What is Amazon WorkLink?

Amazon WorkLink is an end-user computing service that gives employees easy access to internal web content without having to connect directly to their corporate network. As a fully managed AWS service, Amazon WorkLink takes care of the deployment, provisioning, and scaling of infrastructure resources needed to run the service.

Amazon launched WorkLink on January 23, 2019. At the time of launch, Amazon said, “WorkLink was built to provide convenient access to critical content for workers and to make it easier for IT administrators to deliver secure access to mobile devices, all while providing greater security by ensuring that the corporate web content is never stored or cached on the device.”

How does Amazon WorkLink work?

When an employee/user sends a request to view an internal website, WorkLink renders the page in a browser running in a secure container.

Instead of giving the user direct access to the internal website, Amazon WorkLink streams the content of the requested page to the user as vector graphics without compromising the functionality and interactivity of the page.

WorkLink’s streaming process, where only a representation (image) of content is sent to the browser, prevents caching on user devices.

Explanation of Amazon WorkLink operation
Amazon WorkLink: Work Flow Chart

Amazon WorkLink Benefits:

Since the user is not directly connecting to the corporate website and also because the content is never stored or cached by the user’s browser, WorkLink is more secure than the direct access apporach.

Employees can access internal content without logging into VPN client or through an app. This eliminates the need to maintain a highly secure and complex client-to-site VPN gateways that companies use to grant direct access to their employee devices.

Since the content is delivered through the cloud, authenticated employees can now securely access internal content anytime and from anywhere.

No need to migrate content to AWS as Amazon Worklink can connect with existing infrastructure.

User Authentication: According to Amazon Web Services, WorkLink is designed to work with existing security measures and not add any additional layer of security for user management.

Amazon WorkLink Pricing:

Similar to other Cloud services, Amazon WorkLink is an on-demand pay-as-you-go service without minimum charges and upfront fees. You will be charged monthly, based on the number of users who connect to the service.

Amazon charges $5 per month per user in all regions where the service is available. The charge is applicable only for users who accessed content at least once in a given month.

Example Usecase : (provided by AWS)

An organization has 5,000 salespeople that frequently access internal web resources from their mobile phones. The organization uses Amazon WorkLink to provide secure access, and all 5,000 salespeople have been provisioned to use the service. In November, 3,500 salespeople used Amazon WorkLink on their phones to access the CRM app, account team wikis, and customer presentations. In December, most salespeople had achieved their quota and were out for the holiday season. As a result, only 500 salespeople used Amazon WorkLink.

In this example, your costs would be calculated as follows:

PeriodNumber of Active UsersCost per Active UserTotal Cost per Month (Not including tax)
November3,500$5 $17,500
December500$5 $2,500

During November, you pay for the 3,500 salespeople that connected to Amazon WorkLink. So, you will be charged $17,500 (3,500 x $5 per user) plus any applicable tax. In December, only 500 salespeople accessed any content using Amazon WorkLink, so you will be charged $2,500 (500 x $5 per user). In both the scenarios, you only pay for the salespeople that connected to Amazon WorkLink, and not for the entire sales organization. 

For more details please visit Amazon Worklink Pricing

Who will use Amazon WorkLink?

Though any company that wants to give its employees access to internal content will be able to use the service, Amazon WorkLink service targets data sensitive industries such as financial services, healthcare and government organisations.

Several companies ban their employees from using their mobile phones or laptops due to fear of data misuse, loss and theft. For these companies it is extremely important to not let any internal information reside in employee owned devices.

WorkLink addresses this specific problem as no data is stored or cached in the users browser. The service does not allow text selection or content downloads either. Once the employee reads or interacts with the content rendered by WorkLink, all content disappears as soon as the browsing session ends.

Companies using Amazon WorkLink:

The list of companies that are using Amazon WorkLink includes Intuit Inc., Unisys, Oakhill Advisors, Brillio, Privo, 8K Miles and Eplexity


1redDrop’s Cloud Point of View: Amazon WorkLink

We strongly believe that Amazon WorkLink is a very crucial service that will help expand the reach of cloud into instries that are still holding back on cloud transition due to security and data theft concerns.

As you may have noticed, Amazon WorkLink is designed to provide users access from mobile devices. But we believe that equation will soon change to grant users access from any device.

From a technical standpoint, users only view content that’s streamed by the service, interact with it and once their session is over there will be no traces of data left.

Expect a similar service to be launched by all the major cloud service providers soon.