WorkSpaces Scaling Tips
As you scale your WorkSpaces environment, there are a few items you may need to take action on to ensure your environment is ready to support the additional WorkSpaces
Service Limits
There are two service limits you will need to reach out to AWS to request increases for as you grow:
WorkSpaces per Region
The default quota for this is 1, so if you have a WorkSpaces deployment you've already requested at least one increase on this in the past for that region.
ENIs per Region.
The default quota for ENIs per Region is 5,000. Even if you aren't scaling to 5,000 WorkSpaces, remember:
- This quota is for the entire region, not each individual VPC.
- ENIs are used by many different types of resources that live in your VPCs, such as EC2 instances, Lambda functions, and WorkSpaces.
Encrypted Volumes
If you are using the Key Management Service (KMS) to encrypt the volumes on your WorkSpaces, be aware that you can only encrypt volumes on 500 WorkSpaces with a single Customer Managed Key (CMK) (this same limitation also applies to the default aws/workspaces
alias).
When creating new KMS CMKs, be sure to select appropriate users and roles to administer the keys and add the CLICK WorkSpaces management cross-account role as a user of the key.
You can find the ARN of your cross-account role by looking at the AWS Accounts Detail page on the CLICK dashboard.
Once you've created the new keys you need, be sure to add them to the Included Keys list in the Volume Encryption Keys section of the Package detail page for the appropriate package(s).
This allows CLICK to use the new keys when creating WorkSpaces.
Updated over 4 years ago