Amazon WorkSpaces FAQs

Q: What is Amazon WorkSpaces?

Amazon WorkSpaces is a managed, secure cloud desktop service. You can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe. You can pay either monthly or hourly, just for the WorkSpaces you launch, which helps you save money when compared to traditional desktops and on-premises VDI solutions. Amazon WorkSpaces help you eliminate the complexity in managing inventory, OS versions and patches, and Virtual Desktop Infrastructure (VDI), which helps simplify your desktop delivery strategy. With Amazon WorkSpaces, your users get a fast, responsive desktop of their choice that they can access anywhere, anytime, from any supported device.

Q: What is an Amazon WorkSpace?

An Amazon WorkSpace is a cloud-based virtual desktop that can act as a replacement for a traditional desktop. A WorkSpace is available as a bundle of operating system, compute resources, storage space, and software applications that allow a user to perform day-to-day tasks just like using a traditional desktop.

Q: How do I connect to my Amazon WorkSpace?

A user can connect to a WorkSpace from any supported device using the free Amazon WorkSpaces client application on supported devices including Windows and Mac computers, Chromebooks, iPads, Fire tablets, Android tablets, or using Chrome or Firefox web browsers. Users will connect using credentials set up by an administrator or using their existing Active Directory credentials if you’ve chosen to integrate your Amazon WorkSpaces with an existing Active Directory domain. Once the user is connected to a WorkSpace they can perform all the usual tasks they would do on a desktop computer.

Q: How can I get started with Amazon WorkSpaces?

To get started with Amazon WorkSpaces, you will need an AWS account. You can use this account to sign into the AWS Management Console and you can then quickly provision Amazon WorkSpaces for yourself and any other users in your organization who might require one. To provision an Amazon WorkSpace, first select a user from your directory. Next, select an Amazon WorkSpaces bundle for the user. The Amazon WorkSpaces bundle specifies the resources you need, which desktop operating system you want to run, how much storage you want to use and the software applications you want prepackaged. Finally, choose a running mode for their Amazon WorkSpace – pick AlwaysOn if you want to use monthly billing, or AutoStop if you want to use hourly billing. Once your WorkSpace is provisioned, the user will receive an email with instructions for connecting to their WorkSpace. You can use this same process to provision multiple WorkSpaces at the same time.

Q: Which Amazon WorkSpaces bundles are available?

You can find the latest information on Amazon WorkSpaces bundles here.

Q: Which operating systems are available for use with Amazon WorkSpaces?

Amazon WorkSpaces offers Amazon Linux WorkSpaces built on Amazon Linux 2 LTS, Windows 7 or Windows 10 desktop experiences. Windows 7 and Windows 10 desktop experiences are powered by Windows Server 2008 R2 and Windows Server 2016 respectively. If your organization is eligible to bring their own Windows Desktop licenses, you can run the Windows 7 or Windows 10 Enterprise operating system on your Amazon WorkSpaces.

Q: What are the root and user volumes mapped to for Amazon Linux WorkSpaces and Amazon WorkSpaces with Windows?

For Amazon Linux WorkSpaces, root volume is mapped to /, and user volume is mapped to /home

For Windows, root volume is mapped to C: drive, and user volume is mapped to D: drive

Q: Can I migrate users from an Amazon WorkSpaces Windows 7 bundle to a Windows 10 bundle?

No. To offer existing users a Windows 10 desktop experience, you need to delete their existing Amazon WorkSpace and create a new one using a Windows 10 WorkSpaces bundle. To migrate data and documents, we recommend that you use the sync feature available with Amazon WorkDocs. Note that every Amazon WorkSpace comes with 50 GB of free Amazon WorkDocs storage.

Q: How does a user get started with their Amazon WorkSpace once it has been provisioned?

When Amazon WorkSpaces are provisioned, users receive an email providing instructions on where to download the WorkSpaces clients they need, and how to connect to their WorkSpace. If you are not integrating with an existing Active Directory, the user will have the ability to set a password the first time they attempt to connect to their WorkSpace. If the AWS Directory Services AD Connector has been used to integrate with an existing Active Directory domain, users will use their regular Active Directory credentials to log in.

Q: What does a user need to use an Amazon Workspace?

A user needs to have an Amazon WorkSpace provisioned for them, and a broadband Internet connection. To use an Amazon WorkSpaces client application to access their WorkSpace, they will need a supported client device (PC, Mac, iPad, Kindle Fire, or Android tablet), and an Internet connection with TCP ports 443 & 4172, and UDP port 4172 open.

Q: Once users connect to their Amazon WorkSpace can they personalize it with their favorite settings?

An administrator can control what a user can personalize in their WorkSpace. By default, users can personalize their WorkSpaces with their favorite settings for items such as wallpaper, icons, shortcuts, etc. These settings will be saved and persist until a user changes them. If an administrator wishes to lock down a WorkSpace using tools like Group Policy for Windows, this will restrict a user’s ability to personalize their WorkSpaces.

Q: Can users install applications on their Amazon WorkSpace?

By default, users are configured as local administrators of their WorkSpaces. Administrators can change this setting and can restrict users’ ability to install applications with a technology such as Group Policy.

Q: Are Amazon WorkSpaces persistent?

Yes. Each WorkSpace runs on an individual instance for the user it is assigned to. Applications and users’ documents and settings are persistent.

Q: How is a user’s data backed up?

The user volume on a WorkSpace is backed up every 12 hours. In case of a WorkSpace failure, AWS can restore this volume from the last backup. If Amazon WorkDocs Sync is enabled on a WorkSpace, the folder a user chooses to sync will be continuously backed up and stored in Amazon WorkDocs.

Q: Do users need an AWS account?

No. An AWS account is only needed to provision WorkSpaces. To connect to WorkSpaces, users will require only the information provided in the invitation email they will receive when their WorkSpace is provisioned.

Q: If I am located a significant distance from the region where my Amazon WorkSpace is located, will I have a good user experience?

If you are located more than 2000 miles from the regions where Amazon WorkSpaces is currently available, you can still use the service, but your experience may be less responsive. The easiest way to check performance is to use the Amazon WorkSpaces Connection Health Check Website. You can also refer to the Regional Products and Services page for details of Amazon WorkSpaces service availability by region.

Q: Does Amazon WorkSpaces offer a set of public APIs?

Yes, public APIs are available for creating and managing Amazon WorkSpaces programmatically. APIs are available via the AWS CLI and SDK; you can learn more about the APIs in the documentation.

Q: Do the Amazon WorkSpaces APIs log actions in AWS CloudTrail?

Yes. Actions on Amazon WorkSpaces performed via the WorkSpaces APIs will be included in your CloudTrail audit logs.

Q: Is there Resource Permission support with the Amazon WorkSpaces APIs?

Yes. You can specify which Amazon WorkSpaces resources users can perform actions on. For details see the documentation.

Q: Do I need to use the AWS Management Console to get started with Amazon WorkSpaces?

Yes. The first time set up for Amazon WorkSpaces relies on the AWS Management Console. Once you have created a directory and registered it with the Amazon WorkSpaces service, you can create and manage WorkSpaces using the Amazon WorkSpaces APIs.

Q: Can I deploy my WorkSpaces in the AWS GovCloud (US) Regions?

Yes. You can deploy WorkSpaces in the AWS GovCloud (US West) region to meet US federal, state, and local government requirements. Go here for details on the AWS GovCloud (US) Regions.

Q: What applications are available with Amazon Linux WorkSpaces?

Amazon Linux WorkSpaces come with a curated selection of applications at no additional cost that include LibreOffice, Firefox Web Browser, Evolution mail, Pidgin IM, GIMP, and other desktop utilities and tools. You can always add more software from the Amazon Linux repositories using yum. To install an available package from the Amazon Linux repositories, simply type “yum install [package-name]”. You can also add software from RPM based public and private Linux repositories at any time.

Q: What applications are available with Amazon WorkSpaces with Windows 7?

Amazon WorkSpaces come with a default set of applications at no additional cost that include Internet Explorer 11, Firefox, and 7-Zip. You can choose to add “Plus” application bundles to your Amazon WorkSpaces with Windows 7 which include Microsoft Office Professional 2010 or 2013, Trend Micro Worry-Free Business Security, and WinZip, for an additional monthly fee. Microsoft Office Professional 2016 is available with bundles that offer the Windows 10 desktop experience.

