Workspaces pooled - some issues getting started

The first issue is that can't find a correct role type to apply to pooled workspaces. None of my existing workspace or appstream roles show up in the drop down so this must be a new type. What should the trust relationbship look like if not this? I tried workspacespool workspacespools and a few others.

        "Principal": {
            "Service": "workspaces.amazonaws.com"
        },

Second issue is when trying to create the first pool for the SAML2 workspace directory. Get this error every time Failed to create workspace. One or more parameter values are not valid. The Subnet: subnet-abc123 provided is not a public Subnet. Please provide a valid public Subnet to enable default Internet access.

Of course I didn't provide public subnets when I created the directory and there was no option when creating the directory to choose if the workspaces should have Internet access or not as it did with the old style Workspaces. A bug or a requirement to use public subnets?

Topics

End User Computing

Tags

Amazon WorkSpaces

Language

English

rePost-User-1579460

asked a month ago256 views

3 Answers

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

The role you need is workspaces_DefaultRole, which is automatically created when using WorkSpaces Quick Setup or when launching a WorkSpace using the AWS Management Console. You might need to attach the AmazonWorkSpacesPoolServiceAccess managed policy to this role. You encountered an error stating that the provided subnet is not public when trying to create a pool for the SAML2 workspace directory. This is not a bug but a requirement for WorkSpaces to have default Internet access. The issue might be due to a VPN issue or a firewall blocking necessary ports.

EXPERT

Giovanni Lauria

answered a month ago

The Pooled directory setup doesn't accept workspaces_DefaultRole or the arn of this role. The role exists.

I'm not following on the web access problem. The Directory setup page allowed me to choose private subnets and these subnets have access and routes to a NAT gateway in a public subnet. It wouldn't make sense to put workspaces in public subnets with an internet gateway and public IP's for each workspace.

rePost-User-1579460

answered a month ago

I spoke to AWS support, there's an inconsistency in the GUI when you configure your pooled directory where InternetAccess is turned on by default. (and no GUI option to turn off) If you want to turn it off and use private subnets:

aws workspaces modify-workspace-creation-properties --resource-id wsd-XXXXXXXXX --workspace-creation-properties EnableInternetAccess=false

rePost-User-1579460

answered a month ago

Relevant content

Is it possible to get the hostname of the host PC connecting to AppStream or Workspaces?
ctsaund85
asked 4 months ago
EMR Workspace failed to start error
Accepted Answer
AWS-User-9621341
asked a year ago
AWS WorkSpace Pool
Rob Moore
asked 24 days ago
Existing workspaces not showing in console
Kim
asked a year ago
Why is my Windows WorkSpace stuck in the starting, rebooting, or stopping status?
AWS OFFICIALUpdated a year ago
Why can't I use the WorkSpaces client to authenticate to my WorkSpace?
AWS OFFICIALUpdated 3 months ago
How do I change the WorkSpace that I'm connecting to through the Amazon WorkSpaces client?
AWS OFFICIALUpdated 2 years ago
Why am I unable to access my PCoIP-based WorkSpace using the WorkSpaces client?
AWS OFFICIALUpdated 2 years ago
Querying Delta tables from SQL Explorer in EMR Workspace
SUPPORT ENGINEER
Yokesh NK
published a month ago
Announcing Amazon WorkSpaces Pools, a new feature of Amazon WorkSpaces
EXPERT
Aqsa Mughees
published a month ago