# Allowed domains for Amazon WorkSpaces Secure Browser For users to be able to access web portals from their local browser, you must add the following domains to the allow list on the network the user is trying to access the service from. In the following table, replace *\$1region\$1* with the code of the operating web portal's Region. For example, s3.*\$1region\$1*.amazonaws.com should be s3.eu-west-1.amazonaws.com for a web portal the Europe (Ireland) region. For a list of Region codes, see [Amazon WorkSpaces Secure Browser endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/workspacesweb.html). **** | Category | Domain or IP address | | --- | --- | | WorkSpaces Secure Browser streaming assets | s3.*\$1region\$1*.amazonaws.com s3.amazonaws.com appstream2.*\$1region\$1*.aws.amazon.com \$1.amazonappstream.com \$1.shortbread.aws.dev | | WorkSpaces Secure Browser static assets | \$1.workspaces-web.com di5ry4hb4263e.cloudfront.net | | WorkSpaces Secure Browser authentication | \$1.auth.*\$1region\$1*.amazoncognito.com cognito-identity.*\$1region\$1*.amazonaws.com cognito-idp.*\$1region\$1*.amazonaws.com \$1.cloudfront.net | | WorkSpaces Secure Browser metrics and reporting | \$1.execute-api.*\$1region\$1*.amazonaws.com unagi-na.amazon.com | Depending on your configured identity provider, you might also need to allow list additional domains. Review your IdP’s documentation to identify which domains you need to allow list in order for WorkSpaces Secure Browser to use that provider. If you are using IAM Identity Center, see [IAM Identity Center prerequisites](https://docs.aws.amazon.com/singlesignon/latest/userguide/prereqs.html) for more information.