Simple AD Directory Public IP Addresses

Attach an Internet gateway to the VPC used by the directory and assign a public IP address to each WorkSpace. To assign a public IP address to your WorkSpaces, you can either manually assign an Elastic IP address to the network interface for each WorkSpace after it is created, or you can have Amazon WorkSpaces automatically assign a public IP address to each WorkSpace that is provisioned or rebuilt. For more information about automatically assigning public IP addresses in a Simple AD directory, see Internet Access.

Topics

• Internet Gateway and Routing
• Assigning an Elastic IP Address to a WorkSpace

Internet Gateway and Routing

To setup an Internet gateway and subnet routing, perform the following steps:

1. If your VPC does not already have an Internet gateway, create an Internet gateway and attach it to the VPC used by the directory. For more information, see Adding an Internet Gateway to Your VPC in the Amazon VPC User Guide.

2. Make sure the security group for your WorkSpaces allows outbound traffic on ports 80 (HTTP) and 443 (HTTPS) to all destinations (0.0.0.0/0). For information about how to find the WorkSpaces security group, see WorkSpaces Security Group.

3. Modify the route table for both WorkSpaces subnets to route all non-VPC traffic to the Internet gateway.

   WorkSpaces Subnet Route Table

   Destination	Target
   VPC CIDR	local
   0.0.0.0/0	Internet gateway

   
   

Assigning an Elastic IP Address to a WorkSpace

The following procedure explains how to manually assign an Elastic IP address to the network interface of a WorkSpace.

You can have Amazon WorkSpaces automatically assign a public IP address to each WorkSpace that is provisioned or rebuilt. For more information, see Internet Access (Simple AD) or Internet Access (AD Connector).

To assign an Elastic IP address to a WorkSpace

1. Open the Amazon WorkSpaces console at https://console.aws.amazon.com/workspaces/.

2. In the navigation pane, choose WorkSpaces, select the WorkSpace you want to apply the Elastic IP address to, and choose the right arrow button to display the details for the WorkSpace. Make a note of the WorkSpace IP value.

3. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

4. In the navigation pane, choose Elastic IPs and either select an unused VPC address or allocate a new address for VPC.

5. Select the address, choose Associate Address, and enter the WorkSpace IP value found in step 2 in the Network Interface field. The identifier of the elastic network interface (ENI) that is assigned to that IP address is displayed in the search list. This is the ENI of the WorkSpace. Select the ENI identifier. The WorkSpace IP will be displayed in the Private IP Address field.

6. Choose Reassociation so that the Elastic IP address can be reassigned later if needed, and choose Associate.

7. Make sure the security group for your WorkSpaces allows outbound traffic on ports 80 (HTTP) and 443 (HTTPS) to all destinations (0.0.0.0/0). For information about how to find the WorkSpaces security group, see WorkSpaces Security Group.

8. The WorkSpace now has access to the Internet. Repeat this process for each existing WorkSpace.