Ready To Use Secure Amazon WorkSpaces Using Terraform

2023.06.09

Today, as more people are doing Remote Work, having a secure connection and workspace, is very important. if the user has some issue while working remotely and need a secure environment to connect to a secure private Environment setting up Amazon WorkSpaces can be a very handy solution.

Introduction: Amazon WorkSpaces is a cloud-based desktop virtualisation service that provides users with a consistent computing experience across devices. WorkSpaces eliminates the need to buy and maintain hardware and is quick and easy to deploy.

Terraform is an open source Infrastructure as Code software tool that enables you to create, change and improve infrastructure in a secure and predictable way. Terraform can be used to deploy Amazon WorkSpaces in a consistent and repeatable way.

I tried:

Prerequisite:

  1. We need to Set up Terraform on your laptop. you can follow the official Documents for the same. https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli

  2. An account with AWS CLI and appropriate permissions is required.

Also, You need to do the basic Network Environment Setup. for This, you can follow bellow code VPC, Subnet, IGW, route table etc... You can refer to the following code for the same:


resource "aws_vpc" "dvio-ope-vpc" {
  cidr_block           = "10.3.32.0/20"
  enable_dns_hostnames = true
  tags = {
    Name = "dvio-ope-vpc"
  }
}
resource "aws_internet_gateway" "dvio-ope-igw" {
  vpc_id = aws_vpc.dvio-ope-vpc.id
  tags = {
    Name = "dvio-ope-igw"
  }
}

resource "aws_subnet" "dvio-ope-public-subnet" {
  vpc_id            = aws_vpc.dvio-ope-vpc.id
  cidr_block        = "10.3.32.0/24"
  availability_zone = "ap-northeast-1a"
  tags = {
    Name = "dvio-ope-public-subnet"
  }
}

resource "aws_route_table" "dvio-ope-public-rtb" {
  vpc_id = aws_vpc.dvio-ope-vpc.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.dvio-ope-igw.id
  }
}

resource "aws_route_table_association" "dvio-ope-public-rtb-assoc" {
  subnet_id      = aws_subnet.dvio-ope-public-subnet.id
  route_table_id = aws_route_table.dvio-ope-public-rtb.id
}

This Script will create an AWS Managed Directory


resource "aws_directory_service_directory" "aws-managed-ad" {
  name        = "aws-global-md.local"
  description = "Managed Directory Service"
  password    = "Sup3rS3cr3tP@ssw0rd" // Recommend using Secret Manager or similar service
  edition     = "Standard"
  type        = "MicrosoftAD"
  size     = "Small"
  vpc_settings {
    vpc_id     = aws_vpc.dvio-ope-vpc.id
    subnet_ids = [aws_subnet.dvio-ope-public-subnet.id]
  }
}

This Script will create a workspace Directory and workspace


resource "aws_workspaces_directory" "aws-managed-workspaces-ad" {
  directory_id = aws_directory_service_directory.aws-managed-ad.id
#help in Cache account information on the client: Disable**
  self_service_permissions {
    increase_volume_size = false
    rebuild_workspace    = true
    change_compute_type  = false
    restart_workspace    = true
    switch_running_mode  = false
  }
}
resource "aws_workspaces_workspace" "dvio-workspace" {
  directory_id = aws_workspaces_directory.aws-managed-workspaces-ad.id
  bundle_id    = data.aws_workspaces_bundle.value_windows_10.id

  user_name    = "dvio-aayush"
   root_volume_encryption_enabled = true
   user_volume_encryption_enabled = true
   volume_encryption_key          = "alias/aws/workspaces"

  workspace_properties {
    compute_type_name                         = "VALUE"
    user_volume_size_gib                      = 10
    root_volume_size_gib                      = 80
    running_mode                              = "AUTO_STOP"
    running_mode_auto_stop_timeout_in_minutes = 60
  }
  workspace_creation_properties {
    enable_internet_access              = true
    enable_maintenance_mode             = true
    user_enabled_as_local_administrator = false
  }
}

How you want to write the code is up to you, I will recommend creating a module for each service. After writing the code you can deploy the code in your environment using Automation.


terraform init -input=false
terraform plan -var="variable=value"
terraform apply

Conclusion

In this blog post, I deploy Amazon WorkSpaces via Terraform. We created a Terraform configuration file that defined the resources required to deploy WorkSpaces, and we used the Terraform CLI to create and manage the resources.

Terraform is a powerful tool that can be used to deploy and manage infrastructure in a consistent and repeatable manner. By using Terraform to deploy Amazon WorkSpaces, you can ensure that your WorkSpaces are deployed consistently and that you can easily manage them.