Scribd
Upload
21 views

AppStream2.0 Labguide 2019ReInvent

Build an Amazon AppStream 2.0

Uploaded by

Juan Alberto Coc
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
21 views

AppStream2.0 Labguide 2019ReInvent

Build an Amazon AppStream 2.0

Uploaded by

Juan Alberto Coc
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 89

2019

Build an Amazon AppStream 2.0


Environment to Stream Desktop Applications
to Your Users

Amazon AppStream 2.0 Lab Guide


Version re:Invent 2019

November 2019

Greg LaVigne
AWS Sr. Specialized Solution Architect
End User Computing

1
Welcome!
In this exercise, you will learn how to deploy and stream desktop applications for your
organization’s end users using Amazon AppStream 2.0, a fully managed, secure
application streaming service that runs on the AWS cloud.

During this lab exercise, you will play the role of both an AppStream 2.0 Administrator
and an end user. In that role, you will provision your own piece of the AWS cloud by
provisioning a Virtual Private Cloud and will follow the AppStream 2.0 Administrator
workflow to build, configure and provide access to business applications to your end
users.

In addition, examples of three different management methodologies are leveraged to


complete this infrastructure buildout.

What you will accomplish:

• Provision an Amazon Virtual Private Cloud (VPC) in order to provide an isolated


virtual network infrastructure within the AWS cloud that your Amazon AppStream
2.0 environment is then hosted in. You will leverage the AWS CloudFormation
service to do so.

• Provision and configure four example desktop applications using the Amazon
AppStream 2.0 service. You will then access them using your physical device's
HTML5 compatible browser.

2
• Perform the basic administrative tasks required to build an AppStream 2.0
environment, using the AWS Management Console, AWS CloudFormation in
order to stream desktop applications. Specifically, you will learn how to:

o Provision an AWS Virtual Private Cloud infrastructure and Image Builder


instance using the AWS CloudFormation service

o Access a provisioned “Image Builder” instance to then install and


configure desktop applications

o Use the Image Assistant utility to configure and optimize the desktop
applications for streaming purposes and create a custom image

o Provision a fleet that uses standard instance types using AWS


CloudFormation

o Provision a stack to stream the applications for end-user access

• Provision and manage users leveraging AppStream 2.0’s User Pool feature via
the AWS Management Console

What you will need before starting:

• An AWS account: You need an AWS account in order to begin using Amazon
AppStream 2.0. Refer to Appendix A in this guide for the AWS account ID
creation process.

We recommend you complete this process PRIOR to starting this exercise. If you
are completing this process now, please have:

o a cell phone available as a confirmation call or text is required to create


the account

o a Credit Card

o Note: A credit card number IS required to open an AWS account.


However, for the lab, we will only be using Free Tier components and
outline how to manage the appropriate components so that charges are
not incurred in Step 9.

3
• An email address that is accessible during the exercise. The build out of the
AppStream 2.0 environment during this lab sends two emails that will need to be
opened from an accessible email solution from your device’s browser so that the
user configuration process can be properly completed.

• Recommendation (Optional): You will want to configure the browser of choice


installed on your physical device to allow pop-ups from the
https://appstream2.<aws-region>.amazonappstream.com URL.

• Skill level: A basic understanding of desktop computing is helpful, but not


required.

• AWS experience: Prior knowledge of base AWS infrastructure (VPC, EC2, S3,
etc.) is helpful, but not required to complete this exercise.

4
Contents
Welcome! ...................................................................................................................................................... 2
Step 1: Log in in to the AWS Console and select a Region ............................................................................ 7
Step 2: Create the AS2LabVPC network infrastructure using AWS CloudFormation ................................. 10
Download the 2019EUCLabVPC_CF.template file to your local device .................................................. 12
Execute the CloudFormation Script ........................................................................................................ 13
Step 3: Provision an Image Builder Instance............................................................................................... 18
Step 4: Connect to the Image Builder Instance and Install Applications .................................................... 20
Connect to the Image Builder Instance .................................................................................................. 20
Application Installation Background ....................................................................................................... 22
Download the Notepad++ Installation Media ........................................................................................ 23
The Workshop Image Builder automated configuration script .............................................................. 25
Download the automated configuration script onto your image builder instance ................................ 25
Execute the Automated Configuration script using PowerShell ............................................................. 27
Test the installed and configured applications with a non-local admin user (Optional) ........................ 29
Step 5: Use the Image Assistant to create the Image ................................................................................. 30
Connect to the Image builder instance................................................................................................... 30
Start the Image Assistant and Create Application Catalog ..................................................................... 30
Configure Applications ............................................................................................................................ 37
Test Applications ..................................................................................................................................... 38
Optimize Start-Up Performance ............................................................................................................. 40
Configure the Image ............................................................................................................................... 42
Review and Create the Image ................................................................................................................. 44
Step 6: Provision the AS2LabFleet using AWS CloudFormation ................................................................. 46
Download the AS2LabFleet_CF.template file to your local device ......................................................... 46
Execute the CloudFormation Script ........................................................................................................ 46
Step 7: Define the Stack and add custom Branding.................................................................................... 53
Define the Stack ...................................................................................................................................... 53
Configure the Stack Storage Options ...................................................................................................... 55
Configure the Stack User Settings........................................................................................................... 56
Configure customized Branding for the Stack ........................................................................................ 57
Create a test streaming URL ................................................................................................................... 60
Step 8: Creating and managing users with User Pool ................................................................................. 64

5
Managing User Pools via the Amazon AppStream 2.0 console .............................................................. 64
Create a User.................................................................................................................................... 64
Assign a Stack to the User ............................................................................................................. 66
User Authentication and AppStream session .............................................................................. 67
Validate your Stack and Image Configurations ........................................................................... 69
Step 9: Lab Cleanup..................................................................................................................................... 71
Stop the image builder instance ............................................................................................................. 71
Stop the Fleet .......................................................................................................................................... 71
Appendix A: Create a new AWS “root” Account......................................................................................... 73
Appendix B: Manual Steps to provision an Image Builder .......................................................................... 83
Create an Image Builder Instance for installing Applications ................................................................. 83
Appendix C: Lab Topology (full-page size) .................................................................................................. 88
References and Informational links ............................................................................................................ 89

6
Step 1: Log in in to the AWS Console and select a Region
This exercise assumes you already have an AWS account created. If you do not have
one already, please see Appendix A. Create an AWS account then return here to login
to the AWS Console.

1. Open the Amazon AppStream 2.0 console


(https://console.aws.amazon.com/appstream2) where you are prompted to Sign in.

2. Enter the email address for your AWS account and click Next.

3. When prompted, enter your AWS account password, and then click Sign In.

4. In the upper right corner of the console menu bar, you will find a dropdown
menu for the regions immediately to the right of where your AWS account ID is
displayed. The region dropdown simply displays as a city, state or regional
area:

7
5. Amazon Web Services currently hosts services in 22 regions in various
geographic areas. Amazon AppStream 2.0 is currently available in nine of
those regions.

For the purposes of this lab today, select the US West (Oregon) region.
Normally, you could select any valid AppStream 2.0 region from the dropdown
list in which you want to create your AppStream 2.0 environment.

6. The initial Amazon AppStream 2.0 console page now opens:

8
Notice the line of text displayed below the two buttons. Initial AWS IAM access
is NOT provided by default and we’ll need these access permissions going
forward. Click the Get Started button.

7. Doing so automatically adds the AmazonAppStreamServiceAccess and the


ApplicationAutoScalingForAmazonAppStreamAccess IAM roles to your account
behind the scenes. These roles are required for subsequent steps. A “Get
Start” page also opens. When it does, click the SKIP button.

8. The AppStream 2.0 console dashboard then opens to the Stacks topic.

Once this page appears in your browser window, move to Step 2.

9
Step 2: Create the AS2LabVPC network infrastructure
using AWS CloudFormation
The steps in this section will walk you through running an AWS CloudFormation script to
build out a fully functioning Virtual Private Cloud (VPC) infrastructure in the selected
region [US West (Oregon)] you choose under your AWS account in an automated
fashion.

The VPC provides internet access to all instances regardless of subnet they may be
placed in and can be expanded and leveraged further with other AWS services should
the need arise.

The minimum base AppStream 2.0 VPC environment requires that one public subnet
and one private subnet are provisioned within the VPC, though two private subnets are
recommended in two different Availability Zones (AZs) for high availability. In order to
ensure proper internet access is available to all instances, an Internet Gateway and
NAT Gateway are provisioned within the VPC.

Note: In AWS speak; a “public” subnet is one that has direct access to the Internet. A
“private” subnet does not and therefore requires either a NAT Gateway or NAT Instance
to facilitate access to it.

Note: Individual NAT Instances can be used via EC2 instead of the NAT
Gateway managed service. Cost and redundancy considerations should be
reviewed when making this decision.

These are the specific components and CIDR blocks that the AWS CloudFormation
script provisions

VPC Components:

Option Value

VPC Region Region you selected in Step 1 [US West (Oregon)]

VPC Name AWS EUC VPC

VPC IPv4 CIDR block 10.0.0.0/20

10
Option Value

Public subnet name AWS EUC Public Subnet

Public subnet’s Availability TBD


Zone

Public subnet’s IPv4 CIDR 10.0.0.0/24

Private subnet 1 name AWS EUC Private Subnet1

Private subnet 1’s IPv4 CIDR 10.0.1.0/24

Public subnet 1 Availability TBD: but same as Public Subnet AZ


Zone

Private subnet 2 name AWS EUC Private Subnet2

Private subnet 2’s IPv4 CIDR 10.0.2.0/24

Public subnet 2 Availability TBD: but different from Private Subnet 1’s AZ
Zone

Internet Gateway FYI-managed service attached to AWS EUC VPC

NAT Gateway FYI-managed service instance provisioned in AWS


EUC Public Subnet
Elastic IP Allocation ID TBD:
FYI-This is then assigned to the NAT gateway.

AWS EUC Public Route Table FYI-Routes Public subnet internet traffic to Internet
Gateway and routes all S3 traffic to VPC endpoint
AWS EUC Private Route FYI-Routes Private subnet internet traffic to NAT
Table Gateway and routes all S3 traffic to VPC endpoint

Add endpoints for S3 to your FYI-Attached to VPC to facilitate direct AWS


subnets connection to S3 infrastructure

11
Note: For time saving purposes during this Workshop you may notice that an
AppStream 2.0 image builder instance is also provisioned during the execution of
this script. This will be discussed and reviewed in Step #3.

For reference purposes, the AWS topology of the completed “VPC” environment built
during the steps of this LAB exercise will look similar to this diagram:

Note: See Appendix C for a full-size image of this lab topology diagram.

For reference purposes, if you later want to create this VPC with all of these options via
the AWS Console manually, see Appendix B on page 46 of the AppStream 2.0 Getting
Started Guide: https://aws.amazon.com/appstream2/getting-started/

Download the 2019EUCLabVPC_CF.template file to your local device


The 2019EUCLabVPC_CF.template file is the AWS CloudFormation script you will use
to create the VPC and related cloud networking components required to complete the
lab.

1. Open a new browser tab within the browser of choice installed on your physical
device. Enter this URL address in order to access and download the
2019EUCLabVPC_CF.template file: http://labguide.appstreamlabs.com/

2. Right click on the 2019EUCLabVPC_CF.template link and select Save link as.

12
3. Save the file to the location of your choice, and then close the browser tab.

Execute the CloudFormation Script


Using AWS CloudFormation you are going to provision a VPC and its related
components, in an automated manner, under your AWS account in the Region [US
West (Oregon)] you selected earlier in step 1.

4. Open the AWS CloudFormation console


(http://console.aws.amazon.com/cloudformation) or click on the Services tab and
search for Cloudformation.

Note: As you start to type the word “cloudformation”, the entry will populate
automatically.

5. The AWS CloudFormation console opens in the region you selected in Step 1
[US West (Oregon)].

13
Click the Create stack button.

6. The Create stack window appears. Leave the default value of “Template is
ready” in the top most Prerequisite-Prepare template section.

Scroll down the page to the “Specify template” section, select the Upload a
template file radio button, then click the Choose File button when it appears:

14
7. A generic file open file window appears. Navigate to the path of the folder
where you downloaded and saved the 2019EUCLabVPC_CF.template file
earlier. Once there, select the file and then click Open.

8. Now in the Specify Template section:

The 2019EUCLabVPC_CF.template file is now populated. At the bottom of the


page, click Next.

9. The Specify Stack Details window opens. In the Stack Name text box, enter a
name for this AWS CloudFormation stack.

For this lab, enter “AS2LabVPC”, and then click Next.

10. The Configure Stack Options window opens. In the Tags section, enter these
two values:

15
• Key: ProjectCode

• Value: 2019reInvent

11. Leave all of the options as they are, scroll to the bottom of the page and click
Next.

12. The Review AS2LabVPC window appears. Scroll down to the bottom of the
page while reviewing the information you entered for your CloudFormation
stack configuration. Once you’ve completed scrolling, click Create stack.

13. The AWS CloudFormation dashboard appears and displays the progress of
your stack as it is being created. Under Events, the initial status displays
CREATE_IN_PROGRESS.

Note: Click the Refresh ( ) icon to update the status periodically so you
can monitor the automated provisioning of the individual VPC networking
components as they are being created within the Events section.

14. After (15ish) minutes, the CloudFormation dashboard opens and shows the
overall status of the AS2LabVPC stack as CREATE_COMPLETE.

16
Note: As previously indicated, you will notice a Security Group and Image
Builder instance also being provisioned. Once you see the logical ID of
PrivateRoute listed with a Status of Create_Complete, (which you should within
roughly 4 minutes of kicking the process off) feel free to move on to #15-16 to
review the provisioned VPC environment, but come back to the
CloudFormation console when you have completed your VPC review.

15. Now open the Amazon VPC console (https://console.aws.amazon.com/vpc) in


order to review the various VPC components that were provisioned by the AWS
CloudFormation script.

16. In the navigation pane, click Your VPCs to see the AWS EUC VPC that is
displayed.

Feel free to click on these components found on the navigation pane to review
all of the VPC related components that the template provisioned:

• Subnets, Route Tables, Internet Gateways, Elastic IPs, Endpoints,


NAT Gateways, Security Groups, Network ACLs

17
Step 3: Provision an Image Builder Instance
The foundational component that AppStream 2.0 leverages to stream applications is an
image. The AppStream 2.0 Image Builder process facilitates the creation of a custom
image that ultimately is used to stream configured applications to end users.

For time saving purposes during this Workshop, an AppStream 2.0 Image Builder
instance was provisioned as a part of the VPC CloudFormation template. The Image
Builder provisioning process takes approximately 12 to 15 minutes to complete. During
this time, your Image Builder instance will show a status of “Pending” while it is being
created.

Note: In order to enable you to walk through the provisioning of the Image Builder
manually at a later time, step by step instructions can be found in Appendix B.

1. To review the Image Builder instance that was provisioned, open the Amazon
AppStream 2.0 console (http://console.aws.amazon.com/appstream2).

2. The AppStream 2.0 console appears. In the navigation pane to the left, click
Images and then click the Image Builder tab.

The AS2Lab_Image_Builder1 instance should be listed with a status of


Running.

FYI: The CloudFormation template provisioned a Windows Server 2019 (last


patched on 9-18-19) on a General Purpose “stream-standard-medium (2vCPUs + 4GB RAM)”
instance type.

You can now proceed to the next section in order to start installing applications and
create a custom image.

Note: Charges DO accrue for an image builder instance while it is running, even if
there is not an admin user actively connected. You can stop or terminate the image

18
builder at any time to “stop the meter”. There are no additional user fees incurred
for admin users connecting to an image builder.

