- Newest
- Most votes
- Most comments
The role you need is workspaces_DefaultRole, which is automatically created when using WorkSpaces Quick Setup or when launching a WorkSpace using the AWS Management Console. You might need to attach the AmazonWorkSpacesPoolServiceAccess managed policy to this role. You encountered an error stating that the provided subnet is not public when trying to create a pool for the SAML2 workspace directory. This is not a bug but a requirement for WorkSpaces to have default Internet access. The issue might be due to a VPN issue or a firewall blocking necessary ports.
The Pooled directory setup doesn't accept workspaces_DefaultRole or the arn of this role. The role exists.
I'm not following on the web access problem. The Directory setup page allowed me to choose private subnets and these subnets have access and routes to a NAT gateway in a public subnet. It wouldn't make sense to put workspaces in public subnets with an internet gateway and public IP's for each workspace.
I spoke to AWS support, there's an inconsistency in the GUI when you configure your pooled directory where InternetAccess is turned on by default. (and no GUI option to turn off) If you want to turn it off and use private subnets:
aws workspaces modify-workspace-creation-properties --resource-id wsd-XXXXXXXXX --workspace-creation-properties EnableInternetAccess=false
Relevant content
- asked 24 days ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago