AWS AppStream connector

circle-exclamation

The Nexthink Connector for AWS AppStream retrieves essential information about your AWS AppStream virtual desktop infrastructure (VDI). The connector enriches your Nexthink environment with AWS AppStream data that enhances visibility into VDI health, usage patterns, and configuration drift.

This installation guide is designed to help you securely deploy the connector for AWS. We recommend that your organization’s security team reviews the configuration and installation steps outlined here and adjusts them as needed to align with internal security policies and compliance requirements.

Device fields

The connector for AWS AppStream enriches the following device virtualization fields:

Configure connector credentials

To allow Nexthink to export data to your AWS AppStream connector, you must first configure the connector credentials by completing the following steps:

1

Select Administration > Connector credentials in the main menu.

2

Select New credential in the top-right corner of the Connector credentials page.

3

Fill in the credential configuration input fields:

  • Name: The unique name of the credential.

  • Protocol: Select new AWS IAM .

The configuration screen should look as follows:

circle-info

Nexthink generates the AWS External ID automatically. You will use it in the next steps to create the AWS Role and retrieve its Amazon Resource Name (ARN). You can then paste this ARN in the AWS Role ARN text box.

Nexthink uses the recommended procedure from AWS for third-party access as described in the Access to AWS accounts owned by third partiesarrow-up-right documentation.

4

Sign in to AWS and create a IAM role. The following code example shows the minimum level of access required by the Nexthink AWS AppStream connector:

{
 "Version": "2012-10-17",
 "Statement": [
  {
   "Sid": "DescribeWorkspacesInfo",
   "Effect": "Allow",
   "Action": [
      "appstream:DescribeStacks",
      "appstream:DescribeSessions",
      "appstream:DescribeFleets",
      "appstream:ListAssociatedFleets"
   ],
   "Resource": "*"
  }
 ]
}
5

Create an IAM role that gives Nexthink access.

  • Name: the role name should start with prefix “NexthinkConnector-“.

  • Permissions: Please add the policy created above.

  • Trusted Policies: The trust policy must specify the following AWS account number of Nexthink as Principal: 884848470805 Furthermore, add a Condition element to the trust policy that will test whether the ExternalId matches the generated external ID provided in the form above. The following code is an example of the trust relationship in the role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::884848470805:root"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "sts:ExternalId": <EXTERNAL_ID>
                }
            }
        }
    ]
}
circle-exclamation
6

After creating the role, copy its AWS Role ARN:

7

In Nexthink, on the Connector credentials page, edit the AWS Credentials, and insert the ARN in the AWS Role ARN text box in Credential details, and select Save:

Configure the AWS AppStream connector

Ensure you configured the connector credentials, then create a new connector:

  1. Go to Administration > Inbound connectors.

  2. Select New connector in the top-right corner.

  3. Select AWS AppStream from the connector list.

The following sections explain how to configure the connector.

General tab

  • Name: A meaningful name for the connector. This name appears on the administration page.

  • NQL ID: A unique identifier for the connector used when referencing the AWS AppStream connector in NQL queries. You can initially modify the suggested NQL ID, but once you save the workflow, you can no longer change it.

  • Description: A short description of the purpose and behavior of the connector.

Connection

  • Credentials: Select preconfigured credentials from the Connector credentials page. Only AWS IAM is supported.

Parameters tab

  • Region: Select the AWS region where AppStream is located. It needs to be a valid AWS region, such as us-east-1.

  • Environment name: A custom-defined field. The enriched virtual devices will have a reference to this environment name in NQL.

Test results panel

circle-info

The Test results panel is available only for supported connectors. Connector availability also depends on your license.

Use the Test results panel on the right side to run the connector with real data on demand, and inspect responses and errors. The test panel helps with faster debugging and validation during setup, and also with more reliable mappings with less trial and error.

Select the Run test button to call the API, and validate the credentials and check connectivity to the targeted endpoint.

Besides basic information, such as the response status code and time, the panel also shows a sample record of the response at the bottom.

In the event of an error, the system displays the API response to aid in diagnosing the issue.

Last updated

Was this helpful?