Setup a Fully Secured AWS Workspace Environment(connecting it to FSx too)

Below is the architecture diagram of our setup:

Now let’s set up this architecture in our AWS account:

Creating Microsoft AD:

1. First, we need to create Managed Directory from ‘Directory Service’. Click ‘Setup Directory’ > choose ‘AWS Managed Microsoft AD’ > Keep Standard Edition.
2. In Directory DNS name create URL for your Directory e.g. www. workspaceexample.com
3. Keep Directory NetBIOS name empty. You can give a description in Directory Description
4. In Admin Password enter a password that you want for this directory
5. Retype the Admin password in Confirm password

6. Click Next.

7. In VPC select the VPC in which you want to create your Environment. For securely creating this architecture, I recommend you select a custom VPC that has two public and two private subnets available(for high availability), and the Route table configured accordingly(Private subnets having local and NAT access only, Public Subnet having local and IGW access).

8. In Subnets select the private subnets of your VPC.

9. On the Review Page, review all your configurations and click Create Directory.

This will take a few minutes( 10 minutes approx) to setup. Once the Directory status gets ‘Active’, go to the next step.

Create FSx for Windows:

(Only for those who want File System for their WorkSpace, otherwise you can SKIP this step)

1. Go to FSx service from AWS Console
2. Click Create File System, choose ‘Amazon FSx for Windows File Server’, > Click Next.
3. Give File System an appropriate name
4. Deployment type: Multi-AZ
5. Storage type: SSD
6. Storage capacity: 50( you can give according to your Storage requirement of the File System, but should be greater than 32).
7. Keep Recommended throughput capacity.

8. In VPC choose your Custom VPC and select the appropriate Security group.

9. In Preferred Subnet Select your Primary private Subnet. In StandBy add another private subnet.

10. In Windows Authentication select AWS Managed Microsoft Active Directory. Choose the directory which you created in the previous section.

11. Keep the Rest of the things as default. Hit Next

12. Review everything and click create File System.

This will again take approx 10 mins to create. By that time we can start creating our WorkSpace Environment.

Creating AWS WorkSpace:

1. Go to WorkSpaces from AWS Console
2. Click Launch WorkSpaces
3. Select Directory which you created in the first section
4. Click Next Step
5. For Creating User, Add all user details asked and click Create User

6. That user will automatically get added to your directory. If you have any user already click ‘Show all users’ from ‘Select Users from the Directory’ option > Add Selected

7. Choose the Workspace instance that you want. Here I choose Standard with Windows 10

8. Choose Next Step

9. You can configure Auto-Stop according to your requirement

10. Next > Launch Workspace.

This may take up to 20 mins to become active.

Once done, select that workspace and go to Actions > Invite User > Copy the invitation and send to the required person.

Attach FSx to the AWS Workspace(optional):

1. Once all the above steps are done, we can try mapping our FSx to the Workspace drive.
2. Be sure you must have NFS Client installed before proceding
3. Go to File Explorer > Right Click on Network > Map Network Drive > Choose Drive letter > in Folder enter \\DNS name of your FSx file\share. You can get this DNS name from FSx Console e.g. \\<fsx-file-system-dns-name>\share
4. There you go. You have now FSx connected to your workspace.
5. Want to automate this mapping for every workspace you create in this Directory? Sure, you can create a GPO for the same from one of the workspace and once done it will get mapped to every workspace that you create in that same Directory.

Ref: https://activedirectorypro.com/map-network-drives-with-group-policy/