AWS::WorkSpacesWeb::NetworkSettings - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


This resource specifies network settings that can be associated with a web portal. Once associated with a web portal, network settings define how streaming instances will connect with your specified VPC.

The VPC must have default tenancy. VPCs with dedicated tenancy are not supported.

For availability consideration, you must have at least two subnets created in two different Availability Zones. WorkSpaces Secure Browser is available in a subset of the Availability Zones for each supported Region. For more information, see Supported Availability Zones.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "Type" : "AWS::WorkSpacesWeb::NetworkSettings", "Properties" : { "SecurityGroupIds" : [ String, ... ], "SubnetIds" : [ String, ... ], "Tags" : [ Tag, ... ], "VpcId" : String } }


Type: AWS::WorkSpacesWeb::NetworkSettings Properties: SecurityGroupIds: - String SubnetIds: - String Tags: - Tag VpcId: String



One or more security groups used to control access from streaming instances to your VPC.

Pattern: ^[\w+\-]+$

Required: Yes

Type: Array of String

Minimum: 1 | 1

Maximum: 128 | 5

Update requires: No interruption


The subnets in which network interfaces are created to connect streaming instances to your VPC. At least two of these subnets must be in different availability zones.

Pattern: ^subnet-([0-9a-f]{8}|[0-9a-f]{17})$

Required: Yes

Type: Array of String

Minimum: 1 | 2

Maximum: 32 | 3

Update requires: No interruption


The tags to add to the network settings resource. A tag is a key-value pair.

Required: No

Type: Array of Tag

Minimum: 0

Maximum: 200

Update requires: No interruption


The VPC that streaming instances will connect to.

Pattern: ^vpc-[0-9a-z]*$

Required: Yes

Type: String

Pattern: ^vpc-[0-9a-z]*$

Minimum: 1

Maximum: 255

Update requires: No interruption

Return values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource's Amazon Resource Name (ARN).

For more information about using the Ref function, see Ref.



A list of web portal ARNs that this network settings is associated with.


The ARN of the network settings.