General

Bundles and Custom Images

Q: What applications are available with Amazon Linux WorkSpaces?

A: Amazon Linux WorkSpaces come with a curated selection of applications at no additional cost that include LibreOffice, Firefox Web Browser, Evolution mail, Pidgin IM, GIMP, and other desktop utilities and tools. You can always add more software from the Amazon Linux repositories using yum. To install an available package from the Amazon Linux repositories, simply type “yum install [package-name]”. You can also add software from RPM-based public and private Linux repositories at any time.
 
Q: What applications are available with Amazon WorkSpaces with Windows Server operating system?
 
A: Amazon WorkSpaces come with a default set of applications at no additional cost. For an additional monthly fee, you can choose to have 32-bit Office 2016 Professional plus and Trend Micro Worry-Free Business Security installed by default on your WorkSpaces powered by Windows Server 2016. Or, have the following applications installed by default on your WorkSpaces powered by Windows Server 2019 and Windows Server 2022.
 
  • Microsoft Office Professional Plus 2019
  • Microsoft Office LTSC Professional Plus 2021
  • Microsoft Visio LTSC Professional 2021
  • Microsoft Project Professional 2021
  • Microsoft Office LTSC Standard 2021
  • Microsoft Visio LTSC Standard 2021
  • Microsoft Project Standard 2021

In addition, WorkSpaces powered by Windows Server 2022 supports the following applications.

  • Microsoft Visual Studio Professional 2022
  • Microsoft Visual Studio Enterprise 2022

For more information on how to manage these applications on your WorkSpaces, refer to Manage Applications.

 
Q: Can I create custom images for Amazon WorkSpaces?
 
A: Yes, as an administrator you can create a custom image from a running WorkSpace. Once you have customized your WorkSpace with your applications and settings, select the WorkSpace in the console and select “Create Image.” This creates an image with your applications and settings. Custom images created from Amazon WorkSpaces with GPU-enabled bundles (Graphics, GraphicsPro, Graphics.g4dn and GraphicsPro.g4dn) can only be used with graphics bundles of the same bundle type. For example, a custom image created from Graphics.g4dn bundle can be used with Graphics.g4dn or GraphicsPro.g4dn bundles, but it cannot be used with Graphics or GraphicsPro bundles. Custom images created from Value, Standard, Performance, Power, or PowerPro bundles can only be used with those bundles. Most WorkSpace images are available within 45 minutes.  See the custom image documentation for more detail.
 
Q: How do I launch an Amazon WorkSpace from a custom image?

A: To launch an Amazon WorkSpace from a custom image, you will first need to pair the custom image with a hardware type you want that WorkSpace to use, which results in a bundle. You can then publish this bundle through the console, then select the bundle when launching new WorkSpaces.

Q: What is the difference between a bundle and an image?

A: An image contains only the OS, software and settings. A bundle is a combination of both that image and the hardware from which a WorkSpace can be launched.

Q: How many custom images can I create?

A: As an administrator, you can create as many custom images as you need. Amazon WorkSpaces sets default limits, but you can request an increase in these limits here. To see the default limits for Amazon WorkSpaces, please visit our documentation.

Q: Can I update the image in an existing bundle?

A: Yes. You can update an existing bundle with a new image that contains the same tier of software (for example, containing the Plus software) as the original image.

Q: Can I copy my Amazon WorkSpaces Images to other AWS Regions?

A: Yes, you can use the WorkSpaces console, APIs, or CLI to copy your WorkSpaces Images to other AWS Regions where WorkSpaces is available. Log on to the WorkSpaces console and navigate to the “Images” section from the left hand navigation menu. Simply select the image you would like to copy, click on the “Actions” button and select the “Copy Image” option to get started.

Q: How can I tell if the Image I copied is available for me to use?

A: As soon as you initiate a copy operation, you will be provided a unique identifier for the new Image being created as a copy of the original one. You can use that identifier to look up the status of that Image in the destination Region through the WorkSpaces console, APIs, or CLI.

Q: Can I cancel a pending Image copy operation?

A: Once initiated, you cannot cancel a pending Image copy operation. You can delete the Image in the destination Region if the Image is not required.

Q: Are there any data transfer fees for copying Images?

A: No. There are no additional fees for copying Images across Regions. Maximum Image limits for your account in destination AWS Region will still apply. Once you reach this limit you will not be able to copy more Images.

Q: Can I bulk copy multiple Images to another Region?

A: You can copy Images one by one to another AWS Region. You can use CopyWorkspaceImage API to programmatically copy Images.

Q: Can I copy a BYOL Image to another AWS Region?

A: Yes. You can copy a BYOL WorkSpace Image to another AWS Region if the destination AWS Region is enabled for BYOL.

Q: Can I copy an Image to the same Region?

A: Yes. You can use the copy Image operation to make a copy of the WorkSpaces Image in the same Region.

Q: What type of Amazon Elastic Block Store (EBS) volumes does Amazon WorkSpaces offer?

A: All Amazon WorkSpaces launched after January 31, 2017, are built on general purpose solid-state drives (SSD) EBS volumes for both root and user volumes. Amazon WorkSpaces launched prior to January 31, 2017, are configured with EBS magnetic volumes. You can switch your Amazon WorkSpaces using magnetic EBS volumes to SSD EBS volumes by rebuilding them (more information can be found here). You can learn more about SSD EBS volumes here, and magnetic EBS volumes here.

Q: Can I use custom images to launch WorkSpaces with SSD volumes, even if they were created using WorkSpaces with magnetic EBS volumes?

A: Yes. You can use your custom images to launch WorkSpaces with SSD EBS volumes, even if they were created using WorkSpaces with magnetic EBS volumes.

Q: Do I need to provide an AMI build using WorkSpaces with SSD EBS volumes when using my own Windows desktop licenses (BYOL)?

A: No. You can use the AMIs you built as part of the BYOL process without any additional changes.

Q: How do I deploy applications to my users?

A: You have flexibility in how you deploy the right set of applications to users. First, you choose which image type to build from, either basic or Plus, which determines the default applications that will be in the WorkSpaces. Second, you can install additional software on a WorkSpace and create a custom image which can be used to launch more WorkSpaces. For more detail see the bundle documentation.

Q: Which software can I install on an Amazon WorkSpace?

A: For Amazon Linux, any application available in the Amazon Linux repositories is compatible and can be installed using yum install [package-name].

For Ubuntu WorkSpaces, you can install applications using Ubuntu Software by clicking its icon in the Dock or search for “Software” in the Activities search bar.

For Windows, any applications that are compatible with the operating system should run on your WorkSpaces. We recommend testing any software you would like to deploy on a "test" WorkSpace before delivering it to more users. You are responsible for ensuring that you remain compliant with any licensing restrictions associated with any software you intend to install on a WorkSpace.

Q: How do I get started with sharing my images?
 
A: Log on to the Amazon WorkSpaces console and navigate to the “Images” section from the left hand navigation menu. Simply select the image you would like to share, click on the “Actions” button and select the “View details” option to get started.
 
Q: Can I share images with any AWS account?
 
A: You can share custom images created from a Windows desktop experience powered by Windows Server 2016, 2019, 2022 or Linux WorkSpaces with any AWS account. BYOL images can only be shared with other accounts that have the same AWS payer account ID.
 
Q: Can I copy an image shared with me?
 
A: Yes, you can copy images shared with you. Copied images will be owned by your AWS account.
 
Q: Can I create a bundle and launch Amazon WorkSpaces from an image shared with me?
 
A: You can copy an image shared with you and then use the copied image to create a custom bundle and launch Amazon WorkSpaces from this custom bundle.
 
Q: Can I share an image with another AWS account in a different AWS Region?
 
A: You can share an image with another AWS account in the same AWS Region. You can make a copy of shared image in the destination account and then copy that image to other Regions.
 
Q: Can I stop sharing an image?
 
A: Yes, you can stop sharing an image. Once you stop sharing an image, it will not be available in the destination account. Any copies of shared images in destination account will stay as-is.

Storage and Hardware Bundles

Q: Can I increase the size of my Amazon WorkSpaces storage volumes?

A: Yes. You can increase the size of the root and user volumes attached to your WorkSpaces at any time. When you launch new WorkSpaces, you can select bundled storage configurations for root and user volumes, or choose your preferred storage size greater than the provided storage configurations. For storage configurations with 80 GB Root volume, you can choose 10 GB, 50 GB, or 100 GB for User volume. You can use storage configurations with 175 GB to 2000 GB Root volume along with 100 GB to 2000 GB User volume. Please note that you need to set the Root volume to 175 GB in order to expand the User volume in the range of 100 GB to 1000 GB. After your WorkSpaces have been launched, you can only increase the size of the volumes using the above configurations to up to 2000 GB for each Root and User volume.

Q: Can I decrease the size of storage volumes?

A: No. To ensure that your data is preserved, the volume sizes of either volume cannot be reduced after a WorkSpace is launched. You can launch a Value, Standard, Performance, Power, or PowerPro WorkSpace with a minimum of 80 GB for the root volume and 10 GB for the user volume. You can launch a GPU-enabled WorkSpace with a minimum of 100 GB for the root volume and 100 GB for the user volume. For more information about configurable storage, see Modifying WorkSpaces.

In addition to the persistent storage for the root volume and the user volume, Graphics.g4dn offers 125 GB of temporary local storage and GraphicsPro.g4dn provides 225 GB of temporary local storage. You cannot change the size of the temporary local storage. You will find the temporary local storage volume named as “E:\Temp_SSD” on your WorkSpace. Learn more about instance store lifetime, see Amazon EC2 Instance Store.

Q: How do I change the size of my Amazon WorkSpaces storage volumes?

A: You can change the size of your storage volumes via the Amazon WorkSpaces management console, or through the Amazon WorkSpaces API.

WorkSpaces users can also increase the size of their storage volume directly in the WorkSpaces client if this self-service management capability is enabled by the WorkSpaces administrator. 

Q: Is the storage configuration for a WorkSpace preserved when I rebuild it?

A: Yes, each rebuild preserves the storage allocation size for WorkSpaces when using default bundles. If a WorkSpace has its volumes extended, and is rebuilt, the larger volume sizes will be preserved, even if the bundle's drive sizes are smaller.

Q: Is the storage configuration for a WorkSpace preserved when I restore it?

A: Yes, each restore preserves your existing storage allocation size when using WorkSpaces default bundles. For example, restoring a WorkSpace with 80GB Root and 100GB User volumes will result in a rebuilt WorkSpace with 80GB Root and 100GB User.

If the storage allocation of a Custom bundle is increased and a linked WorkSpace is restored, the WorkSpace volumes will be increased to match the bundle’s new volume sizes.

Q: What data can I retain after a WorkSpaces migrate?

A: All data in the latest snapshot of the original user volume will be retained. For a Windows WorkSpace, the D drive data captured by the latest snapshot will be retained after migration and the C drive will be newly created from the target bundle image. In addition, migrate attempts to move data from the old user profile to the new one. Data that cannot be moved to the new profile will be preserved in a .notMigrated folder. For more information, please refer to the documentation.

Q: Can I move an existing WorkSpace from a public bundle to a custom bundle?

A: Yes. The WorkSpaces migrate function allows you to replace your WorkSpace’s root volume with a base image from another bundle. Migrate will recreate the WorkSpace using a new root volume from the target bundle image, and the user volume from the latest original user volume snapshot. For detailed information about migrate, please refer to the documentation.

Q: What’s the difference between migrate and rebuild?

A: WorkSpaces Migrate allows you to switch to a new bundle and have your user profile regenerated. Rebuild just refreshes your WorkSpace with a root volume generated from the base image of the original bundle.

Q: What happens if I rebuild my WorkSpace after migrate?

A: Migrate associates your WorkSpace with a new bundle. And a rebuild after migration will uses the newly associated bundle to generate the root volume.

Q: Can I expand Amazon WorkSpaces magnetic storage volumes?

A: No, configurable storage volumes are only available when using solid state drives (SSD). Any WorkSpaces launched before February 2017 might still use magnetic storage volumes. To switch from magnetic to SSD drives, rebuild your WorkSpaces.

Q: How do custom images affect my root volume size?

A: The root volume size of WorkSpaces launched from a custom image is, by default, the same size as the custom image. For example, if your custom image has a root volume of 100 GB, all WorkSpaces launched from that image also have a root volume size of 100 GB. You can increase your root volume size when you launch your WorkSpace, or any time after that.

Q: Can I change my Amazon WorkSpaces bundle without performing WorkSpaces migrate?

A: Yes. You can switch between Value, Standard, Performance, Power, or PowerPro bundles by using the Amazon WorkSpaces management console or the WorkSpaces API. When you switch hardware bundles, your WorkSpaces restart immediately. When they resume, your operating system, applications, data, and allocated storage on both the root and user volumes are all preserved.

For example, you can launch a Standard bundle (2vCPU, 4 GiB), and later expand the volume size on both volumes to 500 GB. You can then switch to the Performance bundle (2vCPU, 8.0 GiB) while preserving your operating system, applications, and data in the expanded volume.

Users can also change their WorkSpaces bundle directly from the WorkSpaces client if this self-service management capability is enabled by their WorkSpaces administrator. 

Q: How can I track my storage and bundle switch requests?

A: You can use AWS CloudTrail to track the changes that you have requested.

Q: I currently bring my own Windows licenses. Can I expand my storage volumes and switch my WorkSpaces bundles?

A: Yes. You can take advantage of both these features even if you bring your own Windows desktop licenses. By default, you can switch WorkSpaces bundles for up to 20% of the total number of your WorkSpaces in a week. To switch more than 20% of your WorkSpaces, contact us.

Q: Does a WorkSpace running in AutoStop mode need to be running to apply a change to the bundle type?

A: No. When you make a change, we start a WorkSpace that isn’t running, apply the bundle change, restart it so that the changes take effect, and then stop it again. For example, you change the bundle type on a stopped Standard (2vCPU, 4 GiB) WorkSpace to Performance. We start your Standard WorkSpace, apply the bundle change, and restart it. Following the restart, your WorkSpace has Performance hardware (2vCPU, 8.0 GiB).

Q: How do I get charged if I change storage size or hardware bundle during a month?

A: For either change, you get charged the monthly price for AlwaysOn or the monthly fee for AutoStop WorkSpaces prorated on a per-day basis.

