View Source AWS.WorkSpaces (aws-elixir v1.0.4)
Amazon WorkSpaces Service
Amazon WorkSpaces enables you to provision virtual, cloud-based Microsoft Windows or Amazon Linux desktops for your users, known as WorkSpaces.
WorkSpaces eliminates the need to procure and deploy hardware or install complex software. You can quickly add or remove users as your needs change. Users can access their virtual desktops from multiple devices or web browsers.
This API Reference provides detailed information about the actions, data types, parameters, and errors of the WorkSpaces service. For more information about the supported Amazon Web Services Regions, endpoints, and service quotas of the Amazon WorkSpaces service, see WorkSpaces endpoints and quotas in the Amazon Web Services General Reference.
You can also manage your WorkSpaces resources using the WorkSpaces console, Command Line Interface (CLI), and SDKs. For more information about administering WorkSpaces, see the Amazon WorkSpaces Administration Guide. For more information about using the Amazon WorkSpaces client application or web browser to access provisioned WorkSpaces, see the Amazon WorkSpaces User Guide. For more information about using the CLI to manage your WorkSpaces resources, see the WorkSpaces section of the CLI Reference.
Link to this section Summary
Functions
Accepts the account link invitation.
Associates the specified connection alias with the specified directory to enable cross-Region redirection.
Associates the specified IP access control group with the specified directory.
Associates the specified application to the specified WorkSpace.
Adds one or more rules to the specified IP access control group.
Copies the specified image from the specified Region to the current Region.
Creates the account link invitation.
Creates a client-add-in for Amazon Connect within a directory.
Creates the specified connection alias for use with cross-Region redirection.
Creates an IP access control group.
Creates a standby WorkSpace in a secondary Region.
Creates the specified tags for the specified WorkSpaces resource.
Creates a new updated WorkSpace image based on the specified source image.
Creates the specified WorkSpace bundle.
Creates a new WorkSpace image from an existing WorkSpace.
Creates one or more WorkSpaces.
Creates a pool of WorkSpaces.
Deletes the account link invitation.
Deletes customized client branding.
Deletes a client-add-in for Amazon Connect that is configured within a directory.
Deletes the specified connection alias.
Deletes the specified IP access control group.
Deletes the specified tags from the specified WorkSpaces resource.
Deletes the specified WorkSpace bundle.
Deletes the specified image from your account.
Deploys associated applications to the specified WorkSpace
Deregisters the specified directory.
Retrieves a list that describes the configuration of Bring Your Own License (BYOL) for the specified account.
Retrieves a list that describes modifications to the configuration of Bring Your Own License (BYOL) for the specified account.
Describes the associations between the application and the specified associated resources.
Describes the specified applications by filtering based on their compute types, license availability, operating systems, and owners.
Describes the associations between the applications and the specified bundle.
Describes the specified client branding.
Retrieves a list that describes one or more specified Amazon WorkSpaces clients.
Retrieves a list of Amazon Connect client add-ins that have been created.
Describes the permissions that the owner of a connection alias has granted to another Amazon Web Services account for the specified connection alias.
Retrieves a list that describes the connection aliases used for cross-Region redirection.
Describes the associations between the applications and the specified image.
Describes one or more of your IP access control groups.
Describes the specified tags for the specified WorkSpaces resource.
Describes the associations betweens applications and the specified WorkSpace.
Retrieves a list that describes the available WorkSpace bundles.
Describes the available directories that are registered with Amazon WorkSpaces.
Describes the permissions that the owner of an image has granted to other Amazon Web Services accounts for an image.
Retrieves a list that describes one or more specified images, if the image identifiers are provided.
Describes the snapshots for the specified WorkSpace.
Describes the specified WorkSpaces.
Describes the connection status of the specified WorkSpaces.
Retrieves a list that describes the streaming sessions for a specified pool.
Describes the specified WorkSpaces Pools.
