Best Practices for Deploying Amazon WorkSpaces - Best Practices for Deploying WorkSpaces

Best Practices for Deploying Amazon WorkSpaces

Publication date: June 1, 2022 (Document revisions)


This whitepaper outlines a set of best practices for the deployment of WorkSpaces. The whitepaper covers network considerations, directory services and user authentication, security, and monitoring and logging.

This whitepaper also enables quick access to relevant information, and is intended for network engineers, directory engineers, or security engineers.


Amazon WorkSpaces is a managed desktop computing service in the cloud. Amazon WorkSpaces removes the burden of procuring or deploying hardware or installing complex software, and delivers a desktop experience with either a few clicks on the AWS Management Console, using the Amazon Web Services (AWS) command line interface (CLI), or by using the application programming interface (API). With Amazon WorkSpaces, you can launch a Microsoft Windows or Amazon Linux desktop within minutes, which enables you to connect to and access your desktop software securely, reliably, and quickly from on-premises or from an external network. You can:

  • Leverage your existing, on-premises Microsoft Active Directory (AD) by using AWS Directory Service: Active Directory Connector (AD Connector).

  • Extend your directory to the AWS Cloud.

  • Build a managed directory with AWS Directory Service Microsoft AD or Simple AD, to manage your users and WorkSpaces.

  • Leverage your on-premises or cloud-hosted RADIUS server with AD Connector to provide multi-factor authentication (MFA) to your WorkSpaces.

You can automate the provisioning of Amazon WorkSpaces by using the CLI or API, which enables you to integrate Amazon WorkSpaces into your existing provisioning workflows.

For security, in addition to the integrated network encryption that the Amazon WorkSpaces service provides, you can also enable encryption at rest for your WorkSpaces. Refer to the Encrypted WorkSpaces section of this document.

You can deploy applications to your WorkSpaces by using your existing on-premises tools, such as Microsoft System Center Configuration Manager (SCCM), Puppet Enterprise, or Ansible.

The following sections provide details about Amazon WorkSpaces, explain how the service works, describe what you need to launch the service, and tells you what options and features are available for you to use.