Amazon AppStream 2.0 is really a fully managed services that enables you to stream applications and desktops to your customers. In this article, I’ll present you how exactly to record a movie of AppStream 2.0 streaming sessions through the use of FFmpeg, a favorite media framework.

There are several use cases for session recording, such as for example auditing administrative access, troubleshooting user issues, or quality assurance. For instance, you can publish administrative equipment with AppStream 2.0, like a Remote Desktop Process (RDP) client, to safeguard usage of your backend techniques (see How to utilize Amazon AppStream 2.0 to lessen your bastion host attack surface) and you’ll desire to record a movie of what your administrators carry out when accessing and operating backend techniques. You may even want to see just what a user did to replicate an presssing issue, or view routines in a call middle setting, such as for example call client or handling support, for training and review.

This solution isn’t intended or created for people surveillance, or for the assortment of evidence for legal proceedings. You’re in charge of complying with all applicable rules and laws when working with this solution.

Review and architecture

In this section, it is possible to learn about the measures for recording AppStream 2.0 streaming periods and see a synopsis of the answer architecture. In this post later, you will discover instructions about how exactly to implement and check the solution.

AppStream 2.0 allows you to run custom made scripts to get ready the streaming instance prior to the applications release or following the streaming program has completed. Figure 1 shows a simplified explanation of what goes on before, after and during a streaming program.

1. Before the streaming session begins, AppStream 2.0 runs script A, which uses PsExec, a computer program that enables administrators to perform commands on remote control or local computers, to start script B. Script B then runs through the whole streaming session. PsExec can work the script because the LocalSystem account, a ongoing service accounts which has extensive privileges on an area system, although it interacts with the desktop of another session. Utilizing the LocalSystem account, you may use FFmpeg to report the session display and stop AppStream 2.0 customers from stopping or tampering with the perfect solution is, mainly because because they aren’t granted community administrator rights long.
2. Script B launches FFmpeg and begins recording the desktop computer. The answer uses the FFmpeg built-within screen-grabber to fully capture the desktop computer across all of the available screens.
3. When FFmpeg begins recording, it captures the certain area included in the desktop in those days. If the true amount of displays or the resolution adjustments, some of the desktop could be beyond your recorded area. In that case, script B stops again the recording and begins FFmpeg.
4. After the streaming session finishes, AppStream 2.0 runs script C, which notifies script B that it must end the recording and close up. Script B FFmpeg stops.
5. Before exiting, script B uploads the video files that FFmpeg generated to Amazon Simple Storage Service (Amazon S3). In addition, it stores user and session metadata inside Amazon S3, together with the video documents, for easy retrieval of program recordings.

For a more in depth understanding of the way the session scripts functions, you can make reference to the GitHub repository which has the answer artifacts, where We go into the information on each script.

tests and

Implementing the solution

That you realize the architecture of the solution now, it is possible to follow the instructions inside this area to implement this website post’s solution inside your AWS account. You’ll:

1. Create a virtual personal cloud (VPC), a good S3 bucket and a good AWS Identity and Access Management (IAM) role with AWS CloudFormation.
2. Create an AppStream 2.0 picture builder.
3. Configure the perfect solution is scripts on the picture builder.
4. Specify an application to create and create a graphic.
5. Create an AppStream 2.0 fleet.
6. Create an AppStream 2.0 stack.
7. Create a consumer in the AppStream 2.0 user pool.
8. Release a streaming program and test the answer.

Step 1: Develop a VPC, a good S3 bucket, and a good IAM part with AWS CloudFormation

For step one in the perfect solution is, you develop a new VPC where AppStream 2.0 will undoubtedly be deployed, or choose a preexisting VPC, a fresh S3 bucket to shop the program recordings, and a fresh IAM function to grant AppStream 2.0 the required IAM permissions.

To create the VPC, the S3 bucket, and the IAM part with AWS CloudFormation

1. Select the next Launch Stack button to open up the CloudFormation gaming console and develop a CloudFormation stack from the template. It is possible to change the spot where resources are usually deployed in the routing bar.
   The latest template may also be downloaded on GitHub.
2. Choose Following. For VPC ID, Subnet 1 ID and Subnet 2 ID, it is possible to decide on a VPC and two subnets optionally, in order to deploy the remedy in an present VPC, or depart these fields blank to produce a new VPC. Stick to the on-display screen instructions after that. AWS CloudFormation generates the following resources:
   • (If you thought we would create a fresh VPC) An Amazon Virtual Private Cloud (Amazon VPC) having an internet gateway attached.
   • (If you thought we would develop a new VPC) 2 public subnets with this Amazon VPC with a fresh route table to create them publicly accessible.
   • An S3 bucket to shop the program recordings.
   • An IAM function to grant AppStream 2.0 permissions to upload movie and metadata files to Amazon S3.
3. After the stack creation provides completed, pick the Outputs tab in the CloudFormation console and note the values that the procedure came back: the name and Region of the S3 bucket, the real name of the IAM part, the ID of the VPC, and both subnets.