Disassociates a connection alias from a directory.
Disassociates the specified IP access control group from the specified directory.
Disassociates the specified application from a WorkSpace.
Retrieves account link information.
Imports client branding.
Imports the specified Windows 10 or 11 Bring Your Own License (BYOL) image into Amazon WorkSpaces.
Lists all account links.
Retrieves a list of IP address ranges, specified as IPv4 CIDR blocks, that you can use for the network management interface when you enable Bring Your Own License (BYOL).
Migrates a WorkSpace from one operating system or bundle type to another, while retaining the data on the user volume.
Modifies the configuration of Bring Your Own License (BYOL) for the specified account.
Modifies the properties of the certificate-based authentication you want to use with your WorkSpaces.
Modifies the properties of the specified Amazon WorkSpaces clients.
Modifies multiple properties related to SAML 2.0 authentication, including the enablement status, user access URL, and relay state parameter name that are used for configuring federation with an SAML 2.0 identity provider.
Modifies the self-service WorkSpace management capabilities for your users.
Modifies the specified streaming properties.
Specifies which devices and operating systems users can use to access their WorkSpaces.
Modify the default properties used to create WorkSpaces.
Modifies the specified WorkSpace properties.
Sets the state of the specified WorkSpace.
Reboots the specified WorkSpaces.
Rebuilds the specified WorkSpace.
Registers the specified directory.
Rejects the account link invitation.
Restores the specified WorkSpace to its last known healthy state.
Removes one or more rules from the specified IP access control group.
Starts the specified WorkSpaces.
Starts the specified pool.
Stops the specified WorkSpaces.
Stops the specified pool.
Terminates the specified WorkSpaces.
Terminates the specified pool.
Terminates the pool session.
Updates a Amazon Connect client add-in.
Shares or unshares a connection alias with one account by specifying whether that account has permission to associate the connection alias with a directory.
Replaces the current rules of the specified IP access control group with the specified rules.
Updates a WorkSpace bundle with a new image.
Shares or unshares an image with one account in the same Amazon Web Services Region by specifying whether that account has permission to copy the image.
Updates the specified pool.
Link to this section Functions
Accepts the account link invitation.
There's currently no unlinking capability after you accept the account linking invitation.
Associates the specified connection alias with the specified directory to enable cross-Region redirection.
For more information, see Cross-Region Redirection for Amazon WorkSpaces.
Before performing this operation, call
DescribeConnectionAliases
to make sure that the current state of the
connection alias is CREATED.
Associates the specified IP access control group with the specified directory.
Associates the specified application to the specified WorkSpace.
Adds one or more rules to the specified IP access control group.
This action gives users permission to access their WorkSpaces from the CIDR address ranges specified in the rules.
Copies the specified image from the specified Region to the current Region.
For more information about copying images, see Copy a Custom WorkSpaces Image.
In the China (Ningxia) Region, you can copy images only within the same Region.
In Amazon Web Services GovCloud (US), to copy images to and from other Regions, contact Amazon Web Services Support.
Before copying a shared image, be sure to verify that it has been shared from the correct Amazon Web Services account. To determine if an image has been shared and to see the ID of the Amazon Web Services account that owns an image, use the DescribeWorkSpaceImages and DescribeWorkspaceImagePermissions API operations.
Creates the account link invitation.
Creates a client-add-in for Amazon Connect within a directory.
You can create only one Amazon Connect client add-in within a directory.
This client add-in allows WorkSpaces users to seamlessly connect to Amazon Connect.
Creates the specified connection alias for use with cross-Region redirection.
For more information, see Cross-Region Redirection for Amazon WorkSpaces.
Creates an IP access control group.
An IP access control group provides you with the ability to control the IP
addresses
from which users are allowed to access their WorkSpaces. To specify the CIDR
address
ranges, add rules to your IP access control group and then associate the group
with your
directory. You can add rules when you create the group or at any time using
AuthorizeIpRules.
