AWS Workspaces with AD integration and CLI commands

https://aws.amazon.com/workspaces/
https://aws.amazon.com/documentation/workspaces/
Create Directory Service first:

• Simple AD or

• AD Connector
1. Create service account: svc_AWSWorkspaces
2. Create a new AD OU AWSWorkspaces
3. Configure service account: svc_AWSWorkspaces to have permissions: a)  read/write for OU AWSWorkspaces b) readonly for everything else
4. Set up directory: a) Specify DNS name, b) specify connector account/password as created in step 1 above c) point at AD server IP addresses d) specify VPC e) specify subnets where workspaces will be running
5. Update Directory details: change target OU to AWSWorkspaces   

Open firewall for AWS Workspaces:
https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port-requirements.html
Note: would need to open over 16 million HTTPS IPs outbound or use HTTPS proxy (which does not allow authentication):
$ curl https://ip-ranges.amazonaws.com/ip-ranges.json |  jq -c '.prefixes[] | {ip_prefix,region,service}' | egrep -i 'global|workspace|us-east-1|us-west-2' | grep AMAZON | cut -d'"' -f4  | cut -d'/' -f2 | awk ' { print x+=2^(32-$1) } ' | tail -1
16247920

$ curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq -c '.prefixes[] | {ip_prefix,region,service}' | egrep -i 'us-west-2' | grep -i s3 | cut -d'"' -f4  | cut -d'/' -f2 | awk ' { print x+=2^(32-$1) } ' | tail -1        

41984

$  bc

16247920+41984

16289904

AWS Workspaces CLI: https://docs.aws.amazon.com/cli/latest/reference/workspaces/index.html
$ aws workspaces describe-workspace-bundles --owner AMAZON | jq -r  '.Bundles[] | "\(.BundleId),\(.ComputeType.Name),\(.Description)"'
wsb-b0s22j3d7,PERFORMANCE,Windows 7 Experience provided by Windows Server 2008 R2, 2 vCPU, 7.5GiB Memory, 100GB Storage
wsb-gm4d5tx2v,PERFORMANCE,Windows 10 Experience provided by Windows Server 2016, 2 vCPU, 7.5GiB Memory, 100GB Storage
wsb-6cdbk8901,PERFORMANCE,Windows 10 Experience provided by Windows Server 2016 with Office 2016, 2 vCPU, 7.5GiB Memory, 100GB Storage
wsb-bh8rsxt14,VALUE,Windows 10 Experience provided by Windows Server 2016, 1 vCPU, 2GiB Memory, 10GB Storage
wsb-92tn3b7gx,VALUE,Windows 7 Experience provided by Windows Server 2008 R2, 1 vCPU, 2GiB Memory, 10GB Storage
wsb-wwx8kkwg5,GRAPHICS,Windows 7 Experience provided by Windows Server 2008 R2 with Office 2010, 8 vCPU, 15GiB Memory, 100GB Storage
wsb-3t36q0xfc,STANDARD,Windows 7 Experience provided by Windows Server 2008 R2, 2 vCPU, 4GiB Memory, 50GB Storage
wsb-9jvhtb24f,STANDARD,Windows 10 Experience provided by Windows Server 2016 with Office 2016, 2 vCPU, 4GiB Memory, 50GB Storage
wsb-44r73z5dr,GRAPHICS,Windows 7 Experience provided by Windows Server 2008 R2 with Office 2013, 8 vCPU, 15GiB Memory, 100GB Storage
wsb-1b5w6vnz6,PERFORMANCE,Windows 7 Experience provided by Windows Server 2008 R2 with Office 2010, 2 vCPU, 7.5GiB Memory, 100GB Storage
wsb-fgy4lgypc,VALUE,Windows 7 Experience provided by Windows Server 2008 R2 with Office 2013, 1 vCPU, 2GiB Memory, 10GB Storage
wsb-vbsjd64y6,PERFORMANCE,Windows 7 Experience provided by Windows Server 2008 R2 with Office 2013, 2 vCPU, 7.5GiB Memory, 100GB Storage Storage
wsb-320p8vd2j,GRAPHICS,Windows 10 Experience provided by Windows Server 2016, 8 vCPU, 15GiB Memory, 100GB Storage
wsb-kgjp98lt8,VALUE,Windows 7 Experience provided by Windows Server 2008 R2 with Office 2010, 1 vCPU, 2GiB Memory, 10GB Storage
wsb-ftkjdlgks,GRAPHICS,Windows 10 Experience provided by Windows Server 2016 with Office 2016, 8 vCPU, 15GiB Memory, 100GB Storage
wsb-hztzqyk3m,POWER,Windows 10 Experience provided by Windows Server 2016 with Office 2016, 4 vCPU, 16GiB Memory, 100GB Storage
wsb-cq3wxw02g,POWER,Windows 7 Experience provided by Windows Server 2008, 4 vCPU, 16GiB Memory, 100GB Storage
wsb-2gcd1nm07,POWER,Windows 7 Experience provided by Windows Server 2008 with Office 2013, 4 vCPU, 16GiB Memory, 100GB Storage
wsb-8vbljg4r6,STANDARD,Windows 10 Experience provided by Windows Server 2016, 2 vCPU, 4GiB Memory, 50GB Storage
wsb-w42vs8svd,POWER,Windows 10 Experience provided by Windows Server 2016, 4 vCPU, 16GiB Memory, 100GB Storage
wsb-dy4bd5kvl,GRAPHICS,Windows 7 Experience provided by Windows Server 2008 R2, 8 vCPU, 15GiB Memory, 100GB Storage
wsb-df76rqys9,VALUE,Windows 10 Experience provided by Windows Server 2016 with Office 2016, 1 vCPU, 2GiB Memory, 10GB Storage
wsb-5h1pf1zxc,STANDARD,Windows 7 Experience provided by Windows Server 2008 R2 with Office 2013, 2 vCPU, 4GiB Memory, 50GB Storage