Q: What applications are available with Amazon WorkSpaces with Windows 10?

Amazon WorkSpaces come with a default set of applications at no additional cost that include Internet Explorer 11, Firefox, and 7-Zip. You can choose to add “Plus” application bundles to your Amazon WorkSpaces with Windows 10 which include Microsoft Office Professional 2016, Trend Micro Worry-Free Business Security, and WinZip, for an additional monthly fee. Microsoft Office Professional 2010 and 2013 continue to be available with bundles that offer the Windows 7 desktop experience.

Q: Can I create custom images for Amazon WorkSpaces?

Yes, as an administrator you can create a custom image from a running WorkSpace. Once you have customized your WorkSpace with your applications and settings, select the WorkSpace in the console and select “Create Image.” This creates an image with your applications and settings. Custom images created from Amazon WorkSpaces with GPU-enabled bundles (Graphics and GraphicsPro) can only be used with Graphics bundles. Custom images created from Value, Standard, Performance, Power, or PowerPro bundles can only be used with those bundles. Most WorkSpace images are available within 45 minutes. See the custom image documentation for more detail.

Q: How do I launch an Amazon WorkSpace from a custom image?

To launch an Amazon WorkSpace from a custom image, you will first need to pair the custom image with a hardware type you want that WorkSpace to use, which results in a bundle. You can then publish this bundle through the console, then select the bundle when launching new WorkSpaces.

Q: What is the difference between a bundle and an image?

An image contains only the OS, software and settings. A bundle is a combination of both that image and the hardware from which a WorkSpace can be launched.

Q: How many custom images can I create?

As an administrator, you can create as many custom images as you need. Amazon WorkSpaces sets default limits, but you can request an increase in these limits here. To see the default limits for Amazon WorkSpaces, please visit our documentation.

Q: Can I update the image in an existing bundle?

Yes. You can update an existing bundle with a new image that contains the same tier of software (for example containing the Plus software) as the original image.

Q: What type of Amazon Elastic Block Store (EBS) volumes does Amazon WorkSpaces offer?

All Amazon WorkSpaces launched after 31st January 2017 are built on general purpose solid-state drives (SSD) EBS volumes for both root and user volumes. Amazon WorkSpaces launched prior to 31st January 2017 are configured with EBS magnetic volumes. You can switch your Amazon WorkSpaces using magnetic EBS volumes to SSD EBS volumes by rebuilding them (more information can be found here). You can learn more about SSD EBS volumes here, and magnetic EBS volumes here.

Q: Can I use custom images to launch WorkSpaces with SSD volumes, even if they were created using WorkSpaces with magnetic EBS volumes?

Yes. You can use your custom images to launch WorkSpaces with SSD EBS volumes, even if they were created using WorkSpaces with magnetic EBS volumes.

Q: Do I need to provide an AMI build using WorkSpaces with SSD EBS volumes when using my own Windows desktop licenses (BYOL)?

No. You can use the AMIs you built as part of the BYOL process without any additional changes.

Q: How do I deploy applications to my users?

You have flexibility in how you deploy the right set of applications to users. First, you choose which image type to build from, either basic or Plus, which determines the default applications that will be in the WorkSpaces. Second, you can install additional software on a WorkSpace and create a custom image which can be used to launch more WorkSpaces. For more detail see the bundle documentation.

Q: Which software can I install on an Amazon WorkSpace?

For Amazon Linux, any application available in the Amazon Linux repositories is compatible and can be installed using yum install [package-name].

For Windows, any applications that are compatible with the Windows 7 and Windows 10 experience provided by Windows Server 2008 R2 and Windows Server 2016 respectively, should run on your WorkSpaces. We recommend testing any software you would like to deploy on a ‘test’ WorkSpace before delivering it to more users. You are responsible for ensuring that you remain compliant with any licensing restrictions associated with any software you intend to install on a WorkSpace.

Q: Can I increase the size of my Amazon WorkSpaces storage volumes?

Yes. You can increase the size of the root and user volumes attached to your WorkSpaces at any time. When you launch new WorkSpaces, you can select a starting size of 80 GB, 175 GB, or a larger preferred size, for root volumes, and 10 GB, 50 GB, 100 GB, or a larger preferred size, for user volumes. After your WorkSpaces have been launched, you can increase the volumes as necessary, up to 2000 GB each.

Q: Can I decrease the size of storage volumes?

No. To ensure that your data is preserved, the volume sizes of either volume cannot be reduced after a WorkSpace is launched. You can launch a Value, Standard, Performance, Power or PowerPro WorkSpace with a minimum of 80 GB for the root volume and 10 GB for the user volume. You can launch a Graphics or GraphicsPro WorkSpace with a minimum of 100 GB for the root volume and 100 GB for the user volume. For more information about configurable storage, see Modifying WorkSpaces.

Q: How do I change the size of my Amazon WorkSpaces storage volumes?

You can change the size of your storage volumes via the Amazon WorkSpaces management console, or through the Amazon WorkSpaces API.

WorkSpaces users can also increase the size of their storage volume directly in the WorkSpaces client if this self-service management capability is enabled by the WorkSpaces administrator. 

Q: Is the storage configuration for a WorkSpace preserved when I rebuild it?

Yes, each rebuild preserves your existing storage allocation size when using WorkSpaces default bundles.

For example, rebuilding a WorkSpace with 80GB Root and 100GB User volumes will result in a rebuilt WorkSpace with 80GB Root and 100GB User.

If the storage allocation of a Custom bundle is increased and a linked WorkSpace is rebuilt, the WorkSpace root volume will be increased to match the bundle’s new root volume size. The WorkSpace will either preserve the user volume size or increase it to the next supported user volume configuration.

For example, a custom bundle is updated to 175GB and 500GB User volume and a linked WorkSpace with 80GB Root and 50GB User is rebuilt. After rebuild, the WorkSpace will have 175GB Root volume and 100GB User volume. Here the user volume upgraded to the next available level of 100GB instead of 500GB to save cost.

Q: Can I expand Amazon WorkSpaces magnetic storage volumes?

No, configurable storage volumes are only available when using solid state drives (SSD). Any WorkSpaces launched before February 2017 might still use magnetic storage volumes. To switch from magnetic to SSD drives, rebuild your WorkSpaces.

Q: How do custom images affect my root volume size?

The root volume size of WorkSpaces launched from a custom image is, by default, the same size as the custom image. For example, if your custom image has a root volume of 100 GB, all WorkSpaces launched from that image also have a root volume size of 100 GB. You can increase your root volume size when you launch your WorkSpace, or any time after that.

Q: Can I expand encrypted volumes?

Yes. You can expand encrypted user and root volumes, just like you can for non-encrypted volumes.

Q: Can I access storage volume sizes using the Amazon WorkSpaces API?

Yes. The Amazon WorkSpaces API reports both the root and user storage volume sizes via the Describe WorkSpaces API call.

Q: What is the monthly cost for additional storage?

For information about pricing, see Amazon WorkSpaces Pricing.

Q: Can I change my Amazon WorkSpaces bundle without deleting it and creating a new one?

Yes. You can switch between Value, Standard, Performance, Power, or PowerPro bundles by using the Amazon WorkSpaces management console or the WorkSpaces API. When you switch hardware bundles, your WorkSpaces reboot immediately. When they resume, your operating system, applications, data, and allocated storage on both the root and user volumes are all preserved.

For example, you can launch a Standard bundle (2vCPU, 4 GiB), and later expand the volume size on both volumes to 500 GB. You can then switch to the Performance bundle (2vCPU, 7.5 GiB) while preserving your operating system, applications, and data in the expanded volume.

Users can also change their WorkSpaces bundle directly from the WorkSpaces client if this self-service management capability is enabled by their WorkSpaces administrator. 

Q: How can I track my storage and bundle switch requests?

You can use AWS CloudTrail to track the changes that you have requested.

Q: I currently bring my own Windows licenses. Can I expand my storage volumes and switch my WorkSpaces bundles?

Yes. You can take advantage of both these features even if you bring your own Windows desktop licenses. By default, you can switch WorkSpaces bundles for up to 20% of the total number of your WorkSpaces in a week. To switch more than 20% of your WorkSpaces, contact us.

Q: Does a WorkSpace running in AutoStop mode need to be running to apply a change to the bundle type?

No. When you make a change, we start a WorkSpace that isn’t running, apply the bundle change, restart it so that the changes take effect, and then stop it again.
For example, you change the bundle type on a stopped Standard (2vCPU, 4 GiB) WorkSpace to Performance. We start your Standard WorkSpace, apply the bundle change, and restart it. Following the restart, your WorkSpace has Performance hardware (2vCPU, 7.5 GiB).

Q: How do I get charged if I change storage size or hardware bundle during a month?

For either change, you get charged the monthly price for AlwaysOn or the monthly fee for AutoStop WorkSpaces prorated on a per day basis.

For example, if you increase the volume on the 10th of a month on an AlwaysOn Power WorkSpace with 175 GB, and 100 GB for root and user volumes respectively, you are charged $78 for the Power WorkSpace and $11.6 for 20 days of additional 175 GB at $0.1/GB-month (in US-East-1). Similarly, switching a bundle—for example, from Value to Standard—on the 15th of a month results in 15 days of Value WorkSpaces charge ($12.5 in US-East-1) and 15 days of Standard WorkSpaces charge ($17.5 in US-East-1).

Q: How often can I increase volume sizes or change hardware bundle of a WorkSpace?

You can increase volume sizes or change a WorkSpace to a larger hardware bundle once in a 6-hour period. You can also change to a smaller hardware bundle once in a 30-day period. For a newly launched WorkSpace, you must wait 6 hours before requesting a larger bundle.

For example, if you increase the root and user volume of a Standard WorkSpace on 5th Dec at 11:00 AM and change it to Performance WorkSpace at the same time, on 5th Dec at 4:00 PM, you can again increase the root and user volume, and change the hardware bundle. If you change the Performance WorkSpace to a Standard WorkSpace on 6th Dec at 12:00 and want to go to a further smaller bundle (Value), you would be able to make this change on 6th Jan at 12:00.

Q: Does Amazon WorkSpaces offer GPU-enabled cloud desktops?

Yes. Amazon WorkSpaces offers a Graphics bundle for general purpose graphics applications such as CAD/CAM software, commercial and industrial modeling, prototyping, and mainstream graphics development.  Amazon WorkSpaces also offers a GraphicsPro bundle for performance intensive graphics applications such as 3D visualizations, graphics rendering, video encoding, and high end gaming.  Graphics and GraphicsPro bundles are available in English and Japanese.

Q: What are GPU-enabled bundles from Amazon WorkSpaces?

GPU-enabled bundles from Amazon WorkSpaces are cloud desktops optimized for workloads that benefit from graphics hardware acceleration. You can choose the Graphics or the GraphicsPro bundle, depending on the performance requirements of your graphics workload.

The Graphics bundles are well-suited good for general-purpose graphics workloads such as computer-aided design, manufacturing, and engineering software. Each Graphics bundle comes with a high-performance NVIDIA GPU with 1,536 CUDA cores and 4 GB of video memory. Each Graphics bundle includes 8 vCPUs, 15 GiB of RAM, 4 GB of video memory, and 100 GB of storage on the user volume, and 100 GB of general-purpose persistent storage on the root volume. Graphics bundles provide a Windows 7 desktop experience powered by Windows Server 2008 R2 or a Windows 10 desktop experience powered by Windows Server 2016.

The GraphicsPro bundles are ideal for complex graphics applications such as 3D visualizations, 3D rendering, image processing, video encoding, media encoding, seismic visualization, and data mining. GraphicsPro bundles come with a dedicated high-performance NVIDIA Tesla M60 GPU with 2048 parallel processing cores, and a hardware encoder capable of supporting up to 10 H.265 (HEVC) 1080p30 streams and up to 18 H.264 1080p30 streams. Each GraphicsPro bundle contains 16 vCPUs, 122 GiB of RAM, 8 GB of video memory, and a minimum of 100 GB for the root volume and 100 GB for the user volume. GraphicsPro bundles provide a Windows 10 desktop experience powered by Windows Server 2016. 

Q: In which AWS Regions can I launch GPU-enabled Amazon WorkSpaces bundles?

You can launch Graphics or GraphicsPro bundles in the following AWS Regions: US East (N. Virginia), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Sydney), Asia Pacific (Tokyo), and Asia Pacific (Singapore). 

Q: Can I create a custom image for my GPU-enabled bundles?

Yes. Custom images created from a GPU-enabled Amazon WorkSpaces bundle can only be used with the same type of bundle. For instance, you cannot use an image made from a Graphics bundle to launch a GraphicsPro WorkSpace.

Q: How do I get started with GPU-enabled Amazon WorkSpaces bundles?

You can launch Graphics or GraphicsPro bundles using the Amazon WorkSpaces Management Console, or the Amazon WorkSpaces API. When launching a new WorkSpace, simply select the Graphics or GraphicsPro bundle.

Q: How much bandwidth do GPU-enabled Amazon WorkSpaces consume?

Bandwidth used by GPU-enabled Amazon WorkSpaces bundles depends on the tasks being performed. If there aren’t many changes taking place on the screen, the bandwidth used is generally less than 300 kbps. If there is context switching between multiple windows, or if 3D models are being manipulated, bandwidth use can increase to several megabits per second.

Q: Can I bring my own Windows Desktop licenses for GPU-enabled bundles?

Yes, you can. Please contact us if this is something you’d like to do.

Q: Can I bring my Windows Desktop licenses to Amazon WorkSpaces?

Yes, you can bring your own Windows 7 and Windows 10 desktop licenses to WorkSpaces if they meet Microsoft’s licensing requirements. WorkSpaces gives you an option to run Windows 7 or Windows 10 desktop images on physically dedicated hardware, which lets you maintain license compliance for your Windows desktops when you bring your own licenses to WorkSpaces.

Q: Can I bring my own Windows Desktop licenses for Amazon WorkSpaces Graphics bundles?

Yes, you can. Please contact us if this is something you’d like to do.

Q: What versions of Windows desktop licenses can I bring to Amazon WorkSpaces?

If your organization meets the licensing requirements set by Microsoft, you can bring your Windows 7 and Windows 10 Enterprise or Professional licenses to Amazon WorkSpaces. You cannot use Windows OEM licenses for your Amazon WorkSpaces. Please consult with Microsoft if you have any questions about your eligibility to bring your own Windows Desktop licenses.

Q: What benefits are there in bringing my own Windows desktop licenses to Amazon WorkSpaces?

By bringing your own Windows Desktop licenses to Amazon WorkSpaces, you will save $4 per Amazon WorkSpace per month when being billed monthly, and you will save money on the hourly usage fee when being billed hourly (see the Amazon WorkSpaces pricing page for more information). Additionally, you can now use a single golden image to manage your physical and virtual desktop deployments.

Q: What are the requirements for bringing my Windows desktop Licenses to Amazon WorkSpaces?

You need an active and eligible Microsoft Volume Licensing (VL) agreement with Software Assurance contracts to bring your Windows 7 or Windows 10 Desktop licenses to Amazon WorkSpaces. Please consult with your Microsoft representative to confirm your eligibility in bringing your Windows Desktop licenses to Amazon WorkSpaces.

Q: How do I get started with bringing my Windows desktop licenses to Amazon WorkSpaces?

In order to ensure that you have adequate dedicated capacity allocated to your account, please reach out to your AWS account manager or sales representative to enable your account for BYOL. alternatively, you can create a Technical Support case with Amazon WorkSpaces to get started with BYOL.

Once enabled for your account, it’s easy to bring your existing Windows 7 and Windows 10 Desktop OS to Amazon WorkSpaces. First, import your existing Windows desktop OS using the VM Import API. Then create your new WorkSpaces image, based on the imported VM, using the Create Image action on the Images page in the WorkSpaces Admin Console. Finally, create a custom WorkSpaces bundle using the Bundles tabs in the WorkSpaces Admin Console. You can then launch your newly created custom WorkSpaces bundle as new WorkSpaces for your users through the WorkSpaces Management console.

