoStop running mode allows you to pay for your Amazon WorkSpaces by the hour. This running mode is best when your users can wait for around 2 minutes to start streaming desktops that have sporadic use. Consult AWS representative for more information about login concurrency and running modes. You can easily choose between monthly and hourly billing by selecting the running mode when you launch Amazon WorkSpaces through the AWS Management Console, the Amazon WorkSpaces APIs, or the Amazon WorkSpaces Command Line Interface. You can also switch between running modes for your Amazon WorkSpaces at any time.
Q: When do I incur charges for WorkSpace when paying by the hour?
A: Hourly usage fees start accruing as soon as WorkSpace is running. Your Amazon WorkSpace may resume in response to a login request from a user, or to perform routine maintenance.
Q: When do I stop incurring charges for WorkSpaces when paying by the hour?
A: Hourly usage charges are suspended when your WorkSpaces stop. AutoStop automatically stops your WorkSpaces for a specified period of time after users disconnect, or when scheduled maintenance is completed. The specified time period is configurable and is set to 60 minutes by default. Note that partial hours are billed as a full hour, and the monthly portion of hourly pricing does not suspend when your Amazon WorkSpaces stop.
Q: Can I force hourly charges to suspend sooner?
A: You can manually stop WorkSpaces from the AWS Management Console, or by using the WorkSpaces APIs. To stop the monthly fee associated with hourly WorkSpaces, you need to remove the Amazon WorkSpaces from your account (note: this also deletes all data stored in those Amazon WorkSpaces).
Q: Can I switch between hourly and monthly billing on WorkSpaces Personal?
A: Yes, you can switch from hourly to monthly billing for WorkSpaces Personal at any time by switching the running mode to AlwaysOn in the AWS Management Console, or through the WorkSpaces APIs. When you switch, billing immediately changes from hourly to monthly, and you are charged a prorated amount at the monthly rate for the remainder of the month for AlwaysON, along with the base monthly fee and hourly usage fees of AutoStop that have been already billed for the month. Your Amazon WorkSpaces will continue to be charged monthly unless you switch the running mode back to AutoStop. You can switch from monthly to hourly billing by setting the running mode to AutoStop in the AWS Management Console or through the WorkSpaces APIs. Switching from monthly to hourly billing will take effect the following month as you will have already paid for WorkSpaces for that month. Your Amazon WorkSpaces will continue to be charged hourly unless you switch the running mode back to AlwaysOn. Note that billing renewals happen at 00:00 UTC Time on the first of each month. WorkSpaces users can also switch between monthly and hourly billing directly from the WorkSpaces client if this self-service management capability is enabled by their WorkSpaces administrator.
Q: Can Amazon help me automatically optimize for the running mode that is the most cost efficient for my use case?
A: Yes. Amazon provides the Cost Optimizer for Amazon WorkSpaces, which analyzes usage data to determine the most cost-effective billing option. It outputs a daily report, and can optionally convert WorkSpaces to the most cost-effective billing option.
Q: If I don’t use WorkSpaces Personal for the full month, are the fees prorated?
A: If you’re paying for WorkSpaces monthly, your WorkSpaces are charged for the full month’s usage. If you’re paying hourly (AutoStop running mode), you are charged for the hours during which your Amazon WorkSpaces are running or undergoing maintenance, plus a monthly fee for fixed infrastructure costs. In both cases, the monthly fee is prorated in the first month only.
Q: Will I be charged the low monthly fee associated with hourly billing if I don’t use WorkSpaces Personal in a given month?
A: Yes, you will be charged a small monthly fee for the Amazon WorkSpaces bundle you selected. If you’ve chosen an Amazon WorkSpaces Plus bundle, you will be charged for the software subscription as well. You can find the monthly fees for all Amazon WorkSpaces on the pricing page here.
Q: How are the Plus software bundles charged when I pay hourly for WorkSpaces Personal?
A: Plus bundles are always charged monthly, even if you’re paying forWorkSpaces by the hour. If you selected a Plus bundle when you launched your WorkSpaces, you will incur the listed fee for the Plus software bundle even if you do not use those Amazon WorkSpaces in a particular month.
Q: Will I be able to monitor how many hours WorkSpaces has been running?
