Table of Contents
hide
AWS WorkSpaces
- Amazon WorkSpaces is a fully managed, secure desktop computing service which runs on the AWS cloud.
- WorkSpaces is a cloud-based virtual desktop that can act as a replacement for a traditional desktop
- A WorkSpace is available as a bundle of compute resources, storage space, and software applications that allows a user to perform day-to-day tasks just like using a traditional desktop
- WorkSpace allows user to easily provision cloud-based virtual desktops and provide users access to the documents, applications, and resources they need from any supported device, including computers, Chromebooks, iPads, Fire tablets, and Android tablets.
- Each WorkSpace runs on an individual instance for the assigned user and Applications and users’ documents and settings are persistent.
- Security
- User can login into the WorkSpace using their own credentials set when the instance is provisioned
- WorkSpaces service integrates with existing Active Directory domain, users will sign in with their regular Active Directory credentials.
- WorkSpaces also integrates with existing RADIUS server to enable multi-factor authentication (MFA).
- Access Amazon WorkSpaces can be restricted based on the client OS type, and using digital certificates
- VPC Security groups to limit access to resources in the network or the Internet from the WorkSpaces
- IP Access Control Group enables configuration of trusted IP addresses that are permitted to access the WorkSpaces.
- Backup
- User volume is backed up every 12 hours and if the WorkSpace fails, AWS can restore the volume from the backup
- Encryption
- WorkSpaces supports root volume and user volume encryption
- WorkSpaces uses EBS volumes that can be encrypted on WorkSpace creation, providing encryption for data stored at rest, disk I/O to the volume, and snapshots created from the volume.
- WorkSpaces integrates with the AWS KMS service to allow you to specify the keys you want to use to encrypt the volumes.
- Amazon WorkSpaces Application Manager (Amazon WAM)
- WAM offers a fast, flexible, and secure way for you to deploy and manage applications for Amazon WorkSpaces.
- WAM accelerates software deployment, upgrades, patching, and retirement by packaging Microsoft Windows desktop applications into virtualized application containers that run as though they are natively installed.
- WorkSpaces client application needs supported client device (PC, Mac, iPad, Kindle Fire, or Android tablet), and an Internet connection with TCP ports 443 & 4172, and UDP port 4172 open
- WorkSpaces launches the WorkSpaces in a VPC. If using AWS Directory Service to create an AWS Managed Microsoft or a Simple AD, it is recommended configure the VPC with one public subnet and two private subnets. To provide internet access to WorkSpaces in a private subnet, configure a NAT gateway in the public subnet. Configure the directory to launch the WorkSpaces in the private subnets.

AWS Certification Exam Practice Questions
- Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
- AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
- AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
- Open to further feedback, discussion and correction.
- A company needs to deploy virtual desktops to its customers in a virtual private cloud, leveraging existing security controls. Which set of AWS services and features will meet the company’s requirements?
- Virtual Private Network connection. AWS Directory Services, and ClassicLink (ClassicLink allows you to link an EC2-Classic instance to a VPC in your account, within the same region)
- Virtual Private Network connection. AWS Directory Services, and Amazon Workspaces (WorkSpaces for Virtual desktops, and AWS Directory Services to authenticate to an existing on-premises AD through VPN)
- AWS Directory Service, Amazon Workspaces, and AWS Identity and Access Management (AD service needs a VPN connection to interact with an On-premise AD directory)
- Amazon Elastic Compute Cloud, and AWS Identity and Access Management (Need WorkSpaces for virtual desktops)
- Your company is planning on testing out Amazon workspaces for their account. They are going to allocate a set of workstations with static IP addresses for this purpose. They need to ensure that only these IP addresses have access to Amazon Workspaces. How can you achieve this?
- Create an IP access control group
- Place a WAF in front of Amazon Workspaces
- Specify the IP addresses in the NACL
- Specify the IP addresses in the Security Group
While classiclink is not the right answer, it does exists 🙂
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html
Thanks Kranthi 🙂 never used EC2 Classic hence did not come across the option. Will update the answer with the correct reason.
Hi Jp,
Is Virtual Private Network connection is not a native AWS service , the question talked about set of AWS services and features , how could we justify the answer being option C over B ?
i am sure we need a VPN connection but the question is a combination of AWS services right ? , may be is the question needs to modified ?
Even though VPN is not a AWS Native service. The configurations for VPN surely are. You need a VPN and Customer gateways to be created and configured to enable AWS services interact with an On Premise solution.