Amazon WorkLink
Administration Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Deploy a Device Certificate on an iOS Device

To deploy a device certificate that works with Amazon WorkLink on an iOS device, the certificate must be deployed as part of a configuration profile. A configuration profile (.mobileconfig file) allows you to distribute configuration information to iOS devices. The configuration profile for Amazon WorkLink includes the device certificate and the VPN configuration that is required for Amazon WorkLink. After you have a device certificate, you can create a profile with it and deploy it by using one of the following options.

Option 1: Create and deploy a profile with the Apple Configurator 2 app

  1. From the App Store, install Apple Configurator 2 on your macOS device and open it.

  2. Choose File, New Profile.

  3. Choose General and enter a name for the profile. (Optionally, add any other settings required by your organization.)

  4. Choose Certificates, choose Configure, and select the .p12 file that represents the certificate that you want to use with Amazon WorkLink. Enter the password that was used to configure and export the certificate.

  5. In the VPN section, choose Configure and enter the following settings:

    • Connection Name – Amazon WorkLink

    • Connection Type – Custom SSL

    • Identifier – com.amazon.worklink

    • Server – 54.190.62.41

    • ProviderBundleIdentifier – com.amazon.worklink.tunnel

    • User Authentication – Certificate

    • Identity Certificate – The device certificate that you configured in the previous steps

  6. Choose File, Save.

  7. To deploy the profile, you can make it available in an Amazon Simple Storage Service (Amazon S3) bucket, email the profile to your users, and ask them to install it on their devices. Alternatively, you can use the following steps:

    1. Connect the iPhone to a MacOS device that contains the profile.

    2. Open the Apple Configurator 2 app and select the iPhone.

    3. Choose Add, choose Profiles, select the profile that you created in the previous step, and choose Add.

    4. Follow the steps on the iPhone to install the profile.

Option 2: Create and deploy a profile with Apple Over-the-Air (OTA)

Option 3: Create and deploy a profile with VMware AirWatch

  1. Go to your VMware AirWatch mobile device management portal.

  2. Choose Devices, Profiles, Resources, Profiles, Add, and Apple iOS.

  3. Under General, configure the profile’s general settings. These settings determine how the profile is deployed and who receives it. For more information about these settings, see the VMware AirWatch iOS Platform Guide.

  4. Choose Credentials and the Credential Source that you want to use. Fill out the rest of the fields according to the credential source that you selected.

  5. Choose VPN and enter the following Connection info settings:

    • Connection Name – Amazon WorkLink

    • Connection Type – Custom

    • Identifier – com.amazon.worklink

    • Server – 54.190.62.41

    • Custom Data

      • Key – ProviderBundleIdentifier

      • Value – com.amazon.worklink.tunnel

    • User Authentication – Certificate

    • Identity Certificate – The device certificate that you configured

Option 4: Create and deploy a profile with Microsoft Intune