Concepts and terminology for Amazon Nimble Studio - Amazon Nimble Studio

Concepts and terminology for Amazon Nimble Studio

To help you get started with Amazon Nimble Studio, and understand how it works, you can refer to the key concepts and terminology in this guide.

Key features

Amazon Nimble Studio

Amazon Nimble Studio is an AWS service that enables creative studios to produce visual effects, animation, and interactive content entirely in the cloud, from storyboard sketch to final deliverable.

Nimble Studio supports Linux and Windows operating systems (OS) and creation applications such as Autodesk Maya, Blender, Houdini, or Foundry’s Nuke. It also integrates with many other AWS services.

Amazon Nimble Studio console

The Nimble Studio console is a portion of the AWS Management Console that is devoted to our admin IT customers. This console is where admins create their cloud studio and manage many settings. For instance, the Studio manager page allows you to add or remove resources, add launch profiles, and grant permissions to users and groups.

Amazon Nimble Studio portal

The Nimble Studio portal is the user interface that’s dedicated to both types of Nimble Studio customers: artists and admins. The Nimble Studio portal is where admins can assign launch profiles to artists, and artists can launch streaming sessions. The portal’s user-friendly interface makes it easy to review your launch profiles, check your workstation’s status, see who else is in their cloud studio, and access support.


StudioBuilder is a Cloud Development Kit (CDK) application that deploys a fully functional, secure cloud studio with Nimble Studio through a command line interface (CLI). After you follow a few prompts and configure some settings, StudioBuilder builds the infrastructure that your cloud studio needs to operate. The process takes about 90 minutes.

StudioBuilder is available through the AWS Marketplace.

AWS Thinkbox Deadline (Deadline)

Deadline is rendering management software that provides a wide range of compute management options to easily and securely access cloud-based resources for rendering, render management, and processing. AWS Thinkbox Deadline is compatible with Windows, Linux, and macOS based render farms.

Key concepts and terminology

Amazon EC2 instance

An instance is a virtual server in the cloud. Its configuration is a copy of the Amazon Machine Image (AMI) that you specified when you launched the instance. To connect your virtual workstation to a streaming session, first launch an instance. You can do this from the Nimble Studio portal.

Amazon Machine Image (AMI)

An Amazon Machine Image (AMI) provides the information required to launch an instance. To run StudioBuilder and deploy your cloud studio, launch an Amazon EC2 instance using the AMI. An AMI has all of the packages that you need for the deploy.

AWS Managed Microsoft AD

AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) is a fully managed Active Directory in the AWS Cloud.

When StudioBuilder builds your cloud studio, it creates an Active Directory environment using the AWS Managed Microsoft AD service. After deployment, you can connect your new AWS Managed Microsoft AD to AWS IAM Identity Center (successor to AWS Single Sign-On) (IAM Identity Center). To learn how, see Step 6: Link AWS Managed Microsoft AD as an IAM Identity Center identity source in the Deploying a new studio with StudioBuilder tutorial.

By connecting your AWS Managed Microsoft AD to IAM Identity Center, administrators can grant users or groups seamless access to the resources that you want them to use.

Customers who wish to bring their own Active Directory should follow the Bring Existing Resources (BER) steps in the Getting started page of the Nimble Studio console.

AWS managed policies

An AWS managed policy is a standalone policy that is created and administered by AWS. Standalone policy means that the policy has its own Amazon Resource Name (ARN) that includes the policy name. For example, arn:aws:iam::aws:policy/IAMReadOnlyAccess is an AWS managed policy. For more information about ARNs, see IAM ARNs.

AWS managed policies are used for granting permissions to common job functions. Job function policies are maintained and updated by AWS when new services and API operations are introduced. For example, the AdministratorAccess job function provides full access and permissions delegation to every service and resource in AWS. Whereas, partial-access AWS managed policies such as AmazonMobileAnalyticsWriteOnlyAccess and AmazonEC2ReadOnlyAccess can provide specific levels of access to AWS services without allowing full access. For learn more about access policies, see Understanding access level summaries within policy summaries.

AWS Management Console

The AWS Management Console is a web application that provides access to a broad collection of service consoles for managing AWS services.

Each service also includes its own console. These consoles offer a wide range of tools for cloud computing. For instance, within the EC2 console, you can create a license server, plus update or add new software to your Linux worker Amazon Machine Image (AMI). There’s even a service that helps with billing and cost management.

