- Newest
- Most votes
- Most comments
SJ,
AppStream 2.0 images cannot be based on private AMIs. Due to the specialized nature of application streaming, AppStream 2.0 Fleets must be based on AppStream 2.0 Images. It is possible to start an Image Builder from a publicly available AppStream 2.0 base Image, apply the security settings required by company security policy, and then create a private AppStream 2.0 Image to use as the base for future Image Builders. Keep in mind that the private AppStream 2.0 Image will need to be maintained periodically to ensure adherence to patching standards outlined by the company security policy.
Thank you,
Kellie (AWS)
Kellie,
Thanks for your prompt response. I have suggested Appstream 2.0 to an enterprise client.
1.Is there a security deck or an AWS presentation (security focused) that I can use ? I have been asked my a large enterprise client about the security of using Appstream 2.0. This client uses its private Windows 2012 and 2016 images as EC2 Instances.
- Can I connect to my Appstream 2.0 server as an Admin and apply regular patches/settings etc that the security department Admin would - Business As Usual?
Thanks Again
SJ
Edited by: SJ on Aug 28, 2019 9:43 AM
SJ,
I do not have any prepared presentations around security. The AppStream 2.0 networking, access, and security documentation can be found here:
https://docs.aws.amazon.com/appstream2/latest/developerguide/update-fleets-new-image.html
AppStream 2.0 fleet instances are designed to be single use, so changes made directly to the instances would be lost after a user ends the session. To make changes to AppStream 2.0 fleet instances, such as patching, you would create a new private image, either from an existing image builder, or from an image builder created from an existing image, that contains the updates required. That image is then applied to a fleet, at which point new fleet instances will be created from that image. Unused fleet instances are replaced periodically, while in use fleet instances terminated and replace, based on scaling policies, when the active user session ends.
https://docs.aws.amazon.com/appstream2/latest/developerguide/update-fleets-new-image.html
Hopefully that helps,
Kellie (AWS)
Correction, the AppStream 2.0 networking, access, and security documentation can be found here:
https://docs.aws.amazon.com/appstream2/latest/developerguide/managing-network.html
Kellie (AWS)
Relevant content
- Accepted Answerasked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago