Amazon Worklink : Secure Mobile Access to Sites and Apps

Amazon WorkLink can be used with an app installed on the employee’s phone and they can access internal company apps and sites through the browser.

Amazon Worklink : Secure Mobile Access to Sites and Apps

Amazon WorkLink is a managed service that provides simple and secure access to your internal corporate websites and web apps using mobile phones. It can be configured from the AWS Management Console and works with SAML 2.0 compliant identity providers, including Okta and Ping Identity. The app supports devices running iOS 12+, with Android 6+, and works with Safari. It will also be supported on Chrome soon. 

Amazon WorkLink can be used with an app on phones and it does not require a virtual private network (VPN) connection or specialized browser. Amazon WorkLink has used AWS compute as a base technology and networking infrastructure to re-render the content and shows a fully functional and graphical representation on users devices.

Amazon Worklink Useflow

Features and Functionality

Smooth Mobile Access Experience

Amazon WorkLink provides instant access to internal websites and no need to log into a VPN client or open an app. You can use it by simply typing the URL in the browser on phones or click on a link in your email. 

Amazon WorkLink takes care of authentication and delivers the internal web content. It implies that as a mobile user, you connect to a domain associated with your fleet, the content you request is fetched, rendered, and sent to your device as vector graphics. Users experience fast navigation and fluid responses to the usual functions of scrolling, typing, and even zooming in.

Secured Access

Amazon WorkLink renders the content of your websites in the AWS cloud, before sending the contents of that page to user phones as vector graphics. Data is delivered through a secure connection. Any HTML, CSS, and Javascript content is rendered in the AWS cloud using isolated EC2 instances. Content is not stored in browsers of mobile devices. The WorkLink app encrypts any copies of cookies stored on the user device, never to be decrypted on the device itself. When employees end their browsing session, no content remains in their browser or AWS.

Easy to Maintain Infrastructure

Amazon WorkLink enables secure, one-click access to internal web content regardless of where it is hosted. Amazon WorkLink works with SAML 2.0 identity providers, which makes it easy to manage user access and enforce your existing security policies. You can use your existing on-premises VPN hardware to create a point-to-point connection with your AWS Virtual Private Cloud (VPC) and no need to migrate your content to AWS. 


You pay only for what you use as per Amazons all other services.

Easy Setup and Administration

It’s very easy to set up the Amazon WorkLink as it can be done from your AWS Management Console. You can link your existing identity provider to Amazon WorkLink and use it to configure access permissions for your employees. Then it needs to add your web domains which will be accessed using WorkLink. To start getting the access to these added web domains, you can use your existing on-premises VPN hardware to create a point-to-point connection with your AWS Virtual Private Cloud (VPC) or simply use Direct Connect if you have it set up already. Once it is done you can invite users to download the Amazon WorkLink app from their device app store, log in with their corporate credentials, and start accessing internal websites using Safari.

Set up

Amazon WorkLink Mobile App

The Amazon WorkLink mobile app verifies users access with on-device DNS resolution mechanism to the WorkLink service. The Amazon WorkLink app resolves the associated DNS request locally on the users mobile device when tried to access the internal sites or apps and routes the corporate web page request through AWS. Also Amazon WorkLink takes care of personal web page requests and does not route it through AWS. For such non-AWS requests, it is handled by the default DNS resolver on users phones. The Amazon WorkLink app also verifies user access to WorkLink and honors your existing SAML policies. 

SAML-Based User Management

Amazon WorkLink supports user authentication and federated sign-in using any SAML 2.0 compliant identity provider. You can use your SAML provider to authorize which groups of users from your directory should have access to Amazon WorkLink as well as set user permissions for your internal websites.

Monitoring and Analytics

Amazon WorkLink generates the activity logs with which you can track the number of people accessing content, the accessed content and time when they accessed. These logs are shared with an Amazon Kinesis stream. You can store, process, and analyze these logs with familiar tools.

Availability: AWS WorkLink is now available to use with the following

  1. It currently supports iOS12 with Android 6+ up soon.
  2. WorkLink for the video and audio processing are still in the development process. 
  3. Currently, WorkLink is available only for Europe, North America AWS regions. Other regions will be available accordingly.
  4. The price can be charged as per month per user with an active browser session.

References: Official Amazon Website

Need Help ?

Click here and start chatting with us !

Chat Now
Start chatting with us !