For example, if you increase the volume on the 10th of a month on an AlwaysOn Power WorkSpace with 175 GB, and 100 GB for root and user volumes respectively, you are charged $78.00 for the Power WorkSpace and $11.60 for 20 days of additional 175 GB at $0.10/GB-month (in US-East-1). Similarly, switching a bundle—for example, from Value to Standard—on the 15th of a month results in 15 days of Value WorkSpaces charge ($12.50 in US-East-1) and 15 days of Standard WorkSpaces charge ($17.50 in US-East-1).

Q: How often can I increase volume sizes or change hardware bundle of a WorkSpace?

A: You can increase volume sizes or change a WorkSpace to a larger hardware bundle once in a 6-hour period. You can also change to a smaller hardware bundle once in a 30-day period. For a newly launched WorkSpace, you must wait 6 hours before requesting a larger bundle.

For example, if you increase the root and user volume of a Standard WorkSpace on 5th Dec at 11:00 AM and change it to Performance WorkSpace at the same time, on 5th Dec at 4:00 PM, you can again increase the root and user volume, and change the hardware bundle. If you change the Performance WorkSpace to a Standard WorkSpace on 6th Dec at 12:00 and want to go to a further smaller bundle (Value), you would be able to make this change on 6th Jan at 12:00.

GPU-Enabled Bundles

Q: Does Amazon WorkSpaces offer GPU-enabled cloud desktops?

A: Yes. Amazon WorkSpaces offers Graphics, GraphicsPro, and Graphics G4dn family.
A Graphics bundle is for general purpose graphics applications such as CAD/CAM software, commercial and industrial modeling, prototyping, and mainstream graphics development. Effective November 30, 2023, the Graphics bundle is no longer supported. We recommend migrating to the Graphics.g4dn bundle for WorkSpaces.

A GraphicsPro bundle is for performance intensive graphics and compute applications such as 3D visualizations, graphics rendering, video encoding, machine learning (ML), and high-end gaming. Graphics and GraphicsPro bundles are available in English and Japanese.

The Graphics G4dn family includes two bundle options - Graphics.g4dn and GraphicsPro.g4dn. Both are based on the EC2 G4dn instances - the industry’s most versatile GPU instances for graphics applications that rely on NVIDIA GPU libraries such as OptiX. A Graphics.g4dn bundle is the best price performance in the cloud for mainstream graphics-intensive applications, such as engineering, design, and architectural applications. The GraphicsPro.g4dn bundle is for high-end graphics applications, such as media production, seismic visualization, and small-scale ML model training, and ML inference.See EC2 G4dn instances for more details about G4dn instances and NVIDIA T4 GPUs.

Q: What are GPU-enabled bundles from Amazon WorkSpaces?

A: GPU-enabled bundles from Amazon WorkSpaces are cloud desktops optimized for workloads that benefit from graphics acceleration. You can choose the Graphics, the GraphicsPro, the Graphics.g4dn, or the GraphicsPro.g4dn bundle, depending on the performance requirements of your graphics workload and your cost requirements.

The Graphics bundles are well-suited for general-purpose graphics workloads, such as virtual desktops for office productivity and modern web applications. Each Graphics bundle comes with an NVIDIA GPU with 1,536 CUDA cores and 4 GB of video memory. Each Graphics bundle includes 8 vCPUs, 15 GiB of RAM, 4 GB of video memory, and 100 GB of storage on the user volume, and 100 GB of general-purpose persistent storage on the root volume. Graphics bundles provide a Windows desktop experience. Effective November 30, 2023, the Graphics bundle is no longer supported. We recommend migrating to the Graphics.g4dn bundle for WorkSpaces.

The GraphicsPro bundles are ideal for professional graphics applications such as computer aided design, manufacturing, and engineering software. GraphicsPro bundles come with a dedicated virtual workstation GPU, the NVIDIA M60 with 2048 parallel processing cores, and a hardware encoder capable of supporting up to 10 H.265 (HEVC) 1080p30 streams and up to 18 H.264 1080p30 streams. Each GraphicsPro bundle contains 16 vCPUs, 122 GiB of RAM, 8 GB of video memory, and a minimum of 100 GB for the root volume and 100 GB for the user volume. GraphicsPro bundles provide a Windows 10 virtual workstation experience.

Graphics G4dn family includes two bundle options - Graphics.g4dn and GraphicsPro.g4dn. Both Graphics.g4dn and GraphicsPro.g4dn come with the RTX-capable NVIDIA T4 Tensor Core GPU that features multi-precision Turing Tensor Cores and RT Cores, AWS custom second generation Intel® Xeon® Scalable (Cascade Lake) processors, up to 100 Gbps of networking throughput, and local NVMe storage designed for applications that require fast access to locally stored data. The g4dn-based bundles are optimized for streaming graphics-intensive applications that support accelerated ray tracing through NVIDIA OptiX and AI-enhanced visualization such as AI-denoising and deep learning super sampling (DLSS). These bundles can also be used for compute workloads such as data science and machine learning using NVIDIA libraries such as CUDA and NVIDIA’s GPU-accelerated deep learning frameworks.

The Graphics.g4dn bundles are suitable for customers seeking cost-effective GPU-enabled NVIDIA RTX virtual workstations to operate mainstream graphics-intensive applications, such as computer-aided design (CAD), simulation, and geospatial information systems (GIS) applications. A Graphics.g4dn bundle provides g4dn.xlarge instance with 4vCPUs, 16 GB of RAM, 16 GB of video memory, 125 GB of temporary NVMe SSD local instance store, and a minimum 100 GB of persistent storage for the user volume and root volumes. Graphics.g4dn bundles provide a Windows 10 virtual workstation experience and Ubuntu desktop experience.

The GraphicsPro.g4dn bundles are designed for high-end graphics workloads, such as media production, rendering, data science, architectural, and seismic visualization applications. Additionally, they are well suited for compute workloads including intelligent video analytics (IVA), small-scale ML model training, and ML inference. A graphicsPro.g4dn bundle offers 16vCPUs, 64 GB of RAM, 16 GB of video memory, 225 GB of temporary NVMe SSD local instance store, and a minimum 100 GB of persistent storage for the user volume and root volumes. GraphicsPro.g4dn bundles provide a Windows 10 virtual workstation experience and Ubuntu desktop experience. See EC2 G4dn instances for more details about G4dn instances and NVIDIA T4 GPUs.

Q: In which AWS Regions can I launch GPU-enabled Amazon WorkSpaces bundles?

A: You can launch Graphics or GraphicsPro bundles in the following AWS Regions: US East (N. Virginia), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Sydney), Asia Pacific (Tokyo), and Asia Pacific (Singapore). You can also launch GraphicsPro bundles in the AWS GovCloud (US-West) region. Effective November 30, 2023, the Graphics bundle is no longer supported. We recommend migrating to the Graphics.g4dn bundle for WorkSpaces.

You can launch Graphics.g4dn or GraphicsPro.g4dn bundles in the following AWS regions: US East (N. Virginia), US West (Oregon), Canada (Central), Europe (Frankfurt, Ireland, London), Asia Pacific (Mumbai, Seoul, Singapore, Sydney, and Tokyo), and South America (São Paulo). 

Q: Can I create a custom image for my GPU-enabled bundles?

A: Yes. Custom images created from a GPU-enabled Amazon WorkSpaces bundle can only be used with the same type of bundle. For instance, you can use an image made from a Graphics.g4dn bundle to launch a GraphicsPro.g4dn WorkSpace. However, you cannot use an image made from a Graphics bundle to launch a GraphicsPro WorkSpace or a G4dn-based WorkSpace. 

Q: How do I get started with GPU-enabled Amazon WorkSpaces bundles?

A: You can launch Graphics, GraphicsPro, Graphics.g4dn, or GraphicsPro.g4dn bundles using the Amazon WorkSpaces Management Console or the Amazon WorkSpaces API. When launching a new WorkSpace, simply select the corresponding graphics bundle name.  You may need to request for a quota increase before launching the GPU-enabled bundles.

Q: How much bandwidth do GPU-enabled Amazon WorkSpaces consume?

A: Bandwidth used by GPU-enabled Amazon WorkSpaces bundles depends on the tasks being performed. If there aren’t many changes taking place on the screen, the bandwidth used is generally less than 300 kbps. If there is context switching between multiple windows, or if 3D models are being manipulated, bandwidth use can increase to several megabits per second.

Q: Does Amazon WorkSpaces offer GPU-enabled desktops using WSP?

A: Yes. Amazon WorkSpaces offers GPU-enabled WSP bundles.

Q: What are the storage options available on GPU-enabled WorkSpaces?

A: All GPU-enabled WorkSpaces bundles come with a minimum 100 GB of persistent storage for the user volume and root volumes. You can select the amount of storage that you need for both root and user volumes when you launch new WorkSpaces, and you can increase storage allocations at any time. Data that users store on the “user volume” attached to the WorkSpace is automatically backed up to Amazon S3 on a regular basis.

Graphics G4dn bundles also come with local NVMe-based SSD storage known as the instance store. The instance store is ideal for temporary content like caches and buffers, because the data stored in instance store volumes is not persistent through instance stops, terminations, or hardware failures. Graphics.g4dn offers 125 GB of local instance storage and GraphicsPro.g4dn provides 225 GB of local instance store. You cannot change the size of local instance store. You will find the local instance store volume named as “E:\Temp_SSD” on your WorkSpace. Learn more about instance store lifetime. Learn more about instance store lifetime, see Amazon EC2 Instance Store.

Q: Why don’t I see Graphics WorkSpaces in the AWS management console any more?

 A: Effective November 30, 2023, the Graphics bundle is no longer supported. Therefore, theses bundles were removed from the AWS management console. We recommend migrating to the Graphics.g4dn bundle for WorkSpaces which provide better graphics performance with lower pricing.

Q: What happens if I do not migrate my Graphics bundle by November 30, 2023?

A: Your Graphics WorkSpaces bundles will continue to run. However, as the critical components of the underlying hardware used in Graphics bundles reaches end of life, we will be limited in our ability to replace the capacity and you may not be able to use or provision/rebuild Graphics WorkSpaces. Our ability to troubleshoot any hardware or driver issues will also be limited. To ensure your business continuity, we strongly recommend that all customers using Graphics migrate their workloads to Graphics.g4dn bundles. 

Windows BYOL

Q: Can I bring my Windows Desktop licenses to Amazon WorkSpaces?

A: Yes, you can bring your own Windows 10 or Windows 11 desktop licenses to WorkSpaces if they meet Microsoft’s licensing requirements. WorkSpaces gives you an option to run Windows 10 desktop images on physically dedicated hardware, which lets you maintain license compliance for your Windows desktops when you bring your own licenses to WorkSpaces.

Q: Can I bring my own Windows Desktop licenses for GPU-enabled Amazon WorkSpaces?

A: Yes, you can. Please contact us if this is something you’d like to do.

Q: What versions of Windows desktop licenses can I bring to Amazon WorkSpaces?

A: If your organization meets the licensing requirements set by Microsoft, you can bring your Windows 10 or Windows 11 Enterprise license to Amazon WorkSpaces. You cannot use Windows OEM licenses for your Amazon WorkSpaces. Please consult with Microsoft if you have any questions about your eligibility to bring your own Windows Desktop licenses.

Q: What benefits are there in bringing my own Windows desktop licenses to Amazon WorkSpaces?

A: By bringing your own Windows Desktop licenses to Amazon WorkSpaces, you will save $4 per Amazon WorkSpace per month when being billed monthly, and you will save money on the hourly usage fee when being billed hourly (see the Amazon WorkSpaces pricing page for more information). Additionally, you can now use a single golden image to manage your physical and virtual desktop deployments.

Q: What are the requirements for bringing my Windows desktop Licenses to Amazon WorkSpaces?

A: You need an active and eligible Microsoft Volume Licensing (VL) agreement with Software Assurance and/or VDA per user license to bring your Windows 10 or Windows 11 Desktop license to Amazon WorkSpaces. Please consult with your Microsoft representative to confirm your eligibility in bringing your Windows Desktop licenses to Amazon WorkSpaces.

Q: How do I get started with bringing my Windows desktop licenses to Amazon WorkSpaces?

A: In order to ensure that you have adequate dedicated capacity allocated to your account, please reach out to your AWS account manager or sales representative to enable your account for BYOL. alternatively, you can create a Technical Support case with Amazon WorkSpaces to get started with BYOL.

Once enabled for your account, it’s easy to bring your existing Windows 10 or Windows 11 Desktop OS to Amazon WorkSpaces. First, import your existing Windows desktop OS using the VM Import API. Then create your new WorkSpaces image, based on the imported VM, using the Create Image action on the Images page in the WorkSpaces Admin Console. Finally, create a custom WorkSpaces bundle using the Bundles tabs in the WorkSpaces Admin Console. You can then launch your newly created custom WorkSpaces bundle as new WorkSpaces for your users through the WorkSpaces Management console.

You can see more information on the BYOL process in our documentation.

Q: How will I activate my Windows 10 or Windows 11 Desktop operating system on Amazon WorkSpaces?

A: You can activate your Windows 10 or Windows 11 Desktop operating system using existing Microsoft activation servers that are hosted in your VPC, or ones that can be reached from the VPC in which Amazon WorkSpaces are launched.

Q: Can I create a new custom image of the Windows 10 or Windows 11 Desktop image uploaded to Amazon WorkSpaces?

A: Yes. You can use the standard WorkSpaces image management functionality to further customize the Windows 10 or Windows 11 Desktop image and save it as a new Amazon Workspaces image in your account.

Q: Can I launch new Amazon WorkSpaces using one of the pre-configured public bundles in the same directory with custom Windows bundles I brought to WorkSpaces?

A: No. Your custom WorkSpaces that support BYOL for Windows 10 or Windows 11 Desktops are launched on physically dedicated hardware to meet license compliance requirements with Microsoft. WorkSpaces launched in a directory marked for dedicated hardware can only be from the custom bundle you created that has your Windows 10 Desktop image.

If you wish to launch WorkSpaces from public bundles to users in the same domain, you can create a new AWS AD Connector directory that points to the same Microsoft Active Directory as your Windows 10 Desktop WorkSpaces, and launch WorkSpaces in that directory as you normally would through the AWS Management Console or the WorkSpaces SDK and CLI.

Q: How long will it take before I can launch Amazon WorkSpaces using my own Windows desktop licenses and image?

A: It can take a few hours after you perform the “Create Image” operation for your custom Windows desktop image to be available to use. You can check the status of your custom image in the WorkSpaces Console, API, or CLI.

Q: Will all of my dedicated Amazon WorkSpaces launch in a single AZ?