Action 2: Create a good AppStream 2.0 picture builder

The next thing is to produce a new AppStream 2.0 image builder. A graphic builder is really a virtual machine which you can use to set up and configure programs for streaming, and develop a custom image then.

To create the AppStream 2.0 picture builder

1. Open up the AppStream 2.0 console and choose the spot in the routing bar. Choose Get Started after that Skip in case you are not used to the console.
2. Choose Images inside the left pane, and choose Picture Builder then. Choose Launch Picture Builder.
3. In Phase 1: Choose Image:
   
   1. Select the title of the most recent AppStream 2.0 base picture for the Windows Server edition of your choice. You will find its title in the AppStream 2.0 base image version history. For instance, at the proper time of writing, the real name of the most recent Windows Server 2019 bottom image is AppStream-WinServer2019-07-16-2020.
   2. Choose Following.
4. In Stage 2: Configure Picture Builder:
   1. For Title, enter session-recording.
   2. For Example Type, choose stream.standard.moderate.
   3. For IAM role, choose the IAM function that AWS CloudFormation created.
   4. Choose Following.
5. In Action 3: Configure Network:
   
   1. Choose Default Internet Access to provide access to the internet to your picture builder.
   2. For VPC

   , choose the ID of the VPC, and for Subnet 1, choose the ID of Subnet 1.

6. For Security group(s), choose the ID of the protection group. Refer back again to the Outputs tab of the CloudFormation stack in case you are uncertain which VPC, safety and subnet group to choose.
7. Choose Evaluation.

• In Phase 4: Review, choose Launch.

Stage 3: Configure the answer scripts on the picture builder

The program scripts to perform before streaming sessions begin or after sessions finish are specified in a AppStream 2.0 picture. In this task, you install the perfect solution is scripts on your picture builder and specify the scripts to perform in the session scripts configuration file.

To configure the answer scripts on the picture builder

1. Wait before image builder is inside the Operating state, and choose Connect then.
2. Within the AppStream 2.0 streaming program, on the Neighborhood User tab, choose Administrator.
3. To install the perfect solution is scripts:
   1. From the picture builder desktop, choose Start in the Home windows taskbar.
   2. Open up the context (right-click) menus for Windows PowerShell, and choose Work as Administrator then.
   3. Run the following orders in the PowerShell terminal to generate the required folders, also to copy the answer scripts and the program scripts configuration document from open public objects in GitHub in order to the local disk. In the event that you aren’t using Search engines Chrome or the AppStream 2.0 client, you should choose the Clipboard icon in the AppStream 2.0 routing bar, and select Paste to remote program.

      New-Item -Path C:SessionRecording -ItemType directory
      New-Item -Route C:SessionRecordingScripts -ItemType directory
      New-Item -Route C:SessionRecordingOutput -ItemType directory
      New-Item -Route C:SessionRecordingBin -ItemType directory
      
      $Acl = Get-Acl C:SessionRecording
      $Acl.SetAccessRuleProtection($true,$fake)
      $AccessRule1 = New-Object System.Safety.AccessControl.FileSystemAccessRule("Administrators","FullControl","ContainerInherit,ObjectInherit","None","Allow")
      $Acl.SetAccessRule($AccessRule1)
      $AccessRule2 = New-Object System.Protection.AccessControl.FileSystemAccessRule("Program","FullControl","ContainerInherit,ObjectInherit","None","Allow")
      $Acl.SetAccessRule($AccessRule2)
      $AccessRule3 = New-Object System.Safety.AccessControl.FileSystemAccessRule("ImageBuilderAdmin","FullControl","ContainerInherit,ObjectInherit","None","Allow")
      $Acl.SetAccessRule($AccessRule3)
      Set-Acl C:SessionRecording $Acl
      