You can see more information on the BYOL process in our documentation.

Q: How will I activate my Windows 7 or Windows 10 Desktop operating system on Amazon WorkSpaces?

You can activate your Windows 7 or Windows 10 Desktop operating system using existing Microsoft activation servers that are hosted in your VPC, or ones that can be reached from the VPC in which Amazon WorkSpaces are launched.

Q: Can I create a new custom image of the Windows 7 or Windows 10 Desktop image uploaded to Amazon WorkSpaces?

Yes. You can use the standard WorkSpaces image management functionality to further customize the Windows 7 or Windows 10 Desktop image and save it as a new Amazon Workspaces image in your account.

Q: Can I launch new Amazon WorkSpaces using one of the pre-configured public bundles in the same directory with custom Windows bundles I brought to WorkSpaces?

No. Your custom WorkSpaces that support BYOL for Windows 7 and Windows 10 Desktops are launched on physically dedicated hardware to meet license compliance requirements with Microsoft. WorkSpaces launched in a directory marked for dedicated hardware can only be from the custom bundle you created that has your Windows 7 or Windows 10 Desktop image.
If you wish to launch WorkSpaces from public bundles to users in the same domain, you can create a new AWS AD Connector directory that points to the same Microsoft Active Directory as your Windows 7 and Windows 10 Desktop WorkSpaces, and launch WorkSpaces in that directory as you normally would through the AWS Management Console or the WorkSpaces SDK and CLI.

Q: Can I bring my Windows desktop licenses to all AWS Regions where Amazon WorkSpaces is available?

Yes. When you communicate with your sales representative or technical support, simply specify the region(s) in which you want to launch Amazon WorkSpaces using your own Windows desktop operating systems.

Q: Would I need to commit to a certain number of Amazon WorkSpaces if I want to bring my own Windows desktop license?

Yes, you need to commit to running 200 Amazon WorkSpaces in a region per month on hardware that is dedicated to you. If you want to bring your own Windows desktop licenses for graphics use cases, you need to commit to at least 4 monthly or 20 hourly GPU-enabled WorkSpaces.

Q: How long will it take before I can launch Amazon WorkSpaces using my own Windows desktop licenses and image?

It can take a few hours after you perform the “Create Image” operation for your custom Windows desktop image to be available to use. You can check the status of your custom image in the WorkSpaces Console, API, or CLI.

Q: Will all of my dedicated Amazon WorkSpaces launch in a single AZ?

No. Amazon WorkSpaces launched on dedicated hardware will be balanced across two AZs. You select the AZs for Amazon WorkSpaces when you create the directory in which your Amazon WorkSpaces will be launched, and subsequent launches of Amazon WorkSpaces are automatically load balanced across the AZs selected when you created the directory.

Q: What happens when I terminate Amazon WorkSpaces that are launched on physically dedicated hardware?

You can terminate Amazon WorkSpaces when you no longer need them. You will only be billed for the Amazon WorkSpaces that are running.

Q: What happens to Amazon WorkSpaces that are rebuilt or restarted on physically dedicated hardware?

Amazon WorkSpaces that are rebuilt or restarted can be placed on any available physical server allocated to your account. A re-start or rebuild of an Amazon WorkSpace can result in that instance being placed on a different physical server that has been allocated to your account.

Q: What is Amazon Linux WorkSpaces?

Amazon Linux WorkSpaces are enterprise ready cloud desktops that organizations can provide to developers, engineers, students or office workers to get their work done.

Q: What can I do with Amazon Linux WorkSpaces?

Developers can develop software with their favorite applications like AWS CLI, AWS SDK tools, Visual Studio Code, Eclipse and Atom. Analysts can run simulations using MATLAB and Simulink. Office workers can use pre-installed applications like Libre Office for editing documents, spreadsheets, and presentations, Evolution for email, Firefox for web browsing, GIMP for image editing, Pidgin for instant messaging, and many others. You can always install more applications from the Amazon Linux repositories or other RPM based Linux repositories.

Q: Which applications and tools come with Amazon Linux WorkSpaces?

Amazon Linux WorkSpaces include a selection of desktop utilities and tools, development tools, and general productivity applications. Developers can quickly get started using packages like OpenJDK 8, Python, C/C++, AWS CLI, and AWS SDK. General office workers can use Libre Office for document editing, spread sheets, and presentations, Firefox for web browsing, GIMP for photo editing, Pidgin for IM, Evolution for mails, Atril for PDF documents and more for day to day productivity tasks. You can always install more applications from the Amazon Linux repositories or from other RPM based Linux repositories.

Q: How do I get started with Amazon Linux WorkSpaces?

To get started, simply create or select users from your configured directory, select Amazon Linux WorkSpaces bundles, and launch. Your users will receive instructions via email for connecting to their WorkSpaces. Please see here for the list of available hardware bundles.

Q: How much does it cost to use Amazon Linux WorkSpaces?

Amazon Linux WorkSpaces are available with both the hourly and monthly billing options. Detailed pricing is available here.

Q: Which package manager does Amazon Linux supports?

Amazon Linux is RPM based and uses yum package manager.

Q: Which repositories are available with Amazon Linux WorkSpaces?

Amazon Linux WorkSpaces are connected to the Amazon Linux core and extras repositories. You can always add other RPM based Linux repositories.

Q: How can I request new packages for the Amazon Linux repositories?

You can request new packages for the Amazon Linux repositories using the AWS developer forums here. Packages will be added at the sole discretion of Amazon Web Services.

Q: How will I receive package updates for the Amazon Linux WorkSpaces?

Amazon Linux WorkSpaces are regularly patched and updated from the Amazon Linux repositories.

Q: What directory types are supported for Amazon Linux WorkSpaces?

Amazon Linux WorkSpaces currently support Active Directory, an on-premises directory available via AD Connector and Microsoft Active Directory on AWS.

Q: What hardware bundles are available for Amazon Linux WorkSpaces?

Amazon Linux WorkSpaces are available with different hardware bundle in all regions where the Amazon WorkSpaces service operates. For a complete list, please see here.

Q: Can I customize my Amazon Linux WorkSpaces?

Yes. You can customize settings and install additional software on Amazon Linux WorkSpaces. You can also create custom images using the Amazon WorkSpaces console or API and use those images to launch WorkSpaces with your customizations for other users in your organization.

Q: Is sudo access enabled by default on Amazon Linux WorkSpaces?

By default, Amazon Linux WorkSpaces users get sudo access while root user is disabled for them. You can always modify permissions by editing /etc/sudoers file.

Q: Is Amazon WorkSpaces HIPAA eligible?

Yes. If you have an executed Business Associate Agreement (BAA) with AWS, you can use Amazon WorkSpaces with the AWS accounts associated with your BAA. If you don’t have an executed BAA with AWS, contact us and we will put you in touch with a representative from our AWS sales team. For more information, see, HIPAA Compliance.

Q: Is Amazon WorkSpaces PCI compliant?

Yes. Amazon WorkSpaces is PCI compliant and conforms to the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. PCI DSS applies to all entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD) including merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. For more information, see PCI DSS Compliance.

Q: Which credentials should be used to sign in to Amazon WorkSpaces?

Users sign into their WorkSpace using their own unique credentials, which they can create after a WorkSpace has been provisioned for them. If you have integrated the Amazon WorkSpaces service with an existing Active Directory domain, users will sign in with their regular Active Directory credentials. Amazon WorkSpaces also integrates with your existing RADIUS server to enable multi-factor authentication (MFA).

Q: Can I control the client devices that access my Amazon WorkSpaces?

Yes. You can restrict access to Amazon WorkSpaces based on the client OS type, and using digital certificates. You can choose to block or allow MacOS, Microsoft Windows, iOS, Android, Chrome OS, zero client, and the WorkSpaces web access client.

Q: What is a digital certificate?

A digital certificate is a digital form of identity that is valid for a specified period of time, which is used as a credential that provides information about the identity of an entity, as well as other supporting information. A digital certificate is issued by a certificate authority (CA), and the CA guarantees the validity of the information in the certificate.