A: No. Amazon WorkSpaces launched on dedicated hardware will be balanced across two AZs. You select the AZs for Amazon WorkSpaces when you create the directory in which your Amazon WorkSpaces will be launched, and subsequent launches of Amazon WorkSpaces are automatically load balanced across the AZs selected when you created the directory.

Q: What happens when I terminate Amazon WorkSpaces that are launched on physically dedicated hardware?

A: You can terminate Amazon WorkSpaces when you no longer need them. You will only be billed for the Amazon WorkSpaces that are running.

Q: What happens to Amazon WorkSpaces that are rebuilt, restored, or restarted on physically dedicated hardware?

A: Amazon WorkSpaces that are rebuilt, restored, or restarted can be placed on any available physical server allocated to your account. A restart, restore, or rebuild of an Amazon WorkSpace can result in that instance being placed on a different physical server that has been allocated to your account.

Q: How do I subscribe to Microsoft applications for BYOL WorkSpaces?

A: For Microsoft Office 2016 or 2019 you can subscribe during BYOL image import. Office is automatically installed in the image during image creation. You can use this image spin up WorkSpaces and all those WorkSpace will be subscribed to Microsoft Office 2016 or 2019 based on your selection.
For Microsoft Office / Visio / Project 2021 and Visual Studio 2022, the BYOL import option is not applicable. You do not need to subscribe to Microsoft Office during BYOL import. You can directly install these applications on your WorkSpaces. For more information, refer to Manage Applications.

Q: How are Microsoft applications charged on BYOL WorkSpaces?

A: You can subscribe to applications such as Microsoft Office, Visual Studio, Visio or Project for your WorkSpaces. WorkSpaces launched from a BYOL image with these applications enabled incur the listed fee for these applications every month irrespective of whether you use that WorkSpace in that month. You will not be billed for BYOL images with these applications enabled, only the WorkSpaces created from an image with these applications enabled. For more information on pricing for the Office, Visual Studio, Visio, or Project, visit Amazon WorkSpaces pricing page.

Q: What applications are available for BYOL WorkSpaces?

A: During BYOL image import operations, you have the option to select Microsoft Office Professional 2016 or 2019 for Windows 10 BYOL WorkSpaces and Microsoft Office Professional 2019 for Windows 11 BYOL WorkSpaces. You can also install the following applications on your existing WorkSpaces.

  • Microsoft Office LTSC Professional Plus 2021
  • Microsoft Visio LTSC Professional 2021
  • Microsoft Project Professional 2021
  • Microsoft Office LTSC Standard 2021
  • Microsoft Visio LTSC Standard 2021
  • Microsoft Project Standard 2021
  • Microsoft Visual Studio Professional 2022
  • Microsoft Visual Studio Enterprise 2022

Q: How do I subscribe to the Office bundle on my existing BYOL WorkSpaces?

A: After you have created a BYOL image with the Office bundle installed, you can use the Amazon WorkSpaces migrate feature to migrate your existing BYOL WorkSpaces to ones with the Office bundle. All data in the latest snapshot of the original user volume will be retained after migration and the C drive will be newly created from the new image. You can migrate a WorkSpace created from a bundle that does not have Office provided by AWS to another WorkSpace created from a bundle that has AWS provided Microsoft Office and vice versa. Data on both root and user volumes are preserved upon migration.

Alternatively, you can use Manage Applications workflow to add or remove applications to or from your existing WorkSpaces. This option is applicable only for Office 2021, whereas the migration workflow will work for all the Office bundles. 

Q: How do I get updates for the Office bundle applications?

A: Office updates are included as part of your regular Windows Updates. Our image creation process will pick up the latest updates during the creation process. We recommend that you periodically update your Windows base images to stay current on all security patches and updates.

Amazon Linux WorkSpaces

Q: What is Amazon Linux WorkSpaces?

A: Amazon Linux WorkSpaces are enterprise ready cloud desktops that organizations can provide to developers, engineers, students or office workers to get their work done.

Q: What can I do with Amazon Linux WorkSpaces?

A: Developers can develop software with their favorite applications like AWS CLI, AWS SDK tools, Visual Studio Code, Eclipse and Atom. Analysts can run simulations using MATLAB and Simulink. Office workers can use pre-installed applications like Libre Office for editing documents, spreadsheets, and presentations, Evolution for email, Firefox for web browsing, GIMP for image editing, Pidgin for instant messaging, and many others. You can always install more applications from the Amazon Linux repositories or other RPM based Linux repositories.

Q: Which applications and tools come with Amazon Linux WorkSpaces?

A: Amazon Linux WorkSpaces include a selection of desktop utilities and tools, development tools, and general productivity applications. Developers can quickly get started using packages like OpenJDK 8, Python, C/C++, AWS CLI, and AWS SDK. General office workers can use Libre Office for document editing, spread sheets, and presentations, Firefox for web browsing, GIMP for photo editing, Pidgin for IM, Evolution for mails, Atril for PDF documents and more for day to day productivity tasks. You can always install more applications from the Amazon Linux repositories or from other RPM based Linux repositories.

Q: How do I get started with Amazon Linux WorkSpaces?

A: To get started, simply create or select users from your configured directory, select Amazon Linux WorkSpaces bundles, and launch. Your users will receive instructions via email for connecting to their WorkSpaces. Please see here for the list of available hardware bundles.

Q: How much does it cost to use Amazon Linux WorkSpaces?

A: Amazon Linux WorkSpaces are available with both the hourly and monthly billing options. Detailed pricing is available here.

Q: Which package manager does Amazon Linux supports?

A: Amazon Linux is RPM based and uses yum package manager.

Q: Which repositories are available with Amazon Linux WorkSpaces?

A: Amazon Linux WorkSpaces are connected to the Amazon Linux core and extras repositories. You can always add other RPM based Linux repositories.

Q: How can I request new packages for the Amazon Linux repositories?

A: You can request new packages for the Amazon Linux repositories using the AWS developer forums here. Packages will be added at the sole discretion of Amazon Web Services.

Q: How will I receive package updates for the Amazon Linux WorkSpaces?

A: Amazon Linux WorkSpaces are regularly patched and updated from the Amazon Linux repositories.

Q: What directory types are supported for Amazon Linux WorkSpaces?

A: Amazon Linux WorkSpaces currently support Active Directory, an on-premises directory available via AD Connector and Microsoft Active Directory on AWS.

Q: What hardware bundles are available for Amazon Linux WorkSpaces?

A: Amazon Linux WorkSpaces are available with different hardware bundle in all regions where the Amazon WorkSpaces service operates. For a complete list, please see here.

Q: Can I customize my Amazon Linux WorkSpaces?

A: Yes. You can customize settings and install additional software on Amazon Linux WorkSpaces. You can also create custom images using the Amazon WorkSpaces console or API and use those images to launch WorkSpaces with your customizations for other users in your organization.

Q: Is sudo access enabled by default on Amazon Linux WorkSpaces?

A: By default, Amazon Linux WorkSpaces users get sudo access while root user is disabled for them. You can always modify permissions by editing /etc/sudoers file.

Q: Is there an Amazon Linux WorkSpaces bundle using WSP?

A. Yes. Amazon WorkSpaces offers Linux with WSP in the AWS GovCloud (US-West) Region with support for smart cards, keyboard and mouse input, and audio output.

Compliance and Security

Q: Is Amazon WorkSpaces HIPAA eligible?

A: Yes. If you have an executed Business Associate Agreement (BAA) with AWS, you can use Amazon WorkSpaces with the AWS accounts associated with your BAA. If you don’t have an executed BAA with AWS, contact us and we will put you in touch with a representative from our AWS sales team. For more information, see, HIPAA Compliance.

Q: Is Amazon WorkSpaces PCI compliant?

A: Yes. Amazon WorkSpaces is PCI compliant and conforms to the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. PCI DSS applies to all entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD) including merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. For more information, see PCI DSS Compliance.

Q: Which credentials should be used to sign in to Amazon WorkSpaces?

A: Users sign into their WorkSpace using their own unique credentials, which they can create after a WorkSpace has been provisioned for them. If you have integrated the Amazon WorkSpaces service with an existing Active Directory domain, users will sign in with their regular Active Directory credentials. Amazon WorkSpaces also integrates with your existing RADIUS server to enable multi-factor authentication (MFA). In addition, WorkSpaces integrates with your SAML 2.0 identity provider (IdP) so that you can extend security features available from your IdP to WorkSpaces, including multi-factor (MFA) and contextual access.

Q: Can I control the client devices that access my Amazon WorkSpaces?

A: Yes. You can restrict access to Amazon WorkSpaces based on the client OS type, and using digital certificates. You can choose to block or allow macOS, Microsoft Windows, Linux, iPadOS, Android, Chrome OS, zero client, and the WorkSpaces web access client.

Q: What is a digital certificate?

A: A digital certificate is a digital form of identity that is valid for a specified period of time, which is used as a credential that provides information about the identity of an entity, as well as other supporting information. A digital certificate is issued by a certificate authority (CA), and the CA guarantees the validity of the information in the certificate.

Q: What devices use digital certificates to control access to Amazon WorkSpaces?

A: Digital certificates can be used to block or allow WorkSpaces access from macOS and Microsoft Windows client devices.

Q: How do I use digital certificates to control access to Amazon WorkSpaces?

A: To use digital certificates to block or allow access to Amazon WorkSpaces, you upload your root certificates to the WorkSpaces management console and distribute your client certificates to the macOS, Windows, Android, and Android-compatible Chrome OS devices you want to trust. To distribute your client certificates, use your preferred solution such as Microsoft System Center Configuration Manager (SCCM), or Mobile-Device Management (MDM) software. For more information, see Restrict WorkSpaces Access to Trusted Devices.

Q: How many root certificates can be imported to an Amazon WorkSpaces directory?

A: For each Amazon WorkSpaces directory, you can import up to two root certificates each for macOS and Microsoft Windows devices. If two root certificates are imported, WorkSpaces will present both root certificates to the client device, and the client device will use the first certificate that chains up to either root certificate.

Q: Can I control client device access to Amazon WorkSpaces without using digital certificates?

A: Yes. You can control access to Amazon WorkSpaces using the device type only.

Q: Can I use digital certificates to control Amazon WorkSpaces access from iPadOS, or zero clients?

A: At this time Amazon WorkSpaces can use digital certificates only with macOS and Microsoft Windows, Android, and Android compatible Chrome OS devices. 

Q: What is Multi-Factor Authentication (MFA)?

A: Multi-Factor Authentication adds an additional layer of security during the authentication process. Users must validate their identity by providing something they know (e.g. password), as well as something they have (e.g. hardware or software generated one-time password (OTP).

Q: What delivery methods are supported for MFA?

A: Amazon supports one time passwords that are delivered via hardware and software tokens. Out of band tokens, such as SMS tokens are not currently supported.

Q: Is there support for Google Authenticator and other virtual MFA solutions?

A: Google Authenticator can be used in conjunction with RADIUS. If you are running a Linux-based RADIUS server, you can configure your RADIUS fleet to use Google Authenticator through a PAM (Pluggable Authentication Module) library.

Q: Which Amazon WorkSpaces client applications support Multi-Factor Authentication (MFA)?

A: MFA is available for Amazon WorkSpaces client applications on the following platforms - Windows, Mac, Linux, Chromebooks, iOS, Fire, Android, and PCoIP Zero Clients. MFA is also supported when using web access to access Amazon WorkSpaces.

Q: What happens if a user forgets the password to access their Amazon WorkSpace?

A: If either AD Connector or AWS Microsoft AD is used to integrate with an existing Active Directory domain, the user would follow your existing lost password process for your domain, such as contacting an internal helpdesk. If the user is using credentials stored in a directory managed by the WorkSpaces service, they can reset their password by clicking on the “Forgot Password” link in the Amazon WorkSpaces client application.

Q: How will Amazon WorkSpaces be protected from malware and viruses?

A: You can install your choice of anti-virus software on your users’ WorkSpaces. The Plus bundle options offer users access to anti-virus software, and you can find more details on this here. If you choose to install your own anti-virus software, please ensure that it does not block UDP port 4172 for PCoIP and UDP port 4195 for WSP, as this will prevent users connecting to their WorkSpaces.

Q: How do I remove a user’s access to their Amazon WorkSpace?

A: To remove a user’s access to their WorkSpace, you can disable their account either in the directory managed by the WorkSpaces service, or in an existing Active Directory that you have integrated the WorkSpaces service with.

Q: Does WorkSpaces work with AWS Identity and Access Management (IAM)?

A: Yes. Please see our documentation.

Q: Can I select the Organizational Unit (OU) where computer accounts for my WorkSpaces will be created in my Active Directory?

A: Yes. You can set a default Organizational Unit (OU) in which computer accounts for your WorkSpaces are created in your Active Directory. This OU can be part of the domain to which your users belong, or part of a domain that has a trust relationship with the domain to which your users belong, or part of a child domain in your directory. Please see our documentation for more details.

Q: Can I use Amazon VPC Security groups to limit access to resources (applications, databases) in my network or on the Internet from my WorkSpaces?

A: Yes. You can use Amazon VPC Security groups to limit access to resources in your network or the Internet from your WorkSpaces. You can select a default Amazon VPC Security Group for the WorkSpaces network interfaces in your VPC as part of the directory details on the WorkSpaces console. Please see our documentation for more details.

Q: What is an IP Access Control Group?

A: An IP Access Control Group is a feature that lets you specify trusted IP addresses that are permitted to access your WorkSpaces. An Access Control group is made up of a set of rules, each rule specifies a specific permitted IP address or range of addresses. you can create up to 25 IP Access Control groups with up to 10 rules per group specifying the IP addresses or IP ranges accessible to your Amazon WorkSpaces.

Q: Can I implement IP address-based access controls for WorkSpaces?

A: Yes. With this feature you can create up to 25 IP Access Control groups with up to 10 rules per group specifying the IP addresses or IP ranges accessible to your Amazon WorkSpaces.

Q: How can I implement IP address-based access controls?

A: See IP Access Control Groups for details.

Q: Can IP address-based access controls be used with all WorkSpaces clients?

A: Yes. This feature can be used with the macOS, iPad, Windows desktop, Android tablet, and web access. This feature also supports zero clients using MFA.

Q: Which Zero Client configurations are compatible with the IP Based Access Controls feature?

A: Zero Clients using MFA can be used with IP Based Access Controls, along with any compatible Zero Clients which do not use PCoIP Connection Manager to connect to WorkSpaces. Any connections through PCoIP Connection Manager will not be able to access WorkSpaces if IP Based Access Controls are enabled.

