AppStream (2.0) is a fully managed non-persistent desktop and application service for remotely accessing your work.
The ImageBuilder
forms the first stage in the creation and definition of an image that can be used to stream.
You can use the AWS CLI to initiate the creation of an image in ImageBuilder:
aws appstream create-image-builder \
--name <name> \
--image-name <image_name> \
--instance-type <instance_type> \
--vpc-config SubnetIds=<subnet_ids>,SecurityGroupIds=<security_group_ids> \
--iam-role-arn <iam_role_arn> \
--enable-default-internet-access
Swap out the above items with your own values:
<name>
= “org-image-name”<image_name>
= “AppStream-WinServer2019-10-08-2021”<instance_type>
= stream.standard.small<subnet_ids>
= subnet-xxxxxxxxxxxx1234<security_group_ids>
= sg-xxxxxxxxxxxx1234<iam_role_arn>
= arn:aws:iam::xxxxxxxx1234:role/SomeRoleName
How to create the role
For the Permissions, you will need to add policy definitions of the services this instance will call out to. This could include AmazonS3FullAccess, AmazonFSxFullAccess and AmazonAppStreamServiceAccess as an example.
Additionally, it is important to make sure the trust relationship is set to appstream.amazonaws.com
. A policy trust relationship would look something like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "appstream.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
How to Join an Active Directory Domain on Creation
If you would like to join an Active Directory Domain on creation, then you will also need to pass the --domain-join-info
flag to the create-image-builder
command above.
This can be done as follows:
<meta charset="utf-8">aws appstream create-image-builder \
--name <name> \
--image-name <image_name> \
--instance-type <instance_type> \
--vpc-config SubnetIds=<subnet_ids>,SecurityGroupIds=<security_group_ids> \
--iam-role-arn <iam_role_arn> \
--domain-join-info '{"DirectoryName": "<directory>","OrganizationalUnitDistinguishedName": "<OU>"}' \
--enable-default-internet-access
The <directory>
and <OU>
need to be created and configured in the DirectoryConfig section of AppStream.
An example value of the above could be:
--domain-join-info '{"DirectoryName": "your.cloud","OrganizationalUnitDistinguishedName": "OU=Computers,OU=yourcloud,DC=your,DC=cloud"}'