Q: What devices use digital certificates to control access to Amazon WorkSpaces?

Digital certificates can be used to block or allow WorkSpaces access from MacOS and Microsoft Windows client devices.

Q: How do I use digital certificates to control access to Amazon WorkSpaces?

To use digital certificates to block or allow access to Amazon WorkSpaces, you upload your root certificates to the WorkSpaces management console and distribute your client certificates to the macOS and Windows devices you want to trust. To distribute your client certificates, use your preferred solution such as Microsoft System Center Configuration Manager (SCCM), or Mobile-Device Management (MDM) software. For more information, see Restrict WorkSpaces Access to Trusted Devices.

Q: How many root certificates can be imported to an Amazon WorkSpaces directory?

For each Amazon WorkSpaces directory, you can import up to two root certificates each for MacOS and Microsoft Windows devices. If two root certificates are imported, WorkSpaces will present both root certificates to the client device, and the client device will use the first certificate that chains up to either root certificate.

Q: Can I control client device access to Amazon WorkSpaces without using digital certificates?

Yes. You can control access to Amazon WorkSpaces using the device type only.

Q: Can I use digital certificates to control Amazon WorkSpaces access from iOS, Android, Chrome OS, or zero clients?

At this time Amazon WorkSpaces can use digital certificates only with MacOS and Microsoft Windows client devices.

Q: What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication adds an additional layer of security during the authentication process. Users must validate their identity by providing something they know (e.g. password), as well as something they have (e.g. hardware or software generated one-time password (OTP).

Q: What delivery methods are supported for MFA?

Amazon supports one time passwords that are delivered via hardware and software tokens. Out of band tokens, such as SMS tokens are not currently supported.

Q: Is there support for Google Authenticator and other virtual MFA solutions?

Google Authenticator can be used in conjunction with RADIUS. If you are running a Linux-based RADIUS server, you can configure your RADIUS fleet to use Google Authenticator through a PAM (Pluggable Authentication Module) library.

Q: Which Amazon WorkSpaces client applications support Multi-Factor Authentication (MFA)?

MFA is available for Amazon WorkSpaces client applications on the following platforms - Windows, Mac OS X, Chromebooks, iOS, Fire, Android, and PCoIP Zero Clients. MFA is also supported when using web access to access Amazon WorkSpaces through Chrome or Firefox web browsers.

Q: What happens if a user forgets the password to access their Amazon WorkSpace?

If either AD Connector or AWS Microsoft AD is used to integrate with an existing Active Directory domain, the user would follow your existing lost password process for your domain, such as contacting an internal helpdesk. If the user is using credentials stored in a directory managed by the WorkSpaces service, they can reset their password by clicking on the “Forgot Password” link in the Amazon WorkSpaces client application.

Q: How will Amazon WorkSpaces be protected from malware and viruses?

You can install your choice of anti-virus software on your users’ WorkSpaces. The Plus bundle options offer users access to anti-virus software, and you can find more details on this here. If you choose to install your own anti-virus software, please ensure that it does not block UDP port 4172, as this will prevent users connecting to their WorkSpaces.

Q: How do I remove a user’s access to their Amazon WorkSpace?

To remove a user’s access to their WorkSpace, you can disable their account either in the directory managed by the WorkSpaces service, or in an existing Active Directory that you have integrated the WorkSpaces service with.

Q: Does WorkSpaces work with AWS Identity and Access Management (IAM)?

Yes. Please see our documentation.

Q: Can I select the Organizational Unit (OU) where computer accounts for my WorkSpaces will be created in my Active Directory?

Yes. You can set a default Organizational Unit (OU) in which computer accounts for your WorkSpaces are created in your Active Directory. This OU can be part of the domain to which your users belong, or part of a domain that has a trust relationship with the domain to which your users belong, or part of a child domain in your directory. Please see our documentation for more details.

Q: Can I use Amazon VPC Security groups to limit access to resources (applications, databases) in my network or on the Internet from my WorkSpaces?

Yes. You can use Amazon VPC Security groups to limit access to resources in your network or the Internet from your WorkSpaces. You can select a default Amazon VPC Security Group for the WorkSpaces network interfaces in your VPC as part of the directory details on the WorkSpaces console. Please see our documentation for more details.

Q: What is an IP Access Control Group?

An IP Access Control Group is a feature that lets you specify trusted IP addresses that are permitted to access your WorkSpaces. An Access Control group is made up of a set of rules, each rule specifies a specific permitted IP address or range of addresses. you can create up to 25 IP Access Control groups with up to 10 rules per group specifying the IP addresses or IP ranges accessible to your Amazon WorkSpaces.

Q: Can I implement IP address-based access controls for WorkSpaces?

Yes. With this feature you can create up to 25 IP Access Control groups with up to 10 rules per group specifying the IP addresses or IP ranges accessible to your Amazon WorkSpaces.

Q: How can I implement IP address-based access controls?

You will have two ways to do this:

1. From the WorkSpaces management console on the ‘IP Access Controls’ page, you can create access control groups by selecting ‘Create IP Access Control Groups’ and entering a group name and description. You can then add rules to your IP Access Control Group by selecting the group and going to the Rules tab, selecting ‘Edit’ and adding up to 10 rules, entering the IP addresses to allow along with a description of each rule. You can apply your IP Access Control Groups to WorkSpaces Directories on the ‘Update Directory Details’ page. See IP Access Control Groups for details.
2. From the AWS Command Line Interface you can call Amazon WorkSpaces APIs to create, delete, and describe groups, create and delete rules from each group, and to add and remove groups from directories. See Amazon WorkSpaces API Reference for details.

Q: Can IP address-based access controls be used with all WorkSpaces clients?

Yes. This feature can be used with the MacOS X, iPad, Windows desktop, Android tablet, Chromebook clients, and web access. This feature also supports zero clients using MFA.

Q: Which Zero Client configurations are compatible with the IP Based Access Controls feature?

Zero Clients using MFA can be used with IP Based Access Controls, along with any compatible Zero Clients which do not use PCoIP Connection Manager to connect to WorkSpaces. Any connections through PCoIP Connection Manager will not be able to access WorkSpaces if IP Based Access Controls are enabled.

Q: Are there any scenarios where a non-whitelisted IP address could access a WorkSpace?

Yes. If web access is enabled, when accessing WorkSpaces through the web access client, if the IP address changes from a whitelisted IP to a non-whitelisted IP address after the user’s credentials are validated and before the WorkSpace session begins to launch, the non-whitelisted IP address would be allowed. The initial connection would require a whitelisted IP address.

Q: How are IP addresses whitelisted if users are accessing the WorkSpaces through a Network address translation (NAT)?

You will need to whitelist your public IPs with this feature, so if you have a NAT, you will need to allow access from the IPs coming from it. In this case you will be allowing access any time a user accesses WorkSpaces through a NAT.

Q: How should IP addresses be whitelisted for VPNs?

If you want to allow access from VPNs, you will need to add the public IPs of the VPN. In this case you will be allowing access any time a user accesses WorkSpaces through the VPN with public IPs whitelisted.

Q: Can I customize the login workflow for my end users login experience?

WorkSpaces supports the use of the URI (uniform resource identifier) WorkSpaces:// to open the WorkSpaces client and optionally enter the registration code, user name, and/or multi-factor authentication (MFA) code (if MFA is used by your organization).

Q: How do I enable URI?

You can create your unique URI links by following the WorkSpaces URI formatting documented in Customize How Users Log in to their WorkSpaces in the Amazon WorkSpaces Administration Guide. By providing these links to users, you enable them to use the URI on any device that has the WorkSpaces client installed. URI links can contain human-readable sensitive information if you choose to include the registration code, user name, and/or MFA information, so take precautions with how and whom you share URI information.

Q. How can I securely implement a URI for my WorkSpaces users?

WorkSpaces URIs are ideal for organizations that have an existing secure internal landing page or service portal where users access their applications. You can customize and then share the WorkSpaces URI to the portal, which gives users an easy way to access their WorkSpaces without requiring them to enter their user name and MFA multiple times or label their URI to remember which WorkSpaces registration code belongs which directory.

Q: Does Amazon WorkSpaces support encryption?