19
Step 4: Connect to the Image Builder Instance and Install
Applications
Now that you have provisioned an Image Builder instance, you will use it to install and
configure the applications to stream to your end users. By the end of this step, you want
to have all of your applications installed and configured along with any required runtime
libraries or other application required support components.

In this section, you will complete the following:

• Remotely connect to your Image Builder Instance

• Download/access all required application installation media, including necessary


runtime/support files and patches (automated)

• Install and configure the applications

• Configure Default Application settings

Note: For this step, you will want to configure your browser on your physical device to
allow pop-ups from https://appstream2.<aws-region>.amazonappstream.com/.

Connect to the Image Builder Instance


1. Open the Amazon AppStream 2.0 console
(http://console.aws.amazon.com/appstream2).

2. In the navigation pane, click Images and then click the Image Builder tab.

3. Select the Image Builder instance (AS2Lab_Image_Builder1) that was


provisioned in Step 3:

20
Verify that its status is “Running”. If so, select it and click Connect.

Note: If the status is “Stopped”, select the instance and then in the Actions
dropdown menu, select Start. Use the Refresh icon to refresh the instance list
until the status is “Running”. Once the image builder instance shows a status of
“Running”, then you can select that instance and click the Connect button.

4. A new browser tab opens displaying the user login options:

Since this instance was not joined to an Active Directory domain, we will use
the Local User tab and click on the Administrator user to install and configure
the applications.

5. After a few moments wait while you are connecting:

You will be remoted in to a generic Windows Server 2019 instance with a local
user who has full local administrative privileges.

21
6. You can now proceed with installing and configuring your business
applications.

Application Installation Background


You are able to install and configure many types of applications for streaming, including:

• Vendor-provided .exe or .msi files

• Enterprise customized packages (.msi with .mst, .exe, etc.)

• Browsers with configured URLs and/or required plugins

• Virtualized applications (ThinApp, App-V, layered)

Regardless of the application type, you need to consider how the installation media or
files will be accessed for the installation. Options here include but are not limited to:

• Direct downloads from software vendors websites that can be saved locally
(.exe, .msi)

• Direct installations from software vendors websites (examples include Adobe


Reader, Google Maps)

• Disk image files (.iso)

22
• Enterprise Application package repositories (SCCM distribution points, etc.)

• Source file repositories (file shares, etc.)

We suggest that the installation source media or files be consolidated to a centralized


and accessible repository. Here are some recommended options:

• Amazon S3 Bucket (or another cloud storage solution) where media can be
downloaded to the Install Builder instance through a browser

• Amazon FSx for Windows or another Windows-accessible file share within your
VPC.

• Locally in a folder on the physical device connecting to the Image Builder


instance through the browser

• A list of direct URLs to vendor installation downloads

This lab uses the following URLs to download the installation media:

• Google Chrome Enterprise: https://enterprise.google.com/chrome/chrome-


browser/

• Notepad++: https://notepad-plus-plus.org/

• Microsoft Visual Studio Code: https://code.visualstudio.com/

Download the Notepad++ Installation Media


At the time of the writing of this lab guide, the fine folks at Notepad++ had recently
changed hosting providers and platforms. As such, the author of this guide was seeing
inconsistent DNS resolution results when using their URLs. As a result, you are going to
walk through simply downloading and saving the Notepad++ version 7.81 x64 installer
bits to the downloads folder of your Image Builder instance. From there, the automated
installation process will look for that downloaded file and perform the install for you.

1. Launch Firefox by clicking the Firefox desktop icon.

• Firefox introduces you to itself, click the Start Browsing button.

23
2. Enter this URL in Firefox to download the full Notepad++ installer:
https://notepad-plus-plus.org/

3. In the navigation pane on the left side, click download.

4. When the page loads, click the Notepad++ 7.8.1 release listed on the right side
under the Downloads header.

Note: There may be newer versions. However, the automated process you are
going to use to perform the application install is looking for the specific 7.8.1
version so please be sure to use this specific version.

5. Scroll down the page to the Download 64-Bit x64 section.

6. Once there, click the Installer: URL entry to begin the download.

7. When prompted, click Save File. The file is automatically saved to the local
administrator Downloads folder on your Image Builder Instance.

24
8. Once the file download is complete, you can leave Firefox open.

The Workshop Image Builder automated configuration script


For the sake of time, a PowerShell script is leveraged to automate these steps.
However, you can manually install the software as you would on any other Windows
device.

You will download the PowerShell script that you will simply execute on your image
builder instance. The script will perform the following tasks for you:

• Create a c:\temp folder on your image builder instance

• Create a c:\AS2Files folder on your image builder instance

• Install the previously downloaded Notepad++ v7.8.1 x64 application

• Download and Install the Google Chrome Enterprise x64 browser

• Download and Install the Microsoft Visual Studio Code editor

• Download 2 additional lab files that will be used later to the C:\AS2files folder

These are all example applications. If time allows, feel free to manually download and
install any additional applications you might want to trial with.

Download the automated configuration script onto your image builder


instance
9. From within the Image Builder instance, open File Explorer by clicking the
folder icon ( ) on the windows taskbar.

10. After File Explorer opens, click on the “This PC” icon to expand it.

11. Scroll down and right click on the Local Disk (C:) to expose the context menu:

25
Select the New option from the newly exposed dropdown menu and then click
on Folder after that option appears.

12. A new folder (labeled “New folder”) appears. Overwrite the “New folder” text
with the word “Temp”:

Once entered, hit the Return key.

13. Close File Explorer

14. Using Firefox enter this URL address in order to access and download the lab
files:
26
http://labguide.appstreamlabs.com/

15. The automated configuration script file to download is the AS2AppInst.ps1 file.
Right click on that “AS2AppInst.ps1” script and select Save File/Link as.

16. Navigate to C:\Temp and click Save.

Execute the Automated Configuration script using PowerShell


17. To execute the automated configuration script using PowerShell in an
administrative user context, from the start menu, select Start, and open the
Windows PowerShell folder:

Right click on Windows PowerShell icon to expose the context menu and select
Run as administrator.

18. When the PowerShell window opens, enter and run this series of commands:

a. Enter “Set-ExecutionPolicy Bypass -Scope CurrentUser”


and then press the enter key

b. A prompt entitled “Execution Policy Change” appears,


enter “A” to choose Yes to All and then press the
enter key

c. Enter “cd\” and then press the enter key

d. Enter “cd temp” and then press the enter key

27
e. Enter “./as2appinst” and then press the enter key

19. The script begins to execute:

You will see some application installs occur until the script finally completes:

Once the script is found to be back at the C:\temp prompt, close PowerShell
using the “X” icon in the top right corner.

Note: In the event, you see this window pop open during the execution of the
automation configuration script:

This indicates that the expected Notepad++ installer file was NOT downloaded
and/or saved to the expected downloads folder. Click OK to allow the script to
continue. Once it has completed, return to Step 4, page 23 and follow the steps

28
outlined in the Download the Notepad++ Installation Media section. Once
completed, you may execute the script again.

20. Close PowerShell and close any other windows that remain open on the
desktop.

21. From the Start Menu, validate the Google Chrome, Visual Studio Code and
Notepad++ icons are all listed at the top under Recently Added:

Feel free to launch the newly installed applications to validate they function.

Test the installed and configured applications with a non-local admin user
(Optional)
The final recommended step, prior to kicking off the Image Assistant process, is to
switch users again (Admin Commands, Switch User) and select the local Test User.
This test user is a local “non-administrative” user account that does not have any
elevated user rights. Once authenticated, proceed to launch each of the applications
that are installed to validate the installation is valid and functioning.

For the sake of time in today’s lab, this important step is skipped.