There is a default IP access control group associated with your directory. If you don't associate an IP access control group with your directory, the default group is used. The default group includes a default rule that allows users to access their WorkSpaces from anywhere. You cannot modify the default IP access control group for your directory.
Creates a standby WorkSpace in a secondary Region.
Creates the specified tags for the specified WorkSpaces resource.
Creates a new updated WorkSpace image based on the specified source image.
The new updated WorkSpace image has the latest drivers and other updates required by the Amazon WorkSpaces components.
To determine which WorkSpace images need to be updated with the latest Amazon WorkSpaces requirements, use DescribeWorkspaceImages.
Only Windows 10, Windows Server 2016, and Windows Server 2019 WorkSpace images can be programmatically updated at this time.
Microsoft Windows updates and other application updates are not included in the update process.
The source WorkSpace image is not deleted. You can delete the source image after you've verified your new updated image and created a new bundle.
Creates the specified WorkSpace bundle.
For more information about creating WorkSpace bundles, see Create a Custom WorkSpaces Image and Bundle.
Creates a new WorkSpace image from an existing WorkSpace.
Creates one or more WorkSpaces.
This operation is asynchronous and returns before the WorkSpaces are created.
The MANUAL running mode value is only supported by Amazon WorkSpaces
Core. Contact your account team to be allow-listed to use this value. For more
information, see Amazon WorkSpaces Core.
You don't need to specify the PCOIP protocol for Linux bundles
because DCV (formerly WSP) is the default protocol for those bundles.
User-decoupled WorkSpaces are only supported by Amazon WorkSpaces Core.
Review your running mode to ensure you are using one that is optimal for your needs and budget. For more information on switching running modes, see Can I switch between hourly and monthly billing?
Creates a pool of WorkSpaces.
Deletes the account link invitation.
Deletes customized client branding.
Client branding allows you to customize your WorkSpace's client login portal. You can tailor your login portal company logo, the support email address, support link, link to reset password, and a custom message for users trying to sign in.
After you delete your customized client branding, your login portal reverts to the default client branding.
Deletes a client-add-in for Amazon Connect that is configured within a directory.
Deletes the specified connection alias.
For more information, see Cross-Region Redirection for Amazon WorkSpaces.
If you will no longer be using a fully qualified domain name (FQDN) as the registration code for your WorkSpaces users, you must take certain precautions to prevent potential security issues. For more information, see Security Considerations if You Stop Using Cross-Region Redirection.
To delete a connection alias that has been shared, the shared account must first disassociate the connection alias from any directories it has been associated with. Then you must unshare the connection alias from the account it has been shared with. You can delete a connection alias only after it is no longer shared with any accounts or associated with any directories.
Deletes the specified IP access control group.
You cannot delete an IP access control group that is associated with a directory.
Deletes the specified tags from the specified WorkSpaces resource.
Deletes the specified WorkSpace bundle.
For more information about deleting WorkSpace bundles, see Delete a Custom WorkSpaces Bundle or Image.
Deletes the specified image from your account.
To delete an image, you must first delete any bundles that are associated with the image and unshare the image if it is shared with other accounts.
Deploys associated applications to the specified WorkSpace
Deregisters the specified directory.
This operation is asynchronous and returns before the WorkSpace directory is deregistered. If any WorkSpaces are registered to this directory, you must remove them before you can deregister the directory.
Simple AD and AD Connector are made available to you free of charge to use with WorkSpaces. If there are no WorkSpaces being used with your Simple AD or AD Connector directory for 30 consecutive days, this directory will be automatically deregistered for use with Amazon WorkSpaces, and you will be charged for this directory as per the Directory Service pricing terms.
To delete empty directories, see Delete the Directory for Your WorkSpaces. If you delete your Simple AD or AD Connector directory, you can always create a new one when you want to start using WorkSpaces again.
Retrieves a list that describes the configuration of Bring Your Own License (BYOL) for the specified account.