Yes. Amazon WorkSpaces supports root volume and user volume encryption. Amazon WorkSpaces uses EBS volumes that can be encrypted on creation of a WorkSpace, providing encryption for data stored at rest, disk I/O to the volume, and snapshots created from the volume. Amazon WorkSpaces integrates with the AWS KMS service to allow you to specify the keys you want to use to encrypt the volumes.

Q: Which Amazon WorkSpaces bundle types support encryption?

Encryption is supported on all Amazon WorkSpaces hardware and software bundle types. This includes both the Windows 7 and Windows 10 desktop experiences, and the Value, Standard, Performance, Power, PowerPro, Graphics, and GraphicsPro bundles. It also includes all Plus application bundles. Additionally, any custom bundles also support encryption.

Q: How can I encrypt a new Amazon WorkSpace?

When creating a new Amazon WorkSpace from the console or the Amazon WorkSpaces APIs, you will have the option to specify which volume(s) you want encrypted along with a key ARN from your KMS keys for encryption. Note that during the launch of a WorkSpace, you can specify whether you want encryption for the user volume, root volume or both volumes, and the key provided will be used to encrypt the volumes specified.

Q: Can I use different keys to encrypt the root and user volumes of a WorkSpace?

The root and user volumes are encrypted using a single key.

Q: Do I need to provide a new KMS key for each WorkSpace that I want to encrypt?

You can use the same KMS key to encrypt the volumes of up to 500 Amazon WorkSpaces.

Q: Can Amazon WorkSpaces create a KMS key on my behalf?

Amazon WorkSpaces creates a default master key upon your first attempt to launch a WorkSpace through the AWS Management Console. You cannot manage the lifecycle of default master keys. To control the full lifecycle of a key, configure WorkSpaces to use a KMS custom customer master key (CMK). To create a KMS custom CMK, visit the KMS console or use KMS APIs to create your own keys. Note that you can use a default key generated by KMS for your WorkSpaces which will be made available to you on your first attempt to launch Amazon WorkSpaces with encryption through the AWS Management Console.

Q: What are the prerequisites for using KMS keys to encrypt Amazon WorkSpaces?

In order to use KMS keys to encrypt Amazon WorkSpaces, the key must not be disabled, and should not have exceeded its limits (learn more about limits here). You also need to have the correct permissions and policies associated with the key to use it for encryption. To learn more about the correct permissions and policies needed on the keys, please refer to our documentation.

Q: How will I be notified if my KMS key does not meet the pre-requisites outlined above?

When you launch a new WorkSpace with the key specified, the WorkSpaces service will verify if the key is valid and eligible to be used for encryption. If the key is not valid, the launch process will fail quickly and notify you of the error associated with the key. Please note that if you change the key settings while the WorkSpace is being created, there is a chance that provisioning will fail and you will be notified of this failure through the AWS Management Console or through the DescribeWorkSpaces API call.

Q: How will I be able to tell which Amazon WorkSpaces are encrypted and which ones are not?

You will be able to see if a WorkSpace is encrypted or not from the AWS Management Console or using the Amazon WorkSpaces API. In addition to that, you will also be able to tell which volume(s) on the WorkSpace were encrypted, and the key ARN that was used to encrypt the WorkSpace. For example, the DescribeWorkSpaces API call will return information about which volumes (user and/or root) are encrypted and the key ARN that was used to encrypt the WorkSpace.

Q: Can I enable encryption of volumes on a running Amazon WorkSpace?

Encryption of WorkSpaces is only supported during the creation and launch of a WorkSpace.

Q: What happens to a running Amazon WorkSpace when I disable the key in the KMS console?

A running WorkSpace will not be impacted if you disable the KMS key that was used to encrypt the user volume of the WorkSpace. Users will be able to login and use the WorkSpace without interruption. However, restarts and rebuilds of WorkSpaces that were encrypted using a KMS key that has been disabled (or the permissions/policies on the key have been modified) will fail. If the key is re-enabled and/or the correct permissions/policies are restored, restarts and rebuilds of the WorkSpace will work again.

Q: Is it possible to disable encryption for a running Amazon WorkSpace?

Amazon WorkSpaces does not support disabling encryption for a running WorkSpace. Once a WorkSpace is launched with encryption enabled, it will always remain encrypted.

Q: Will snapshots of an encrypted user volume also be encrypted?

Yes. All snapshots of the user volume will be encrypted using the same key that was used to encrypt the user volume of the WorkSpace when it was created. The user volume once encrypted stays encrypted throughout its lifecycle. Please note that Amazon WorkSpaces does not take snapshots of the root volume of a running WorkSpace.

Q: Can I re-build an Amazon WorkSpace that has been encrypted?

Yes. Rebuilds of a WorkSpace will work as long as the key that was used to encrypt the WorkSpace is still valid. The WorkSpace volume(s) stay encrypted using the original key after it has been rebuilt.

Q: Can I create a custom image from a WorkSpace that has been encrypted?

Creating a custom image from a WorkSpace that is encrypted is not supported.

Q: Will the performance of my WorkSpace be impacted because the volume(s) are encrypted?

You can expect a minimum increase in latency on IOPS on encrypted volumes.

Q: Will encryption impact the launch time of an Amazon WorkSpace?

The launch time of a WorkSpace that only requires user volume encryption are similar to those of an unencrypted WorkSpace. The launch time of a WorkSpace that requires root volume encrypt will take several more minutes.

Q: Will encryption be supported for BYOL WorkSpaces?

Yes. Amazon WorkSpaces will support encryption for BYOL WorkSpaces.

Q: Will I be able to use the same KMS key to encrypt Amazon WorkSpaces in a different region?

No. Encrypted resources in one region cannot be used in a different region, because a KMS key belongs to the region in which it was created.

Q: Is there a charge for encrypting volumes on Amazon WorkSpaces?

There is no additional charge for encrypting volumes on WorkSpaces, however you will have to pay standard AWS KMS charges for KMS API requests and any custom CMKs that are used to encrypt WorkSpaces. Please see AWS KMS pricing here. Please note that the Amazon WorkSpaces services makes a maximum of five API calls to the KMS service upon launching, restarting or rebuilding a single WorkSpace.

Q: Can I rotate my KMS keys?

Yes. You can use KMS to rotate your custom CMKs. You can configure a custom CMK that you create to be automatically rotated by KMS on an annual basis. There is no impact to WorkSpaces encrypted before the CMK rotation, they will work as expected.

Q: What is the Amazon WorkDocs sync client?

The Amazon WorkDocs sync client is a client application that you can install on your Amazon WorkSpaces with Windows, which continuously, automatically, and securely syncs documents from your Amazon WorkSpace to your Amazon WorkDocs location. You can also install the Amazon WorkDocs sync client on a Mac or Windows to sync documents across all desktops they may be using. When an Amazon WorkSpace is launched, users will have a link on their desktop so that they can install the Amazon WorkDocs sync client. The client can be downloaded here.

Q: Can I enable or disable Amazon WorkDocs sync for a user’s Amazon WorkSpace?

When you create a directory, or use AD Connector to integrate with an existing Active Directory, you can choose to enable or disable Amazon WorkDocs sync for that directory. Currently you cannot enable or disable Amazon WorkDocs sync on a per-user basis.

Q: How do I synchronize documents between an Amazon WorkSpace and a Mac or Windows PC?

To enable synchronization, all you need to do is install the Amazon WorkDocs sync client on your Amazon WorkSpace with WIndows and PCs you would like to synchronize with. Once you’ve done this, simply select the folders you want to sync.

Q: Is Single Sign-On (SSO) supported?

Yes. Single Sign-On (SSO) can be enabled so that when users are signed in to their Amazon WorkSpace they will be automatically signed in to their Amazon WorkDocs sync client, and will not be required to provide credentials when they access the web client from their Amazon WorkSpace. You can enable SSO by visiting the AWS Directory Service area of the AWS Management Console, clicking the directory ID link for your directory and selecting the Apps & Services tab. For more information and detailed setup see our documentation.

Q: What is Amazon WorkSpaces Application Manager?