You have reached the point where the applications to stream are installed, configured,
and have been validated. You can now proceed to the next section to begin the
AppStream 2.0 Image Assistant process

29
Step 5: Use the Image Assistant to create the Image
You now have an Image Builder instance with individual applications installed and
configured. You need to now define those applications for streaming purposes, have the
Image Assistant optimize them to ensure optimal streaming performance, and finally
create a master image.

Skip to # 3 if the remote connection remains open to the Image Builder instance. Please
be sure that the local Administrator user is logged in.

Connect to the Image builder instance


1. Open the Amazon AppStream 2.0 console
(http://console.aws.amazon.com/appstream2).

2. Connect and remote into the image builder instance as the local Administrator
user as you did previously. (See Step 4: Connect and remote in to the Image
Builder Instance section on page 20).

3. Using file explorer, navigate to the C:\AS2Files folder and open the
c:\as2files\2019labconfig.txt file so that you can reference (copy/paste) it in the
subsequent steps.

Start the Image Assistant and Create Application Catalog


This step formally defines the locally installed applications that will be enabled and
presented to end user. Some of the configurations defined here include name, display
name, executable file to launch, and icon to display.

4. Open the Image Assistant by double clicking the desktop icon.

5. The AppStream 2.0 Image Assistant applet opens, with the 1. ADD APPS tab
open. Click + Add App in order to add the first application (AWS_URL via
Google Chrome) configuration.

30
6. An Open dialog box opens. Navigate to the location of the Chrome executable
(C:\Program Files (x86)\Google\Chrome\Application) and click
the chrome.exe file. Notice that the File Name field populates with chrome.
Click Open.

7. Enter the following information in the App Launch Settings window:

App Launch Settings fields for Amazon Web Services

Option Value

Name AWS_URL

Display Name Amazon Web Services

Launch Path Leave the default value (C:\Program Files


(x86)\Google\Chrome\Application\chrome.exe)

31
Option Value

Icon Path Use the Browse button to open the c:\AS2files


folder. Select the aws.png file and then click
Open.

Launch Parameters Enter this syntax:


--no-default-browser-check --no-first-run
https://aws.amazon.com

Working Directory Leave blank

The App Launch Settings entries should be:

Click Save when complete.

8. In the AppStream 2.0 Image Assistant window, click +Add App again to add
the second application, Notepad++.

9. An Open dialog box opens. Navigate to the location of the Notepad++


installation (C:\Program Files\Notepad++) and click notepad++.exe.
Note that the File Name field populates with Notepad++. Click Open.

32
10. Enter the following information into the Image Assistant App Launch Settings
window:

App Launch Settings fields for Notepad++

Option Value

Name Notepad++_x64

Display Name Notepad++

Launch Path Accept default value (C:\Program


Files\Notepad++\notepad++.exe)

Icon Path Accept default value


(C:\ProgramData\Amazon\Photon\AppCatalog\...)

Launch Parameters Leave blank

Working Directory Leave blank

So that the App Launch Settings window appears as:

11. Click Save when complete.

33
12. In the AppStream 2.0 Image Assistant window, once again click +Add App
again to add the third application, Visual Studio Code.

13. An Open dialog box opens. Navigate to the location of the Visual Studio Code
application (C:\Program Files\Microsoft VS Code\) and click
code.exe. Note that the File Name field populates with Code. Click Open.

14. Enter the following information into the Image Assistant App Launch Settings
window:

App Launch Settings fields for Visual Studio Code

Option Value

Name VS_Code

Display Name Visual Studio Code

Launch Path Accept default value (C:\Program Files\Microsoft


VS Code\Code.exe)

Icon Path Accept default value


(C:\ProgramData\Amazon\Photon\AppCatalog\...)

Launch Parameters Leave blank

Working Directory Leave blank

So that the App Launch Settings window looks like:

34
Click Save when complete.

15. In the AppStream 2.0 Image Assistant window, once again click +Add App
again to add the final application, Windows File Explorer.

16. An Open dialog box opens. Navigate to the location of the Visual Studio Code
application (C:\windows\) and click explorer.exe. Note that the File
Name field populates with explorer. Click Open.

17. Enter the following information into the Image Assistant App Launch Settings
window:

App Launch Settings fields for File Explorer

Option Value

Name file_explorer

Display Name Windows File Explorer

Launch Path Accept default value (C:\windows\explorer.exe)

35
Option Value

Icon Path Accept default value


(C:\ProgramData\Amazon\Photon\AppCatalog\...)

Launch Parameters Leave blank

Working Directory Leave blank

So that the App Launch Settings window appears like:

Click Save when complete.

18. At this point, all four of the configured applications are listed in the 1. ADD
APPS tab of the Image Assistant.

36
19. Now click Next to proceed to the 2. CONFIGURE APPS tab.

Configure Applications
In this step, you would create any custom default application and Windows settings for
your users. This allows the users to get started quicker with the applications, as they will
not have to perform additional configurations prior to leveraging the applications.

If there were NOT any custom configurations required for your business applications,
you would simply skip this step and move to the next tab. For the sake of time in today’s
lab, this step is skipped.

20. The Image Assistant now moves focus to the 2. CONFIGURE APPS tab:

37
Since we are skipping this step, click Next. The 3. TEST tab automatically
appears.

Test Applications
The applications are now installed and defined for streaming purposes. For this step, a
local non-administrative user account is used to validate those application definitions.
This is a local machine account that does not have any elevated or local admin
privileges and is used in order to properly validate that the applications launch properly.

21. The focus of the Image Assistant has moved to the 3. TEST tab. Click the
Switch User button.

22. A list of local users is presented again. Click the Test User listed under the
Local User tab.

23. Open the Image Assistant by double-clicking the desktop icon. The Test Apps
window opens, listing the applications to validate.

38
24. Open the first application, Amazon Web Services, by clicking it.

Note: You must launch the application from the AppStream 2.0 Test Apps
window and not from the desktop or the Start menu icons.

25. Google Chrome opens to the AWS website. Allow the browser to start up
completely.

26. Close Chrome.

27. From the Test Apps window, click the Notepad++ app, to launch it.

28. Notepad++ opens. Allow the application to start up completely.

29. Close the Notepad++ application.

Click Ok to close if prompted.

30. From the Test Apps window, click the Visual Studio Code app, to launch it.

31. Visual Studio Code opens. Allow the application to start up completely.

32. Close the Visual Studio Code application.

39
33. From the Test Apps window, click the Windows File Explorer app, to launch it.

34. File Explorer opens. Allow the application to start up completely.

35. Close the File Explorer application.

36. The individual application validation is complete. From the Image Assistant Test
Apps window, click the Switch User button.

37. When prompted, click the Administrator listed under the Local User tab to log
back in.

38. In the Image Assistant 3. TEST tab, click Next to move to step 4 Optimize.

Optimize Start-Up Performance


In this step, final optimizations are identified and processed by the AppStream 2.0
streaming service so that when the application is streamed by end users, the start-up
performance for each application is optimal. To do this, launch each application and
complete a first run experience for each application listed.

Note: "Optimize" refers to a behind-the-scenes process that monitors how an


application starts up and directs the streaming service as to how best to tune itself to
ensure that the application is in a useable state as quickly as possible for end users
when they are launched.

39. The focus of the Image Assistant moves to the 4. OPTIMIZE tab. Click the first
application listed to select it, Amazon Web Services, and then click Launch to
open it.

40
40. Google Chrome opens. Note that the default homepage is set to
http://aws.amazon.com, validating that the configuration has been properly set
within the Application Definition.

41. An Image Builder confirmation appears on the Chrome application window,


asking you to wait until Amazon Web Services has completely started:

Once you have completed the first run experience and validated the Chrome
configuration, click Continue.

42. The second application, Notepad++, opens automatically. Click Continue when
prompted again.

41
43. The third application, Visual Studio Code, opens automatically. Click Continue
when prompted again.

44. The final application, File Explorer, opens automatically. Click Continue when
prompted again.

45. You will see a brief “Optimizing your app launch experience” window pop open:

until the Image Assistant automatically proceeds to step 5. CONFIGURE


IMAGE.

