Amazon Web Services

Custom CA Certificates in AWS WorkSpaces

I use an AWS WorkSpace for a Windows remote desktop, connecting to some systems that have a custom CA. As the WorkSpace is managed by a domain, simply installing the CA certificates as usual doesn’t work. After much frustration, I figured out the right steps to manually add a CA cert.

  1. install Group Policy Management Console by opening an Admin PowerShell and running: Install-WindowsFeature –Name GPMC
  2. Run GPMC: gpmc.msc
    • Set up Group Policy Object, following Install the Group Policy Administrative Template
    • Open the new WorkSpaces Machine Policies
    • Go to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Public Key Policies -> Trusted Root Certification Authorities
    • Right click, select Import…
    • Follow wizard prompts
    • Log out then back in
Amazon Web Services EC2 SysAdmin

Instance Store HVM AMIs on EC2

Over at the SmugMug Sorcery blog I wrote a new post about creating instance store HVM AMIs:

Amazon Web Services EC2 SysAdmin

Allowing Ping to EC2 Instances

Ping is not enabled to ec2 instances by default. A lot of guides tell you to simply allow all ICMP traffic through in the security group configuration. That is overkill. Simply add the following two rules to your security group and pinging the instance will work:

Custom ICMP rule -> Type: Echo Request
Custom ICMP rule -> Type: Echo Reply

While opening up additional ICMP types may be harmless, I always like to error on the side of only allowing what I explicitly want rather than allowing everything.