A: Yes, you will be able to monitor the total number of hours WorkSpaces has been running in a given period of time through the CloudWatch “UserConnected” metric.
Q: Can I connect to my existing Active Directory with WorkSpaces Personal?
A: Yes. You can use AD Connector to proxy Active Directory authentication requests to your existing Active Directory. For more information, see the AD Connector documentation. When you use the Small size of AD Connector, it is free when at least 1 WorkSpace is associated to it in a given billing cycle. When you use the Large size of AD Connector, it is free with at least 100 WorkSpaces associated to in a given billing cycle. For more information on this, see the note about Amazon WorkSpaces on the Other Directories pricing page for AWS Directory Services. You can also use AWS Managed Microsoft AD to integrate with your existing on-premises Active Directory with a forest trust relationship. For more information, see our trust documentation for Microsoft Managed AD.
Q: Do I need to set up a directory to use WorkSpaces Personal?
A: Each user you provision a WorkSpace Personal for needs to exist in a directory, but you do not have to provision a directory yourself. You can either have the WorkSpaces service create and manage a directory for you and have users in that directory created when you provision a WorkSpace. Alternatively, you can integrate WorkSpaces with an existing, on-premises Active Directory so that users can continue to use their existing credentials meaning that they can get seamless applications to existing applications.
Q: If I use an AWS Directory Service directory that WorkSpaces creates for me, can I configure or customize it?
A: Yes. See our documentation for more details.
Q: What happens to my directory when I remove all of my WorkSpaces Personal instances?
A: You may keep your AWS directory in the cloud and use it to domain join EC2 instances or provide directory users access to the AWS Management Console. You may also delete your directory. If there are no WorkSpaces being used with your Simple AD or AD Connector for 30 consecutive days, this directory will be automatically deregistered for use with Amazon WorkSpaces, and you will be charged for this directory as per the AWS Directory Service pricing terms. If you delete your Simple AD or AD Connector you can always create a new one when you want to start using WorkSpaces again.
Q: What does CloudWatch monitor for WorkSpaces Personal?
A: Amazon WorkSpaces is integrated with both CloudWatch Metrics and CloudWatch Events.
You can use Amazon CloudWatch Metrics to review health and connection metrics for individual WorkSpaces and all WorkSpaces belonging to a directory. You can set up CloudWatch Alarms on these metrics to be alerted about changes to WorkSpaces health, or about issues your users may have connecting to their WorkSpaces.
You can use CloudWatch Events to view, search, download, archive, analyze, and respond to successful WorkSpace logins. Amazon WorkSpaces client applications send WorkSpaces Access events to CloudWatch Events when a user successfully logs in to a WorkSpace. All Amazon WorkSpaces client applications send these events.
Q: Will I be able to monitor how many hours WorkSpaces has been running?
A: Yes, you will be able to monitor the total number hours your WorkSpaces have been running in a given period of time through CloudWatch “UserConnected” metric.
Q: In what Regions can I use WorkSpaces Personal with CloudWatch Metrics?
A: CloudWatch Metrics are available with WorkSpaces in all AWS regions where WorkSpaces is available.
Q: What does CloudWatch Metrics cost?
A: There is no additional cost for using CloudWatch Metrics with WorkSpaces via the CloudWatch console. There may be additional charges for setting up CloudWatch Alarms and retrieving CloudWatch Metrics via APIs. See CloudWatch pricing for more information.
Q: How do I get started with CloudWatch Metrics for WorkSpaces?
A: CloudWatch Metrics are enabled by default for all your WorkSpaces. Visit the AWS Management Console to review the metrics and set up alarms.
Q: What metrics are supported for the WorkSpaces client application and PCOIP Zero Clients?
A: See the documentation for more information on CloudWatch metrics with WorkSpaces.
- Q: What metrics are supported for WorkSpaces instances?
A: The following metrics are currently supported for reporting on Amazon WorkSpaces usage: - Available
- Unhealthy
- ConnectionAttempt
- ConnectionSuccess
- ConnectionFailure
- SessionLaunchTime
- InSessionLatency
- SessionDisconnect
- UserConnected
- Stopped
- Maintenance
- TrustedDeviceValidationAttempt
- TrustedDeviceValidationSuccess
- TrustedDeviceValidationFailure
- TrustedDeviceCertificateDaysBeforeExpiration
- CPUUsage
- MemoryUsage
- RootVolumeDiskUsage
- UserVolumeDiskUsage
- UDPPacketLossRate
- UpTime
See Monitor your WorkSpaces using CloudWatch metrics for more information.