Q: Are there any scenarios where IP address not on the allowed-list could access a WorkSpace?

A: Yes. The initial connection would require an IP address on the allowed list. If web access is enabled when accessing WorkSpaces through the web access client, if the approved IP address changes to an unapproved IP address, after the user’s credentials are validated and before the WorkSpaces session begins to launch, that unapproved IP address would be able to access a WorkSpace. 

Q: How should IP addresses be in the allow list if users are accessing the WorkSpaces through a Network address translation (NAT)?

A: You will need to allow your public IPs with this feature, so if you have a NAT, you will need to allow access from the IPs coming from it. In this case you will be allowing access any time a user accesses WorkSpaces through a NAT. 

Q: How should IP addresses be in the allow list for VPNs?

A: If you want to allow access from VPNs, you will need to add the public IPs of the VPN. In this case you will be allowing access any time a user accesses WorkSpaces through the VPN with approved public IPs.

Q: Can I customize the login workflow for my end users' login experience?

A: WorkSpaces supports the use of the URI (uniform resource identifier) WorkSpaces:// to open the WorkSpaces client and optionally enter the registration code, user name, and/or multi-factor authentication (MFA) code (if MFA is used by your organization).

Q: How do I enable URI?

A: You can create your unique URI links by following the WorkSpaces URI formatting documented in Customize How Users Log in to their WorkSpaces in the Amazon WorkSpaces Administration Guide. By providing these links to users, you enable them to use the URI on any device that has the WorkSpaces client installed. URI links can contain human-readable sensitive information if you choose to include the registration code, user name, and/or MFA information, so take precautions with how and whom you share URI information.

Encryption

Q: Does Amazon WorkSpaces support encryption?

A: Yes. Amazon WorkSpaces supports root volume and user volume encryption. Amazon WorkSpaces uses EBS volumes that can be encrypted on creation of a WorkSpace, providing encryption for data stored at rest, disk I/O to the volume, and snapshots created from the volume. Amazon WorkSpaces integrates with the AWS KMS service to allow you to specify the keys you want to use to encrypt the volumes.

Q: Which Amazon WorkSpaces bundle types support encryption?

A: Encryption is supported on all Amazon WorkSpaces hardware and software bundle types. This includes the Windows desktop experiences, and the Value, Standard, Performance, Power, PowerPro, Graphics, GraphicsPro, Graphics.g4dn, and GraphicsPro.g4dn bundles. It also includes all Plus application bundles. Additionally, any custom bundles also support encryption.

Q: How can I encrypt a new Amazon WorkSpace?

A: When creating a new Amazon WorkSpace from the console or the Amazon WorkSpaces APIs, you will have the option to specify which volume(s) you want encrypted along with a key ARN from your KMS keys for encryption. Note that during the launch of a WorkSpace, you can specify whether you want encryption for the user volume, root volume or both volumes, and the key provided will be used to encrypt the volumes specified.

Q: Can Amazon WorkSpaces create a KMS key on my behalf?

A: Amazon WorkSpaces creates a default master key upon your first attempt to launch a WorkSpace through the AWS Management Console. You cannot manage the lifecycle of default master keys. To control the full lifecycle of a key, configure WorkSpaces to use a KMS custom customer master key (CMK). To create a KMS custom CMK, visit the KMS console or use KMS APIs to create your own keys. Note that you can use a default key generated by KMS for your WorkSpaces which will be made available to you on your first attempt to launch Amazon WorkSpaces with encryption through the AWS Management Console.

Q: What are the prerequisites for using KMS keys to encrypt Amazon WorkSpaces?

A: In order to use KMS keys to encrypt Amazon WorkSpaces, the key must not be disabled, and should not have exceeded its limits (learn more about limits here). You also need to have the correct permissions and policies associated with the key to use it for encryption. To learn more about the correct permissions and policies needed on the keys, please refer to our documentation.

Q: How will I be notified if my KMS key does not meet the pre-requisites outlined above?

A: When you launch a new WorkSpace with the key specified, the WorkSpaces service will verify if the key is valid and eligible to be used for encryption. If the key is not valid, the launch process will fail quickly and notify you of the error associated with the key. Please note that if you change the key settings while the WorkSpace is being created, there is a chance that provisioning will fail and you will be notified of this failure through the AWS Management Console or through the DescribeWorkSpaces API call.

Q: How will I be able to tell which Amazon WorkSpaces are encrypted and which ones are not?

A: You will be able to see if a WorkSpace is encrypted or not from the AWS Management Console or using the Amazon WorkSpaces API. In addition to that, you will also be able to tell which volume(s) on the WorkSpace were encrypted, and the key ARN that was used to encrypt the WorkSpace. For example, the DescribeWorkSpaces API call will return information about which volumes (user and/or root) are encrypted and the key ARN that was used to encrypt the WorkSpace.

Q: Can I enable encryption of volumes on a running Amazon WorkSpace?

A: Encryption of WorkSpaces is only supported during the creation and launch of a WorkSpace.

Q: What happens to a running Amazon WorkSpace when I disable the key in the KMS console?

A: A running WorkSpace will not be impacted if you disable the KMS key that was used to encrypt the user volume of the WorkSpace. Users will be able to login and use the WorkSpace without interruption. However, restarts, rebuilds, and restores of WorkSpaces that were encrypted using a KMS key that has been disabled (or the permissions/policies on the key have been modified) will fail. If the key is re-enabled and/or the correct permissions/policies are restored, restarts, rebuilds, and restores of the WorkSpace will work again.

Q: Is it possible to disable encryption for a running Amazon WorkSpace?

A: Amazon WorkSpaces does not support disabling encryption for a running WorkSpace. Once a WorkSpace is launched with encryption enabled, it will always remain encrypted.

Q: Will snapshots of an encrypted user volume also be encrypted?

A: Yes. All snapshots of the user volume will be encrypted using the same key that was used to encrypt the user volume of the WorkSpace when it was created. The user volume once encrypted stays encrypted throughout its lifecycle. 

Q: Can I rebuild an Amazon WorkSpace that has been encrypted?

A: Yes. Rebuilds of a WorkSpace will work as long as the key that was used to encrypt the WorkSpace is still valid. The WorkSpace volume(s) stay encrypted using the original key after it has been rebuilt.

Q: Can I restore an Amazon WorkSpace that has been encrypted?

A: Yes. A WorkSpace restore will work as long as the key that was used to encrypt the WorkSpace is still valid. The WorkSpace volume(s) stay encrypted using the original key after it has been restored.

Q: Can I create a custom image from a WorkSpace that has been encrypted?

A: Creating a custom image from a WorkSpace that is encrypted is not supported.

Q: Will the performance of my WorkSpace be impacted because the volume(s) are encrypted?

A: You can expect a minimum increase in latency on IOPS on encrypted volumes.

Q: Will encryption impact the launch time of an Amazon WorkSpace?

A: The launch time of a WorkSpace that only requires user volume encryption are similar to those of an unencrypted WorkSpace. The launch time of a WorkSpace that requires root volume encrypt will take several more minutes.

Q: Will encryption be supported for BYOL WorkSpaces?

A: Yes. Amazon WorkSpaces will support encryption for BYOL WorkSpaces.

Q: Will I be able to use the same KMS key to encrypt Amazon WorkSpaces in a different region?

A: No. Encrypted resources in one region cannot be used in a different region, because a KMS key belongs to the region in which it was created.

Q: Is there a charge for encrypting volumes on Amazon WorkSpaces?

A: There is no additional charge for encrypting volumes on WorkSpaces, however you will have to pay standard AWS KMS charges for KMS API requests and any custom CMKs that are used to encrypt WorkSpaces. Please see AWS KMS pricing here. Please note that the Amazon WorkSpaces services makes a maximum of five API calls to the KMS service upon launching, restarting or rebuilding a single WorkSpace.

Q: Can I rotate my KMS keys?

A: Yes. You can use KMS to rotate your custom CMKs. You can configure a custom CMK that you create to be automatically rotated by KMS on an annual basis. There is no impact to WorkSpaces encrypted before the CMK rotation, they will work as expected.

Client Access, Web Access, and User Experience

Q: Can I use Amazon WorkSpaces Thin Client with Amazon WorkSpaces?

A: Yes. Amazon WorkSpaces Thin Client is a cost-effective, easy-to-manage thin client that provides secure access to Amazon WorkSpaces, Amazon WorkSpaces Web, and Amazon AppStream 2.0.

Q: Where can I download the Amazon WorkSpaces client application?

A: You can download the Amazon WorkSpaces client application for free on the client download website.

Q: Can I use any other client (e.g., an RDP client) with Amazon WorkSpaces?

A: No. You can use any of the free clients provided by AWS, which includes client applications for Windows, macOS, iPadOS, Android tablets, and Android-compatible Chrome OS devices, or Chrome or Firefox web browsers, to access your Amazon WorkSpaces.

Q: Which operating systems are supported by the Amazon WorkSpaces client applications?

A: Please refer to the WorkSpaces Clients documentation.

Q: Which mobile devices are supported by the Amazon WorkSpaces client application?

A: Amazon WorkSpaces clients are available for the following devices:

• Apple iPadOS based iPad, iPad Pro, iPad Mini, iPad Air
• Android-compatible Chrome OS devices 
• Android phones and tablets

While we expect other popular Android tablets running Android version 8.1+ to work correctly with the Amazon WorkSpaces client, there may be some that are not compatible. If you are interested in support for a particular device, please let us know via the Amazon WorkSpaces forum.

Q: What is a PCoIP Zero Client?

A: A PC-over-IP (PCoIP) Zero Client is a single-purpose hardware device that can enable access to Amazon WorkSpaces. Zero Clients include hardware optimization specifically for the PCoIP protocol, and are designed to require very little administration.

Q: Can I use PCoIP Zero Clients with Amazon WorkSpaces?

A: Yes, Amazon WorkSpaces is compatible with PCoIP Zero Client devices that have the Teradici Tera2 chipset. PCoIP Zero client will only work with PCoIP WorkSpaces, they will not work with WSP WorkSpaces. For a complete list of Zero Clients that are compatible with Amazon WorkSpaces please reference Teradici's website.

Q: Will my Amazon WorkSpace running in AutoStop running mode preserve the state of applications and data when it stops?

A: Amazon WorkSpaces preserve the data and state of your applications when stopped. On reconnect, your Amazon WorkSpace will resume with all open documents and running programs intact. AutoStop Graphics.g4dn, GraphicsPro.g4dn, Graphics, and GraphicsPro WorkSpaces do not preserve the state of data and programs when they stop. For these Autostop WorkSpaces, we recommend saving your work when you’re done using them each time.

Q: How do I resume my Amazon WorkSpace after it stops?

A: By logging into your Amazon WorkSpace from the Amazon WorkSpaces client application, the service will automatically restart your Amazon WorkSpace. When you first attempt to log in, the client application will notify you that your Amazon WorkSpace was previously stopped, and that your new session will start once your WorkSpace has resumed.

Q: How long does it take for my Amazon WorkSpace to be available once I attempt to log in?

A: If your Amazon WorkSpace has not yet stopped, your connection is almost instantaneous. If you Amazon WorkSpace has already stopped, in most cases it will be available within two minutes. For BYOL AutoStop WorkSpaces, a large number of concurrent logins could result in significantly increased time for a WorkSpace to be available. If you expect many users to log into your BYOL AutoStop WorkSpaces at the same time, please consult your account manager for advice.

Q: Which client peripherals can be used with the Amazon WorkSpaces?

A: Amazon WorkSpaces clients support:

  • Keyboard, mouse, and touch input (touch input is only supported on tablet clients). Amazon WorkSpaces do not currently support 3D mice.
  • Audio output to client device
  • Analog and USB headsets
WorkSpaces using the WorkSpaces Streaming Protocol (WSP) also support Common Access Card (CAC) and Personal Identity Verification (PIV) smart cards and webcams.
 
WSP Linux WorkSpaces in the AWS GovCloud (US-West) Region only support input, display, audio out, and smart cards.

PCoIP Windows WorkSpaces support in-session USB redirection of locally attached YubiKey for Universal 2nd Factor (U2F) authentication from the WorkSpaces Windows client.

Q: What kind of headsets can be used for audio conversations?

A: Most analog and USB headsets will work for audio conversations through WorkSpaces running Windows. For USB headsets, you should ensure they show up as a playback device locally on your client computer.

Q: Can I use the built in microphone and speakers for making audio calls?

A: Yes. For the best experience, we recommend using a headset for audio calls. However, you may experience an echo when using the built in microphone and speakers with certain communication applications.

Q: Does Audio-in work with mobile clients such as Android, iPadOS, and Android-compatible Chrome OS devices?

A: Audio-in is supported on the Windows, macOS, Android and iPadOS clients.

Q: How do I enable Audio-in for my WorkSpaces?

A: Audio-in is enabled for all new WorkSpaces. For WorkSpaces with Windows, enabling the WorkSpaces Audio-in capability requires local logon access inside your WorkSpace. If you have a Group Policy restricting user local logon in your WorkSpace, we will detect it and not apply the Audio-in update to the WorkSpace. You can remove the Group Policy and the Audio-in capability will be enabled after the next reboot.

Q: How do I optimize the audio quality for Amazon Connect?

A: Audio optimization with Amazon Connect is available on the WorkSpaces directory level. The feature enables customers to offload the CCP (Contact Control Panel) audio traffic from WorkSpaces streaming to local endpoint processing, which addresses audio quality issues related to suboptimal network conditions.

Q: Does WorkSpaces support devices with high DPI screens?

A: Yes. The Amazon WorkSpaces desktop client application will automatically scale the in-session display to match the DPI settings of the local device.

Q: Will my bandwidth usage be higher when I use four monitors, or I use 4k Ultra HD resolution?

A: Yes. The bandwidth requirements for WorkSpaces depends on two factors (a) the number of screens it has to stream to and (b) the amount of pixel changes taking place in each screen.

Q: Will Amazon WorkSpaces remember my monitor settings between sessions?

A: The fullscreen mode setting will be preserved. If you quit a WorkSpaces session in the fullscreen mode, you will be able to log into the fullscreen mode next time. However, display configurations will not be saved. Every time you initiate a WorkSpaces session, the client application extracts the EDID of uses your local setup configuration and sends that to the WorkSpaces host to deliver an optimal display experience.

Q: What happens to my display settings when I connect to my WorkSpace from a different desktop?

