AWS WorkSpaces – Certification

AWS WorkSpaces

  • Amazon WorkSpaces is a fully managed, secure desktop computing service which runs on the AWS cloud.
  • WorkSpaces is a cloud-based virtual desktop that can act as a replacement for a traditional desktop
  • A WorkSpace is available as a bundle of compute resources, storage space, and software applications that allows a user to perform day-to-day tasks just like using a traditional desktop
  • WorkSpace allows user to easily provision cloud-based virtual desktops and provide users access to the documents, applications, and resources they need from any supported device, including computers, Chromebooks, iPads, Fire tablets, and Android tablets.
  • Each WorkSpace runs on an individual instance for the assigned user and Applications and users’ documents and settings are persistent.
  • Security
    • User can login into the WorkSpace using their own credentials set when the instance is provisioned
    • WorkSpaces service integrates with existing Active Directory domain, users will sign in with their regular Active Directory credentials.
    • WorkSpaces also integrates with existing RADIUS server to enable multi-factor authentication (MFA).
    • Access Amazon WorkSpaces can be restricted based on the client OS type, and using digital certificates
    • VPC Security groups to limit access to resources in the network or the Internet from the WorkSpaces
    • IP Access Control Group enables configuration of trusted IP addresses that are permitted to access the WorkSpaces.
  • Backup
    • User volume is backed up every 12 hours and if the WorkSpace fails, AWS can restore the volume from the backup
  • Encryption
    • WorkSpaces supports root volume and user volume encryption
    • WorkSpaces uses EBS volumes that can be encrypted on WorkSpace creation, providing encryption for data stored at rest, disk I/O to the volume, and snapshots created from the volume.
    • WorkSpaces integrates with the AWS KMS service to allow you to specify the keys you want to use to encrypt the volumes.
  • Amazon WorkSpaces Application Manager (Amazon WAM)
    • WAM offers a fast, flexible, and secure way for you to deploy and manage applications for Amazon WorkSpaces.
    • WAM accelerates software deployment, upgrades, patching, and retirement by packaging Microsoft Windows desktop applications into virtualized application containers that run as though they are natively installed.
  • WorkSpaces client application needs supported client device (PC, Mac, iPad, Kindle Fire, or Android tablet), and an Internet connection with TCP ports 443 & 4172, and UDP port 4172 open
  • WorkSpaces launches the WorkSpaces in a VPC. If using AWS Directory Service to create an AWS Managed Microsoft or a Simple AD, it is recommended configure the VPC with one public subnet and two private subnets. To provide internet access to WorkSpaces in a private subnet, configure a NAT gateway in the public subnet. Configure the directory to launch the WorkSpaces in the private subnets.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. A company needs to deploy virtual desktops to its customers in a virtual private cloud, leveraging existing security controls. Which set of AWS services and features will meet the company’s requirements?
    1. Virtual Private Network connection. AWS Directory Services, and ClassicLink (ClassicLink allows you to link an EC2-Classic instance to a VPC in your account, within the same region)
    2. Virtual Private Network connection. AWS Directory Services, and Amazon Workspaces (WorkSpaces for Virtual desktops, and AWS Directory Services to authenticate to an existing on-premises AD through VPN)
    3. AWS Directory Service, Amazon Workspaces, and AWS Identity and Access Management (AD service needs a VPN connection to interact with an On-premise AD directory)
    4. Amazon Elastic Compute Cloud, and AWS Identity and Access Management (Need WorkSpaces for virtual desktops)
  2. Your company is planning on testing out Amazon workspaces for their account. They are going to allocate a set of workstations with static IP addresses for this purpose. They need to ensure that only these IP addresses have access to Amazon Workspaces. How can you achieve this?
    1. Create an IP access control group
    2. Place a WAF in front of Amazon Workspaces
    3. Specify the IP addresses in the NACL
    4. Specify the IP addresses in the Security Group