How to use AWS AppStream 2.0?

How to use AWS AppStream 2.0?

Have you ever used "Google Docs"? In this case, there is no host like PC. AppStream make like this. I can access my application from outside, such as Internet. AppStream has some advantage and disadvantage. It is simple to access and manage. Also it is more secure. Because the user can not do other things on this host. However, It is not easy to deploy with right size, even if AWS offer auto-scaling. I need to how much use can be used at the same time. Most of this post are referenced by this.

1. Create Image

AppStream is auto-scaling system. Thus, I need customized standard image to deploy.  In this image, I can install my application. It will be deployed. Please note that I will set this instance to create image over the subnet which can communicate with Internet, however the real-instance can be located over the private subnet which can not communicate with Internet. In Images, there are 2 category, Image Registry and Image Builder. At the first, I will select Image Builder to create my image which is installed for terminal. Launch Image Builder. 

Now, I need to select basic OS to create my image. In my case, I will choose Windows 2012 R2, which is named wit "Base-Image-Builder-06-12-2018". Please note this image can be different by the AWS Region.

Insert the image name and select the type for CPU and Memory. These parameters can not changed after first creation. Thus, I need another images when I need other size of instance.

Select the network which the instance attach to. Please note that this is the network only for image creation. When the real-system is deployed, I can define the network. I will touch at the next time. In this case, I need to download terminal tools from Internet. Thus, this instance will be located over the subnet which can communicate with Internet.

The subnet should be routed with NAT gateway. AppStream does not assign EIP. Thus, It is not possible to download from Internet, if the instance is located over the sunbet with Internet gatway.

Review and Launch.

2. Connect Image

Now, I need to install my application on the launched image. After status change from Pending to Running, I can connect this image.

After connect, I can see the screen like below. I need to select user to login. At this time, I will select "Administrator" at the first.

Now, I can see the windows which is login with "Administrator" account. Open the CMD and Run "ipconfig" to see the network interface information. There are 2 interface. "11.8.48.79" is interface which is one of VPC subnet network. "198.19.168.187" is the interface which offer the display for users. "198.19.168.187" interface is controlled by AWS managed. Most of traffic is pass through the "11.8.48.79" interface. I can download some files from this interface.

On the desktop, there is firefox. Open this and write "https://www.putty.org/". In my case, I will download "Putty" for the sample application.

After download the file, (Default, the downloaded file will be located in documents directory), Install this application.

Please remember the installation path for the next step. In this case, the putty is installed under "C:\Programs". After installation, close all of windows. In the desktop, I can see the "Image Assistant". This application help me to register my application for the AWS AppStream.

AppStream 2.0 Image Assistant application should be run. Follow the step by this application.

3. AppStream 2.0 Image Assistant.

I need to register my application for AppStream 2.0. Click "Add App", Find out the running file. 

"App Launch Setting" menu is opened. In this instruction, there are more information about this. "Launch Parameters" and "Working Directory" are depend on my application. In this case, I will leave blank.. Just click "Save"

Click "Next"

This is important step. In this part, I can customize my application. I need to re-login with Template User. In this mode, I can define my application how to work. Click "Switch User"

Select "Template User"

After login, I can change OS configuration and Application settings. In my case, I will register sample session information. "my-sample" session information is updated over my application.

Also, I can run this application with what I want to do. I open SSH to my sample host.

I have done all of things. In the desktop, there is Images Assistant is located. Run it. And back to main with Administrator account.

Select "Administrator" and login again.

After login, I can see "Save settings" button activated. Click this button and click "Next"

Now, I have to verify if this application work correctly. I will switch user with "user" account.

Select "Test User"

After login, I can run "Putty" again. And I can confirm that "my-sample" session in configuration is remained.

Run "Images Assistant" in the desktop, and go back to main with "Administrator" account.

Select "Administrator" again.

Now, I am ready to finish. Launch.

After complete to launch, click continue.

Fill with image name.

Review and Create Image.

The viewer will be disconnected. And the building image will be started.

It will take about 10~20 minutes. And then, I can see the my image on AWS console.

4. Snapshotting Image. 

During the time, I can see the AWS console to check the status. In the "Image Registry", there is "image" which is creating. 

In "Image Builder", my based image has the status "Snapshotting". Please note that I can not do any action in this "Snapshotting" status.

I can expect that "Snapshotted image" is registered in Image Registry.

5. Delete Image in "Image Builder" (Optional)

There is no relationship between image in registry and image in builder. So, I can delete and remove this image in the builder. If you have change to make another type of image include configuration, I will remain this image. However, this is not necessary in this post. I also show the relationship between them.

After the status is "Stopped", I can delete this image.

6. Create fleet.

I have a image which I want to deploy. I need to define the network to deploy. The fleet has this kinds of role. Create Fleet.

Insert Name for this fleet.

I can see my image which has been created. Select the image and Next.

From here, network and security, capacity for scaling are defined. Select type of CPU and RAM for this instance. This is not changeable. If I want to change, I need to create another fleet. In fleet type, there are 2 modes, "On-Demand" and "Always-on". I want to save my money, so I will select "On-Demand"

Maximum session duration means "User can stay during this time once". Disconnect timeout means "After session finish, this instance can not re-assign to other user until this time spent". Minimum and Maximum capacity define the number of con-current session. AppStream offer auto-scaling, however, it take 10~20 minutes. It is too long, therefore, I need to define with proper number. In Scaling detail, this is the parameters to scale-out.

In here, the nework and security group is defined. I can locate AppStream instance into the subnet which does not communicate with Internet. In image builder step, I located at the subnet which communicate with Internet.

Review and Create.

Now I have a fleet.

7. Create Stack and Connect with Fleet

Stack has the role to define "User Pattern". Create Stack

Insert Name

I can define if I use Home Folders for each sessions. In my case, I do not want that the user remain their files on the instance. Because this instance will be shared with others. Default, it is enabled. However, I disable the option.

I can also user behavior such as "Copy and Pasts" usages. Just define what you want.

Review and Create.

After creation of stack, I need to associate fleet. In Actions, there is "Associate Fleet".

Select the fleet which is created before,

And confirm the stack details. If you want to remove fleet, you have to dis-associate this relationship at first.

8. Create User Pool.

In workspace, I need AD system. Fortunately AppStream offer this feature through AWS console. Create User.

Insert information for user. The Email address should be correct. The access link, account and temporary password are sent to this email address.

After creation of user, I need to associate with stack. I associate with the stack already created. 

Select the stack.

Look at the details, I will resend welcom email which is include access link.

I will received this email.

9. Accessing and Login the AppStream.

Click the Link which is include in email. New windows is opened like below.

After first login, I need to change my password.

Re-login and I can see like below. I registered the putty application only. Therefore, Putty Icon is appeared.

I can see the my application opened.

This is the AWS AppStream, I hope this post help you!

10. Troubleshooting

10-1. Remote User.

In the AWS console, I can not delete the user. It is only possible with API. I will use awscli command.

aws appstream delete-user --user-name xxxxxxx@xxxxxxx --authentication-type USERPOOL

10-2. Delete S3 bucket

AppStream can save Home folders and Application configuration in S3 bucket. This bucket will be created automatically. When I delete this S3 bucket, I can not make success. Because there are some limitation to protect S3 bucket. So I have to change this part at the first to remove.

After clear in Bucket Policy, I can remote this bucket.

Reference

[ 1 ] https://docs.aws.amazon.com/appstream2/latest/developerguide/tutorial-image-builder.html

[ 2 ] https://d1.awsstatic.com/product-marketing/AppStream2.0/Amazon%20AppStream%202.0%20Getting%20Started%20Guide%20April%202018.pdf

[ 3 ] https://docs.aws.amazon.com/appstream2/latest/developerguide/managing-network.html

[ 4 ] https://docs.aws.amazon.com/cli/latest/reference/appstream/delete-user.html