A: When you connect from a different desktop computer, the display settings of that computer will take precedence to deliver an optimal display experience.

Q: Will the iPad and Android applications support Keyboard/Mouse input?

A: The Android client supports both keyboard and mouse input. The iPad client supports keyboard and Bluetooth mouse inputs. While we expect most popular keyboard and mouse devices to work correctly, there may be devices that may not be compatible. If you are interested in support for a particular device, please let us know via the Amazon WorkSpaces forum.

Q: Can I access my Amazon WorkSpaces through a web browser?

A: Yes, you can use Amazon WorkSpaces web access to log in to your Amazon WorkSpace with Windows through Chrome or Firefox web browsers with PCoIP WorkSpaces, and through any Chromium-based web browser with WSP WorkSpaces. You do not need to install any software, and you can connect from any network that can access the public Internet. To get started, your WorkSpaces admin needs to enable web access from the AWS Console in the WorkSpaces Directory Details – Access Control Options section. Once these steps are complete, to access your WorkSpace through a browser, simply visit the Amazon WorkSpaces web access page using a supported browser and enter your WorkSpaces registration code and then login to the WorkSpace with your username and password.

Q: What is Amazon WorkSpaces web access?

A: Amazon WorkSpaces web access allows you to access your Amazon WorkSpace with Windows from Chrome or Firefox web browsers with PCoIP WorkSpaces, and through any Chromium-based web browser with WSP WorkSpaces running on a computer connected to any network that can access the public Internet. Web access does not exclude users from using native Amazon WorkSpaces client applications to connect to their WorkSpaces. Users can choose between web access and native client applications. Web access is available here.

Q: From which web browsers and operating systems can I access Amazon WorkSpaces?

A: With PCoIP WorkSpaces, web access works with the latest Google Chrome and Firefox versions. With WSP WorkSpaces, web access works with any Chromium-based web browser, including Google Chrome and Microsoft Edge. Web access is supported from Windows, macOS, or Linux computers. Mobile devices are not currently supported.

Q: Can I enable web access for Non-English based Amazon WorkSpaces?

A: Yes. Web access support is currently available on WorkSpaces with English (US), Japanese, Korean, and French (Canadian) based versions Windows desktops.

Q: Do I need to install any additional software in order to access my Amazon WorkSpaces through a web browser?

A: No, you do not need to install any programs, add-ins, or plugins in order to access your Amazon WorkSpaces through a supported web browser.

Q: How do I get started using web access to log in to my Amazon WorkSpaces?

A: First, your Amazon WorkSpace needs to be enabled for web access. This can be done through the AWS Management Console by your IT administrator. Once this is complete, you can log in using web access, available here. The first time you log in, you will be asked to enter the registration code that was provided in your welcome email.

Q: How will I know if my Amazon WorkSpace has been enabled for web access?

A: If your Amazon WorkSpace has been set to block web access, you will receive an error message when you attempt to log in, informing you to contact your system administrator to enable web access.

Q: Can I use Web Access to access my Amazon WorkSpaces on any network?

A: Yes. You can use web access on any network that can access the public Internet. If you can browse the web, then you can connect to your Amazon WorkSpace.

Q: Which Amazon WorkSpaces bundles support web access?

A: You can use web access to connect to the Value, Standard, Performance, Power, and PowerPro Amazon WorkSpaces with Windows 10 or Windows Server 2016 operating systems. WorkSpaces powered by Windows Server 2019, Windows Server 2022,  and Windows 11 only support Web Access with WSP. GPU-enabled WorkSpaces and Amazon Linux WorkSpaces currently do not support web access. Ubuntu WorkSpaces support web access.

Q: What local devices can I use when connecting to my Amazon WorkSpace through web access?

A: You will be able to use your mouse and keyboard as input devices. Local peripheral devices—including printers, USB drives, webcams, and microphones—will not be available. Though clipboard redirection will not work across your local operating system and your Amazon WorkSpace, copy and paste operations within your WorkSpace will work.

Q: In which Regions is web access available?

A: Amazon WorkSpaces web access is available in all Regions where Amazon WorkSpaces is available.

Q: Do I need to enter a registration code to use web access?

A: The first time you log in using web access, you will be asked to enter the registration code that was provided in your welcome email. At the moment, web access does not offer the ability to store multiple different registration codes.

Q: When using a web browser to access my Amazon WorkSpace, how can I control my session?

A: You can use the connection bar along the top of your browser window to control your session. The connection bar allows you to disconnect, enter and exit full screen mode, and send a “Ctrl-Alt-Del” key sequence to the Amazon WorkSpace. It can be pinned in place, or set to hide automatically.

Q: How do I disconnect from my Amazon WorkSpace when accessing it through a web browser?

A: You can disconnect using the “Disconnect” command in the connection bar, by closing the browser tab, or by quitting the browser program. Web access does not support reconnecting to your Amazon WorkSpace - you must log in again to reconnect.

Q: Will Amazon WorkSpaces support additional client devices and virtual desktop operating systems?

A: We continually review our roadmap to see what features we can add to address our customers' requirements. If there is a client device or virtual desktop operating system that you'd like Amazon WorkSpaces to support, please email us with details of your request.

Q: What is the end user experience when Multi-Factor Authentication (MFA) is enabled?

A: Users will be prompted for their Active Directory username and password, followed by their OTP. Once a user passes both Active Directory and RADIUS validation, they will be logged in to their Amazon WorkSpace. To learn more, visit our documentation.

Q: How can I determine the best region to run my Amazon WorkSpaces?

A: The Amazon WorkSpaces Connection Health Check Website compares your connection speed to each Amazon WorkSpaces region and recommends the fastest one.

Q: Which languages are supported by Amazon WorkSpaces?

A: Amazon WorkSpaces bundles that provide the Windows desktop experience currently support English (US), French (Canadian), Korean, and Japanese. You can also download and install language packs for Windows directly from Microsoft. For more information, visit this page. Amazon WorkSpaces client applications currently support English (US), German, Chinese (Simplified), Japanese, French (Canadian), Korean, and Portuguese.

Q: Can I access my WorkSpaces using SmartCard instead of username/password?

A: Yes - WSP WorkSpaces can be accessed with SmartCard instead of username/password. You can access WorkSpaces using smartcard if you use an Active Directory Connector and set the directory API to smartcard enabled. Note: PCoIP WorkSpaces cannot support SmartCard features.

Q: What types of SmartCards are officially supported?

A: WorkSpaces officially Supports CAC and PIV SmartCards.

Q: How many SmartCards can be used in session at the same time

A: WorkSpaces can only handle one SmartCard in-session at the same time

Q: Is SmartCard Support available in all regions?

A: In-session SmartCard support for use inside of the WorkSpaces is available in all regions in which WSP is supported. Pre-session SmartCard for authentication to WorkSpaces is only available for WSP WorkSpaces in AWS GovCloud (US-West) Region.

Maintenance and Setup

Q: Does the Amazon WorkSpaces service have maintenance windows?

A: Yes. Amazon WorkSpaces enables maintenance windows for both AlwaysOn and AutoStop WorkSpaces by default.

For AlwaysOn (monthly) WorkSpaces, the maintenance schedule is controlled by the OS settings on the WorkSpace. The default maintenance window is a four-hour period from 00h00 – 04h00 (this time window is based on the time zone settings you have set for your Amazon WorkSpaces) each Sunday morning. During this time your WorkSpaces may not be available.

For AutoStop (hourly) WorkSpaces, the default maintenance window is typically from 00h00 to 05h00 everyday starting on the 3rd Monday of the month in the time zone of the WorkSpaces’s AWS region. The Maintenance window might take up to two weeks. WorkSpaces can be maintained on any day in the maintenance window. You can set the Maintenance mode for AutoStop WorkSpaces in the WorkSpaces management console. For more information see Manage the WorkSpace Running Mode. The maintenance window for AutoStop WorkSpaces is currently not configurable.

Q: Can I opt out of maintenance windows for my WorkSpaces?

A: It is highly recommended to keep your WorkSpaces maintained regularly. If you want to run your own WorkSpaces maintenance schedule, it is possible to opt out of the service default maintenance windows for Windows WorkSpaces. 

For AutoStop (hourly) WorkSpaces, you can disable the Maintenance mode on the console. For AlwaysOn Windows WorkSpaces, the maintenance window is controlled by the system settings and can be configured via Automatic Updates GPO settings. Currently, you cannot opt out of the maintenance windows for AlwaysOn Amazon Linux and Ubuntu WorkSpaces.

Q: How will my Amazon WorkSpaces be patched with software updates?

A: By default, your Amazon WorkSpaces are configured to install software updates. Amazon Linux and Ubuntu WorkSpaces will be updated to install the latest security and software patches, and Amazon WorkSpaces with Windows have Windows Updates turned on. Updates to Applications installed via Manage Applications are included as part of your regular Windows Updates. You can customize these settings, or use an alternative patch management approach. Updates are installed at 2am each Sunday. You are responsible to update any 3rd party application that you have installed on your WorkSpaces.

Q: What action is needed to receive updates for the Amazon WorkSpaces service?

A: No action is needed on your part. Updates are delivered automatically to your Amazon WorkSpaces during the maintenance window. During the maintenance window, your WorkSpaces may not be available.

Q: Can I turn off the software updates for the Amazon WorkSpaces service?

A: No. The Amazon WorkSpaces service requires these updates to be provided to ensure normal operation of your users’ WorkSpaces.

Q: I don’t want to have Windows Update automatically update my Amazon WorkSpaces. How can I control updates and ensure they are tested in advance?

A: You have full control over the Windows Update configuration in your WorkSpaces, and can use Active Directory Group Policy to configure this to meet your exact requirements. If you would like to have advance notice of patches so you can plan appropriately we recommend you refer to Microsoft Security Bulletin Advance Notification for more information.

Q: How are updates for applications installed in my WorkSpaces provided?

A: Amazon WorkSpaces running Amazon Linux and Ubuntu are updated via pre-configured Amazon Linux yum or Ubuntu (APT or Snap) repositories hosted in each WorkSpaces region and the updates are automatically installed. Patches and updates requiring a reboot are installed during our weekly maintenance window.

For all other applications, updates can be delivered via the automatic update service for each application if one is available. For applications without an automatic update service, you will need to evaluate the software vendor’s recommended updating approach and follow that if necessary.

Q: How do I manage my WorkSpaces?

A: The WorkSpaces Management console lets you provision, restart, rebuild, restore, and delete WorkSpaces. To manage the underlying OS for the WorkSpaces, you can use standard Microsoft Active Directory tools such as Group Policy or your choice of Linux orchestration tools to manage the WorkSpaces. In the case when you have integrated WorkSpaces with an existing Active Directory domain, you can manage your WorkSpaces using the same tools and techniques you are using for your existing on-premises desktops. If you have not integrated with an existing Active Directory, you can set up a Directory Administration WorkSpace to perform management tasks. Please see the documentation for more information.

You can also give WorkSpaces users the ability to perform common tasks on their own by enabling self-service management. Once enabled, WorkSpaces users can do things like restart, rebuild, restore, increase volume size, change compute type, and change running mode directly from the WorkSpaces client with no IT or helpdesk intervention.

Q: Can I use tags to categorize my Amazon WorkSpaces resources?

A: Yes, you can assign tags to existing Amazon WorkSpaces resources including WorkSpaces, directories registered with WorkSpaces, images, custom bundles, and IP Access Control Groups. You can also assign tags during the creation of new Amazon WorkSpaces and new IP Access Control Groups. You can assign up to 50 tags (key/value pairs) to each Amazon WorkSpaces resource using the AWS Management Console, the AWS Command Line Interface, or the Amazon WorkSpaces API. To learn more about assigning tags to your Amazon WorkSpaces resources, follow the steps listed on this web page: Tag WorkSpaces Resources.

Q: Can I control whether my users can access Amazon WorkSpaces web access?

A: Yes. You can use the AWS Management Console to control whether Amazon WorkSpaces in your directory can be accessed using web access, by visit the directory details page. Note: this setting can only be applied to all Amazon WorkSpaces in a directory, not at an individual Amazon WorkSpace level.

Q: What is the difference between restarting and rebuilding a WorkSpace?

A: A restart is just the same as a regular operating system (OS) reboot. A rebuild will retain the user volume on the WorkSpace but will return the WorkSpace to its original state (any changes made to the system drive will not be retained).

Q: What is the difference between WorkSpaces Rebuild and Restore?

A: A rebuild will retain the user volume on the WorkSpace but will return the WorkSpace to its original state (any changes made to the system drive will not be retained). A restore will retain both the root and user volumes on the WorkSpace but will return the WorkSpace to the last healthy state as detected by the service.

Q: How do I remove an Amazon WorkSpace I no longer require?

A: To remove a WorkSpace you no longer require, you can “delete” the Workspace. This will remove the underlying instance supporting the WorkSpace and the WorkSpace will no longer exist. Deleting a WorkSpace will also remove any data stored on the volumes attached to the WorkSpace, so please confirm you have saved any data you must keep prior to deleting a WorkSpace.

Q: Can I provide more than one Amazon Workspace per user?

A: No. You can currently only provide one WorkSpace for each user.

Q: How many Amazon WorkSpaces can I launch?

A: You can launch as many Amazon WorkSpaces as you need. Amazon WorkSpaces sets default limits, but you can request an increase in these limits here. To see the default limits for Amazon WorkSpaces, please visit our documentation.

Q: What is the network bandwidth that I need to use my Amazon WorkSpace?

A: The bandwidth needed to use your WorkSpace depends on what you're doing on your WorkSpace. For general office productivity use, we recommend that a bandwidth download speed of between 300Kbps up and 1Mbps. For graphics intensive work we recommend bandwidth download speeds of 3Mbps.

Q: What is the maximum network latency recommended while accessing a WorkSpace?

A: For PCoIP, the maximum round trip latency recommendation is 250 ms, but the best user experience will be achieved at less than 100 ms. When the RTT exceeds 375ms, the WorkSpaces client connection is terminated. For WorkSpaces Streaming Protocol (WSP), the best user experience will be achieved with round trip latency below 250ms. If the RTT is between 250ms and 400ms, the user can access the WorkSpace, but performance is degraded.

Q: Is there a recommended power plan or power settings for my WorkSpaces?

A: Yes. For WorkSpaces running Windows, we recommend selecting the "High Performance" power plan in Windows.  For WorkSpaces running Linux, you should select a power plan that optimizes for performance.

Q: Does WorkSpaces need any Quality of Service configurations to be updated on my network?

A: If you wish to implement Quality of Service on your network for WorkSpaces traffic, you should prioritize the WorkSpaces interactive video stream which is comprised of real time traffic on UDP port 4172 for PCoIP and 4195 for WSP. If possible, this traffic should be prioritized just after VoIP to provide the best user experience.

Q: Is MFA on Amazon WorkSpaces available in my region?

A: Support for MFA is available in all AWS Regions where Amazon WorkSpaces is offered.

Q: What are the prerequisites for setting up a PCoIP Zero Client?

A: Zero Clients should be updated to firmware version 4.6.0 (or newer). The WorkSpace will need to be using the PCoIP protocol, WSP protocol does not support PCoIP Zero Clients. You will need to run the PCoIP Connection Manager to enable the clients to successfully connect to Amazon WorkSpaces. Please consult the Amazon WorkSpaces documentation for a step by step guide on how to properly setup the PCoIP Connection Manager, and for help on how to find and install the necessary firmware required for your Zero Clients.

Q: How do I get support with Amazon WorkSpaces?

A: You can get help from AWS Support, and you can also post in the Amazon WorkSpaces Forum.

Billing and Pricing

Q: How does billing work for Amazon WorkSpaces?

A: You can pay for your Amazon WorkSpaces either by the hour, or by the month. You only pay for the WorkSpaces you launch, and there are no upfront fees and no term commitments. The fees for using Amazon WorkSpaces include use of both the infrastructure (compute, storage, and bandwidth for streaming the desktop experience to the user) and the software applications listed in the bundle.

Q: How much does an Amazon WorkSpace cost?

A: Please see our pricing page for the latest information.

Q: Can I pay for my Amazon WorkSpaces by the hour?

A: Yes, you can pay for your Amazon WorkSpaces by the hour. Hourly pricing is available for all WorkSpaces bundles, and in all AWS regions where Amazon WorkSpaces is offered.

Q: How does hourly pricing work for Amazon WorkSpaces?

A: Hourly pricing has two components: an hourly usage fee, and a low monthly fee for fixed infrastructure costs. Hourly usage fees are incurred only while your Amazon WorkSpaces are actively being used, or undergoing routine maintenance. When your Amazon WorkSpaces are not being used, they will automatically stop after a specified period of inactivity, and hourly metering is suspended. When your Amazon WorkSpaces resume, hourly charges begin to accrue again.

Q: How do I get started with hourly billing for my Amazon WorkSpaces?

A: To launch an Amazon WorkSpace to be billed hourly, simply select a user, choose an Amazon WorkSpaces bundle (a configuration of compute resources and storage space), and specify the AutoStop running mode. When your Amazon WorkSpace is created, it will be billed hourly.

Q: What is the difference between monthly pricing and hourly pricing for Amazon WorkSpaces?

A: With monthly billing, you pay a fixed monthly fee for unlimited usage and instant access to a running Amazon WorkSpace at all times. Hourly pricing allows you to pay for your Amazon WorkSpaces by the hour and save money on your AWS bill when your users only need part-time access to their Amazon WorkSpaces. When your Amazon WorkSpaces being billed hourly are not being used, they automatically stop after a specified period of inactivity, and hourly usage metering is suspended.

Q: How do I select hourly billing or monthly billing for my Amazon WorkSpaces?

A: Amazon WorkSpaces operates in two running modes – AutoStop and AlwaysOn. The AlwaysOn running mode is used when paying a fixed monthly fee for unlimited usage of your Amazon WorkSpaces. This is best when your users need high availability and instant access to their desktops, especially when many users need to log into WorkSpaces around the same time. The AutoStop running mode allows you to pay for your Amazon WorkSpaces by the hour. This running mode is best when your users can wait for around 2 minutes to start streaming desktops that have sporadic use. Please consult your account manager for more information about login concurrency and running modes. You can easily choose between monthly and hourly billing by selecting the running mode when you launch Amazon WorkSpaces through the AWS Management Console, the Amazon WorkSpaces APIs, or the Amazon WorkSpaces Command Line Interface. You can also switch between running modes for your Amazon WorkSpaces at any time.

Q: When do I incur charges for my Amazon WorkSpace when paying by the hour?

A: Hourly usage fees start accruing as soon as your Amazon WorkSpace is running. Your Amazon WorkSpace may resume in response to a login request from a user, or to perform routine maintenance.

Q: When do I stop incurring charges for my Amazon WorkSpaces when paying by the hour?

A: Hourly usage charges are suspended when your Amazon WorkSpaces stop. AutoStop automatically stops your WorkSpaces a specified period of time after users disconnect, or when scheduled maintenance is completed. The specified time period is configurable and is set to 60 minutes by default. Note that partial hours are billed as a full hour, and the monthly portion of hourly pricing does not suspend when your Amazon WorkSpaces stop.

Q: Can I force hourly charges to suspend sooner?

A: You can manually stop Amazon WorkSpaces from the AWS Management Console, or by using the Amazon WorkSpaces APIs. To stop the monthly fee associated with your hourly Amazon WorkSpaces, you need to remove the Amazon WorkSpaces from your account (note: this also deletes all data stored in those Amazon WorkSpaces).

Q: Can I switch between hourly and monthly billing?

A: Yes, you can switch from hourly to monthly billing for your Amazon WorkSpaces at any time by switching the running mode to AlwaysOn in the AWS Management Console, or through the Amazon WorkSpaces APIs. When you switch, billing immediately changes from hourly to monthly, and you are charged a prorated amount at the monthly rate for the remainder of the month for AlwaysON, along with the base monthly fee and hourly usage fees of AutoStop that have been already billed for the month. Your Amazon WorkSpaces will continue to be charged monthly unless you switch the running mode back to AutoStop.

You can switch from monthly to hourly billing by setting the running mode to AutoStop in the AWS Management Console or through the Amazon WorkSpaces APIs. Switching from monthly to hourly billing will take effect the following month as you will have already paid for your Amazon WorkSpaces for that month. Your Amazon WorkSpaces will continue to be charged hourly unless you switch the running mode back to AlwaysOn. Please note that billing renewals happen at 00:00 UTC Time on the first of each month.

WorkSpaces users can also switch between monthly and hourly billing directly from the WorkSpaces client if this self-service management capability is enabled by their WorkSpaces administrator.

Q: If I don’t use my Amazon WorkSpace for the full month, are the fees prorated?

A: If you’re paying for your Amazon WorkSpaces monthly, your Amazon WorkSpaces are charged for the full month’s usage. If you’re paying hourly (AutoStop running mode), you are charged for the hours during which your Amazon WorkSpaces are running or undergoing maintenance, plus a monthly fee for fixed infrastructure costs. In both cases, the monthly fee is prorated in the first month only.

Q: Will I be charged the low monthly fee associated with hourly billing if I don’t use my Amazon WorkSpaces in a given month?

A: Yes, you will be charged a small monthly fee for the Amazon WorkSpaces bundle you selected. If you’ve chosen an Amazon WorkSpaces Plus bundle, you will be charged for the software subscription as well. You can find the monthly fees for all Amazon WorkSpaces on the pricing page here.

Q: How are the Plus software bundles charged when I pay hourly for my Amazon WorkSpaces?

A: Plus bundles are always charged monthly, even if you’re paying for your Amazon WorkSpaces by the hour. If you selected a Plus bundle when you launched your WorkSpaces, you will incur the listed fee for the Plus software bundle even if you do not use those Amazon WorkSpaces in a particular month.

Q: Will I be able to monitor how many hours my Amazon WorkSpaces have been running?

A: Yes, you will be able to monitor the total number of hours your Amazon WorkSpaces have been running in a given period of time through the Amazon CloudWatch “UserConnected” metric.

Q: Does Amazon WorkSpaces pricing include bandwidth costs?

A: Amazon WorkSpaces pricing includes network traffic between the user’s client and their WorkSpace. Web traffic from WorkSpaces (for example, accessing the public Internet, or downloading files) will be charged separately based on current AWS EC2 data transfer rates listed here.

Q: How will I be charged for Amazon WorkSpaces that I launch that are based on a custom image?

A: There is no additional charge for Amazon WorkSpaces created from custom images. You will be charged the same as the underlying bundles on which the customized images are based.

Q: Can I use custom images for Amazon WorkSpaces that are billed hourly?

A: Yes. You can launch Amazon WorkSpaces billed hourly from images that you create and upload. There is no additional charge for Amazon WorkSpaces launched from custom images. You will be charged the same as the underlying bundles on which the customized images are based.

Q: Is there a charge to use Amazon WorkSpaces client applications?

A: The Amazon WorkSpaces client applications are provided at no additional cost, and you can install the clients on as many devices as you need to. You can access these here.

Q: Is there an additional charge to access Amazon WorkSpaces using web access?

A: There is no additional charge to access Amazon WorkSpaces using web access. For Amazon WorkSpaces set to bill hourly, you will keep getting billed for the time you leave a browser tab open with an actively running Amazon WorkSpace.

Q: Can I use tags to obtain usage and cost details for Amazon WorkSpaces on my AWS monthly billing report?

A: Yes. By setting tags to appear on your monthly Cost Allocation Report, your AWS monthly bill will also include those tags. You can then easily track costs according to your needs. To do this, first assign tags to your Amazon WorkSpaces by following the steps listed on this web page: Tagging WorkSpaces. Next, select the tag keys to include in your cost allocation report by following the steps listed on this web page: Setting Up Your Monthly Cost Allocation Report.

Q: Are there any costs associated with tagging Amazon WorkSpaces?

A: There are no additional costs when using tags with your Amazon WorkSpaces.

Q: What are the requirements for schools, universities, and public institutions to reduce their WorkSpaces licensing?

A: Schools, universities, and public institutions may qualify for reduced WorkSpaces licensing fees. Please reference the Microsoft Licensing Terms and Documents for qualification requirements. If you think you may qualify, please create a case with the AWS support center here. Select Regarding:<Account and Billing Support>, Service:<Billing>, Category:<Qualify as Educational institution>, and enter the required info. We will review your information and work with you to reduce your fees and costs.

Q: What do I need to provide to qualify as a school, university, or public institution?

A: You will need to provide AWS your institution's full legal name, principle office address, and public website URL. AWS will use this information to qualify you for reduced user fees for qualified educational institutions with your WorkSpaces. Please note: The use of Microsoft software is subject to Microsoft’s terms. You are responsible for complying with Microsoft licensing. If you have questions about your licensing or rights to Microsoft software, please consult your legal team, Microsoft, or your Microsoft reseller. You agree that we may provide the information to Microsoft in order to apply educational pricing to your Amazon WorkSpaces usage.

Q: Does qualification for Amazon WorkSpaces reduced user fees affect other AWS cloud services?

A: No, your user fees are specific to Amazon WorkSpaces, and do not affect any other AWS cloud services or licenses you have.

Q: Is there a charge for streaming data between my WorkSpaces and End Users' devices?

A: The charges for the Service include the cost of streaming data between your WorkSpaces and End Users’ devices unless you stream via VPN, in which case you will be charged VPN data transfer rates in addition to any applicable Internet data transfer changes. Other WorkSpace data transfer will be charged using Amazon EC2 data transfer pricing.

Free Tier

Q: Am I eligible to take advantage of the Amazon WorkSpaces Free Tier offer?

A: The Amazon WorkSpaces Free Tier offer is available to new or existing AWS customers that have not previously used WorkSpaces. Customers must be a new Amazon customer for WorkSpaces and have an account that is not under an AWS Partner account.

Q: What Amazon WorkSpaces bundles are available as part of the Free Tier?

A: The Amazon WorkSpaces Free Tier allows you to provision two Standard bundle WorkSpaces with 80 GB Root and 50 GB User volumes. The Standard bundle WorkSpace offers a cloud desktop with 2 vCPUs, 4 GB of memory, 80 GB Root and 50 GB User volume of SSD-based storage, and you can choose between Amazon Linux WorkSpaces, Amazon WorkSpaces with Windows desktop experiences powered by Windows Server. As with all WorkSpaces, your WorkSpace comes with the pre-installed applications, and access to Amazon WorkDocs with 50 GB included storage. Limited-time promotion offers might be offered via the Free Tier, please refer to the WorkSpaces pricing page for the latest information.

Q: What is included with the Amazon WorkSpaces Free Tier?

A: The WorkSpaces Free Tier includes two Standard Bundle WorkSpaces with 80 GB Root and 50 GB User volumes, for 40 hours of combined use per month, for the first three billing cycles. As with all bundles, your WorkSpace comes with the pre-installed applications, and access to Amazon WorkDocs with 50 GB included storage. Limited-time promotion offers might be offered via the Free Tier, please refer to the WorkSpaces pricing page for the latest information.

Q: Can I use any other Amazon WorkSpaces bundles as part of the Free Tier?

A: The Amazon WorkSpaces Free Tier includes the Standard bundle only. Limited-time promotion offers might be offered via the Free Tier, please refer to the WorkSpaces pricing page for the latest information.

Q: What is the duration of the Amazon WorkSpaces Free Tier?

A: The Free Tier offer starts when you launch your first Amazon WorkSpace, and expires after three billing cycles. For example, if you launched your first WorkSpace on the 15th of the month, the Free Tier offer extends to the end of the month after next. Limited-time promotion offers might be offered via the Free Tier, please refer to the WorkSpaces pricing page for the latest information.

Q: If I use less than 40 hours in my first month of Free Tier use, do the remaining hours roll over to the next month?

A: The Amazon WorkSpaces Free Tier allows you to use a combined total of 40 hours per month. Unused hours expire when the new calendar month starts. Limited-time promotion offers might be offered via the Free Tier, please refer to the WorkSpaces pricing page for the latest information.

Q: What happens if I use my WorkSpaces for more than 40 hours in a calendar month during the Free Tier period?

A: In the event you exceed 40 hours of use in a month during the Free Tier period, you are billed at the current hourly rate for Amazon WorkSpaces. Limited-time promotion offers might be offered via the Free Tier, please refer to the WorkSpaces pricing page for the latest information.

Q: What happens if I convert my Amazon WorkSpaces from AutoStop (hourly billing) to AlwaysOn (monthly billing) before my Free Tier period expires?

A: To qualify for the Free Tier, your Amazon WorkSpaces need to run in the AutoStop running mode. You can change the running mode of your WorkSpaces to AlwaysOn, but this action converts your WorkSpaces to monthly billing, and your Free Tier period will end.

Q: Hourly billing for Amazon WorkSpaces includes a fee for hours used, and a monthly infrastructure cost. Is the monthly infrastructure cost waived during the Amazon WorkSpaces Free Tier?

