Ready To Use Secure Amazon WorkSpaces Using Terraform
Today, as more people are doing Remote Work, having a secure connection and workspace, is very important. if the user has some issue while working remotely and need a secure environment to connect to a secure private Environment setting up Amazon WorkSpaces can be a very handy solution.
Introduction: Amazon WorkSpaces is a cloud-based desktop virtualisation service that provides users with a consistent computing experience across devices. WorkSpaces eliminates the need to buy and maintain hardware and is quick and easy to deploy.
Terraform is an open source Infrastructure as Code software tool that enables you to create, change and improve infrastructure in a secure and predictable way. Terraform can be used to deploy Amazon WorkSpaces in a consistent and repeatable way.
I tried:
Prerequisite:
- We need to Set up Terraform on your laptop. you can follow the official Documents for the same. https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
-
An account with AWS CLI and appropriate permissions is required.
Also, You need to do the basic Network Environment Setup. for This, you can follow bellow code VPC, Subnet, IGW, route table etc... You can refer to the following code for the same:
resource "aws_vpc" "dvio-ope-vpc" {
cidr_block = "10.3.32.0/20"
enable_dns_hostnames = true
tags = {
Name = "dvio-ope-vpc"
}
}
resource "aws_internet_gateway" "dvio-ope-igw" {
vpc_id = aws_vpc.dvio-ope-vpc.id
tags = {
Name = "dvio-ope-igw"
}
}
resource "aws_subnet" "dvio-ope-public-subnet" {
vpc_id = aws_vpc.dvio-ope-vpc.id
cidr_block = "10.3.32.0/24"
availability_zone = "ap-northeast-1a"
tags = {
Name = "dvio-ope-public-subnet"
}
}
resource "aws_route_table" "dvio-ope-public-rtb" {
vpc_id = aws_vpc.dvio-ope-vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.dvio-ope-igw.id
}
}
resource "aws_route_table_association" "dvio-ope-public-rtb-assoc" {
subnet_id = aws_subnet.dvio-ope-public-subnet.id
route_table_id = aws_route_table.dvio-ope-public-rtb.id
}
This Script will create an AWS Managed Directory
resource "aws_directory_service_directory" "aws-managed-ad" {
name = "aws-global-md.local"
description = "Managed Directory Service"
password = "Sup3rS3cr3tP@ssw0rd" // Recommend using Secret Manager or similar service
edition = "Standard"
type = "MicrosoftAD"
size = "Small"
vpc_settings {
vpc_id = aws_vpc.dvio-ope-vpc.id
subnet_ids = [aws_subnet.dvio-ope-public-subnet.id]
}
}
This Script will create a workspace Directory and workspace
resource "aws_workspaces_directory" "aws-managed-workspaces-ad" {
directory_id = aws_directory_service_directory.aws-managed-ad.id
#help in Cache account information on the client: Disable**
self_service_permissions {
increase_volume_size = false
rebuild_workspace = true
change_compute_type = false
restart_workspace = true
switch_running_mode = false
}
}
resource "aws_workspaces_workspace" "dvio-workspace" {
directory_id = aws_workspaces_directory.aws-managed-workspaces-ad.id
bundle_id = data.aws_workspaces_bundle.value_windows_10.id
user_name = "dvio-aayush"
root_volume_encryption_enabled = true
user_volume_encryption_enabled = true
volume_encryption_key = "alias/aws/workspaces"
workspace_properties {
compute_type_name = "VALUE"
user_volume_size_gib = 10
root_volume_size_gib = 80
running_mode = "AUTO_STOP"
running_mode_auto_stop_timeout_in_minutes = 60
}
workspace_creation_properties {
enable_internet_access = true
enable_maintenance_mode = true
user_enabled_as_local_administrator = false
}
}
How you want to write the code is up to you, I will recommend creating a module for each service. After writing the code you can deploy the code in your environment using Automation.
terraform init -input=false
terraform plan -var="variable=value"
terraform apply
Conclusion
In this blog post, I deploy Amazon WorkSpaces via Terraform. We created a Terraform configuration file that defined the resources required to deploy WorkSpaces, and we used the Terraform CLI to create and manage the resources.
Terraform is a powerful tool that can be used to deploy and manage infrastructure in a consistent and repeatable manner. By using Terraform to deploy Amazon WorkSpaces, you can ensure that your WorkSpaces are deployed consistently and that you can easily manage them.