      [Net.ServicePointManager]::SecurityProtocol = [Internet.SecurityProtocolType]::Tls12
      Invoke-WebRequest -URI https://github.com/aws-samples/appstream-session-recording/natural/main/script_the.ps1 -OutFile C:SessionRecordingScriptsscript_a.ps1
      Invoke-WebRequest -URI https://github.com/aws-samples/appstream-session-recording/natural/primary/script_b.ps1 -OutFile C:SessionRecordingScriptsscript_b.ps1
      Invoke-WebRequest -URI https://github.com/aws-samples/appstream-session-recording/natural/major/script_c.ps1 -OutFile C:SessionRecordingScriptsscript_c.ps1
      Invoke-WebRequest -URI https://github.com/aws-samples/appstream-session-recording/natural/primary/variables.ps1 -OutFile C:SessionRecordingScriptsvariables.ps1
      Invoke-WebRequest -URI https://github.com/aws-samples/appstream-session-recording/natural/major/config.json -OutFile C:AppStreamSessionScriptsconfig.json
      

   4. Near the PowerShell terminal.
4. To edit the variables.ps1 file with your personal values:
   1. From the picture builder desktop, choose Start in the Home windows taskbar.
   2. Open up the context (right-click) menus for Windows PowerShell ISE, and select Run as Administrator.
   3. Choose Document, then Open. Demand folder C:SessionRecordingScripts and open the document variables.ps1.
   4. Edit the title and the spot of the S3 bucket along with the values returned simply by AWS CloudFormation inside the Outputs tab. It is possible to customize the amount of fps also, and the utmost duration in secs of every video file. Conserve the file.
   5. Save and close up the file.
5. To download the most recent FFmpeg and PsExec executables to the picture builder:
   1. From the picture builder desktop, open up the Firefox desktop icon.
   2. Navigate to the URL https://www.gyan.dev/ffmpeg/builds/ffmpeg-release-github and pick the link which has essentials_build.zip to download FFmpeg. Choose Open to download and extract the ZIP archive. Duplicate the file ffmpeg.exe within the bin folder of the ZIP archive to C:SessionRecordingBin.
      

      Note: FFmpeg only provides supply code and compiled deals can be found at third-party places. If the hyperlink above is invalid, visit the FFmpeg download page and follow the instructions to download the most recent release build for Home windows.

   3. Navigate to the URL https://download.sysinternals.com/files/PSTools.zip to download PsExec. Choose Open to download and extract the ZIP archive. Duplicate the file PsExec64.exe to C:SessionRecordingBin. You must buy into the license terms, as the solution in this website write-up accepts them automatically.
   4. Close up Firefox.

Action 4: Specify a credit card applicatoin to create and create an picture

In this task, you publish Firefox on your own image builder and generate an AppStream 2.0 custom made picture. I chose Firefox because it’s an easy task to test later on in the procedure. It is possible to choose other or extra applications to create, if needed.

To specify the application form to create and create the picture

1. 1. From the picture builder desktop, open up the Image Associate icon on the desktop. Image Associate instructions you through the picture creation process.
   2. In 1. Add Apps:
      1. Choose + Increase App.
      2. Enter the positioning C:Program Data files (x86)Mozilla Firefoxfirefox.exe to include Firefox.
      3. Choose Open. Keep carefully the default configurations and choose Conserve.
      4. Choose Following multiple times and soon you see 4. Optimize.
   3. In 4. Optimize:
      1. Choose Start.
      2. Choose Continue until you can easily see 5. Configure Picture.
   4. In 5. Configure Image:
      1. For Title, enter session-recording for the image name.
      2. Choose Following.
   5. In 6. Review:
      1. Choose Disconnect and Create Picture.

in the AppStream 2

1. Back.0 console:
   1. Choose Pictures in the remaining pane, and then pick the Image Registry tab.
   2. Change All Images to Personal and distributed to others. You shall see your brand-new AppStream 2.0 image.
   3. Wait before image is inside the Available state. This may take more than half an hour.

Phase 5: Create an AppStream 2.0 fleet

Up coming, create an AppStream 2.0 fleet that includes streaming instances that operate your custom image.

To create the AppStream 2.0 fleet

1. In the still left pane of the AppStream 2.0 system, choose Fleets, and choose Create Fleet then.
2. In Stage 1: Provide Fleet Information:
   1. For Title, enter session-recording-fleet.
   2. Choose Following.
3. In Action 2: Choose an Picture:
   1. Select the title of the custom picture that you made up of the picture builder.
   2. Choose Following.
4. In Phase 3: Configure Fleet:
   
   1. For Example Type, select stream.standard.moderate

   .