Configure the Image


Now you can configure the name and record details of the image that you are about to
create and ultimately use for streaming purposes.

46. With the focus of the Image Assistant on the 5. CONFIGURE IMAGE tab, enter
the following information:

Image Details

Option Value

Name The unique name identifier for the image, such as


AS2Lab_Image_v1. Note the naming syntax following
this table.

Display Name A user-friendly name to be displayed in the console,


such as AS2Lab Image v1 mm/dd/20yy

42
Option Value

Description An optional text box where you can enter details of


the image: for example, Image v1 created by (your
initials or name) on mm/dd/20yy. Apps include AWS
URL on Chrome Enterprise x64, Microsoft Visual
Studio Code, Notepad++ and File Explorer.

Tags TAGs are MetaData identifiers you can add to your


AWS resources. We are going to add a tag to this
image builder instance so click Add Tag.
Under Key, add “ProjectCode” and in the associated
Value field enter “2019reInvent”

Always use latest agent Leave this checked. This ensures the image will stay
version current with the latest AWS managed service updates
automatically.

Naming Syntax

The Name and Display Name fields are for identification purposes only. You
may use any names that are meaningful to you.

The Name field's syntax cannot begin with "Amazon," "AWS," or "AppStream,"
but you can use any combination of these characters:

• Lowercase letters (a-z)

• Uppercase letters (A-Z)

• Numbers (0-9)

• Non-alphanumeric characters (_ and -)

Note: The Display Name field's syntax does not have these restrictions. You can
use any non-alphanumeric characters as well as spaces between characters.

Once the image details are populated:

43
Click Next to move the Image Assistant to step 6. REVIEW.

Review and Create the Image


In this step, you review the image details previously entered the start the image creation
process. Once started, you are automatically disconnected from the remote session.

47. With the focus of the Image Assistant on the 6. REVIEW tab, verify the image
details and click Disconnect and Create Image.

The remote session is disconnected within a few moments, leaving you with a
dialog informing you your image is being created.

44
Note: In rare cases, you may get an error.

Note: You can also check the image builder status in the AppStream 2.0
console to validate your image builder is in the SNAPSHOTTING state.

48. You may now close that browser/tab as the image creation process has started
and you will not be able to reconnect while the image is being created.

49. The image creation process generally takes about 15-20 minutes to complete
(however it can take longer depending on size, etc.). If it is not still open,
reopen the Amazon AppStream 2.0 console
(http://console.aws.amazon.com/appstream2).

50. In the navigation pane, click Images and then click the Image Registry tab.
Select All Images drop-down menu and select Private and shared with
others to filter the image options. During this process, the image being created
shows a status of “Pending” while it is being created.

51. Click the Refresh ( ) icon to update the status.

NOTE: The Image Builder instance that was used to create the image is
automatically left in a stopped state when the imaging process completes. Should
updates need to be made in the future, simply start the Image Builder instance and
connect to it to then make any updates, or create a new Image Builder off the
image you created. Run through the Image Assistant process again in order to
create an updated image.

Once the status value changes to “Available”, your image has been created
successfully, and you can proceed to the next section to configure a fleet.

45
Step 6: Provision the AS2LabFleet using AWS
CloudFormation
The steps in this section walk you through executing an AWS CloudFomation stack
template to define and provision the Amazon AppStream 2.0 Fleet and associated
instances within the selected region [US West (Oregon)] you chose under your AWS
account in an automated fashion.

The instances are provisioned into one of the AS2Lab Private subnets of your choosing.

Download the AS2LabFleet_CF.template file to your local device


1. Open a new browser tab within the browser of choice installed on your physical
device. Enter this URL address in order to access and download the
AS2LabFleet_CF.template file: http://labguide.appstreamlabs.com/

2. Right click on the AS2LabFleet_CF.template link and select Save link as.

Note: The AS2LabFleet_CF.template file is the AWS CloudFormation script


you will use to define the Fleet configuration and provision the associated fleet
instances.

3. Save the file to the location of your choice, and then close the browser tab.

Execute the CloudFormation Script


Using AWS CloudFormation, you are going to configure and provision an Amazon
AppStream 2.0 Fleet and its related components, in an automated manner, under your
AWS account in the Region you selected earlier in step 1 [US West (Oregon)].

4. Open the AWS CloudFormation console


(https://console.aws.amazon.com/cloudformation) or click on the Services tab and
search for CloudFormation.

Note: As you type the word CloudFormation, the entry will populate
automatically.

5. The AWS CloudFormation console opens to the Stacks dashboard view, click
the Create Stack button now found in the top right corner.

6. Doing so presents two choices:

46
Click the “With new resource (standard)” option

7. The Create stack window appears. Leave the default value of “Template is
ready” in the top most Prerequisite-Prepare template section.

Scroll down the page to the “Specify template” section, select the Upload a
template file radio button, then click the Choose File button when it appears:

47
8. A generic file open file window appears. Navigate to the path of the folder
where you downloaded and saved the AS2LabFleet_CF.template file earlier.
Once there, select the file and then click Open.

9. Notice the uploaded AS2LabFleet_CF.template file is now populated in the


Specify Template section:

At the bottom of the page, click Next.

10. The Specify stack details window opens. Enter the following information, and/or
review the prepopulated default values, and make a selection where a
dropdown option is presented.

Stack details fields

Stack Name This is the name of the AWS CloudFormation stack.


Enter “AS2LabFleetCF”

Name of Fleet This will be the system name of the fleet.


Leave default entry of “AS2Lab_Fleet”

Image Name Enter the name of the image you created in Step 5,
AS2Lab_Image_v1 (or the name you specified in Step 5, #46)

Number of instances This will be the maximum number of instances that will be
running at any time in this fleet.

Set the value to “3”

48
Instance Type The type of instances (ie hardware configuration) for all
instances that are provisioned during the life of this fleet. This
lab only offers the free tier options of stream.standard.medium
or stream.standard.large.

Choose either the default option of


stream.standard.medium.or stream.standard.large.
Subnet Select ONE of the PRIVATE subnets from the dropdown
option.

Select either EUC Private Subnet1 or EUC Private Subnet2.


Disconnect Timeout The time duration (specified in seconds) that a user’s
AppStream 2.0 session would stay running in the background
after a user disconnect.

For this lab, leave the default value of “900” for (15 minutes).
Max Session Duration This is the maximum length of time (specified in seconds) a
user’s session will stay active.

For this lab, leave the default value of “57600” for (16 hours)

Your entries should look something similar to:

49
Once finished, click Next.

11. The Configure Stack Options window open. In the Tags section, enter these
two values:

• Key: ProjectCode

• Value: 2019reInvent

12. Leave the remaining options blank as they are by default and click Next.

50
13. When prompted, scroll down the page and review the information for the AWS
CloudFormation AS2LabFleetCF stack. When you are satisfied with the
settings, click Create stack.

14. The AWS CloudFormation dashboard appears and displays the progress of
your stack as it is provisioned along with an initial status of
“CREATE_IN_PROGRESS”.

Click the Refresh ( ) icon to update the status periodically so you can
monitor the automated provisioning of the Fleet components as they are being
created in the Events pane below. Behind the scenes, individual AppStream 2.0
fleet instances are provisioned using the Image you created in Step 5. As a
result, this process can take roughly 10 minutes.

15. After a few minutes, the stack status should change from
“CREATE_IN_PROGRESS” to “CREATE_COMPLETE”.

16. Open the Amazon AppStream 2.0 console


(http://console.aws.amazon.com/appstream2) to review the AppStream 2.0 Fleet
details as configured and provisioned by the AWS CloudFormation script.

17. In the navigation pane, click Fleet to see the Amazon AppStream 2.0 fleet that
was indeed provisioned:

51
Notice the AS2Lab_Fleet_v1 fleet shows a status of Running. Select that fleet to
review the fleet details in the various tabs located at the bottom pane.

