

# Amazon WorkSpaces
<a name="automation-ref-wsp"></a>

 AWS Systems Manager Automation provides predefined runbooks for Amazon WorkSpaces. For more information about runbooks, see [Working with runbooks](https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-documents.html). For information about how to view runbook content, see [View runbook content](automation-runbook-reference.md#view-automation-json). 

**Topics**
+ [`AWS-CreateWorkSpace`](aws-create-workspace.md)
+ [`AWSSupport-RecoverWorkSpace`](automation-awssupport-recover-workspace.md)

# `AWS-CreateWorkSpace`
<a name="aws-create-workspace"></a>

 **Description** 

 The `AWS-CreateWorkSpace` runbook creates a new Amazon WorkSpaces virtual desktop, known as a WorkSpace, based on the values that you specify for the input parameters. For information about WorkSpaces, see [What is Amazon WorkSpaces?](https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces.html) in the *Amazon WorkSpaces Administration Guide*.

 [Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWS-CreateWorkspace) 

**Document type**

Automation

**Owner**

Amazon

**Platforms**

Linux, macOS, Windows

**Parameters**
+ AutomationAssumeRole

  Type: String

  Description: (Optional) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.
+ BundleId

  Type: String

  Description: (Required) The ID of the bundle to use for the WorkSpace.
+ ComputeTypeName

  Type: String

  Valid values: VALUE \$1 STANDARD \$1 PERFORMANCE \$1 POWER \$1 GRAPHICS \$1 POWERPRO \$1 GRAPHICSPRO

  Description: (Optional) The compute type for your WorkSpace.
+ DirectoryId

  Type: String

  Description: (Required) The ID of the directory to add your WorkSpace to.
+ RootVolumeEncryptionEnabled

  Type: Boolean

  Valid values: true \$1 false

  Default: false

  Description: (Optional) Determines whether the root volume of the WorkSpace is encrypted.
+ RootVolumeSizeGib

  Type: Integer

  Description: (Required) The size of the root volume for the WorkSpace.
+ RunningMode

  Type: String

  Valid values: ALWAYS\$1ON \$1 AUTO\$1STOP

  Description: (Required) The running mode of the WorkSpace.
+ RunningModeAutoStopTimeoutInMinutes

  Type: Integer

  Description: (Optional) The time after a user logs off when the WorkSpaces stops. Specify a value in 60-minute intervals.
+ Tags

  Type: String

  Description: (Optional) Tags that you want to apply to the WorkSpace.
+ UserName

  Type: String

  Description: (Required) The user name to associate with the WorkSpace.
+ UserVolumeEncryptionEnabled

  Type: Boolean

  Valid values: true \$1 false

  Default: false

  Description: (Optional) Determines whether the user volume of the WorkSpace is encrypted.
+ UserVolumeSizeGib

  Type: Integer

  Description: (Required) The size of the user volume for the WorkSpace.
+ VolumeEncryptionKey

  Type: String

  Description: (Optional) The symmetric AWS Key Management Service key that you want to use to encrypt data stored on your WorkSpace.

**Required IAM permissions**

The `AutomationAssumeRole` parameter requires the following actions to use the runbook successfully.
+  `workspaces:CreateWorkspaces` 
+  `workspaces:DescribeWorkspaces` 

 **Document Steps** 
+  `aws:executeScript` - Creates a WorkSpace based on the values that you specify for the input parameters.
+  `aws:waitForAwsResourceProperty` - Verifies the state of the WorkSpace is `AVAILABLE`.

 **Outputs** 

`CreateWorkspace.WorkspaceId`

# `AWSSupport-RecoverWorkSpace`
<a name="automation-awssupport-recover-workspace"></a>

 **Description** 

 The `AWSSupport-RecoverWorkSpace` runbook performs recovery steps on the Amazon WorkSpaces virtual desktop, known as a WorkSpace, you specify. The runbook reboots the WorkSpace, and if the state is still `UNHEALTHY` , restores or rebuilds the WorkSpace based on the values you specify for the input parameters. Before using this runbook we recommend reviewing [Troubleshooting WorkSpaces Issues](https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-troubleshooting.html) in the *Amazon WorkSpaces Administration Guide* . 

**Important**  
Restoring or rebuilding a WorkSpace is a potentially destructive action that can result in the loss of data. This is because the WorkSpace is restored from the last available snapshot and data recovered from snapshots can be as old as 12 hours.  
 The restore option recreates both the root volume and user volume based on the most recent snapshots. The rebuild option recreates the user volume from the most recent snapshot and recreates the WorkSpace from the image associated with the bundle the WorkSpace was created from. Applications that were installed or system settings that were changed after the WorkSpace was created are lost. For more information about restoring and rebuilding WorkSpaces, see [Restore a WorkSpace](https://docs.aws.amazon.com/workspaces/latest/adminguide/restore-workspace.html) and [Rebuild a WorkSpace](https://docs.aws.amazon.com/workspaces/latest/adminguide/rebuild-workspace.html) in the *Amazon WorkSpaces Administration Guide* . 

