Userdata option under aws_workspaces_workspace

I was writing a tf file to bring up aws workspace and wanted to run a userdata script to install winrm in it. But the option user_data gave an error while running terraform plan. A sample of my tf code

resource "aws_workspaces_directory" "main" {
  directory_id = "<directory_id>"

data "aws_workspaces_bundle" "value_windows_10" {
  bundle_id = "<bundle_id>" # Value with Windows 10 (English)

resource "aws_workspaces_workspace" "john.doe" {
  directory_id = "<directory_id>"
  bundle_id = "${}"
  user_name = "john.doe"
  root_volume_encryption_enabled = true
  user_volume_encryption_enabled = true
  volume_encryption_key = "alias/aws/workspaces"

  tags = {
    Department = "test"

  user_data = <<-EOF
                  winrm quickconfig -q & winrm set winrm/config @{MaxTimeoutms="1800000"} & winrm set winrm/config/service @{AllowUnencrypted="true"} & winrm set winrm/config/service/auth @{Basic="true"}
                  netsh advfirewall firewall add rule name="WinRM in" protocol=TCP dir=in profile=any localport=5985 remoteip=any localip=any action=allow
                  netsh advfirewall set allprofiles state off
                  # Set Administrator password
                  $admin = [adsi]("WinNT://./administrator, user")
                  $admin.psbase.invoke("SetPassword", "pwd")
                  $subnet=$(curl -usebasicparsing $META_URL/network/interfaces/macs/$((curl -usebasicparsing $META_URL/network/interfaces/macs/).Content)/subnet-ipv4-cidr-block).Content
                  $local_ipv4s=$(curl -usebasicparsing $META_URL/network/interfaces/macs/$((curl -usebasicparsing $META_URL/network/interfaces/macs/).Content)/local-ipv4s).Content
                  $hostname="N{0:D3}" -f [int]$ip_segs[2] + "-H" + "{0:D3}" -f [int]$ip_segs[3]
                  set-ExecutionPolicy -ExecutionPolicy unrestricted -Force
                  Install-windowsfeature -name AD-Domain-Services -IncludeManagementTools -IncludeAllSubFeature
                  rename-computer -NewName $hostname -Restart=False -Force
  connection {
    host = "${self.ip_address}"
    type = "winrm"
    user = "username"
    password = "pwd"
    insecure = "true"
    use_ntlm = "true"
  provisioner "file" {
    source = "userdata.ps1"
    destination = "c:\\userdata.ps1"
  provisioner "remote-exec" {
    inline = [
      "powershell c:\\userdata.ps1 "

terraform plan error

terraform plan

Error: aws_workspaces_workspace.john.doe: : invalid or unknown key: user_data

I also see that host = "${self.ip_address}" self reference like this is giving an error. Are these options supported under aws_workspace? If not, then how do we connect to the workspace and run scripts remotely through terraform?

I too would like to use user_data to install software on my AWS Workspaces instances, anyone successfully done this?

After reading through more documentation, it looks like user_data seems to be available only with aws_instance resource - It would be great if these options were also available with aws_workspaces_workspace too. For now, I am trying to see if provisioner "local-exec" will work to copy over my winrm setup script and run it via provisioner "remote-exec" option. Though this is not the most stable way to be setting up windows instances, am having to use them due to limited choices available with aws workspaces