Allowed Domains
For AppStream 2.0 users to access streaming instances, you must allow the following domain on the network from which users initiate access to the streaming instances.
-
Session Gateway: *.amazonappstream.com
One or more of the following domains must be allowed to enable user authentication. You must allow the domains and subdomains that correspond to the Regions where AppStream 2.0 is deployed.
| Region | Domain |
|---|---|
| US East (N. Virginia) | *.appstream2.us-east-1.aws.amazon.com |
| US East (Ohio) | *.appstream2.us-east-2.aws.amazon.com |
| US West (Oregon) | *.appstream2.us-west-2.aws.amazon.com |
| Asia Pacific (Mumbai) | *.appstream2.ap-south-1.aws.amazon.com |
| Asia Pacific (Seoul) | *.appstream2.ap-northeast-2.aws.amazon.com |
| Asia Pacific (Singapore) | *.appstream2.ap-southeast-1.aws.amazon.com |
| Asia Pacific (Sydney) | *.appstream2.ap-southeast-2.aws.amazon.com |
| Asia Pacific (Tokyo) | *.appstream2.ap-northeast-1.aws.amazon.com |
| Canada (Central) | *.appstream2.ca-central-1.aws.amazon.com |
| Europe (Frankfurt) | *.appstream2.eu-central-1.aws.amazon.com |
| Europe (London) | *.appstream2.eu-west-2.aws.amazon.com |
| Europe (Ireland) | *.appstream2.eu-west-1.aws.amazon.com |
| AWS GovCloud (US-West) | *.appstream2.us-gov-west-1.amazonaws-us-gov.com |
| South America (São Paulo) |
*.appstream2.sa-east-1.aws.amazon.com |
If your users use a network proxy to access streaming instances, disable any proxy caching for the user auth domains in the table and the session gateway, *.amazonappstream.com.
AWS publishes its current IP address ranges, including the ranges that the
Session Gateway and CloudFront domains may resolve to, in JSON format. For
information about how to download the .json file and view the current ranges, see
AWS IP Address Ranges in
the Amazon Web Services General Reference. Or, if you are using AWS Tools for Windows PowerShell, you
can access the same information by using the
Get-AWSPublicIpAddressRange cmdlet. For more information, see
Querying the Public IP Address Ranges for AWS
For AppStream 2.0 users that are accessing Elastic fleets, you must allow access to the domain for the Amazon Simple Storage Service (S3) bucket that contains the application icon.
If your S3 bucket has a “.” character in the name, the domain used is
https://s3.<AWS Region>.amazonaws.com. If your S3 bucket does not have a “.”
character in the name, the domain used is https://<bucket
name>.s3.<AWS
Region>.amazonaws.com.
