AWS have released a blog post for automated provisioning of users into Workspaces and Connect when you make a user in a Managed AD.
Just to explore this a bit more.. the post is found here: https://aws.amazon.com/blogs/compute/configuring-user-creation-workflows-with-aws-step-functions-and-aws-managed-microsoft-ad-logs/
This is great conceptually but from my perspective, it’d need way more work to be realistic in its implementation. I know, its easy to be an arm chair critic so I apologise for that. I’m not trying to bang a drum for the sake of being a dick.. Rather I’m offering a quick review to give some more ideas into this inspiring blog post 🙂
As I see it the following would need to happen to make this solution great:
- An approval gate would be required; as not every user may need a WorkSpace
- Integration into ServerNow instead perhaps and the work flow for provisioning a WorkSpace from the ServiceNow connector as blogged about here: https://dunlop.geek.nz/enable-self-service-aws-workspaces-with-servicenow-aws-service-catalog-connector/
- CloudFormation templates to stand this stuff up; or a quickstart 😉
- IAM User being the trigger source instead perhaps?
- Date I say it; Integration into AzureAD?