Amazon Virtual Private Cloud
Region selection
Pre-session authentication is available only in the AWS GovCloud (US-West) Region at this time. In-session authentication is available in all Regions where WSP is supported.
VPC configuration
Amazon WorkSpaces launches your WorkSpaces in a virtual private cloud (VPC). Your WorkSpaces must
have access to the internet, so you can install updates to the operating system and deploy
applications using Amazon WorkSpaces
Application Manager
You can create a VPC with two private subnets for your WorkSpaces and a NAT gateway in a public subnet. Alternatively, you can create a VPC with two public subnets for your WorkSpaces and associate an Elastic IP address with each WorkSpace.
Your VPC's subnets must reside in different Availability Zones in the Region where you're launching WorkSpaces. Availability Zones are distinct locations that are engineered to be isolated from failures in other Availability Zones. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single location. Each subnet must reside entirely within one Availability Zone, and cannot span zones.
For details on VPC configuration, see Configure a VPC for Amazon WorkSpaces.