Q: Is there a I should expect from metrics that are generated by Amazon WorkSpaces?
A: Yes. WorkSpaces sends metrics to CloudWatch every 5 minutes, with at least a delay of 15 minutes for Always On instances. If an Auto Stop WorkSpaces instance stops before this time, the generated metrics will be sent to CloudWatch as soon as that instance comes back on. So, Auto Stop WorkSpaces instances may take more time to be delivered.
Q: What CloudWatch events are generated by WorkSpaces?
A: Successful WorkSpace logins. Amazon WorkSpaces sends access event information to CloudWatch Events when a user successfully logs in to a WorkSpace from any WorkSpaces client application.
Q: How can I utilize CloudWatch Events with WorkSpaces?
A: You can use CloudWatch Events to view, search, download, archive, analyze, and respond based on rules that you configure. You can either use the AWS Console under CloudWatch to view and interact with CloudWatch Events or use services such as Lambda, ElasticSearch, Splunk and other partner solutions using Kinesis Streams or Firehose to take actions based on your event data. For storage, CloudWatch Events recommends using Kinesis to push data to S3. For more information on how to use CloudWatch Events, see the Amazon CloudWatch Events User Guide.
Q: What information is included in WorkSpaces Access Events?
A: Events are represented as JSON objects which include WAN IP address, WorkSpaces ID, Directory ID, Action Type (ex. Login), OS platform, Timestamp and a Success/Failure indicator for each successful login to WorkSpaces. See our documentation for more details here.
Q: What does CloudWatch Events cost?
A: There is no additional cost for using CloudWatch Events withWorkSpaces. You will be charged for any other services you use that take action based on CloudWatch Events, such as Amazon ElasticSearch, and AWS Lambda. This also includes other CloudWatch services such as CloudWatch Metrics, CloudWatch Logs, and CloudWatch Alarms if your usage surpasses the CloudWatch Free Tier limits. All of these services are integrated with and can be triggered from CloudWatch Events.
Q: What self-service management capabilities are available for WorkSpaces Personal?
A: You can choose to let users accomplish typical management tasks for their own WorkSpace, including restart, rebuild, change compute type, and change disk size. You can also let users switch from monthly to hourly billing (and back). You can choose to enable specific self-service management capabilities that suit your needs directly in the WorkSpaces Admin Console. For more information, see Enable self-service WorkSpace management capabilities for your users.
Q: How do I get started with self-service management capabilities for WorkSpaces Personal users?
A: Self-service management capabilities are enabled by default when you register a directory with WorkSpaces. You can choose to not enable them when you register a directory. You can modify specific self-service management capabilities from the WorkSpaces console. On the Directories page, select the directory you want to modify for self-service management. Next, select “Update Details” under the “Actions” menu. You can find all self-service management capabilities options under the “User Self Service Permissions” section. You can also use WorkSpaces APIs to modify self-service management capabilities.
Q: How do end users access self-service management capabilities?
A: Self-service management capabilities are available to users through the WorkSpaces client on Windows, Mac, Android, and ChromeOS devices supporting Android apps.
Q: Do I need to log into WorkSpaces to use self-service management capabilities?
A: Yes, you must authenticate to use any self-service management capabilities.
Q: Can I continue to use my WorkSpace while a self-service management actions is being performed?
A: You can continue to use your WorkSpace while disk size or running mode is being changed. Restarting, rebuilding, restoring, and changing compute type requires disconnecting from your WorkSpaces session.
Q: How much does it cost to use self-service management capabilities?
A: Self-service management capabilities are available at no additional cost. You can enable self-service management for tasks such as changing the WorkSpace bundle type, or increasing the volume size. When end users perform these tasks, the billing rate for those WorkSpaces may change.
Q: How do I get high availability with Amazon WorkSpaces Personal?
A: To reduce downtime from maintenance and disruptive events, deploy WorkSpaces Personal in multiple Regions, making sure that regional WorkSpaces maintenance schedules do not overlap. Use cross-Region redirection, so that you can direct users to WorkSpaces Regions not under maintenance. For more information on WorkSpaces cross-Region redirection, refer to Amazon WorkSpaces documentation.
Q: What is WorkSpaces Multi-Region Resilience?
A: Amazon WorkSpaces Multi-Region Resilience provides automated, redundant virtual desktop infrastructure in a secondary WorkSpaces Region and streamlines the process of redirecting users to the secondary Region when the primary Region is unreachable due to outages.
Q: How do I plan for disaster recovery for my WorkSpaces?
A: Use WorkSpaces Multi-Region Resilience with cross-Region redirection to deploy redundant virtual desktop infrastructure in a secondary WorkSpaces Region and design a cross-Region failover strategy in preparation for disruptive events. Leveraging Domain Name System(DNS) failover and health-check capabilities, WorkSpaces cross-Region redirection points your users to log into WorkSpaces in a disaster recovery Region when the primary WorkSpaces Region is not reachable. To learn more, refer Amazon WorkSpaces documentation on WorkSpaces Multi-Region Resilience and cross-Region redirection.
Q: How can I create standby WorkSpaces in a secondary WorkSpaces Region?
A: WorkSpaces standby configuration for Multi-Region Resilience automates the creation and maintenance of standby deployments. After setting up a user directory in your preferred secondary Region, simply select the WorkSpaces in your primary Region that you want to create standby WorkSpaces for, either through the AWS management console or the AWS SDK. The system will automatically provision standby WorkSpaces in your secondary Region, using the latest bundle of your primary WorkSpaces. By default, the system does not replicate the user volume (D drive) or the root volume (C drive) to the standby WorkSpaces. To do so, you need to enable data replication.
Q: Can I replicate data from my primary WorkSpaces to my standby WorkSpaces?
A: Yes. After you set up your standby WorkSpaces in the secondary Region, you can enable data replication to copy both the root volume (C drive) and the user volume (D drive) from your primary WorkSpaces to your standby WorkSpaces. The data replication is one-way. Once it is enabled, the system will replicate data from your primary AWS Region to the secondary AWS Region. To learn more, refer to Amazon WorkSpaces Multi-Region Resilience.
Q: Can I use Amazon WorkSpaces Multi-Region Resilience with cross-Region redirection?
A: Yes. Amazon WorkSpaces Multi-Region Resilience leverages the existing cross-Region redirection capabilities and streamlines the process of redirecting users to a secondary Region when their primary WorkSpaces Region is unreachable due to disruptive events. It does this without requiring users to switch the registration code when logging in to their standby WorkSpaces. You can use fully qualified domain name (FQDN) as Amazon WorkSpaces registration codes for your users. When an outage occurs in your primary Region, you can redirect users to the standby WorkSpaces in the secondary Region based on your Domain Name System (DNS) failover policies for the FQDN.
Q: How do I define my WorkSpaces’ primary Regions and backup Regions with cross-Region redirection?
A: You can define the Region priority by configuring routing policies for your FQDN on DNS. For more information, refer to Amazon WorkSpaces documentation.
Q: Will my old registration codes still work after I enable cross-Region redirection?
A: Yes. Old registration codes will keep working. Users can register with either old registration codes or fully qualified domain names (FQDN). Cross-Region redirection only works when end users register with FQDNs.
Q: Can I use internal domain names for cross-Region redirection?
A: Yes. WorkSpaces cross-Region redirection works with both public domain names and domain names in private DNS zones. If your end users use private FQDNs from the public internet, the WorkSpaces clients will return errors reporting invalid registration codes.
Q: What AWS Regions have the WorkSpaces cross-Region redirection support?
A: WorkSpaces cross-Region redirection works in all AWS Regions where Amazon WorkSpaces is available except AWS GovCloud and China Regions.
Q: What client types support WorkSpaces cross-Region redirection?
A: Windows, macOS, and Linux WorkSpaces clients support cross-Region redirection.
Q: How do I plan for disaster recovery for my WorkSpaces?
A: Use WorkSpaces Multi-Region Resilience ** with cross-Region redirection to deploy redundant virtual desktop infrastructure in a secondary WorkSpaces Region and design a cross-Region failover strategy in preparation for disruptive events. Leveraging Domain Name System (DNS) failover and health-check capabilities, WorkSpaces cross-Region redirection could point your users to log into WorkSpaces in a disaster recovery Region when the primary WorkSpaces Region is not reachable. To learn more, refer to Amazon WorkSpaces documentation on WorkSpaces Multi-Region Resilience and cross-Region redirection.
Q: Why are there 2 protocols available when I choose my WorkSpaces Personal bundle?
A: We strive to offer our customers the flexibility to meet a wide variety of technical and business requirements.
Q: Can I include both PCoIP and WSP users in the same directory?
A: Yes. When you provision a new WorkSpaces user in the directory, you can enable either WSP or PCoIP, as long as the WorkSpaces user is not already listed in that directory.
Q. Can I switch between the PCoIP and WSP protocols on WorkSpaces Personal?
A. Yes. One streaming protocol is selected when a WorkSpace is provisioned for a given user. To switch to a different streaming protocol after a WorkSpace has been provisioned, you can use the WorkSpaces migrate API to update the Workspace’s protocol.
Q. Can the same user run both a PCoIP and WSP on WorkSpaces Personal?
A. Yes, as long as separate directories are created for each user. A single user cannot run both PCoIP and WSP on WorkSpaces from the same directory. However, a single directory can include a mix of both
PCoIP and WSP-based WorkSpaces users.
Q. Where should I send feedback or how can I get additional support?
A. If you encounter any issues or want to provide feedback about WSP, contact AWS Support.
WorkSpaces Pools
Q - What operating systems does WorkSpaces Pools support?
A - WorkSpaces Pools supports Windows Server 2019 and Windows Server 2022.
Q - How is WorkSpaces Pools billed?
A - WorkSpaces Pools is billed on a hourly basis that combines a low base monthly fee with an hourly usage fee when virtual desktops in the pool are provisioned to users. This allows for predictable costs for regular use and efficient billing for variable or sporadic needs. See the WorkSpaces Pricing page for more detail.
Q - How do I decide what compute type I should use for my users?
A - When configuring WorkSpaces Pools, you will be prompted with the bundle type for the pool. We offer Value, Standard, Performance, Power, PowerPro and accelerated graphics bundles that range in from 1 vCPU / 2 GB Memory up to 8 vCPU / 32 GB Memory. Recommendations are provided for each bundle on the types of workloads that are generally optimized for each. Customers are encouraged to monitor performance on initial setup to ensure they have selected the appropriate bundle for their specific set of applications.
Q - Can I connect WorkSpaces Pools to a SAML 2.0 Identity Provider?
A - Yes, WorkSpaces Pools supports SAML 2.0 Identity Provider services, such as AWS IAM Identity Center, Entra ID, Okta, and more. For more information, please see our documentation.
Q - What authentication protocols are supported by WorkSpaces Pools?
A - WorkSpaces Pools supports authentication via SAML 2.0.
Q - What do my users experience the first time they log in to WorkSpaces Pools?
A - Uses receive a provisioning email from their admin with the URL for their WorkSpace Pool. Once they click on the link for their WorkSpace, they provide a registration code, then the user can authenticate with their domain credentials. Once logged in, the users will be connected to the desktop.
Q - What streaming protocols are supported by WorkSpaces Pools?
A - Amazon’s WSP 2.0 streaming protocol is the underlying streaming technology.
Q - Can users access internet browsers in their WorkSpaces Pools session?
A - Administrators control the networking configuration, and can remove internet access if it is not required.
Q - How will my users store their data with WorkSpaces Pools?
A - Administrators can configure a wide variety of options for user data storage, such as Amazon S3 or Amazon FSx.
Q - Can admins share images between WorkSpaces Personal and WorkSpaces Pools?
A - Yes, you can use the same images for WorkSpaces Personal and WorkSpaces Pools.
Q - What peripheral devices are supported by WorkSpaces Pools?
A - Refer to our peripherals documentation for information on the supported devices.
Q - Does WorkSpaces Pools work the Amazon WorkSpaces Thin Client?
A - Yes. Amazon WorkSpaces Thin Client works with both WorkSpaces Personal and WorkSpaces Pools.
Learn more about Amazon WorkSpaces pricing