A: The monthly infrastructure fee for Amazon WorkSpaces is waived for Free Tier use.

Q: What happens when my Amazon WorkSpaces Free Tier period ends?

A: When your Free Tier period ends, your Amazon WorkSpaces will be billed at the current hourly rate. In addition, the monthly infrastructure fee will start to apply. For current rates, see Amazon WorkSpaces Pricing.

Q: How can I track my Amazon WorkSpaces Free Tier usage?

A: To track your Amazon WorkSpaces usage, go to the My Account page in the AWS management console and see your current and past activity by service, and region. You can also download usage reports. For more information, see Understanding Your Usage with Billing Reports.

Connectivity

Q: Can I use an HTTPS proxy to connect to my Amazon WorkSpaces?

A: Yes, you can configure a WorkSpaces Client app to use an HTTPS proxy. Please see our documentation for more information.

Q: Can I connect Amazon WorkSpaces to my VPC?

A: Yes. The first time you connect to the WorkSpaces Management Console, you can choose an easy ‘getting started’ link that will create a new VPC and two associated subnets for you as well as an Internet Gateway and a directory to contain your users. If you choose to access the console directly, you can choose which of your VPCs your WorkSpaces will connect to. If you have a VPC with a VPN connection back to your on-premises network, then your WorkSpaces will be able to communicate with your on-premises network (you retain the usual control you have over network access within your VPC using all of the normal configuration options such as security groups, network ACLS, and routing tables).

Q: Can I connect to my existing Active Directory with my Amazon WorkSpaces?

A: Yes. You can use AD Connector or AWS Microsoft AD to integrate with your existing on-premises Active Directory.

Q: Will my Amazon WorkSpaces be able to connect to the Internet to browse websites and download applications?

A: Yes. You have full control over how your Amazon WorkSpaces connect to the Internet based on regular VPC configuration. Depending on what your requirements are you can either deploy a NAT instance for Internet access, assign an Elastic IP Address (EIP) to the Elastic Network Interface (ENI) associated with the WorkSpace, or your WorkSpaces can access the Internet by utilizing the connection back to your on-premises network.

Q: Can I use IPv6 addresses for my Amazon WorkSpaces bundles?

A: Yes. You can use IPv6 addresses for Value, Standard, Performance, Power, PowerPro, GraphicsPro, Graphics.g4dn, and GraphicsPro.g4dn bundles. At this time, IPv6 addresses are not supported in Graphics bundles.

Q: Can my Amazon WorkSpaces connect to my applications that are running in Amazon EC2 such as a file server?

A: Yes. Your WorkSpaces can connect to applications such as a fileserver running in Amazon EC2 (both “Classic” and VPC networking environments). All you need to do is ensure appropriate route table entries, security groups and network ACLs are configured so that the WorkSpaces can reach the EC2 resources you would like them to be able to connect to.

Q: What are the pre-requisites for using my digital certificates on Amazon WorkSpaces?

A: To use your certificates to manage which client devices can access Amazon WorkSpaces, you need to distribute your client certificates using your preferred solution such as Microsoft System Center Configuration Manager (SCCM), or a Mobile-Device Management (MDM) software solution to the devices you want to trust. Your root certificates are imported into the WorkSpaces management console. For more information, please see Restrict WorkSpaces Access to Trusted Devices.

Q: What are the pre-requisites for enabling MFA on Amazon WorkSpaces?

A: To enable MFA on WorkSpaces, you will need to configure AD Connector, and have an on-premises RADIUS server(s). Your on-premises network must allow inbound traffic over the default RADIUS server port (1812) from the AD Connector server(s). Additionally, you must ensure that usernames match between Active Directory and your RADIUS server. To learn more, visit our documentation.

Directories

Q: Do I need to set up a directory to use the Amazon WorkSpaces service?

A: Each user you provision a WorkSpace for needs to exist in a directory, but you do not have to provision a directory yourself. You can either have the WorkSpaces service create and manage a directory for you and have users in that directory created when you provision a WorkSpace. Alternatively, you can integrate WorkSpaces with an existing, on-premises Active Directory so that users can continue to use their existing credentials meaning that they can get seamless applications to existing applications.

Q: If I use a directory that the Amazon WorkSpaces service creates for me, can I configure or customize it?

A: Yes. Please see our documentation for more details.

Q: Can I integrate Amazon WorkSpaces with my existing on-premises Active Directory?

A: Yes. You can use AD Connector or AWS Microsoft AD to integrate with your existing on-premises Active Directory.

Q: How do I integrate Amazon WorkSpaces with my on-premises Microsoft Active Directory?

A: There are two ways you can integrate Amazon WorkSpaces with your on-premises Microsoft Active Directory (AD): you can set up an interforest trust relationship with your AWS Microsoft AD domain controller, or you can use AD Connector to proxy AD authentication requests.

To configure an interforest trust relationship between your on-premises Microsoft AD and your AWS Microsoft AD please see the documentation here. To configure AD Connector, please see the documentation here.

Once a trust is established, you can select the domain where your user accounts reside directly in the Amazon WorkSpaces console, and proceed to provisioning WorkSpaces for your users. Please note that usernames across domains need to be unique per instance of AWS Microsoft AD.

Q: There are two options for integrating Amazon WorkSpaces with my on-premises Microsoft Active Directory. Which one should I use?

A: You can integrate Amazon WorkSpaces with your on-premises Microsoft Active Directory (AD) either by setting up an interforest trust relationship with your AWS Microsoft AD domain controller, or by using AD Connector to proxy AD authentication requests.

When using interforest trust, you only need a single trust relationship between your on-premises AD and your AWS Microsoft AD domain controller. You can assign Amazon WorkSpaces to users in any of your on-premises domains, and AWS Microsoft AD automatically discovers and routes authentication requests to the correct domain controller. This option works well when your environment consists of multiple on-premises Microsoft AD domains.

When using AD Connector, a separate AD Connector is required for each of your on-premises Microsoft AD domains with users that will need WorkSpaces assigned to them. Using AD Connector works well for environments with a single on-premises domain, or for proof-of-concept projects.

For more information, please visit this page.

Q: Can I use the Amazon WorkSpaces APIs to create new WorkSpaces for users across domains when I have an interforest trust relationship established with AWS Microsoft AD?

A: Yes. When using the Amazon WorkSpaces API to launch WorkSpaces, you will need to specify the domain name as part of the username, in this format: “NETBIOS\username” or “corp.example.com\username”. For more information, please visit this page.

Q: Can I apply the same Group Policy object settings from my on-premises Microsoft Active Directory to Amazon WorkSpaces?

A: Yes. If you’re using an interforest trust relationship between your on-premises Microsoft AD and your AWS Microsoft AD domain controller, you will need to ensure that your Group Policy object (GPO) settings are replicated across domains before they can be applied to Amazon WorkSpaces. If you are using AD Connector, your GPO settings will be applied to your WorkSpaces much like any other computer in your domain.

Q: Can I apply Active Directory policies to my Amazon WorkSpaces using the directory that the WorkSpaces service creates for me?

A: Yes. Please see our documentation for more details.

Q: What happens to my directory when I remove all of my Amazon WorkSpaces?

A: You may keep your AWS directory in the cloud and use it to domain join EC2 instances or provide directory users access to the AWS Management Console. You may also delete your directory.

If there are no WorkSpaces being used with your Simple AD or AD Connector for 30 consecutive days, this directory will be automatically deregistered for use with Amazon WorkSpaces, and you will be charged for this directory as per the AWS Directory Service pricing terms. If you delete your Simple AD or AD Connector you can always create a new one when you want to start using WorkSpaces again.

Q: Which AWS Directory Services support the use of PCoIP Zero Clients?

A: PCoIP Zero Clients can be used with the AD Connector and Simple AD directory services from AWS. Currently, Zero Clients cannot be used with the AWS Directory Service for Microsoft Active Directory.

CloudWatch Monitoring

Q: What does Amazon CloudWatch monitor for Amazon WorkSpaces?

A: Amazon WorkSpaces is integrated with both CloudWatch Metrics and CloudWatch Events.

You can use Amazon CloudWatch Metrics to review health and connection metrics for individual WorkSpaces and all WorkSpaces belonging to a directory. You can set up CloudWatch Alarms on these metrics to be alerted about changes to WorkSpaces health, or about issues your users may have connecting to their WorkSpaces.

You can use CloudWatch Events to view, search, download, archive, analyze, and respond to successful WorkSpace logins. Amazon WorkSpaces client applications send WorkSpaces Access events to CloudWatch Events when a user successfully logs in to a WorkSpace. All Amazon WorkSpaces client applications send these events. 

Q: Will I be able to monitor how many hours my Amazon WorkSpaces have been running?

A: Yes, you will be able to monitor the total number hours your Amazon WorkSpaces has been running in a given period of time through Amazon CloudWatch “UserConnected” metric.

Q: In what regions can I use Amazon WorkSpaces with CloudWatch Metrics?

A: CloudWatch Metrics are available with Amazon WorkSpaces in all AWS regions where WorkSpaces is available.

Q: What does CloudWatch Metrics cost?

A: There is no additional cost for using CloudWatch Metrics with WorkSpaces via the CloudWatch console. There may be additional charges for setting up CloudWatch Alarms and retrieving CloudWatch Metrics via APIs. Please see CloudWatch pricing for more information.

Q: How do I get started with CloudWatch Metrics for my Amazon WorkSpaces?

A: CloudWatch Metrics are enabled by default for all your WorkSpaces. Visit the AWS Management Console to review the metrics and set up alarms.

Q: What metrics are supported for the Amazon WorkSpaces client application and PCOIP Zero Clients?

A: Please see the documentation for more information on Amazon CloudWatch metrics with Amazon WorkSpaces.

Q: What metrics are supported for Amazon WorkSpaces instances?

A: The following metrics are currently supported for reporting on Amazon WorkSpaces usage:
• Available
• Unhealthy
• ConnectionAttempt
• ConnectionSuccess
• ConnectionFailure
• SessionLaunchTime
• InSessionLatency
• SessionDisconnect
• UserConnected
• Stopped
• Maintenance
• TrustedDeviceValidationAttempt
• TrustedDeviceValidationSuccess
• TrustedDeviceValidationFailure
• TrustedDeviceCertificateDaysBeforeExpiration
• CPUUsage
• MemoryUsage
• RootVolumeDiskUsage
• UserVolumeDiskUsage
• UDPPacketLossRate
• UpTime

Please see the documentation for more information on Amazon WorkSpaces metrics and dimensions supported on Amazon CloudWatch.

Q: Is there any delay I should expect from metrics that are generated by Amazon WorkSpaces?

A: Yes. Amazon WorkSpaces sends metrics to CloudWatch every 5 minutes, with at least a delay of 15 minutes for Always On instances. If an Auto Stop WorkSpaces instance stops before this time, the generated metrics will be sent to CloudWatch as soon as that instance comes back on. So, Auto Stop WorkSpaces instances may take more time to be delivered.

Q: What CloudWatch Events are generated by Amazon WorkSpaces?

A: Successful WorkSpace logins. Amazon WorkSpaces sends access event information to CloudWatch Events when a user successfully logs in to a WorkSpace from any WorkSpaces client application.

Q: How can I utilize CloudWatch Events with WorkSpaces?

A: You can use CloudWatch Events to view, search, download, archive, analyze, and respond based on rules that you configure. You can either use the AWS Console under CloudWatch to view and interact with CloudWatch Events or use services such as Lambda, ElasticSearch, Splunk and other partner solutions using Kinesis Streams or Firehose to take actions based on your event data. For storage, CloudWatch Events recommends using Kinesis to push data to S3. For more information on how to use CloudWatch Events, see the Amazon CloudWatch Events User Guide.

Q: What information is included in WorkSpaces Access Events?

A: Events are represented as JSON objects which include WAN IP address, WorkSpaces ID, Directory ID, Action Type (ex. Login), OS platform, Timestamp and a Success/Failure indicator for each successful login to WorkSpaces. See our documentation for more details here.

Q: What does CloudWatch Events cost?

A: There is no additional cost for using CloudWatch Events with Amazon WorkSpaces. You will be charged for any other services you use that take action based on CloudWatch Events, such as Amazon ElasticSearch, and AWS Lambda. This also includes other CloudWatch services such as CloudWatch Metrics, CloudWatch Logs, and CloudWatch Alarms if your usage surpasses the CloudWatch Free Tier limits. All of these services are integrated with and can be triggered from CloudWatch Events.

Printing

Q: Can I print from my Amazon WorkSpace?

A: Yes, Amazon WorkSpaces with Windows support local printers, network printers, and cloud printing services. Amazon WorkSpaces with Amazon Linux support network printers, and cloud printing services.

Q: How do I enable printer auto-redirection for my Amazon WorkSpace?

A: By default, local printer auto-redirection is disabled. You can use the Group Policy settings to enable this feature. This will ensure that your local printer is set as the default every time you connect to your WorkSpace.

Q: How do I print to my local printer?

A: If you have a local printer configured, it will show up in your WorkSpaces printer menu the next time you connect to your WorkSpace. If not, you will need to configure a local printer outside of your WorkSpace. Once this is done, select your local printer from the print menu, and select print.

Q: Why can’t I see my local printer from the printing menu?

A: Most printers are already supported by Amazon WorkSpaces. If your printer is not recognized, you may need to install the appropriate device driver on your WorkSpace.

Q: How do I print to a network printer?

A: Any printer which is on the same network as your Amazon WorkSpace and is supported by Windows Server 2016/2019/2022 can be added as a network printer. Once a network printer is added, it can be selected for printing from within an application.

Q: Can I use my Amazon WorkSpace with a cloud printing service?

A: You can use cloud printing services with your WorkSpace including, but not limited to, Cortado ThinPrint®.

Q: Can I print from my tablet or Chromebook?

A: The Amazon WorkSpaces clients for tablets and Android-compatible Chrome OS devices support cloud printing services including, but not limited to, Cortado ThinPrint®. Local and network printing are not currently supported.

User Self Service Management

Q: What self-service management capabilities are available for Amazon WorkSpaces?

A: You can choose to let users accomplish typical management tasks for their own WorkSpace, including restart, rebuild, change compute type, and change disk size. You can also let users switch from monthly to hourly billing (and back). You can choose to enable specific self-service management capabilities that suit your needs directly in the WorkSpaces Admin Console.

Q: How do I get started with self-service management capabilities for my WorkSpaces users?

