How to Deploy Amazon WorkSpaces in AWS using Terraform

In this story, we will deploy Amazon WorkSpaces on AWS using Terraform.

There are several requirements to deploy Amazon WorkSpaces in our AWS account:

• Network (VPC, Subnets, etc.)
• AWS Directory Service or AWS Connector (for on-premise AD)
• Update DHCP Options in the VPC to use AWS Directory Service
• The workspaces_DefaultRole IAM role
• Optional — KMS is required to encrypt WorkSpaces disk volumes

Deploying the Network (Optional)

First, we will use the VPC Module to create a simple VPC with two public and two private subnets in the EU-West region.

Note: We can skip this step if we have an existing network deployed.

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"
  name = "kopicloud-dev"
  cidr = "10.10.0.0/16"
  azs             = ["eu-west-1a", "eu-west-1b"]
  private_subnets = ["10.10.1.0/24", "10.10.2.0/24"]
  public_subnets  = ["10.10.3.0/24", "10.10.4.0/24"]
  enable_nat_gateway = true
  single_nat_gateway = true
  one_nat_gateway_per_az = false
  enable_dns_hostnames = true
  enable_dns_support   = true
  tags = {
    Name = "kopicloud-dev"
    Environment = "Development"
  }
}

Deploying the AWS Managed Service (Optional)

Then, we are going to deploy an AWS Managed Directory Service.

Note: We can skip this step if we have an AWS Managed Service deployed in our account.

The setting Type accepts the SimpleAD, ADConnector, or MicrosoftAD options.

• SimpleAD is a standalone managed directory powered by a Samba 4 Active Directory Compatible Server. It is available in two sizes.
• Small — Supports up to 500 users (approximately 2,000 objects, including users, groups, and computers).
• Large — Supports up to 5,000 users (approximately 20,000 objects, including users, groups, and computers).
• ADConnector is a directory gateway with which we can redirect…