Menu
Amazon WorkSpaces Cost Optimizer
Amazon WorkSpaces Cost Optimizer

Security

When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared model can reduce your operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. For more information about security on AWS, visit the AWS Security Center.

IAM Roles

This solution creates AWS Identity and Access Management (IAM) roles to control and isolate permissions for the AWS Lambda functions, following the best practice of least privilege. The Lambda functions are granted the following permissions:

Workspaces-cost-optimizer-parent function:

  • Read-only permissions to AWS Directory Service and Amazon WorkSpaces

  • Write permissions to Amazon S3

  • Execute permissions to AWS Lambda

Workspaces-cost-optimizer-child function(s):

  • Read-only permissions to AWS Directory Service

  • Read-only permissions to Amazon CloudWatch

  • Read/Write permissions to Amazon WorkSpaces

On this page: