Amazon Virtual Private Cloud - Access Amazon WorkSpaces with Common Access Cards

Amazon Virtual Private Cloud

Region selection

Pre-session authentication is available only in the AWS GovCloud (US-West) Region at this time. In-session authentication is available in all Regions where WSP is supported.

VPC configuration

Amazon WorkSpaces launches your WorkSpaces in a virtual private cloud (VPC). Your WorkSpaces must have access to the internet, so you can install updates to the operating system and deploy applications using Amazon WorkSpaces Application Manager (Amazon WAM).

You can create a VPC with two private subnets for your WorkSpaces and a NAT gateway in a public subnet. Alternatively, you can create a VPC with two public subnets for your WorkSpaces and associate an Elastic IP address with each WorkSpace.

Your VPC's subnets must reside in different Availability Zones in the Region where you're launching WorkSpaces. Availability Zones are distinct locations that are engineered to be isolated from failures in other Availability Zones. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single location. Each subnet must reside entirely within one Availability Zone, and cannot span zones.

For details on VPC configuration, see Configure a VPC for Amazon WorkSpaces.