 [Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWSSupport-RecoverWorkSpace) 

**Document type**

Automation

**Owner**

Amazon

**Platforms**

Linux, macOS, Windows

**Parameters**
+ AutomationAssumeRole

  Type: String

  Description: (Optional) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.
+ Acknowledge

  Type: String

  Valid values: Yes

  Description: (Required) Entering yes means that you understand the restore and rebuild actions will try to recover the WorkSpace from the most recent snapshot, and that data restored from these snapshots can be as old as 12 hours.
+ Reboot

  Type: String

  Valid values: Yes \$1 No

  Default: Yes

  Description: (Required) Determines whether the WorkSpace is rebooted.
+ Rebuild

  Type: String

  Valid values: Yes \$1 No

  Default: No

  Description: (Required) Determines whether the WorkSpace is rebuilt.
+ Restore

  Type: String

  Valid values: Yes \$1 No

  Default: No

  Description: (Required) Determines whether the WorkSpace is restored.
+ WorkspaceId

  Type: String

  Description: (Required) The ID of the WorkSpace you want to recover.

**Required IAM permissions**

The `AutomationAssumeRole` parameter requires the following actions to use the runbook successfully.
+  `ssm:StartAutomationExecution` 
+  `ssm:GetAutomationExecution` 
+  `workspaces:DescribeWorkspaces` 
+  `workspaces:DescribeWorkspaceSnapshots` 
+  `workspaces:RebootWorkspaces` 
+  `workspaces:RebuildWorkspaces` 
+  `workspaces:RestoreWorkspace` 
+  `workspaces:StartWorkspaces` 

 **Document Steps** 
+  `aws:executeAwsApi` - Gathers the state of the WorkSpace you specify in the `WorkspaceId` parameter. 
+  `aws:assertAwsResourceProperty` - Verifies the state of the WorkSpace is `AVAILABLE` , `ERROR` , `IMPAIRED` , `STOPPED` , or `UNHEALTHY` . 
+  `aws:branch` - Branches based on the state of the WorkSpace. 
+  `aws:executeAwsApi` - Starts the WorkSpace. 
+  `aws:branch` - Branches based on the value you specify for the `Action` parameter. 
+  `aws:waitForAwsResourceProperty` - Waits for the WorkSpace status after being started. 
+  `aws:waitForAwsResourceProperty` - Waits for the WorkSpace state to change to `AVAILABLE` , `ERROR` , `IMPAIRED` , or `UNHEALTHY` after being started. 
+  `aws:executeAwsApi` - Gathers the state of the WorkSpace after being started. 
+  `aws:branch` - Branches based on the state of the WorkSpace after being started. 
+  `aws:executeAwsApi` - Gathers the available snapshots for restoring or rebuilding the WorkSpace. 
+  `aws:branch` - Branches based on the value you specify for the `Reboot` parameter. 
+  `aws:executeAwsApi` - Reboots the WorkSpace. 
+  `aws:executeAwsApi` - Gathers the state of the WorkSpace after being started. 
+  `aws:waitForAwsResourceProperty` - Waits for the state of the WorkSpace to change to `REBOOTING` . 
+  `aws:waitForAwsResourceProperty` - Waits for the WorkSpace state to change to `AVAILABLE` , `ERROR` , or `UNHEALTHY` after being rebooted. 
+  `aws:executeAwsApi` - Gathers the state of the WorkSpace after being rebooted. 
+  `aws:branch` - Branches based on the state of the WorkSpace after rebooting. 
+  `aws:branch` - Branches based on the value you specify for the `Restore` parameter. 
+  `aws:executeAwsApi` - Restores the WorkSpace. If the restore fails, the runbook tries to rebuild the WorkSpace. 
+  `aws:waitForAwsResourceProperty` - Waits for the state of the WorkSpace to change to `RESTORING` . 
+  `aws:waitForAwsResourceProperty` - Waits for the WorkSpace state to change to `AVAILABLE` , `ERROR` , or `UNHEALTHY` after being restored. 
+  `aws:executeAwsApi` - Gathers the state of the WorkSpace after being restored. 
+  `aws:branch` - Branches based on the state of the WorkSpace after restoring. 
+  `aws:branch` - Branches based on the value you specify for the `Rebuild` parameter. 
+  `aws:executeAwsApi` - Rebuilds the WorkSpace. 
+  `aws:waitForAwsResourceProperty` - Waits for the state of the WorkSpace to change to `REBUILDING` . 
+  `aws:waitForAwsResourceProperty` - Waits for the WorkSpace state to change to `AVAILABLE` , `ERROR` , or `UNHEALTHY` after being rebuilt. 
+  `aws:executeAwsApi` - Gathers the state of the WorkSpace after being rebuilt. 
+  `aws:assertAwsResourceProperty` - Confirms the state of the WorkSpace is `AVAILABLE` .