Retrieves a list that describes modifications to the configuration of Bring Your Own License (BYOL) for the specified account.
Describes the associations between the application and the specified associated resources.
Describes the specified applications by filtering based on their compute types, license availability, operating systems, and owners.
Describes the associations between the applications and the specified bundle.
Describes the specified client branding.
Client branding allows you to customize the log in page of various device types for your users. You can add your company logo, the support email address, support link, link to reset password, and a custom message for users trying to sign in.
Only device types that have branding information configured will be shown in the response.
Retrieves a list that describes one or more specified Amazon WorkSpaces clients.
Retrieves a list of Amazon Connect client add-ins that have been created.
describe_connection_alias_permissions(client, input, options \\ [])
View SourceDescribes the permissions that the owner of a connection alias has granted to another Amazon Web Services account for the specified connection alias.
For more information, see Cross-Region Redirection for Amazon WorkSpaces.
Retrieves a list that describes the connection aliases used for cross-Region redirection.
For more information, see Cross-Region Redirection for Amazon WorkSpaces.
Describes the associations between the applications and the specified image.
Describes one or more of your IP access control groups.
Describes the specified tags for the specified WorkSpaces resource.
Describes the associations betweens applications and the specified WorkSpace.
Retrieves a list that describes the available WorkSpace bundles.
You can filter the results using either bundle ID or owner, but not both.
Describes the available directories that are registered with Amazon WorkSpaces.
describe_workspace_image_permissions(client, input, options \\ [])
View SourceDescribes the permissions that the owner of an image has granted to other Amazon Web Services accounts for an image.
Retrieves a list that describes one or more specified images, if the image identifiers are provided.
Otherwise, all images in the account are described.
Describes the snapshots for the specified WorkSpace.
Describes the specified WorkSpaces.
You can filter the results by using the bundle identifier, directory identifier, or owner, but you can specify only one filter at a time.
describe_workspaces_connection_status(client, input, options \\ [])
View SourceDescribes the connection status of the specified WorkSpaces.
Retrieves a list that describes the streaming sessions for a specified pool.
Describes the specified WorkSpaces Pools.
Disassociates a connection alias from a directory.
Disassociating a connection alias disables cross-Region redirection between two directories in different Regions. For more information, see Cross-Region Redirection for Amazon WorkSpaces.
Before performing this operation, call
DescribeConnectionAliases
to make sure that the current state of the
connection alias is CREATED.
Disassociates the specified IP access control group from the specified directory.
Disassociates the specified application from a WorkSpace.
Retrieves account link information.
Imports client branding.
Client branding allows you to customize your WorkSpace's client login portal. You can tailor your login portal company logo, the support email address, support link, link to reset password, and a custom message for users trying to sign in.
After you import client branding, the default branding experience for the specified platform type is replaced with the imported experience
You must specify at least one platform type when importing client branding.
You can import up to 6 MB of data with each request. If your request exceeds this limit, you can import client branding for different platform types using separate requests.
In each platform type, the SupportEmail and
SupportLink parameters are mutually exclusive. You can specify
only one parameter for each platform type, but not both.
Imported data can take up to a minute to appear in the WorkSpaces client.
Imports the specified Windows 10 or 11 Bring Your Own License (BYOL) image into Amazon WorkSpaces.
The image must be an already licensed Amazon EC2 image that is in your Amazon Web Services account, and you must own the image. For more information about creating BYOL images, see Bring Your Own Windows Desktop Licenses.
Lists all account links.
list_available_management_cidr_ranges(client, input, options \\ [])
View SourceRetrieves a list of IP address ranges, specified as IPv4 CIDR blocks, that you can use for the network management interface when you enable Bring Your Own License (BYOL).
This operation can be run only by Amazon Web Services accounts that are enabled
for BYOL.
If your account isn't enabled for BYOL, you'll receive an
AccessDeniedException error.