5. For Fleet Type, choose Always-on.
6. For Stream view, it is possible to elect to stream either the apps or the complete desktop.
7. For IAM role, choose the IAM role.
8. Maintain the defaults for several other parameters, and select Up coming.

• In Stage 4: Configure Network:
  
  1. Choose Default Internet Access to provide access to the internet to your picture builder.
  2. Choose the VPC, both subnets, and the protection group.
  3. Choose Following.
• In Action 5: Review, choose Create.
• Wait before fleet is inside the Working state.

Phase 6: Create an AppStream 2.0 stack

Create an AppStream 2.0 stack and associate it with the fleet that you made just.

To create the AppStream 2.0 stack

1. In the remaining pane of the AppStream 2.0 gaming console, choose Stacks, and choose Create Stack then.
2. In Stage 1: Stack Details:
   
   1. For Title, enter session-recording-stack.
   2. For Fleet

   , choose the fleet that you created.

• After that follow the on-display instructions and keep carefully the defaults for several other parameters before stack is established.

Step 7: Develop a user inside the AppStream 2.0 user pool

The AppStream 2.0 user pool offers a simplified solution to manage usage of applications for the users. In this task, you develop a user in an individual pool that you’ll use afterwards in the task to test the perfect solution is.

To create an individual in the AppStream 2.0 user pool

1. In the still left pane of the AppStream 2.0 system, choose User Swimming pool, and choose Create User then.
2. Enter your own email address, first title, and last title. Choose Create Consumer.
3. Select an individual you created. Choose Actions, and choose Assign stack then.
4. Choose the stack, and choose Assign stack.

Action 8: Test the solution

Now, register to AppStream 2.0 with the consumer that you created, launch a streaming program, and be sure the program recordings are sent to Amazon S3.

To release a streaming program and check the solution

1. AppStream 2.0 supplies you with a notification email. Hook up to the register portal by getting into the given information contained in the notification email, and set a long lasting password.
2. Sign directly into AppStream 2.0 by getting into your email and the everlasting password.
3. After you register, you can view the application form catalog. Choose Firefox to start a Firefox windowpane and browse any sites you’d like.
4. Choose an individual icon at the top-right corner, and choose Logout to get rid of the session.

In the Amazon S3 console, demand S3 bucket to see the session recordings. For the session you terminated, you can get one text file which has instance and consumer metadata, and one or even more video data files that you could download and have fun with with a media participant like VLC.

Step 9: Tidy up resources

Now you can delete both CloudFormation stacks to completely clean up the resources which were just created.

To tidy up resources

1. To delete the picture builder:
   1. In the remaining pane of the AppStream 2.0 console, choose Images, and choose Picture Builder.
   2. Select the picture builder. Choose Activities, choose Delete then.
2. To delete the stack:
   1. In the still left pane of the AppStream 2.0 console, choose Stacks.
   2. Select the picture builder. Choose Activities, choose Disassociate Fleet then. Choose Disassociate to verify.
   3. Choose Actions, then choose Delete.
3. To delete the fleet:
   1. In the remaining pane of the AppStream 2.0 console, choose Fleets.
   2. Choose the fleet. Choose Actions, choose Stop then. Choose Stop to verify.
   3. Wait before fleet is inside the Halted state.
   4. Choose Actions, then choose Delete.
4. To disable an individual in an individual pool:
   1. In the still left pane of the AppStream 2.0 console, choose User Pool.
   2. Select an individual. Choose Actions, choose Disable user then. Choose Disable Consumer to verify.
5. Empty the S3 bucket that CloudFormation created (see How do I empty an S3 bucket?). Repeat exactly the same procedure with the buckets that AppStream 2.0 produced, whose names focus on appstream-settings, appstream-logs and appstream2.
6. Delete the CloudFormation stack on the AWS CloudFormation gaming console (see Deleting a stack on the AWS CloudFormation gaming console).

Conclusion

In this website post, We showed you a genuine solution to record AppStream 2.0 sessions to movie files for administrative accessibility auditing, troubleshooting, or high quality assurance. While this website post targets Amazon AppStream 2.0, you can adapt and deploy the answer in Amazon Workspaces or in Amazon Elastic Compute Cloud (Amazon EC2) Home windows instances.

For a deep-dive description of the way the solution scripts function, it is possible to make reference to the GitHub repository which has the solution artifacts.

When you have feedback concerning this post, submit remarks in the Comments section below. Should you have questions concerning this post, start a brand-new thread on the Amazon AppStream 2.0 forum or contact AWS Support.

Want a lot more AWS Security how-to articles, news, and show announcements? Adhere to us on Twitter.