52
Step 7: Define the Stack and add custom Branding
An AppStream 2.0 Stack adds the user access controls, storage options and custom
branding configurations to the environment that end users will use to access the
streamed applications.

Define the Stack


1. Open the Amazon AppStream 2.0 console
(http://console.aws.amazon.com/appstream2).

2. In the navigation pane, click Stacks and then click Create Stack.

3. The Stack details window opens. Enter the following information and click
Next.

Stack Details fields

Option Value

Name The unique name identifier for the fleet, such as


AS2Lab_Stack.
Note the naming syntax following this table.

Display Name The friendly name displayed in the console, such as


AS2Lab Stack

Description An optional text box where you can enter details of


the fleet.
For example: Stack created originally by (your initials
or name) on mm/dd/20yy. It leverages the
AS2Lab_Fleet fleet that was built on top of the
AS2Lab_Image_vX image. Apps to stream include
AWS URL on Chrome Enterprise x64, Notepad++,
Visual Studio Code and File Explorer.

Redirect URL An optional URL to which users are redirected to at


the end of their streaming session.
For this lab, enter: https://reinvent.awsevents.com/

Feedback URL An optional URL to which users are redirected to at


the end of their streaming session.

53
Option Value

For this lab, enter:


https://console.aws.amazon.com/support/home

Fleet Select the AS2Lab_Fleet fleet that you created via


AWS CloudFormation in Step 6.
Note: that it will be Running.

Tags TAGs are MetaData identifiers you can add to your


AWS resources. We are going to add a tag to this
image builder instance so click Add Tag.
Under Key, add “ProjectCode” and in the associated
Value field enter “2019reInvent”

VPC Endpoints Feel free to expand and review the configuration


options, but do NOT select any options here.

Embed AppStream 2.0 Feel free to expand and review the configuration
options, but do NOT select any options here.

Naming Syntax

The Name and Display Name fields are for identification purposes only. You
may use any names that are meaningful to you.

The Name field's syntax cannot begin with "Amazon," "AWS," or "AppStream,"
but you can use any combination of these characters:

• Lowercase letters (a-z)

• Uppercase letters (A-Z)

• Numbers (0-9)

• Non-alphanumeric characters (_ and -)

Note: The Display Name field's syntax does not have these restrictions. You can
use any non-alphanumeric characters as well as spaces between characters.

54
Configure the Stack Storage Options
4. The Enable Storage window opens. In order to leverage AppStream2’s
persistent storage feature, ensure that the Enable Home Folders option is
selected.

Option Value

Home Folders This is the AppStream 2.0 persistent storage option.


This optional feature leverages S3 Home Folders in
order for users to be able to save data over time
across the AppStream Fleet instances they may use.
Note this S3 Bucket name.
Click the Enable Home Folders option box and then
note the S3 Bucket Name that has been generated
for later reference.

Google Drive for G Suite If this feature is optionally enabled, users can link to
their Google Drive account during streaming
sessions.
Be sure this option is NOT selected for this lab.

OneDrive for Business If this feature is optionally enabled, users can link to
their Microsoft OneDrives during streaming sessions.
Be sure this option is NOT selected for this lab.

Also, record the S3 Bucket Name that will be created automatically in S3 under
your account for these purposes.

55
Click Next.

Configure the Stack User Settings


5. The User Settings options window appears:

The Clipboard, File Transfer and Print to Local device options provide
AppStream 2.0 administrators further granularity in controlling how Users can

56
transfer data between their physical devices and the remote streaming session.
For the lab purposes, leave the default settings.

The Application Settings Persistence section gives administrators the option to


allow their users the ability to customize their application and windows session
settings and allow them to persist across AppStream 2.0 instances over time as
well as across other Stacks they have been assigned. These settings are saved
in an S3 bucket within your AWS account.

6. For Lab purposes, ensure the Application settings persistence option is enabled
and leave the default Settings group labeled as “AS2Lab_Stack”. Click the
Review button to continue.

7. On the next screen, review the stack configuration. After reviewing, click
Create.

8. After a few moments, the Stack dashboard reappears:

Notice that the ASLab_Stack is now listed with a status of “Active”.

Configure customized Branding for the Stack


You are going to add a custom logo and icon, which has been prepared but two files
are needed prior to doing so. Again, on your physical device, open a new browser tab
and enter this URL address: http://labguide.appstreamlabs.com/
57
9. Once the page opens, the logo file to download is the “AS2Lab R Us Corp” file.
Right click on that logo and select Save image as.

10. Save the file (stacklogo.gif) to the same local directory you have used
previously.

11. Save the the AWS logo (aws.png) file as well.

Note: You were asked previously to save it within the image builder instance
not on your physical device.

12. In the lower pane, click the Branding tab. By default, all stacks are provisioned
to use the default AppStream 2.0 theme:

However, AppStream 2.0 stacks can be altered and custom branded for your
organization. Click the Custom option button.

By doing so, additional (and optional) branding settings are presented. Review
the options and enter the provided values and image files if you so choose in
order to customize your AppStream 2.0 Application Catalog page.

Option Value

Application catalog page: You are able to add a custom logo to the Application
Catalog launch page as long as it meets these
Organization logo
requirements.
File type: .png, .jpg, .jpeg or .gif
Max logo dimensions: 1000 x 500 px
Max file size: 300 KB
For the lab purposes, a demo logo (stacklogo.gif)
has been uploaded to the share. Download that file

58
Option Value

(as you have done previously) to your physical


device.
Click Upload, and then navigate to where you
downloaded the StackLogo.gif file. Select the file and
click Open.

Application catalog page: You are able to add up to three website links to your
Application Catalog page. Each link has a display
Organization website links
name entry, then the actual URL.
For the lab and the first URL enter Amazon.com as
the display name and http://amazon.com as the url.
You can repeat this process by adding a pair of
entries for 2 more additional weblinks. Feel free to
add a display name and URL (including the leading
http:// or https://) to your favorite website(s).

Application catalog page: There are 4 color themes that you can choose from
to use for the hyperlink(s) you just entered above.
Color themes
For this lab, pick any one of the four options.

Browser Tab: Page title You can add text to include as a title page.
For this lab, enter “AS2Lab Application Catalog”

Browser Tab: Favicon You are able to choose an icon to display at the top
of your users browser tab during streaming sessions
as long as it meets these requirements:

File type: .png, .jpg, .jpeg, .gif or .ico


Max logo dimensions: 128 x 128 px
Max file size: 50 KB
For this lab, click Upload, and then navigate to
where you downloaded the AWS.png file. Select the
file and click Open.

Once all entries are completed, the entries should look similar to this:

59
13. Click Save.

Create a test streaming URL


You have defined your stack, and your streaming environment is ready for end users to
access. In order to test the stack, you will create a temporarily URL that can be pasted
into a new browser tab on your physical device.

Note: Realistically, organizations will not manage users and streaming URLs in this
manner. AppStream 2.0 comes with a robust set of APIs that you can use to generate
URLs.

60
AppStream 2.0 also offers SAML integration, which provides an automated avenue for
single sign-on capabilities. The SAML integration manages both the end user's tie to a
streaming URL and the useful life of the URL.

For Active Directory join fleets, this option is NOT available. The create streaming API
would be used instead.

14. On the Stacks dashboard, select AS2Lab_Stack stack.

15. Click Actions to open the menu:

Select the Create streaming URL option.

16. A Create streaming URL window opens. Enter the following information:

Create Streaming URL Fields

Option Value

User ID Specify a user ID. For this lab, enter AS2LabTest.

Note: This entry is not tied an active directory or a


LDAP type of directory service. It is simply an
identifier for creating a unique URL.

Session Expiration Click an option on the menu. For this lab, select 1
hour.

Note: This entry specifies how long this test URL is


available and active for the User ID to use.

Once entered, click Get URL.

61
17. The Create streaming URL window automatically refreshes, now displaying
the user ID that you entered and the URL that AppStream 2.0 generated for this
user.

