This whitepaper is for historical reference only. Some content might be outdated and some links might not be available.
IP address and port requirements
The Amazon WorkSpaces client application requires outbound access on ports 443 (TCP) and 4195 (UDP and TCP).
Port 443 (TCP) is used for client application updates, registration, and authentication. The desktop client applications support the use of a proxy server for port 443 (HTTPS) traffic.
To enable the use of a proxy server:
-
Open the client application.
-
Choose Advanced Settings.
-
Choose Use Proxy Server.
-
Specify the address and port of the proxy server.
-
Choose Save.
Port 4195 (UDP and TCP) is used for streaming the WorkSpace desktop and for health checks. The desktop client applications do not support the use of a proxy server for port 4195 traffic; they require a direct connection to port 4195. This port must be open to the WorkSpaces Streaming Protocol (WSP) Gateway IP address ranges, and to the health check servers in the Region that the WorkSpace is in. For more information, refer to Health Check Servers and WSP Gateway Servers.
Note
The TURN protocol is also used over port 4195 for client connections to the WorkSpaces Streaming Gateway. Refer to steps eight and nine in the Architecture overview.
Table 1 — Required ports and protocols
| Source | Destination | Port | Type |
|---|---|---|---|
| WorkSpace Client | WorkSpaces | TCP 443 | HTTPS |
| WorkSpace Client | WorkSpaces | TCP/UDP 4195 | WSP |
| WorkSpaces | AD Domain Controller | TCP/UDP 53 | DNS |
| WorkSpaces | AD Domain Controller | TCP/UDP 88 | Kerberos Auth |
| WorkSpaces | AD Domain Controller | UDP 123 | NTP |
| WorkSpaces | AD Domain Controller | TCP 135 | RPC |
| WorkSpaces | AD Domain Controller | UDP 137 - 138 | Netlogon |
| WorkSpaces | AD Domain Controller | TCP 139 | Netlogon |
| WorkSpaces | AD Domain Controller | TCP/UDP 389 | LDAP |
| WorkSpaces | AD Domain Controller | TCP/UDP 445 | SMB |
| WorkSpaces | AD Domain Controller | TCP/UDP 464 | Kerberos |
| WorkSpaces | AD Domain Controller | TCP/UDP 636 | LDAP |
| WorkSpaces | AD Domain Controller | TCP 49152 - 65535 | Dynamic RPC |
| WorkSpaces | AD Domain Controller | UDP 1812 | RADIUS |
| AD Connector | AD Domain Controller | TCP/UDP 53 | DNS |
| AD Connector | AD Domain Controller | TCP/UDP 88 | Kerberos Auth |
| AD Connector | AD Domain Controller | TCP/UDP 389 | LDAP |