A: Self-service management capabilities are enabled by default when you register a directory with WorkSpaces. You can choose to not enable them when you register a directory.

You can modify specific self-service management capabilities from the WorkSpaces console. On the Directories page, select the directory you want to modify for self-service management. Next, select “Update Details” under the “Actions” menu. You can find all self-service management capabilities options under the “User Self Service Permissions” section. You can also use WorkSpaces APIs to modify self-service management capabilities.

Q: How do end users access self-service management capabilities?

A: Self-service management capabilities are available to users through the WorkSpaces client on Windows, Mac, Android, and Chrome OS devices supporting Android apps.

Q: Do I need to log into WorkSpaces to use self-service management capabilities?

A: Yes, you must authenticate to use any self-service management capabilities.

Q: Can I continue to use my WorkSpace while a self-service management actions is being performed?

A: You can continue to use your WorkSpace while disk size or running mode is being changed. Restarting, rebuilding, restoring, and changing compute type requires disconnecting from your WorkSpaces session.

Q: How much does it cost to use self-service management capabilities?

A: Self-service management capabilities are available at no additional cost. You can enable self-service management for tasks such as changing the WorkSpace bundle type, or increasing the volume size. When end users perform these tasks, the billing rate for those WorkSpaces may change.

High Availability and Disaster Recovery

Q: How do I get high availability with Amazon WorkSpaces?

A: To reduce downtime from maintenance and disruptive events, deploy WorkSpaces in multiple Regions, making sure that regional WorkSpaces maintenance schedules do not overlap. Use cross-Region redirection, so that you can direct users to WorkSpaces Regions not under maintenance. For more information on WorkSpaces cross-Region redirection, please refer to Amazon WorkSpaces documentation.

Q: What is WorkSpaces Multi-Region Resilience?

A: Amazon WorkSpaces Multi-Region Resilience provides automated, redundant virtual desktop infrastructure in a secondary WorkSpaces Region and streamlines the process of redirecting users to the secondary Region when the primary Region is unreachable due to outages.

Q: How do I plan for disaster recovery for my WorkSpaces?

A: Use WorkSpaces Multi-Region Resilience with cross-Region redirection to deploy redundant virtual desktop infrastructure in a secondary WorkSpaces Region and design a cross-Region failover strategy in preparation for disruptive events. Leveraging Domain Name System(DNS) failover and health-check capabilities, WorkSpaces cross-Region redirection points your users to log into WorkSpaces in a disaster recovery Region when the primary WorkSpaces Region is not reachable. To learn more, please refer Amazon WorkSpaces documentation on WorkSpaces Multi-Region Resilience and cross-Region redirection.

Q: How can I create standby WorkSpaces in a secondary WorkSpaces Region?

A: WorkSpaces standby configuration for Multi-Region Resilience automates the creation and maintenance of standby deployments. After setting up a user directory in your preferred secondary Region, simply select the WorkSpaces in your primary Region that you want to create standby WorkSpaces for, either through the AWS management console or the AWS SDK. The system will automatically provision standby WorkSpaces in your secondary Region, using the latest bundle of your primary WorkSpaces. By default, the system does not replicate the user volume (D drive) or the root volume (C drive) to the standby WorkSpaces. To do so, you need to enable data replication.

Q: Can I replicate data from my primary WorkSpaces to my standby WorkSpaces?

A: Yes. After you set up your standby WorkSpaces in the secondary Region, you can enable data replication to copy both the root volume (C drive) and the user volume (D drive) from your primary WorkSpaces to your standby WorkSpaces. The data replication is one-way. Once it is enabled, the system will replicate data from your primary AWS Region to the secondary AWS Region. To learn more, please refer to Amazon WorkSpaces Multi-Region Resilience.

Q: Can I use Amazon WorkSpaces Multi-Region Resilience with cross-Region redirection?

A: Yes. Amazon WorkSpaces Multi-Region Resilience leverages the existing cross-Region redirection capabilities and streamlines the process of redirecting users to a secondary Region when their primary WorkSpaces Region is unreachable due to disruptive events. It does this without requiring users to switch the registration code when logging in to their standby WorkSpaces. You can use fully qualified domain name (FQDN) as Amazon WorkSpaces registration codes for your users. When an outage occurs in your primary Region, you can redirect users to the standby WorkSpaces in the secondary Region based on your Domain Name System (DNS) failover policies for the FQDN.

Q: How do I define my WorkSpaces’ primary Regions and backup Regions with cross-Region redirection?

A: You can define the Region priority by configuring routing policies for your FQDN on DNS. For more information, please refer to Amazon WorkSpaces documentation.

Q: Will my old registration codes still work after I enable cross-Region redirection?

A: Yes. Old registration codes will keep working. Users can register with either old registration codes or fully qualified domain names (FQDN). Cross-Region redirection only works when end users register with FQDNs.

Q: Can I use internal domain names for cross-Region redirection?

A: Yes. WorkSpaces cross-Region redirection works with both public domain names and domain names in private DNS zones. If your end users use private FQDNs from the public internet, the WorkSpaces clients will return errors reporting invalid registration codes.

Q: What AWS Regions have the WorkSpaces cross-Region redirection support?

A: WorkSpaces cross-Region redirection works in all AWS Regions where Amazon WorkSpaces is available except AWS GovCloud and China Regions.

Q: What client types support WorkSpaces cross-Region redirection?

A: Windows, macOS, and Linux WorkSpaces clients support cross-Region redirection.

Q: How do I plan for disaster recovery for my WorkSpaces?

A: Use WorkSpaces Multi-Region Resilience ** with cross-Region redirection to deploy redundant virtual desktop infrastructure in a secondary WorkSpaces Region and design a cross-Region failover strategy in preparation for disruptive events. Leveraging Domain Name System (DNS) failover and health-check capabilities, WorkSpaces cross-Region redirection could point your users to log into WorkSpaces in a disaster recovery Region when the primary WorkSpaces Region is not reachable. To learn more, please refer Amazon WorkSpaces documentation on WorkSpaces Multi-Region Resilience and cross-Region redirection.

Protocol

Q: What is a remote display protocol and why is it important for WorkSpaces?

A: The remote display protocol is one of the technologies that enables WorkSpaces to deliver a fully managed, high-performance virtual desktops experience. The display protocol host agent runs on the hosted desktops. Based on factors such as desktop contents, CPU/GPU characteristics, and network performance, the display protocol selects the optimal combination of compression/decompression algorithms (codecs) to encode a rendering of the desktop and transmit it as a pixel stream to the WorkSpaces client application running on the user's device. In addition to delivering a high-quality pixel stream, the remote display protocol is key in supporting the various operating systems offered for WorkSpaces, as well as enabling all in-session features, such as copy/paste, printing, and smart-card redirection.

Q: What client and host operating systems are supported by the latest version of WSP?

A: You must use a WorkSpaces client that supports WSP to connect to a WorkSpaces host running latest WSP host agent. Use the chart below to identify which client and host agents support WSP and version requirements.

 

Operating System

WSPv2 Support

Version Requirement

Host

Windows WorkSpace

Y

WSP host agent version 2.0.0.312 or higher

Ubuntu WorkSpace

Y

WSP host agent version 2.1.0.501 or higher

Amazon Linux WorkSpace

Y

WSP host agent version 2.0.0.596 or higher

Client

Windows native client

Y

Windows client version 5.1.0.3029 or higher

macOS native client

Y

MacOS client version 5.5.0 or higher

Web access client

Y

Use Web Access URL to login

iPad client

N

Not supported

Linux client

N

Not supported

Android client

N

Not supported

Q: How do I find my WSP host agent version?

A: To check Windows host agent versions, search and open “Add or Remove Programs” inside the WorkSpace instance, then search “WSP” to see your WSP host agent version. To check Linux host agent versions, you can check the installed version of the 'wsp' package. On AL2, use 'yum list installed | grep wsp', and on Ubuntu use 'apt list —installed | grep wsp'. 

Q: How do I find my client version?

A: To check client version, go to “About My Workspaces” after signing into the native client.

Q: If I already have a WSP WorkSpace, how do I update it?

A: You need to reboot your WorkSpaces instance in order to update the WSP host agent. Also, download and install the latest client. You must update both host agent and client to get the latest performance improvements and features. WSP will fall back to using an older version if either client or host agent is not updated.

Q: Why are there 2 protocols available when I choose my WorkSpaces bundle?

A: We strive to offer our customers the flexibility to meet a wide variety of technical and business requirements.

Q: Can I include both PCoIP and WSP users in the same directory?

A: Yes. When you provision a new WorkSpaces user in the directory, you can enable either WSP or PCoIP, as long as the WorkSpaces user is not already listed in that directory.

Q. Can I switch between the PCoIP and WSP protocols on WorkSpaces?

A. Yes. One streaming protocol is selected when a WorkSpace is provisioned for a given user. To switch to a different streaming protocol after a WorkSpace has been provisioned, you can use the WorkSpaces migrate API to update the Workspace’s protocol.

Q. Can the same user run both a PCoIP and WSP on WorkSpaces?

A. Yes, as long as separate directories are created for each user. A single user cannot run both PCoIP and
WSP on WorkSpaces from the same directory. However, a single directory can include a mix of both
PCoIP and WSP-based WorkSpaces users.

Q. Where should I send feedback or how can I get additional support?

A. If you encounter any issues or want to provide feedback about WSP, contact AWS Support.

Microsoft Office and Microsoft 365

Q: What options do I have for purchasing Microsoft Office or Microsoft 365 on WorkSpaces services?

A: You can purchase Microsoft Office Pro Plus 2016, 2019 or 2021 as part of a WorkSpaces application bundle, or, beginning August 1, 2023, you can bring your own Microsoft 365 Apps for enterprise licenses on WorkSpaces services if it meets Microsoft’s licensing requirements. This applies to WorkSpaces instances running on dedicated or shared infrastructure. 

Q: Can I bring my Windows Desktop licenses to Amazon WorkSpaces?

A: Yes, you can bring your own Windows 10 or Windows 11 desktop licenses to WorkSpaces if they meet Microsoft’s licensing requirements. See Windows BYOL FAQ for more information.

Q. Do I need to bring in my own Windows Desktop licenses for Windows 10 and Windows 11 WorkSpaces when I am bringing my own Microsoft 365 licenses for Microsoft 365 applications?

A: Microsoft 365 Apps for enterprise licenses can be used for applications and management software. However, if you want to run Windows 10 or Windows 11 on WorkSpaces you still need to purchase VDA E3 or E5 user licenses and use dedicated infrastructure. You can bring your own Windows 10 or Windows 11 desktop licenses to WorkSpaces if they meet Microsoft’s licensing requirements. WorkSpaces gives you an option to run Windows 10 or Windows 11 desktop images on physically dedicated hardware, which lets you maintain license compliance for your Windows desktops. 

To learn more about the use of Microsoft software on AWS, see Windows FAQs

Q: What Microsoft 365 applications can I use on WorkSpaces services?

A: You can bring your Microsoft 365 Apps for enterprise licenses to run on WorkSpaces services. Microsoft 365 includes popular productivity applications like Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Microsoft Outlook, and more. Included applications vary by license plan. You can also bring licenses to run additional applications including Microsoft Project and Microsoft Visio. 

Q: What Microsoft 365 license plans can I run on WorkSpaces services?

A: Permitted license plans include Microsoft 365 E3 or E5, Microsoft 365 A3 or A5, or Microsoft 365 Business Premium. These plans are available on shared Windows Server instances and BYOL Windows Desktop operating systems running on dedicated instances.

Q: Are there any additional fees to use Microsoft 365 on WorkSpaces services?

A: There are no additional fees or costs to run Microsoft 365 Apps for enterprise on WorkSpaces services. WorkSpaces services are billed at publicly listed pricing.

Q: How do I migrate WorkSpaces services from Microsoft Office to Microsoft 365?

A. If you are running WorkSpaces services and are not subscribed to a Microsoft Office license through AWS, you can install and configure Microsoft 365 Apps for enterprise. If you are running WorkSpaces services and are subscribed to a Microsoft Office license through AWS, you first need to unsubscribe from the Microsoft Office license provided by AWS before installing Microsoft 365 Apps for enterprise. For more information on migrating from Microsoft Office to Microsoft 365 Apps for enterprise, see this guide.   

Q: Can I purchase perpetual Microsoft Office license from AWS for my WorkSpaces?

A: Microsoft licensing does not permit AWS to re-sell or offer perpetual licenses in a hosted environment like WorkSpaces. AWS leverages Services Provider License Agreement (SPLA), that allows AWS to license eligible Microsoft products such as Microsoft Office on a monthly basis. Under this offering licensing of Microsoft Office is included in the monthly WorkSpaces billing statement.

Q: What versions of Microsoft Office are available on Amazon WorkSpaces?

A: Customers can choose to have 32-bit Microsoft Office 2016 Professional Plus or 64-bit Microsoft Office 2019 Professional Plus or 64-bit Office 2021 Professional Plus. 

Q: Microsoft Office 2016 and 2019 are going to be end of support soon. How can I make sure that my end users continue to use Microsoft Office on Amazon Workspaces?

A: Up until October 14, 2025, Microsoft is providing extended support for Microsoft Office 2016/2019. Until the extended support expires, AWS plans to continue to offer these software packages, which are also qualified to receive security upgrades from Microsoft. 

Product

URL

Mainstream End Date

Extended End Date

Microsoft Office 2016

https://docs.microsoft.com/en-us/lifecycle/products/microsoft-office-2016

Oct 13, 2020

Oct 14, 2025

Microsoft Office 2019

https://docs.microsoft.com/en-us/lifecycle/products/microsoft-office-2019

Oct 10, 2023

 

Oct 14, 2025

 

Q: What will happen after the Extended End Date expires?

A: After Microsoft Office 2016/2019 Extended End Date expires, the WorkSpaces public bundles with Office 2016/2019 will also reach end of life and you won’t be able to launch new WorkSpaces using public bundles. However, your existing custom bundles will continue to work as-is. We recommend you to upgrade your existing WorkSpaces/custom images to the latest versions of Microsoft Office e.g. Microsoft Office 2021.

Q: What will happen to my WorkSpaces running Microsoft Office 2016/2019 after the Extended End Date expires?

A: You can continue to use your WorkSpaces with Microsoft Office 2016/2019 but there will be no support or security updates available for Microsoft Office packages.

Learn more about Amazon WorkSpaces pricing

Visit the pricing page
Ready to build?
Get started with Amazon WorkSpaces
Have more questions?
Contact us