Amazon WorkLink
Administration Guide

Accessing Amazon WorkLink

Administrators access Amazon WorkLink through the AWS Management Console, SDK, CLI, or API. Your users access it through the Amazon WorkLink app, which is downloaded from their app store onto their mobile devices. After initial setup, the Amazon WorkLink app works in the background while employees browse internal websites using Safari on iOS phones and Google Chrome on Android phones.

Managing Access to Amazon WorkLink

By default, users in your AWS account can’t access Amazon WorkLink resources. To allow your users to access Amazon WorkLink, attach one of the following AWS managed policies to your AWS Identity and Access Management (IAM) users, groups of users, or IAM roles. For more information, see Creating Your First IAM Delegated User and Group and Adding IAM Identity Permissions (Console) in the IAM User Guide.

  • Read only (ARN: arn:aws:iam::aws:policy/AmazonWorkLinkReadOnly)

    The read-only policy provides access to all of the actions that let customers interact in a read-only manner with the console and the API operation. These actions include Describe, List, and Search. This is the minimal set of permissions needed for full functionality in the console. The permissions are suitable for users who need only audit access and don't need to configure Amazon WorkLink.

  • Full access (ARN: arn:aws:iam::aws:policy/AmazonWorkLinkFullAccess)

    The full-access policy grants access to all Amazon WorkLink actions. This is the appropriate permission for Amazon WorkLink administrators.