The management network interface is connected to a secure Amazon WorkSpaces management network. It is used for interactive streaming of the WorkSpace desktop to Amazon WorkSpaces clients, and to allow Amazon WorkSpaces to manage the WorkSpace.
Migrates a WorkSpace from one operating system or bundle type to another, while retaining the data on the user volume.
The migration process recreates the WorkSpace by using a new root volume from
the target
bundle image and the user volume from the last available snapshot of the
original
WorkSpace. During migration, the original D:Users%USERNAME% user profile
folder is renamed to D:Users%USERNAME%MMddyyTHHmmss%.NotMigrated. A new
D:Users%USERNAME% folder is generated by the new OS. Certain files in
the old user profile are moved to the new user profile.
For available migration scenarios, details about what happens during migration, and best practices, see Migrate a WorkSpace.
Modifies the configuration of Bring Your Own License (BYOL) for the specified account.
modify_certificate_based_auth_properties(client, input, options \\ [])
View SourceModifies the properties of the certificate-based authentication you want to use with your WorkSpaces.
Modifies the properties of the specified Amazon WorkSpaces clients.
Modifies multiple properties related to SAML 2.0 authentication, including the enablement status, user access URL, and relay state parameter name that are used for configuring federation with an SAML 2.0 identity provider.
Modifies the self-service WorkSpace management capabilities for your users.
For more information, see Enable Self-Service WorkSpace Management Capabilities for Your Users.
Modifies the specified streaming properties.
Specifies which devices and operating systems users can use to access their WorkSpaces.
For more information, see Control Device Access.
modify_workspace_creation_properties(client, input, options \\ [])
View SourceModify the default properties used to create WorkSpaces.
Modifies the specified WorkSpace properties.
For important information about how to modify the size of the root and user volumes, see Modify a WorkSpace.
The MANUAL running mode value is only supported by Amazon WorkSpaces
Core. Contact your account team to be allow-listed to use this value. For more
information, see Amazon WorkSpaces Core.
Sets the state of the specified WorkSpace.
To maintain a WorkSpace without being interrupted, set the WorkSpace state to
ADMIN_MAINTENANCE. WorkSpaces in this state do not respond to requests to
reboot, stop, start, rebuild, or restore. An AutoStop WorkSpace in this state is
not
stopped. Users cannot log into a WorkSpace in the ADMIN_MAINTENANCE
state.
Reboots the specified WorkSpaces.
You cannot reboot a WorkSpace unless its state is AVAILABLE,
UNHEALTHY, or REBOOTING. Reboot a WorkSpace in the REBOOTING
state only if your WorkSpace has been stuck in the REBOOTING state for over 20
minutes.
This operation is asynchronous and returns before the WorkSpaces have rebooted.
Rebuilds the specified WorkSpace.
You cannot rebuild a WorkSpace unless its state is AVAILABLE,
ERROR, UNHEALTHY, STOPPED, or
REBOOTING.
Rebuilding a WorkSpace is a potentially destructive action that can result in the loss of data. For more information, see Rebuild a WorkSpace.
This operation is asynchronous and returns before the WorkSpaces have been completely rebuilt.
Registers the specified directory.
This operation is asynchronous and returns before the WorkSpace directory is registered. If this is the first time you are registering a directory, you will need to create the workspaces_DefaultRole role before you can register a directory. For more information, see Creating the workspaces_DefaultRole Role.
Rejects the account link invitation.
Restores the specified WorkSpace to its last known healthy state.
You cannot restore a WorkSpace unless its state is AVAILABLE,
ERROR, UNHEALTHY, or STOPPED.
Restoring a WorkSpace is a potentially destructive action that can result in the loss of data. For more information, see Restore a WorkSpace.
This operation is asynchronous and returns before the WorkSpace is completely restored.
Removes one or more rules from the specified IP access control group.
Starts the specified WorkSpaces.
