Unlocking Legacy Apps for AI: Amazon WorkSpaces Adds Agent Desktop Capabilities (Preview)

Enterprises often hit a wall when trying to deploy AI agents: legacy desktop applications—which still power most business workflows—lack modern APIs. A 2024 Gartner report reveals that 75% of organizations run legacy apps without APIs, and 71% of Fortune 500 companies rely on mainframes without programmatic access. This forces a tough choice: delay AI adoption or risk costly modernization. Amazon WorkSpaces now offers a third path, letting AI agents securely operate these applications from managed virtual desktops—no API rewrites or infrastructure overhauls needed. Below, we answer key questions about this preview feature.

Why can't AI agents easily work with legacy applications?

AI agents typically need API-based access to perform tasks, but many legacy desktop applications—like old accounting systems or internal tools—were never built with APIs. They are designed for human interaction via keyboard and mouse, not for programmatic control. According to Gartner's 2024 report, 75% of organizations run legacy apps that lack modern APIs, and 71% of Fortune 500 companies depend on mainframe systems with no adequate programmatic access. This means AI agents simply cannot interact with these critical business processes without either building custom APIs (expensive) or fully modernizing the application (risky and time-consuming). Amazon WorkSpaces solves this by giving each AI agent its own secure virtual desktop—complete with the legacy app installed—so the agent can operate it just like a human would, but at machine speed.

How does Amazon WorkSpaces enable AI agents to use legacy applications?

Amazon WorkSpaces now allows organizations to assign AI agents their own managed virtual desktops alongside human employees. These desktops run in the same secure AWS environment, so agents can open, navigate, and interact with any desktop application—no APIs required. The key is that agents authenticate via AWS Identity and Access Management (IAM) and connect through a dedicated WorkSpaces session. All actions are logged via AWS CloudTrail and Amazon CloudWatch, providing full audit trails. Because the agent operates inside the WorkSpaces environment, all existing security controls (like IP restrictions, data loss prevention, and compliance policies) remain in effect. This means you can deploy AI agents to automate workflows using your current software stack without any application migrations or new infrastructure.

What security benefits do AI agents get from WorkSpaces?

Security is a top concern when giving AI agents access to sensitive business applications. With WorkSpaces, agents never operate on local machines—they work inside the same encrypted, managed environment your employees use. This ensures that existing security controls stay intact: network policies, data encryption, and compliance rules (e.g., HIPAA, SOC 2) apply automatically. Each agent has its own identity via IAM, with granular permissions to only the applications it needs. All actions produce audit trails via CloudTrail and CloudWatch, so you can review exactly what the agent did. As Chris Noon, Director at Nuvens Consulting, notes: “WorkSpaces lets our clients give AI agents the same secure, governed desktop environment their employees already use — no custom API integrations, full audit trails, and enterprise-grade isolation out of the box. For regulated industries, that’s not a nice-to-have — it’s the baseline.”

How does the Model Context Protocol (MCP) help integrate with agent frameworks?

Amazon WorkSpaces supports the industry-standard Model Context Protocol (MCP), which acts as a bridge between the desktop environment and popular AI agent frameworks. MCP is a protocol that standardizes how agents discover and interact with tools—in this case, desktop applications. Because WorkSpaces implements MCP, it works seamlessly with any agent framework that also supports the protocol, such as LangChain, CrewAI, and Strands Agents. This means you're not locked into a single vendor or toolchain. You can choose the agent framework that best fits your workflow and leverage existing MCP-based integrations. The protocol handles the low-level communication: the agent sends a request (e.g., “open the order entry app”), and MCP translates that into the necessary desktop interactions, all while maintaining security and auditability.

What steps are needed to set up AI agent access in WorkSpaces?

Setting up AI agents in WorkSpaces is straightforward from the AWS Management Console. Here's a quick walkthrough:

• Create a stack: Go to the WorkSpaces console and choose Create stack. Give it a name, select a fleet (the underlying compute resources), and define VPC endpoints for network connectivity.
• Configure AI agent settings: In step 3 of the stack creation workflow, you'll see a new AI agents section with two options: No AI agent access (the default for human users) and Add AI Agents. Choose Add AI Agents to enable agent access.
• Set permissions: Agents authenticate via IAM, so you'll define which agent identities can access which applications. The stack settings control what agents are allowed to do (e.g., read/write access, specific apps).
• Deploy and test: Once the stack is created, agents can connect securely. You can monitor activity through CloudTrail logs.

No additional infrastructure, APIs, or application changes are needed—agents just leverage the existing WorkSpaces environment.

What real-world feedback has Amazon received about this feature?

Early adopters have expressed optimism. Chris Noon, Director at Nuvens Consulting, shared: “WorkSpaces lets our clients give AI agents the same secure, governed desktop environment their employees already use — no custom API integrations, full audit trails, and enterprise-grade isolation out of the box. For regulated industries, that’s not a nice-to-have — it’s the baseline.” This feedback highlights a key value: organizations in heavily regulated fields (like finance, healthcare) can now adopt AI automation without compromising compliance. Instead of building custom API bridges or risking data exposure, they can let agents operate inside their existing secure desktop ecosystem, with all governance controls inherited automatically.