Click Launch in Browser to automatically open the copied link in a new tab
and move to #7 OR you can click Copy Link to copy the full URL to the
clipboard.

18. If you clicked Copy Link, the Create streaming URL window is refreshed a
third time, now reporting that the link was successfully copied to your system's
clipboard. Close the Create Streaming URL window.

19. In the browser on your physical device, open a new tab and paste the
streaming URL into the address bar. This opens the streaming catalog for your
newly provisioned AppStream 2.0 Stack.

62
20. To validate, click on the AWS application icon to launch the Google Chrome
streaming session from an AppStream 2.0 Fleet instance.

21. Use the application catalog ( ) icon found on the AppStream 2.0 toolbar to
then launch Notepad++. Do the same for the Visual Studio Code and File
Explorer applications.

22. Once validated, close the browser tab that was opened to test the streaming
URL

23. Close the Create Streaming URL window.

63
Step 8: Creating and managing users with User Pool
AppStream 2.0 supports various directory service options (AppStream 2.0 User Pools,
SAML 2.0 and SAML 2.0 with Active Directory). We will be creating users in the AS2
User Pool. End user ID’s are created within the User Pools and a temporary password
along with an AppStream 2.0 URL for their stack are emailed to them. Users then use
the URL to set a password within the User Pools system and authenticate into the
AppStream 2.0 environment to access any assigned Stack(s).

Leverage the steps outlined below to manually create a User Pool user via the AWS
AppStream.

Managing User Pools via the Amazon AppStream 2.0 console

Create a User
1. Open the Amazon AppStream 2.0 console
(http://console.aws.amazon.com/appstream2).

2. In the navigation pane, click User Pool and then click Create User.

3. The Create User window opens. Enter the following information and click
Create User.

Create User fields

Option Value

Email Add an active email address that can be accessed


during the exercise.
Note: The email address does not necessarily need
to be aligned with the First Name and Last Name
that are entered next.

First Name Specify the first name of the User. For this lab, enter
“AS2Lab”.

Last Name Specify the last name of the User. For this lab, enter
“User1”.

64
4. After a few moments, the User Pool window is refreshed, and your
AS2LabUser1 user is listed but does NOT yet have a Stack assigned to it.

5. As soon as AppStream 2.0 User Pool adds the user, the creation process
sends a notification email automatically to the email address that was entered
and used for the UserID:

Note: If you do not readily find the email in your email box, be sure to check the
spam folder (or the equivalent).

65
Assign a Stack to the User
6. From the User Pool dashboard, select the newly created AS2Lab User1 user
by clicking the check box immediately to the left of the user’s name.

7. From the Actions Menu, select Assign Stack.

8. The Assign Stack window opens. In the Stack dropdown menu, select the
AS2Lab_Stack stack that you created in this lab. Notice that the “Send email
notification to user” option is checked. Leave this selected and click the Assign
Stack button.

9. After a few moments, the User Pool window refreshes, and the AS2Lab User1
user is listed with its User Details now displaying that it has the AS2Lab_Stack
stack assigned to it.

10. Once the AppStream 2.0 system assigns the stack to the user, a second
notification email is sent to the user letting them know that new applications are
now available for use.

66
Note: The newly generated link contained within the email can be leveraged by
the user to access their streaming apps at any time.

Note: If you do not readily find the email in your email box, be sure to check the
spam folder (or the equivalent).
User Authentication and AppStream session
Now access the email address box that you provided. You should see two new emails
present.

67
The first one is sent immediately after the user account is created in the User Pool and
includes a temporary password. The second email is automatically sent to users once
their User Pool ID has been granted access to a specific AppStream 2.0 stack. The
URL that is included is unique to that user AND should be used anytime the user wishes
to connect to that stack.

11. Open the first (older of the two) email and note the temporary password that is
shown. Click on the word “LINK” URL displayed as the assigned “Login Page”.
A browser window opens and you are presented with the AppStream 2.0 login
window:

12. Enter the email address and the temporary password listed in the email, then
click Log in.

13. A new window presents itself and asks you to set a new password. Enter a new
password of your choosing in both text boxes, then click Set Password.

68
Note: Passwords must be 8 characters in length and include a number and at
least one uppercase and lowercase characters.

14. Upon setting the new password, the user connects to the AS2Lab_Stack that it
was previously assigned access to.

15. Back in your email box, open the second (newer of the two) emails. Feel free to
click on the stack URL link included in it if you wish. Should you choose to do
so, the same authentication window will appear, however this time enter the
newly created password you entered in #13.
Validate your Stack and Image Configurations
From here, you can launch the applications and validate the various options that were
configured during the course of this workshop lab:

• Branding on the App Catalog site: Site Logo, Organization URL label, link and
the color it is displayed in. Clicking on the Amazon.com link opens a new browser
tab pointing to the Amazon.com.

69
• Branding of Browser Tab: The AWS Icon and Title the top of the browser tab
once the apps launch

• Application Icons and Display Names:

• Chrome: The Icon and Application Name and setting the default homepage via the
launch parameters once launched

• Home Folder: Open Notepad++ and create a file by entering some text and then
performing a File, Save as. Navigate This PC, Home Folder, Click Save

• Feedback URL: Click on the user name of AS2LabUser1 in the top right corner of
the AppStream 2.0 toolbar. Select Send Feedback. This opens a new browser tab
pointing to the AWS Support Center.

70
Step 9: Lab Cleanup
Although you can continue to use this AppStream 2.0 environment, keep in mind that
you pay for your running resources. Cleaning up the resources that you created during
this lab frees up resources and helps you avoid unintended charges to your account.

In order to prevent charges from accruing, take the following steps to “turn off the
meter”:

Stop the image builder instance


1. Open the Amazon AppStream 2.0 console
(http://console.aws.amazon.com/appstream2).

2. In the navigation pane, choose Images, then the Image Builder tab.

3. In the event the Image Builder instances is not already showing a status of
“stopped”, select the “AS2LAB_ImageBuilder_v1“ Image Builder instance from
the dashboard. If it is already stopped, move onto the Stop the Fleet section.

4. From the Actions Menu, select Stop

5. After a few minutes, validate the Image Builder’s status is now “Stopped”

Note: You don’t have to wait for it to stop to move on to stopping the fleet.

Stop the Fleet


6. In the AppStream 2.0 console navigation pane, choose Fleets

7. Select the “AS2Lab_Fleet” from the dashboard

8. From the Actions dropdown menu, select Stop

9. After a few minutes, validate the fleet’s status is now “Stopped”

Terminate the resources (optional)


In the event you want to to terminate the entire cloud infrastructure you’ve built out in
this workshop, you can simply use both CloudFormation scripts.

10. Open the AWS CloudFormation console


(https://console.aws.amazon.com/cloudformation) or click on the Services tab and
search for CloudFormation.
71
Note: As you type the word CloudFormation, the entry will populate
automatically.

11. The AWS CloudFormation console opens to the Stacks dashboard view,

12. Click to select the AS2Lab_Fleet and then click the Delete button above.

13. When prompted to confirm, click the Delete stack button. You will see the
status in the dashboard change to DELETE_IN_PROGRESS.

14. Repeat the same steps for the AS2LabVPC.

72
Appendix A: Create a new AWS “root” Account
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/create-and-
activate-aws-account/

The steps to create an AWS account include: (As of 11/25/2019)

• Select an account name, email address and password

• Populating contact information

• Populating payment information

• The Phone validation process

• Selecting a support plan

• Final confirmation

1. Open a browser window and browse to the Amazon Web Services


(aws.amazon.com) website.

73
2. Once there, click Create an AWS Account or if you have been to the site
previously, it may say Sign in to the Console.

Note: If you clicked a “Sign in to the Console”, click on the “Sign in to a different
account” URL if presented in a Root User sign in window.

After clicking the URL, then click the Create a new AWS Account to get to the
create new account page.