AWS IAM Identity Center (successor to AWS Single Sign-On) (IAM Identity Center)

IAM Identity Center is an AWS service that makes it easy to centrally manage access to multiple AWS accounts and business applications. With IAM Identity Center, you can provide users with single sign-on access to all their assigned accounts and applications from one place. You can also centrally manage multi-account access and user permissions to all of your accounts in AWS Organizations. Visit AWS IAM Identity Center (successor to AWS Single Sign-On) FAQs for more information.

AWS Systems Manager Session Manager

Session Manager is a fully managed AWS Systems Manager capability that lets you manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, on-premises instances, and virtual machines (VMs) through an interactive one-click browser-based shell or through the AWS Command Line Interface (AWS CLI). For more information, visit AWS Systems Manager Session Manager.

Amazon Virtual Private Cloud (Amazon VPC)

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you have defined. This virtual network closely resembles a traditional network that you would operate in your own data center, with the benefits of using the scalable infrastructure of AWS. Amazon Nimble Studio provides you with a default VPC during deployment.

Availability Zone (AZ)

Availability Zones are multiple, isolated locations within each AWS Region. An Availability Zone is represented by an AWS Region code followed by a letter identifier (example: us-east-1a).

With Amazon VPC, you can define a virtual network topology closely resembling a traditional network that you might operate on your own premises. Multi-AZ deployment provides high availability and fault tolerance. You can use Amazon VPC to span multiple Availability Zones. This enables you to place independent infrastructure in physically separate locations.

AWS PrivateLink

AWS PrivateLink provides private connectivity between VPCs, AWS services, and your on-premises networks, without exposing your traffic to the public internet. AWS PrivateLink makes it easy to connect services across different accounts and VPCs. AWS PrivateLink is available for a monthly fee that is billed to your AWS account.

AWS Virtual Private Network (AWS VPN)

AWS Virtual Private Network solutions establish secure connections between your on-premises networks, remote offices, client devices, and the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN. Each service provides a highly available, managed, and elastic cloud VPN solution to protect your network traffic.

AWS Site-to-Site VPN creates encrypted tunnels between your network and your VPCs or transit gateways. For managing remote access, AWS Client VPN connects your users to AWS or on-premises resources using a VPN software client.

Digital Content Creation (DCC)

Digital Content Creation (DCC) refers to the category of applications that are used to produce creative content, including Blender, Nuke, Maya, and Houdini.

Desktop Cloud Visualization (DCV) NICE DCV is a high-performance remote display protocol. It lets you securely deliver remote desktops and application streaming from any cloud or data center to any device, over varying network conditions. By using NICE DCV with Amazon EC2, you can run graphics-intensive applications remotely on Amazon EC2 instances. For more information about the DCV client, see NICE DCV Clients.

End user license agreement (EULA)

A EULA is a contract between the manufacturer of computer software and the person who installs and uses the software.

Launch profile

A launch profile controls your artist workforce’s access to studio components, like compute farms, shared file systems, managed file systems, and license server configurations, as well as instance types and Amazon Machine Images (AMIs).

Studio administrators create launch profiles in the Nimble Studio console. Artists can use their launch profiles to launch an instance from the Nimble Studio portal. Each user’s launch profile defines how they can launch a streaming session. By default, studio admins can use all launch profiles.

License server

A license server manages licenses and issues out entitlements for all application software used in digital content creation (DCC). Examples of software licenses used by Nimble Studio customers include Maya, Nuke, Arnold, and Houdini. A license server requires a cryptographically signed license key file. The software verifies the file before serving licenses to other computers through a network protocol.

License service

A license service is a centralized computer software system for Nimble Studio that provides access tokens or keys to enable licensed software to run. With Nimble Studio, your license service can be used as a proxy or as the direct license server—but install your own license management software.

On-Demand Instances

With On-Demand Instances, you pay for compute capacity by the second, with no long-term commitments. You have full control over the lifecycle of the instance—you decide when to launch, stop, hibernate, start, reboot, or shut it down. You pay only for the seconds that your On-Demand Instances are in the running state. The price per second for On-Demand Instance is fixed and is listed on the Amazon EC2 Pricing, On-Demand Pricing page.


Nimble Studio offers six AWS Regions from which to choose your home Region. Users close to the home Region will experience faster speed and improved performance. For more information, see Availability Zones for Amazon Nimble Studio.