Amazon WorkSpaces Application Manager (Amazon WAM) offers a fast, flexible, and secure way for you to deploy and manage applications for Amazon WorkSpaces with Windows. Amazon WAM accelerates software deployment, upgrades, patching, and retirement by packaging Microsoft Windows desktop applications into virtualized application containers that run as though they are natively installed.

Q: How are Amazon WAM applications delivered to users?

Amazon WAM delivers desktop apps to users' WorkSpaces with Windows as virtualized app containers using a unique cloud delivery technology. The applications execute on a WorkSpace from within the virtualized container and provide performance similar to natively-installed applications.

Q: How can I get started with Amazon WAM?

To get started with Amazon WAM, select your level of subscription (Lite or Standard,) build an application catalog in the AWS Management Console and assign applications to your users running Amazon WorkSpaces with Windows. You can build an application catalog using applications for which you own licenses, proprietary applications built in-house, and applications from the AWS Marketplace for Desktop Apps.

After your catalog is available, you can use the AWS Management Console to assign applications from the catalog to your Amazon WorkSpaces users. Applications from the catalog can be made required or optional. Required applications are automatically installed on the appropriate WorkSpaces; optional applications are made available to users for on-demand installation.

Q: How do I upload my applications to Amazon WAM?

You can package your applications using the Amazon WAM Studio, validate using the Amazon WAM Player, and then upload your applications to Amazon WAM. For more information, see the Amazon WAM User Guide on packaging and validating.

Q: What type of applications can be delivered using Amazon WAM?

Any application compatible with Microsoft Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2016 can be delivered to WorkSpaces using Amazon WAM. Both 32-bit and 64-bit applications are supported.

Q: Can I track application use with Amazon WAM?

You can track usage for any applications assigned to users.

Q: In which AWS regions is Amazon WAM available?

To see a list of AWS regions where Amazon WAM is currently available, please visit Region Table.

Q: Which Amazon WorkSpaces experiences work with Amazon WAM?

You can use Amazon WAM to deploy and manage applications for Amazon WorkSpaces running the Windows 7 or Windows 10 desktop experience.

Q: Which AWS Directory Service directories does Amazon WAM support?

Amazon WAM can be used with AWS Directory Services AD Connector and Simple AD, or AWS Managed Microsoft AD. NOTE: If you have set up a trust relationship between AWS Managed Microsoft AD in the AWS Cloud and your existing on-premises Microsoft Active Directory, you can’t assign applications to users in your on-premises Microsoft Active Directory.

Q: Do Amazon WorkSpaces need Internet access to use Amazon WAM?

Yes, Amazon WorkSpaces need an Internet connection to receive applications via Amazon WAM.

Q: How do I get Amazon WAM on my users’ Amazon WorkSpaces?

Your users can install the Amazon WAM desktop app on their Amazon WorkSpaces via a shortcut located on the desktop by default.

Q: How do end users access applications that are assigned using Amazon WAM?

Users can open the Amazon WAM desktop app and see all the applications available to them. You can set up applications to be required or optional. Required applications are automatically installed on user's WorkSpace, and optional applications can be installed via the Amazon WAM desktop app. For more information about the Amazon WAM desktop app, see the Amazon WAM User Guide.

Q: How many applications can I add to my Amazon WAM catalog?

There is no limit to the number of applications you can add to your Amazon WAM catalog. However, storage charges apply to applications that you upload to Amazon WAM, after the first 100 GB of storage used for your applications.

Q: How many applications can I deliver to each Amazon WorkSpaces user via Amazon WAM?

You can assign up to 50 applications to each Amazon WorkSpaces user.

Q: Can I use tags to categorize applications in my Amazon WAM catalogs?

Yes, you can assign tags to applications and service-related charges for WAM by simply tagging your Amazon WorkSpaces. To learn more about assigning tags to your Amazon WorkSpaces, follow the steps listed on this web page: Tagging WorkSpaces.

Q: How will I be billed for Amazon WAM?

The Lite plan is available at no cost, and the Standard plan costs $5/user/month for each user enrolled in the WAM Standard plan with one or more applications assigned. There may be a cost for applications from AWS Marketplace for Desktop Applications that users activate.

Q: Can I have users on both the Lite and the Standard plans?

No. You can subscribe to either the Lite or Standard plan, and all users will be on the same plan.

Q: Can I change my subscription plan during the billing period?

Yes. On the “Subscription plan” page” of the WAM console you can upgrade or downgrade your plan and view the feature details for the two subscription plans. You have the opportunity to view the current usage before confirming the upgrade.

Q: What will happen to my applications if I downgrade from the Standard to the Lite plan?

Users will be moved to the most up to date version of applications from AWS Marketplace for Desktop Apps, and will lose access to any applications that you packaged and uploaded to Amazon WAM.

Q: Is there a limit for storage of my app packages?

Both the Lite and Standard plans include 100GB of storage for the apps, and S3 charges will apply for additional storage.

Q: Can I share an Amazon WAM package with another AWS account?

Yes. Packages created and approved by you within your AWS account can be shared with other AWS accounts in the same region. You can set up package sharing via the Packages tab on the Amazon WAM console by adding package permissions to the AWS account to which you wish to share the package.

Q: Can I set limits on the packages that I share with other AWS accounts?

No. At this time, you cannot place any restrictions on packages that are shared.

Q: How do I use an Amazon WAM package that is shared with me?

You can use an Amazon WAM package shared with you by creating an application and assigning the application to your users.

Q: Can I make any changes to a package that has been shared with my account?

No. A package made available to you by another AWS account cannot be modified.

Q: How do I know if I can trust a package that has been shared with my account?

Always verify that your package is shared from a trusted source. Verify the source by validating the AWS account ID and check if it is an account that you trust.

Q: Can I delete an Amazon WAM package?

Yes. You can delete an Amazon WAM package that belongs to your account within an AWS region by launching Amazon WAM Studio in your packaging instance. Once you delete a package, all versions of the package will be deleted. Also, you can only delete packages that don’t have apps assigned or have not been shared with another AWS account. If you have an application created, you will first need to delete the application before you can delete the package. If you have shared a package with another AWS account, you will first need to remove sharing of the package before deleting the package.

Q: What happens to an Amazon WAM package once it is deleted?

Once an Amazon WAM package is deleted, it will no longer be available from within your account. The package will be fully deleted once any accounts you shared the package with have deleted applications using the package.

Q: What is AWS Marketplace for Desktop Apps?

AWS Marketplace for Desktop Apps is a new category in the AWS Marketplace that can deploy applications to Amazon WorkSpaces with Windows through Amazon WAM. The AWS Marketplace for Desktop Apps includes both applications you can purchase on a monthly basis and free apps. You can find applications from developers such as Microsoft, Corel and Foxit and popular open source titles.

Q: How do I use desktop applications from AWS Marketplace?

You can subscribe to applications from the AWS Marketplace for Desktop Apps via Amazon WorkSpaces console. Start by selecting the Application Catalog in Amazon WorkSpaces console, browse and add applications from the AWS Marketplace to your application catalog. Once the applications are in your catalog you can assign the applications to your WorkSpaces users. The applications can then be accessed by users via the Amazon WorkSpaces Application Manager (Amazon WAM) desktop app.

Q: How will I be charged for applications from the AWS Marketplace for Desktop Apps?

You will be charged the price listed on AWS Marketplace for Desktop Apps for each application on a monthly subscription basis. Software subscriptions are billed monthly, even if they are used on Amazon WorkSpaces set to bill hourly. A subscription is activated and charged the first time a user launches an application and will renew monthly until access to the application is removed for that user. Charges for an application are prorated for the remainder of the first month in which a user launches them. Subsequent months are billed for the entire month. Subscriptions that are removed in the middle of a month will not receive a refund for the remainder of the month.

Q: How do I unsubscribe from an application?

To unsubscribe from an application, simply remove the users and groups assigned to use the application. Once this is completed, the application will immediately not be available to your users and there will be no new charges for the application in the following month.

Q: Can Amazon WorkSpaces end users access the AWS Marketplace for Desktop Apps directly?

No, only the administrator of the WorkSpaces account will see the entire AWS Marketplace in the WorkSpaces console. End users will only see the applications you provisioned for them.