3. The Create an AWS Account window appears:

Enter a valid email address, pick a password and validate it and enter an account
name of your choice. Once entered, click Continue.

74
IMPORTANT: Note the entries you entered for Account Name, Email and
Password as these are the credentials to use when accessing AWS!

Note: Passwords must:

• be a minimum of 8 characters

• include a minimum of three of the following mix of character types:


uppercase, lowercase, numbers, non-alphanumeric symbols, for example
!@#$%^&*()_+-={}[]

• not be identical to your AWS account name or email address

4. The Contact Information window appears:

75
Choose Professional Account or Personal Account. For this exercise, you should
select PERSONAL ACCOUNT.

Note: These two account types are identical in functionality.

5. Enter the Phone Number and Address information beings asked for in the
Contact information window.

Note: We recommend you include your cell phone number, as you will be
automatically texted as a part of the Identity Validation process in a few moments.

6. Check to accept that you have read and agree to the terms of the AWS
Customer Agreement. Doing so enables the Create Account and Continue
button.

76
7. Click Create Account and Continue.

8. The Payment Information window appears:

Enter your credit card information and click Verify and Add.

Note: A credit card number IS required to open an AWS account. However, for
the lab, we will only be using Free Tier components and will outline how to turn
off the appropriate components so that charges are not incurred.

9. The Phone Validation screen appears:

77
Enter the characters that are presented, then a either validate the previously
entered phone number or enter a new one where you can receive the validation
call.

Once entered, click Send SMS.

10. The Enter verification code window appears asking to enter a PIN number:

Within a few moments, you will receive an automated text message from AWS
that tells you want your (AWS) verification code is. When you receive the text
message with the code, enter the PIN code provided from that text message
into the test box on your browser. Once entered, click the Verify Code button.

11. Upon successful validation and completion of the automated call, the Identity
verification complete screen appears:

Click the Continue button.

12. The Support Plan window appears presenting the different support options.

78
Under the Basic Plan option, click the Free button.

13. You have completed all of the necessary steps to create an AWS Account and
then will see the Welcome to Amazon Web Services window.

Note: Accounts are usually activated within a matter of minutes; however, the
process can take up to 24 hours.

If you attempt to log in to the console prior to the account being active, you may
run in to this screen (or something similar):

Ensure you wait to try again until after you receive the confirmation email (up to
24 hours) in order to ensure your account has been properly activated.
79
14. When you sign up for your account, you will receive a series of confirmation
emails:

15. The first welcome email, with a subject line of “Welcome to Amazon Web
Services”, confirms the creation of your AWS Account and is delivered almost
immediately:

16. The second, with a subject line of “AWS Support (Basic) Sign-Up
Confirmation”, simply confirms which support option you selected during the
account creation process and sent almost immediately:

80
17. The third confirmation email, with a subject line of “Your AWS Account is Ready
- Get Started Now”, is sent once your ID has been properly configured and is
ready to use.

Once you receive this email, you are able to access any of the Amazon Web
Services service offerings via the console:
https://console.aws.amazon.com/console

Note: As noted earlier, this final confirmation email can take up to 24 hours to
receive and is a worst case scenario. As an example and for a simple point of

81
reference, this confirmation email was received roughly 10 minutes after the initial
Welcome email when writing this appendix.

82
Appendix B: Manual Steps to provision an Image Builder
Create an Image Builder Instance for installing Applications
1. Open the Amazon AppStream 2.0 console
(http://console.aws.amazon.com/appstream2).

2. If this is your first AppStream2.0 instance, the main AppStream 2.0 page
appears:

Note: If you see the AppStream 2.0 navigation page instead, move on to #6 and
continue.

3. Click the Get started button.

4. The Get Started menu appears with three options:

83
5. Scroll down to the bottom of the page and simply click the Skip button to
continue.

6. The AppStream 2.0 console menu appears. In the navigation pane to the left,
click Images and then click the Image Builder tab.

7. Click Launch Image Builder.

8. The Choose Image window opens. Scroll down the list until you find the
AppStream-WinServerVVVVvv-mm-dd-yyyy option where the mm-dd-yyyy
value is the most current date and click on it to select it and the VVVVvv is the
OS version of Windows you wish to use.

Note: AppStream now formally supports Windows 2019, Windows 2016 and
Windows 2012R2. Feel free to pick one of the three for this exercise.

84
Note: Depending upon the image type selected, multiple image options are
displayed that are public and are the same except when each was last updated
with patches and updates.

9. Once selected, scroll down to the bottom of the page and click Next at the
bottom.

10. The Configure Image Builder page appears:

11. Enter the following information in the Configure Image Builder windows and
clicking Next to move on to the next page and continue.

Configure Image Builder fields

Option Value

Name The unique name identifier for the image builder,


such as AS2Lab_ImgBuilder__wOS_vmmddyyyy.
Note the naming syntax below.

Display Name The name displayed in the console, such as AS2Lab


Image Builder WinOSver vNovember 2019.

85
Option Value

Tags AppStream 2.0 Image Builders support tags. Feel


free to add a Key or two and associated values if
you wish.

Instance Type: Dropdown Accept default value of General Purpose

Instance Family: In the General Purpose family, select the


stream.standard.medium option.

VPC Endpoints Expand the section to review the options. However,


do NOT enter or select and options here.
IAM role Expand the section to review the options. However,
do NOT enter or select and options here.
Default Internet Access Make sure that this option is not selected.

VPC dropdown Select the AWS EUC VPC.

Subnet dropdown Select the subnet with IP range of 10.0.1.0/24


(AppStream2 Private Subnet1).
Security Groups Accept the default security group that’s already
populated

Active Directory Domain Expand the section to review the options. However,
(Optional) do NOT enter or select and options here.

Naming Syntax

The Name and Display Name fields are for identification purposes only. You
may use any names that are meaningful to you.

The Name syntax allows for any combination of characters in these four
categories:

• Lowercase letters (a-z)

• Uppercase letters (A-Z)

• Numbers (0-9)

• Non-alphanumeric characters (_ -)

86
Note: The Display Name syntax does not have these restrictions and can use
any non-alphanumeric characters as well as spaces between characters.

12. Once all options are entered, click Review

13. When prompted, review the details of the information you entered.

Review the information listed, and then click Launch.

14. The Image Builder instance creation process starts and takes approximately 12
to 15 minutes to complete. During this process, your Image Builder instance will
show a status of “Pending” while it is being created.

Click the Refresh ( ) icon to update the status periodically.

A status change to “Running” indicates that the Image Builder instance has been
successfully provisioned as is ready for use. You can now proceed to the next
section in order to start installing applications and create a custom image.

87
Appendix C: Lab Topology (full-page size)

88
References and Informational links
AWS Cloud Formation for VPC:

https://s3.amazonaws.com/appstream-demo-vpc-cfn-
template/AppStreamDemoVPCTemplate.template

https://github.com/widdix/aws-cf-templates/blob/master/vpc/vpc-endpoint-s3.yaml

If you later want to create the VPC with all of these options provisioned in this Lab via
the AWS Console manually, see Appendix B on page 46 of the AppStream 2.0 Getting
Started Guide found here: https://aws.amazon.com/appstream2/getting-started/

Amazon AppStream 2.0 Custom Default App and Windows Settings:

https://aws.amazon.com/blogs/desktop-and-application-streaming/enabling-default-os-
and-application-settings-for-your-users-in-amazon-appstream-2-0/

AWS Cloud Formation AppStream 2.0 and User Pools API:

https://aws.amazon.com/blogs/desktop-and-application-streaming/aws-cloudformation-
support-for-amazon-appstream-2-0-resources-and-api-enhancements/

Amazon AppStream 2.0:

https://aws.amazon.com/appstream2/

https://aws.amazon.com/appstream2/resources/?nc=sn&loc=6

https://aws.amazon.com/blogs/desktop-and-application-streaming/

https://clients.amazonappstream.com/

89

You might also like