Security Best Practices in Amazon AppStream 2.0

Cloud security at Amazon Web Services (AWS) is the highest priority. Security and compliance is a shared responsibility between AWS and the customer. For more information, refer to the Shared Responsibility Model. As an AWS and AppStream 2.0 customer, it is important to implement security measures on different layers such as stack, fleet, image, and networking.

Due to its ephemeral nature, AppStream 2.0 is often preferred as a secure solution to application and desktop delivery. Consider whether antivirus solutions that are commonplace in Windows deployments are relevant in your use cases for an environment that is predefined and purged at the end of a user session. Antivirus adds overhead to virtualized instances, making it is a best practice to mitigate unnecessary activities. For example, scanning the system volume (which is ephemeral) at boot, for instance, does not add to the overall security of AppStream 2.0.

The two key questions for security AppStream 2.0 are centered on:

Is persisting user state beyond the session a requirement?
How much access should a user have within a session?

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Example: AppStream 2.0 Application Amazon S3 bucket policy cross-service confused deputy prevention

Securing Persistent Data