Q: Where can I view charges for my application subscriptions from AWS Marketplace for Desktop Apps?

You can view the charges for application subscriptions from AWS Marketplace for Desktop Apps by signing in to the AWS billing console and viewing the AWS Marketplace section in the estimate bill. You can view the applications subscribed, monthly price, and total charge for each application.

Q: How do I get support for the applications I use from AWS Marketplace for Desktop Apps?

After subscribing to the application on AWS Marketplace for Desktop Apps, you can select the application details to view support information. Expand the support information to view details on how to obtain support.

Q: Where can I download the Amazon WorkSpaces client application?

You can download the Amazon WorkSpaces client application for free on the client download website.

Q: Can I use any other client (e.g., an RDP client) with Amazon WorkSpaces?

No. You can use any of the free clients provided by AWS, which includes client applications for Windows, Mac OS X, Chromebooks, iOS, Fire tablets, and Android tablets, or Chrome or Firefox web browsers, to access your Amazon WorkSpaces.

Q: Which operating systems are supported by the Amazon WorkSpaces client applications?

Amazon WorkSpaces clients are available for the following operating systems:
• Microsoft Windows 7, Windows 8, and Windows 10
• Apple Mac OS X (10.8.1 and above)
• Google Chrome OS (45 and above)
• Apple iOS (8.0 and above)
• Google Android (4.4 and above)
• Amazon Fire OS 4 and Fire OS 5

Q: Which tablet devices are supported by the Amazon WorkSpaces client application?

Amazon WorkSpaces clients are available for the following devices:
• Apple iPad Pro 12.9-inch and 9.7-inch models
• Apple iPad Mini 2, 3 and 4
• Apple iPad Air and iPad Air 2
• Amazon Fire tablets released after 2012: Fire 7", Fire HD 6/7/8/10, Fire HDX 8.9", Kindle Fire 7", and Kindle Fire HDX 7/8.9
• Samsung and Nexus tablets
While we expect other popular Android tablets running Android version 4.4 to work correctly with the Amazon WorkSpaces client, there may be some that are not compatible. If you are interested in support for a particular device, please let us know via the Amazon WorkSpaces forum.

Q: Which smartphones are supported by the Amazon WorkSpaces client application?

Amazon WorkSpaces clients are available for the following devices:
Samsung Galaxy S8 and S8+ with Samsung DeX Station
If you are interested in support for a particular device, please let us know via the Amazon WorkSpaces forum.

Q: What is a PCoIP Zero Client?

A PC-over-IP (PCoIP) Zero Client is a single-purpose hardware device that can enable access to Amazon WorkSpaces. Zero Clients include hardware optimization specifically for the PCoIP protocol, and are designed to require very little administration.

Q: Can I use PCoIP Zero Clients with Amazon WorkSpaces?

Yes, Amazon WorkSpaces supports PCoIP Zero Client devices that have the Teradici Tera2 chipset. For a complete list of Zero Clients that are compatible with Amazon WorkSpaces please visit the device finder here (site hosted by Teradici).

Q: Will my Amazon WorkSpace running in AutoStop running mode preserve the state of applications and data when it stops?

Amazon WorkSpaces preserve the data and state of your applications when stopped. On reconnect, your Amazon WorkSpace will resume with all open documents and running programs intact. Graphics enabled WorkSpaces with Windows preserve your data when stopped, and any running application sessions will be closed. On reconnect, your Amazon WorkSpace will retain your files and folders in your last saved location.

Q: How do I resume my Amazon WorkSpace after it stops?

By logging into your Amazon WorkSpace from the Amazon WorkSpaces client application, the service will automatically restart your Amazon WorkSpace. When you first attempt to log in, the client application will notify you that your Amazon WorkSpace was previously stopped, and that your new session will start once your WorkSpace has resumed.

Q: How long does it take for my Amazon WorkSpace to be available once I attempt to log in?

If your Amazon WorkSpace has not yet stopped, your connection is almost instantaneous. If you Amazon WorkSpace has already stopped, in most cases it will be available within sixty to ninety seconds.

Q: Which peripherals can be used with the Amazon WorkSpaces client applications?

Amazon WorkSpaces clients support:
• Keyboard, mouse, and touch input (touch input is only supported on tablet clients).  Amazon WorkSpaces do not currently support a 3D mouse.
• Audio output to client device
• Analog and USB headsets

Q: What kind of headsets can be used for audio conversations?

Most analog and USB headsets will work for audio conversations through WorkSpaces running Windows. For USB headsets, you should ensure they show up as a playback device locally on your client computer.

Q: Can I use the built in microphone and speakers for making audio calls?

Yes. For the best experience, we recommend using a headset for audio calls. However, you may experience an echo when using the built in microphone and speakers with certain communication applications.

Q: Does Audio-in work with mobile clients such as Android, iOS, and Chromebooks?

Audio-in is supported on the Windows, OSX and iOS clients.

Q: How do I enable Audio-in for my WorkSpaces?

Audio-in is enabled for all new WorkSpaces with Windows. For existing WorkSpaces, Audio-in can be enabled with a reboot. Enabling the WorkSpaces Audio-in capability requires local logon access inside your WorkSpace. If you have a Group Policy restricting user local logon in your WorkSpace, we will detect it and not apply the Audio-in update to the WorkSpace. You can remove the Group Policy and the Audio-in capability will be enabled after the next reboot.

Q: Should I update my custom images to take advantage of Audio-in?

Yes. We always recommend you refresh your custom images on a regular basis to take advantage of the latest features. WorkSpaces launching from custom images that have not been recently updated may take longer to be available to users. Once a WorkSpace with Windows is updated for Audio-In you can use it to create an updated custom image which will include Audio-in support by default.

Q: Does WorkSpaces support devices with high DPI screens?

Yes. The Amazon WorkSpaces desktop client application will automatically scale the in-session display to match the DPI settings of the local device.

Q: How many monitors does Amazon WorkSpaces support? What monitor resolution is supported?

Amazon WorkSpaces Value, Standard, Performance, Power, PowerPro and GraphicsPro bundles support a maximum of four displays. The maximum supported resolution depends on the number of displays, as shown in the following table:

Graphics bundles support only a single monitor configuration with a maximum resolution of 2560x1600.

Q: Will my bandwidth usage be higher when I use four monitors, or I use 4k Ultra HD resolution?

Yes. The bandwidth requirements for WorkSpaces depends on two factors (a) the number of screens it has to stream to and (b) the amount of pixel changes taking place in each screen.

Q: Can each monitor have different orientation?

Yes. You can have some of your monitors in landscape mode and others in portrait mode to suit your desktop productivity needs.

Q: Will Amazon WorkSpaces remember my monitor settings between sessions?

The fullscreen mode setting will be preserved. If you quit a WorkSpaces session in the fullscreen mode, you will be able to log into the fullscreen mode next time. However, display configurations will not be saved. Every time you initiate a WorkSpaces session, the client application extracts the EDID of uses your local setup configuration and sends that to the WorkSpaces host to deliver an optimal display experience.

Q: What happens to my display settings when I connect to my WorkSpace from a different desktop?

When you connect from a different desktop computer, the display settings of that computer will take precedence to deliver an optimal display experience.

Q: Will the iPad and Android applications support Keyboard/Mouse input?

The Android client supports both keyboard and mouse input. The iPad client supports keyboard and mouse (SwiftPoint GT mouse) inputs. While we expect most popular keyboard and mouse devices to work correctly, there may be devices that may not be compatible. If you are interested in support for a particular device, please let us know via the Amazon WorkSpaces forum.

Q: Can I access my Amazon WorkSpaces through a web browser?

Yes, you can use Amazon WorkSpaces web access to log in to your Amazon WorkSpace with Windows through Chrome or Firefox web browsers. You do not need to install any software, and you can connect from any network that can access the public Internet. To enable WorkSpaces web access, first, if you have an exisiting WorkSpace with Windows 10, you should reboot it. Then your WorkSpaces admin needs to enable web access from the AWS Console in the WorkSpaces Directory Details – Access Control Options section. Once these steps are complete, to access your WorkSpace through a browser, simply visit the Amazon WorkSpaces web access page using a supported browser and enter your WorkSpaces registration code and then login