wsb-vlsvncjjf,STANDARD,Windows 7 Experience provided by Windows Server 2008 R2 with Office 2010, 2 vCPU, 4GiB Memory, 50GB Storage

$ cat ws.json
{
  "Workspaces" : [
    {
      "DirectoryId" : "d-12345678",
      "UserName" : "zorang",
      "BundleId" : "wsb-8vbljg4r6"
    }
  ]
}

$ aws workspaces create-workspaces --cli-input-json file://ws.json

{

    "PendingRequests": [

        {

            "UserName": "zorang",

            "DirectoryId": "d-12345678",

            "State": "PENDING",

            "WorkspaceId": "ws-87654321",

            "BundleId": "wsb-8vbljg4r6"

        }

    ],

    "FailedRequests": []

}

$ aws workspaces describe-workspaces | jq -r  '.Workspaces[] | "\(.UserName),\(.DirectoryId),\(.ComputerName),\(.WorkspaceProperties.RunningMode),\(.State),\(.WorkspaceId),\(.SubnetId),\(.IpAddress),\(.BundleId)"'
zorang,d-12345678,IP-C6134598,ALWAYS_ON,AVAILABLE,ws-xlw5mw111,subnet-cc0e45bb,172.27.170.92,wsb-8vbljg4r6
user1,d-12345678,null,AUTO_STOP,STOPPED,ws-k6sb16222,null,null,wsb-8vbljg4r6
user2,d-12345678,null,AUTO_STOP,STOPPED,ws-ggbw9805v,null,null,wsb-8vbljg4r6
user3,d-12345678,null,AUTO_STOP,STOPPED,ws-33p106twj,null,null,wsb-8vbljg4r6
user4,d-12345678,null,AUTO_STOP,STOPPED,ws-ds14wyf5n,null,null,wsb-8vbljg4r6
user5,d-12345678,IP-C6136BA2,AUTO_STOP,AVAILABLE,ws-g1br9dygg,subnet-cc0e45bb,172.27.170.75,wsb-8vbljg4r6