You cannot start a WorkSpace unless it has a running mode of AutoStop or
Manual and a state of STOPPED.
Starts the specified pool.
You cannot start a pool unless it has a running mode of
AutoStop and a state of STOPPED.
Stops the specified WorkSpaces.
You cannot stop a WorkSpace unless it has a running mode of AutoStop or
Manual and a state of AVAILABLE, IMPAIRED,
UNHEALTHY, or ERROR.
Stops the specified pool.
You cannot stop a WorkSpace pool unless it has a running mode of AutoStop
and a state of AVAILABLE, IMPAIRED, UNHEALTHY, or ERROR.
Terminates the specified WorkSpaces.
Terminating a WorkSpace is a permanent action and cannot be undone. The user's data is destroyed. If you need to archive any user data, contact Amazon Web Services Support before terminating the WorkSpace.
You can terminate a WorkSpace that is in any state except SUSPENDED.
This operation is asynchronous and returns before the WorkSpaces have been
completely
terminated. After a WorkSpace is terminated, the TERMINATED state is returned
only briefly before the WorkSpace directory metadata is cleaned up, so this
state is rarely
returned. To confirm that a WorkSpace is terminated, check for the WorkSpace ID
by using
DescribeWorkSpaces.
If the WorkSpace ID isn't returned, then the WorkSpace has
been successfully terminated.
Simple AD and AD Connector are made available to you free of charge to use with WorkSpaces. If there are no WorkSpaces being used with your Simple AD or AD Connector directory for 30 consecutive days, this directory will be automatically deregistered for use with Amazon WorkSpaces, and you will be charged for this directory as per the Directory Service pricing terms.
To delete empty directories, see Delete the Directory for Your WorkSpaces. If you delete your Simple AD or AD Connector directory, you can always create a new one when you want to start using WorkSpaces again.
Terminates the specified pool.
Terminates the pool session.
Updates a Amazon Connect client add-in.
Use this action to update the name and endpoint URL of a Amazon Connect client add-in.
Shares or unshares a connection alias with one account by specifying whether that account has permission to associate the connection alias with a directory.
If the association permission is granted, the connection alias is shared with that account. If the association permission is revoked, the connection alias is unshared with the account. For more information, see Cross-Region Redirection for Amazon WorkSpaces.
Before performing this operation, call
DescribeConnectionAliases
to make sure that the current state of the
connection alias is CREATED.
To delete a connection alias that has been shared, the shared account must first disassociate the connection alias from any directories it has been associated with. Then you must unshare the connection alias from the account it has been shared with. You can delete a connection alias only after it is no longer shared with any accounts or associated with any directories.
Replaces the current rules of the specified IP access control group with the specified rules.
Updates a WorkSpace bundle with a new image.
For more information about updating WorkSpace bundles, see Update a Custom WorkSpaces Bundle.
Existing WorkSpaces aren't automatically updated when you update the bundle that they're based on. To update existing WorkSpaces that are based on a bundle that you've updated, you must either rebuild the WorkSpaces or delete and recreate them.
Shares or unshares an image with one account in the same Amazon Web Services Region by specifying whether that account has permission to copy the image.
If the copy image permission is granted, the image is shared with that account. If the copy image permission is revoked, the image is unshared with the account.
After an image has been shared, the recipient account can copy the image to other Regions as needed.
In the China (Ningxia) Region, you can copy images only within the same Region.
In Amazon Web Services GovCloud (US), to copy images to and from other Regions, contact Amazon Web Services Support.
For more information about sharing images, see Share or Unshare a Custom WorkSpaces Image.
To delete an image that has been shared, you must unshare the image before you delete it.
Sharing Bring Your Own License (BYOL) images across Amazon Web Services accounts isn't supported at this time in Amazon Web Services GovCloud (US). To share BYOL images across accounts in Amazon Web Services GovCloud (US), contact Amazon Web Services Support.
Updates the specified pool.