To see the mapping of IDs to Availability Zones in your account, see AZ IDs for Your Resources in the AWS RAM User Guide.

Remote Connection Server (RCS) The Remote Connection Server (RCS) is encapsulated by the Render Queue construct. It's the service that sits behind the Application Load Balancer (ALB) that is set up by the Render Queue. During instantiation, the Render Queue generates a self-signed certificate that the RCS is configured to use for communication between itself and the ALB. For more information, see the Render Farm Deployment Kit on AWS developer guide.

Render Farm Deployment Kit on AWS (RFDK)

The Render Farm Deployment Kit (RFDK) on AWS is an open-source software development kit that can be used to deploy, configure, and manage your render farm infrastructure in the cloud. The RFDK is built to operate with the AWS Cloud Development Kit (AWS CDK) (AWS CDK) and provides a library of classes, called constructs, that each deploy and configure a component of your cloud-based render farm. The current version of the RFDK supports render farms that are built using AWS Thinkbox Deadline render management software.

Render queue

A render queue is the main, central service component of a render farm, where clients and workers connect and access any information that they require to set up a render. Render queues allow teams to control the order in which objects will be rendered.

Streaming image

A streaming image is a resource within Nimble Studio that represents an Amazon Machine Image (AMI), and is specifically configured to work with virtual workstations. A streaming image allows users to connect to their workstations via a NICE DCV client.

Streaming session

A streaming session represents a virtual workstation that a user can connect to so that they can access the files, settings, and applications they need to work on an asset. Users can see the streaming session listed in their Nimble Studio portal, where they can connect to the session and shut it down.


A studio is the top-level container for other Nimble Studio-related resources. Your cloud studio manages the Nimble Studio web portal and the connections to essential resources in your AWS account such as your VPC, user directory, and storage encryption keys.

Studio component

Studio components are configurations within a customer’s Nimble Studio that tell the service how to access resources like file systems, license servers, and render farms in your AWS account.

Nimble Studio contains a number of subtypes of studio components including a shared file system, compute farm, Active Directory, and license component. These subtypes describe resources that you would like your studio to use.

Studio home Region (home Region)

A studio home Region is the AWS Region where essential studio infrastructure exists, such as your main Amazon S3 data and render farm.

Your home Region is where your core production data lives, so it's typically closest to where the core production is happening. A geographically distributed studio might select the home Region to be close to the majority of its creative workforce.

Studio resources

Studio resources is an industry term that encapsulates the things a studio needs in their daily operations. Studio artists often refer to their render farm, AWS Managed Microsoft AD, and file storage as resources. When describing how resources fit into the infrastructure of a cloud studio, they might be also referred to as studio components.


A subnet is a range of IP addresses in your VPC. When a subnet’s traffic is routed to an internet gateway, the subnet is known as a public subnet.

VPN-only subnet: If a subnet doesn’t have a route to the internet gateway, but has its traffic routed to a virtual private gateway for a site-to-site VPN connection, the subnet is known as a VPN-only subnet.

Private subnet: A subnet that doesn’t have a route to the internet gateway is known as a private subnet. For more information, see Examples for VPC, Internet gateways, and What is AWS Site-to-Site VPN? in the AWS Site-to-Site VPN User Guide.


A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value that you define.

Tags enable you to categorize your AWS resources in different ways. For example, you could define a set of tags for your account’s Amazon EC2 instances that help you track each instance’s owner and stack level. Tags also enable you to integrate your organization’s shared file systems and render farms with Nimble Studio, to keep your workflows uninterrupted while you move your workforce to the cloud.

With tags, you can categorize your AWS resources by purpose, owner, or environment. This is useful when you have many resources of the same type—you can quickly identify a specific resource based on the tags that you’ve assigned to it.

User-managed VPC

A user-managed VPC is a virtual private cloud (VPC) in your AWS account that you control. StudioBuider provides you with a default VPC in Amazon Virtual Private Cloud (Amazon VPC) during deployment.

Nimble Studio accesses and manages studio components in your AWS account. These components must be connected to the user-managed VPC to provide network connectivity to Nimble Studio and to each other.

Virtual workstation (workstation)

A virtual workstation is configured with all of the applications, tools, and data that an artist needs to do their work. To access their virtual workstation, the artist must use launch profiles that the admin assigned to them, and launch a streaming session from the portal. After the streaming session starts, the artist can use the software applications, storage, and render farm that was configured for them in their works.